diff --git a/CVE-2023/CVE-2023-02xx/CVE-2023-0292.json b/CVE-2023/CVE-2023-02xx/CVE-2023-0292.json index 4fdcd75de2d..8b50c1472a4 100644 --- a/CVE-2023/CVE-2023-02xx/CVE-2023-0292.json +++ b/CVE-2023/CVE-2023-02xx/CVE-2023-0292.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0292", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-09T06:15:49.860", - "lastModified": "2023-06-09T13:03:43.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-14T20:33:30.690", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,22 +66,54 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "8.0.8", + "matchCriteriaId": "7A6249D5-44F4-4955-91EF-BF8E1D327BD2" + } + ] + } + ] + } + ], "references": [ { "url": "https://packetstormsecurity.com/files/171011/wpqsm808-xsrf.txt", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2834471/quiz-master-next", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://wordpress.org/plugins/quiz-master-next/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c75e6d27-7f6b-4bec-b653-c2024504f427?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0688.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0688.json index 5289bfaa3fa..6e35f4ee7ca 100644 --- a/CVE-2023/CVE-2023-06xx/CVE-2023-0688.json +++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0688.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0688", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-09T06:15:50.387", - "lastModified": "2023-06-09T13:03:43.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-14T20:25:54.320", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,18 +66,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpmet:metform_elementor_contact_form_builder:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.3.1", + "matchCriteriaId": "22EE9B5A-DBD2-49A0-92E8-F69359E40B3C" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/metform/trunk/base/shortcode.php?rev=2845078", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2910040/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/81fc41a4-9206-404c-bd5b-821c77ff3593?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0691.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0691.json index 3054426a08c..cf14f441233 100644 --- a/CVE-2023/CVE-2023-06xx/CVE-2023-0691.json +++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0691.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0691", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-09T06:15:50.707", - "lastModified": "2023-06-09T13:03:43.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-14T20:21:14.983", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,18 +66,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpmet:metform_elementor_contact_form_builder:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.3.1", + "matchCriteriaId": "22EE9B5A-DBD2-49A0-92E8-F69359E40B3C" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/metform/trunk/base/shortcode.php?rev=2845078", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2910040/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8fc4b815-dc05-4270-bf7a-3b01622739d7?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0693.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0693.json index f62ddbd159b..29e7c5abbd4 100644 --- a/CVE-2023/CVE-2023-06xx/CVE-2023-0693.json +++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0693.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0693", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-09T06:15:51.483", - "lastModified": "2023-06-09T13:03:43.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-14T20:19:12.043", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,18 +66,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpmet:metform_elementor_contact_form_builder:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.3.1", + "matchCriteriaId": "22EE9B5A-DBD2-49A0-92E8-F69359E40B3C" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/metform/trunk/base/shortcode.php?rev=2845078", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2910040/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1f33a8db-7cd0-4a53-b2c1-cd5b7cd16214?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0694.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0694.json index 04ba25a17cb..3bc6a33d837 100644 --- a/CVE-2023/CVE-2023-06xx/CVE-2023-0694.json +++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0694.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0694", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-09T06:15:51.780", - "lastModified": "2023-06-09T13:03:43.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-14T20:16:49.710", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,18 +66,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpmet:metform_elementor_contact_form_builder:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.3.1", + "matchCriteriaId": "22EE9B5A-DBD2-49A0-92E8-F69359E40B3C" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/metform/trunk/base/shortcode.php?rev=2845078", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2910040/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1a8b194c-371f-4adc-98fa-8f4e47a38ee7?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-09xx/CVE-2023-0993.json b/CVE-2023/CVE-2023-09xx/CVE-2023-0993.json index 66fda29e290..d583bc5bd72 100644 --- a/CVE-2023/CVE-2023-09xx/CVE-2023-0993.json +++ b/CVE-2023/CVE-2023-09xx/CVE-2023-0993.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0993", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-09T06:15:55.063", - "lastModified": "2023-06-09T13:03:43.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-14T20:44:32.200", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,18 +66,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:getshieldsecurity:shield_security:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "17.0.17", + "matchCriteriaId": "26C21257-912C-4614-927D-680366EFE994" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2883864%40wp-simple-firewall%2Ftrunk&old=2883536%40wp-simple-firewall%2Ftrunk&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://wordpress.org/plugins/wp-simple-firewall/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/674461ad-9b61-48c4-af2a-5dfcaeb38215?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-10xx/CVE-2023-1016.json b/CVE-2023/CVE-2023-10xx/CVE-2023-1016.json index da288670dbc..a54ea5d45eb 100644 --- a/CVE-2023/CVE-2023-10xx/CVE-2023-1016.json +++ b/CVE-2023/CVE-2023-10xx/CVE-2023-1016.json @@ -2,8 +2,8 @@ "id": "CVE-2023-1016", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-09T06:15:55.447", - "lastModified": "2023-06-09T13:03:43.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-14T20:36:18.430", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,14 +66,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hijiriworld:intuitive_custom_post_order:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.1.3", + "matchCriteriaId": "6C5E8F63-AAA0-45E9-BF0A-04797B1C9F78" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/intuitive-custom-post-order/trunk/intuitive-custom-post-order.php?rev=2530122", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc878508-200d-4bc7-aa99-c34e63cba4b3?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-11xx/CVE-2023-1169.json b/CVE-2023/CVE-2023-11xx/CVE-2023-1169.json index d88b4742811..a3980ead91d 100644 --- a/CVE-2023/CVE-2023-11xx/CVE-2023-1169.json +++ b/CVE-2023/CVE-2023-11xx/CVE-2023-1169.json @@ -2,8 +2,8 @@ "id": "CVE-2023-1169", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-09T06:15:55.873", - "lastModified": "2023-06-09T13:03:43.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-14T20:17:58.803", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,18 +66,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ooohboi_steroids_for_elementor_project:ooohboi_steroids_for_elementor:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.1.4", + "matchCriteriaId": "02A7660E-A693-494D-BEB8-B68E5DE52DAD" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/ooohboi-steroids-for-elementor/tags/2.1.3/inc/exopite-simple-options/upload-class.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2888622/ooohboi-steroids-for-elementor/tags/2.1.5/inc/exopite-simple-options/upload-class.php?old=2874981&old_path=ooohboi-steroids-for-elementor%2Ftags%2F2.1.4%2Finc%2Fexopite-simple-options%2Fupload-class.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c56ed896-9267-49e6-a207-fe5362fe18cd?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-13xx/CVE-2023-1329.json b/CVE-2023/CVE-2023-13xx/CVE-2023-1329.json new file mode 100644 index 00000000000..70a6eae6a47 --- /dev/null +++ b/CVE-2023/CVE-2023-13xx/CVE-2023-1329.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-1329", + "sourceIdentifier": "hp-security-alert@hp.com", + "published": "2023-06-14T21:15:09.340", + "lastModified": "2023-06-14T21:27:19.783", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Buffer Overflow and/or Remote Code Execution when running HP Workpath solutions on potentially affected products." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.hp.com/us-en/document/ish_8585737-8585769-16/hpsbpi03849", + "source": "hp-security-alert@hp.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-17xx/CVE-2023-1709.json b/CVE-2023/CVE-2023-17xx/CVE-2023-1709.json index 851ad4d986c..5c47727b172 100644 --- a/CVE-2023/CVE-2023-17xx/CVE-2023-1709.json +++ b/CVE-2023/CVE-2023-17xx/CVE-2023-1709.json @@ -2,12 +2,12 @@ "id": "CVE-2023-1709", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-06-07T21:15:12.933", - "lastModified": "2023-06-14T19:14:50.197", - "vulnStatus": "Analyzed", + "lastModified": "2023-06-14T21:15:09.390", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "The APDFL.dll contains a memory corruption vulnerability while parsing \nspecially crafted PDF files. This could allow an attacker to execute \ncode in the context of the current process. \n\n" + "value": "\nDatalogics Library APDFLThe v18.0.4PlusP1e and prior contains a stack-based buffer overflow due to documents containing corrupted fonts, which could allow an attack that causes an unhandled crash during the rendering process.\n\n \n\n" } ], "metrics": { @@ -37,41 +37,41 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" + "baseScore": 5.5, + "baseSeverity": "MEDIUM" }, "exploitabilityScore": 1.8, - "impactScore": 5.9 + "impactScore": 3.6 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "ics-cert@hq.dhs.gov", "type": "Primary", "description": [ { "lang": "en", - "value": "CWE-787" + "value": "CWE-121" } ] }, { - "source": "ics-cert@hq.dhs.gov", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-121" + "value": "CWE-787" } ] } @@ -145,6 +145,10 @@ "Third Party Advisory", "US Government Resource" ] + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-164-01", + "source": "ics-cert@hq.dhs.gov" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2083.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2083.json index 427f29519db..ebd5003dfe3 100644 --- a/CVE-2023/CVE-2023-20xx/CVE-2023-2083.json +++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2083.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2083", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-09T06:16:02.497", - "lastModified": "2023-06-09T13:03:33.953", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-14T21:00:43.850", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,18 +66,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpdeveloper:essential_blocks:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.0.6", + "matchCriteriaId": "4070A2EB-50FC-4519-BD3E-A09DA3059E27" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/tags/4.0.6/includes/Admin/Admin.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2900595%40essential-blocks%2Ftrunk&old=2900029%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=#file2", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f8bf0933-1c97-4374-b323-c55b91fe4d27?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2084.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2084.json index b9590d6e4a9..67a1772300d 100644 --- a/CVE-2023/CVE-2023-20xx/CVE-2023-2084.json +++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2084.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2084", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-09T06:16:02.727", - "lastModified": "2023-06-09T13:03:33.953", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-14T21:00:00.970", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,14 +66,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpdeveloper:essential_blocks:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.0.6", + "matchCriteriaId": "4070A2EB-50FC-4519-BD3E-A09DA3059E27" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/tags/4.0.6/includes/Admin/Admin.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0be8c668-0f1c-4f83-8a71-49c8bb9b67ae?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2085.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2085.json index cbeb8c493cb..7c3ee8d2c44 100644 --- a/CVE-2023/CVE-2023-20xx/CVE-2023-2085.json +++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2085.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2085", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-09T06:16:03.203", - "lastModified": "2023-06-09T13:03:33.953", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-14T20:59:30.477", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,18 +66,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpdeveloper:essential_blocks:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.0.6", + "matchCriteriaId": "4070A2EB-50FC-4519-BD3E-A09DA3059E27" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/tags/4.0.6/includes/Admin/Admin.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2900595%40essential-blocks%2Ftrunk&old=2900029%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=#file2", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ad2c1ab6-5c78-4317-b5e7-c86e2eebeb4f?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2086.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2086.json index 833a0729e24..cfcd86c1b76 100644 --- a/CVE-2023/CVE-2023-20xx/CVE-2023-2086.json +++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2086.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2086", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-09T06:16:03.550", - "lastModified": "2023-06-09T13:03:33.953", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-14T20:58:29.057", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,18 +66,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpdeveloper:essential_blocks:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.0.6", + "matchCriteriaId": "4070A2EB-50FC-4519-BD3E-A09DA3059E27" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/tags/4.0.6/includes/Admin/Admin.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2900595%40essential-blocks%2Ftrunk&old=2900029%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=#file2", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9efc782a-ec61-4741-81fd-a263a2739e16?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-253xx/CVE-2023-25368.json b/CVE-2023/CVE-2023-253xx/CVE-2023-25368.json new file mode 100644 index 00000000000..13d5f41ff53 --- /dev/null +++ b/CVE-2023/CVE-2023-253xx/CVE-2023-25368.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-25368", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-14T20:15:09.240", + "lastModified": "2023-06-14T21:27:19.783", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Incorrect Access Control. An unauthenticated attacker can overwrite firmnware." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/BretMcDanel/CVE/blob/main/CVE-2023-25368.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-253xx/CVE-2023-25369.json b/CVE-2023/CVE-2023-253xx/CVE-2023-25369.json new file mode 100644 index 00000000000..0291daba10b --- /dev/null +++ b/CVE-2023/CVE-2023-253xx/CVE-2023-25369.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-25369", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-14T20:15:09.290", + "lastModified": "2023-06-14T21:27:19.783", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Denial of Service on the user interface triggered by malformed SCPI command." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/BretMcDanel/CVE/blob/main/CVE-2023-25369.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-254xx/CVE-2023-25434.json b/CVE-2023/CVE-2023-254xx/CVE-2023-25434.json new file mode 100644 index 00000000000..2c9fdaa8fc8 --- /dev/null +++ b/CVE-2023/CVE-2023-254xx/CVE-2023-25434.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-25434", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-14T20:15:09.337", + "lastModified": "2023-06-14T21:27:19.783", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gitlab.com/libtiff/libtiff/-/issues/519", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-260xx/CVE-2023-26062.json b/CVE-2023/CVE-2023-260xx/CVE-2023-26062.json new file mode 100644 index 00000000000..9daa7b2bffc --- /dev/null +++ b/CVE-2023/CVE-2023-260xx/CVE-2023-26062.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-26062", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-14T20:15:09.383", + "lastModified": "2023-06-14T21:27:19.783", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A mobile network solution internal fault is found in Nokia Web Element Manager before 22 R1, in which an authenticated, unprivileged user can execute administrative functions. Exploitation is not possible from outside of mobile network solution architecture. This means that exploit is not possible from mobile network user UEs, from roaming networks, or from the Internet. Exploitation is possible only from a CSP (Communication Service Provider) mobile network solution internal BTS management network." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://nokia.com", + "source": "cve@mitre.org" + }, + { + "url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-26062/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-269xx/CVE-2023-26965.json b/CVE-2023/CVE-2023-269xx/CVE-2023-26965.json new file mode 100644 index 00000000000..79dbd71b4b6 --- /dev/null +++ b/CVE-2023/CVE-2023-269xx/CVE-2023-26965.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-26965", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-14T21:15:09.483", + "lastModified": "2023-06-14T21:27:19.783", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/472", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-300xx/CVE-2023-30082.json b/CVE-2023/CVE-2023-300xx/CVE-2023-30082.json new file mode 100644 index 00000000000..fe184d946e9 --- /dev/null +++ b/CVE-2023/CVE-2023-300xx/CVE-2023-30082.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-30082", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-14T20:15:09.453", + "lastModified": "2023-06-14T21:27:19.783", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A denial of service attack might be launched against the server if an unusually lengthy password (more than 10000000 characters) is supplied using the osTicket application. This can cause the website to go down or stop responding. When a long password is entered, this procedure will consume all available CPU and memory." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/manavparekh/CVEs/blob/main/CVE-2023-30082/Steps%20to%20reproduce.txt", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-301xx/CVE-2023-30150.json b/CVE-2023/CVE-2023-301xx/CVE-2023-30150.json new file mode 100644 index 00000000000..4f1ac536e75 --- /dev/null +++ b/CVE-2023/CVE-2023-301xx/CVE-2023-30150.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-30150", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-14T21:15:09.557", + "lastModified": "2023-06-14T21:27:19.783", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://friends-of-presta.github.io/security-advisories/module/2023/06/06/leocustomajax.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-317xx/CVE-2023-31746.json b/CVE-2023/CVE-2023-317xx/CVE-2023-31746.json new file mode 100644 index 00000000000..f11d15cb4b9 --- /dev/null +++ b/CVE-2023/CVE-2023-317xx/CVE-2023-31746.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-31746", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-14T21:15:09.610", + "lastModified": "2023-06-14T21:27:19.783", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "There is a command injection vulnerability in the adslr VW2100 router with firmware version M1DV1.0. An unauthenticated attacker can exploit the vulnerability to execute system commands as the root user." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/D2y6p/CVE/blob/main/adslr/CVE-2023-31746/1/VW2100_RCE1.pdf", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/D2y6p/CVE/blob/main/adslr/CVE-2023-31746/2/VW2100_RCE2.pdf", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/D2y6p/CVE/blob/main/adslr/CVE-2023-31746/3/VW2100_RCE3.pdf", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/D2y6p/CVE/blob/main/adslr/CVE-2023-31746/4/VW2100_RCE4.pdf", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33515.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33515.json new file mode 100644 index 00000000000..a745bca2447 --- /dev/null +++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33515.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33515", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-14T21:15:09.663", + "lastModified": "2023-06-14T21:27:19.783", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "SoftExpert Excellence Suite 2.1.9 is vulnerable to Cross Site Scripting (XSS) via query screens." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://medium.com/@williamamorim256/stored-xss-found-in-se-suite-version-2-1-9-understanding-and-addressing-the-issue-cve-2023-33515-d59990eac324", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33533.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33533.json index 606d238ca7b..e619698ba24 100644 --- a/CVE-2023/CVE-2023-335xx/CVE-2023-33533.json +++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33533.json @@ -2,23 +2,175 @@ "id": "CVE-2023-33533", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-06T14:15:12.817", - "lastModified": "2023-06-06T18:34:03.700", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-14T20:41:17.157", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmware Version 1.0.2.26, and R6900 with Firmware Version 1.0.2.26 are vulnerable to Command Injection. If an attacker gains web management privileges, they can inject commands into the post request parameters, gaining shell privileges." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netgear:d6220_firmware:1.0.0.80:*:*:*:*:*:*:*", + "matchCriteriaId": "32BE1127-F7D5-42BB-A401-152C70EAF960" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F3EEA190-2E9C-4586-BF81-B115532FBA23" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netgear:d8500_firmware:1.0.3.60:*:*:*:*:*:*:*", + "matchCriteriaId": "43D0A535-BDF6-45D0-A172-6315CF579670" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "814A0114-9A1D-4EA0-9AF4-6968514E4F01" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netgear:r6700_firmware:1.0.2.26:*:*:*:*:*:*:*", + "matchCriteriaId": "A1F6AE91-D067-429D-98C3-3BEDB24EB57C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netgear:r6700:-:*:*:*:*:*:*:*", + "matchCriteriaId": "21B27F11-4262-4CE1-8107-B365A7C152F2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netgear:r6900_firmware:1.0.2.26:*:*:*:*:*:*:*", + "matchCriteriaId": "D03CEC5D-BA2E-4690-A56F-CAB9125C2313" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netgear:r6900:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0794BB7C-1BCF-4F08-8EB2-9C3B150C105A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/D2y6p/CVE/blob/main/Netgear/CVE-2023-33533/Netgear_RCE.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.netgear.com/about/security/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34095.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34095.json index f1ea68ec4c6..e740a4be396 100644 --- a/CVE-2023/CVE-2023-340xx/CVE-2023-34095.json +++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34095.json @@ -2,7 +2,7 @@ "id": "CVE-2023-34095", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-14T17:15:09.243", - "lastModified": "2023-06-14T18:20:18.790", + "lastModified": "2023-06-14T21:15:09.707", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -47,6 +47,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/06/14/7", + "source": "security-advisories@github.com" + }, { "url": "https://github.com/OpenPrinting/cpdb-libs/blob/85555fba64d34f53a2fce099b0488904cc48ed35/cpdb/cpdb-frontend.c#L372", "source": "security-advisories@github.com" diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34367.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34367.json new file mode 100644 index 00000000000..7bef5f713c8 --- /dev/null +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34367.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-34367", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-14T20:15:09.510", + "lastModified": "2023-06-14T21:27:19.783", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The vulnerability exists in Windows 7 (any Windows until Windows 8) and in any implementation of TCP/IP, which is vulnerable to the Idle scan attack (including many IoT devices). NOTE: The vendor considers this a low severity issue." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://blog.pi3.com.pl/?p=850", + "source": "cve@mitre.org" + }, + { + "url": "https://portswigger.net/daily-swig/blind-tcp-ip-hijacking-is-resurrected-for-windows-7", + "source": "cve@mitre.org" + }, + { + "url": "https://pwnies.com/windows-7-blind-tcp-ip-hijacking/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-344xx/CVE-2023-34449.json b/CVE-2023/CVE-2023-344xx/CVE-2023-34449.json new file mode 100644 index 00000000000..f335e547aff --- /dev/null +++ b/CVE-2023/CVE-2023-344xx/CVE-2023-34449.json @@ -0,0 +1,75 @@ +{ + "id": "CVE-2023-34449", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-06-14T21:15:09.790", + "lastModified": "2023-06-14T21:27:19.783", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through `CallBuilder::delegate` or `ink_env::invoke_contract_delegate`, is decoded incorrectly. This bug was related to the mechanics around decoding a call's return buffer, which was changed as part of pull request 1450. Since this feature was only released in ink! 4.0.0, no previous versions are affected. Users who have an ink! 4.x series contract should upgrade to 4.2.1 to receive a patch." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-253" + }, + { + "lang": "en", + "value": "CWE-754" + } + ] + } + ], + "references": [ + { + "url": "https://docs.rs/ink_env/4.2.0/ink_env/call/struct.CallBuilder.html#method.delegate", + "source": "security-advisories@github.com" + }, + { + "url": "https://docs.rs/ink_env/4.2.0/ink_env/fn.invoke_contract_delegate.html", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/paritytech/ink/commit/f1407ee9f87e5f64d467a22d26ee88f61db7f3db", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/paritytech/ink/pull/1450", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/paritytech/ink/security/advisories/GHSA-853p-5678-hv8f", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-345xx/CVE-2023-34565.json b/CVE-2023/CVE-2023-345xx/CVE-2023-34565.json new file mode 100644 index 00000000000..f5d74d90e46 --- /dev/null +++ b/CVE-2023/CVE-2023-345xx/CVE-2023-34565.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-34565", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-14T21:15:09.867", + "lastModified": "2023-06-14T21:27:19.783", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Netbox 3.5.1 is vulnerable to Cross Site Scripting (XSS) in the \"Create Wireless LAN Groups\" function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/grayfullbuster0804/netbox/issues/1", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-345xx/CVE-2023-34585.json b/CVE-2023/CVE-2023-345xx/CVE-2023-34585.json index 4eace8a7279..9cdb402b49a 100644 --- a/CVE-2023/CVE-2023-345xx/CVE-2023-34585.json +++ b/CVE-2023/CVE-2023-345xx/CVE-2023-34585.json @@ -2,19 +2,14 @@ "id": "CVE-2023-34585", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-14T14:15:09.800", - "lastModified": "2023-06-14T15:30:53.640", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-14T20:15:09.687", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "An issue was discovered in OBS-Studio 29.1.1, plaintext storage of passwords." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ], "metrics": {}, - "references": [ - { - "url": "https://github.com/obsproject/obs-studio/issues/8966", - "source": "cve@mitre.org" - } - ] + "references": [] } \ No newline at end of file diff --git a/README.md b/README.md index 98a05a8c0ee..0a49659c6bd 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-06-14T20:00:28.659696+00:00 +2023-06-14T22:00:25.798937+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-06-14T19:58:43.870000+00:00 +2023-06-14T21:27:19.783000+00:00 ``` ### Last Data Feed Release @@ -29,50 +29,48 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -217775 +217788 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` +Recently added CVEs: `13` -* [CVE-2022-31644](CVE-2022/CVE-2022-316xx/CVE-2022-31644.json) (`2023-06-14T18:15:09.363`) -* [CVE-2022-31645](CVE-2022/CVE-2022-316xx/CVE-2022-31645.json) (`2023-06-14T18:15:09.413`) -* [CVE-2022-31646](CVE-2022/CVE-2022-316xx/CVE-2022-31646.json) (`2023-06-14T18:15:09.457`) -* [CVE-2022-4284](CVE-2022/CVE-2022-42xx/CVE-2022-4284.json) (`2023-06-14T19:15:09.187`) -* [CVE-2023-2976](CVE-2023/CVE-2023-29xx/CVE-2023-2976.json) (`2023-06-14T18:15:09.513`) -* [CVE-2023-31671](CVE-2023/CVE-2023-316xx/CVE-2023-31671.json) (`2023-06-14T18:15:09.573`) +* [CVE-2023-25368](CVE-2023/CVE-2023-253xx/CVE-2023-25368.json) (`2023-06-14T20:15:09.240`) +* [CVE-2023-25369](CVE-2023/CVE-2023-253xx/CVE-2023-25369.json) (`2023-06-14T20:15:09.290`) +* [CVE-2023-25434](CVE-2023/CVE-2023-254xx/CVE-2023-25434.json) (`2023-06-14T20:15:09.337`) +* [CVE-2023-26062](CVE-2023/CVE-2023-260xx/CVE-2023-26062.json) (`2023-06-14T20:15:09.383`) +* [CVE-2023-30082](CVE-2023/CVE-2023-300xx/CVE-2023-30082.json) (`2023-06-14T20:15:09.453`) +* [CVE-2023-34367](CVE-2023/CVE-2023-343xx/CVE-2023-34367.json) (`2023-06-14T20:15:09.510`) +* [CVE-2023-1329](CVE-2023/CVE-2023-13xx/CVE-2023-1329.json) (`2023-06-14T21:15:09.340`) +* [CVE-2023-26965](CVE-2023/CVE-2023-269xx/CVE-2023-26965.json) (`2023-06-14T21:15:09.483`) +* [CVE-2023-30150](CVE-2023/CVE-2023-301xx/CVE-2023-30150.json) (`2023-06-14T21:15:09.557`) +* [CVE-2023-31746](CVE-2023/CVE-2023-317xx/CVE-2023-31746.json) (`2023-06-14T21:15:09.610`) +* [CVE-2023-33515](CVE-2023/CVE-2023-335xx/CVE-2023-33515.json) (`2023-06-14T21:15:09.663`) +* [CVE-2023-34449](CVE-2023/CVE-2023-344xx/CVE-2023-34449.json) (`2023-06-14T21:15:09.790`) +* [CVE-2023-34565](CVE-2023/CVE-2023-345xx/CVE-2023-34565.json) (`2023-06-14T21:15:09.867`) ### CVEs modified in the last Commit -Recently modified CVEs: `40` +Recently modified CVEs: `16` -* [CVE-2023-34867](CVE-2023/CVE-2023-348xx/CVE-2023-34867.json) (`2023-06-14T18:20:18.790`) -* [CVE-2023-34868](CVE-2023/CVE-2023-348xx/CVE-2023-34868.json) (`2023-06-14T18:20:18.790`) -* [CVE-2023-0009](CVE-2023/CVE-2023-00xx/CVE-2023-0009.json) (`2023-06-14T18:20:18.790`) -* [CVE-2023-0010](CVE-2023/CVE-2023-00xx/CVE-2023-0010.json) (`2023-06-14T18:20:18.790`) -* [CVE-2023-25367](CVE-2023/CVE-2023-253xx/CVE-2023-25367.json) (`2023-06-14T18:20:18.790`) -* [CVE-2023-34095](CVE-2023/CVE-2023-340xx/CVE-2023-34095.json) (`2023-06-14T18:20:18.790`) -* [CVE-2023-3172](CVE-2023/CVE-2023-31xx/CVE-2023-3172.json) (`2023-06-14T18:21:14.247`) -* [CVE-2023-2530](CVE-2023/CVE-2023-25xx/CVE-2023-2530.json) (`2023-06-14T18:31:32.977`) -* [CVE-2023-29345](CVE-2023/CVE-2023-293xx/CVE-2023-29345.json) (`2023-06-14T18:35:45.610`) -* [CVE-2023-20887](CVE-2023/CVE-2023-208xx/CVE-2023-20887.json) (`2023-06-14T18:40:01.347`) -* [CVE-2023-3165](CVE-2023/CVE-2023-31xx/CVE-2023-3165.json) (`2023-06-14T18:57:13.767`) -* [CVE-2023-20888](CVE-2023/CVE-2023-208xx/CVE-2023-20888.json) (`2023-06-14T19:10:16.743`) -* [CVE-2023-33658](CVE-2023/CVE-2023-336xx/CVE-2023-33658.json) (`2023-06-14T19:12:15.637`) -* [CVE-2023-33443](CVE-2023/CVE-2023-334xx/CVE-2023-33443.json) (`2023-06-14T19:13:04.663`) -* [CVE-2023-1709](CVE-2023/CVE-2023-17xx/CVE-2023-1709.json) (`2023-06-14T19:14:50.197`) -* [CVE-2023-33284](CVE-2023/CVE-2023-332xx/CVE-2023-33284.json) (`2023-06-14T19:21:44.847`) -* [CVE-2023-2558](CVE-2023/CVE-2023-25xx/CVE-2023-2558.json) (`2023-06-14T19:24:54.113`) -* [CVE-2023-2555](CVE-2023/CVE-2023-25xx/CVE-2023-2555.json) (`2023-06-14T19:26:15.310`) -* [CVE-2023-2557](CVE-2023/CVE-2023-25xx/CVE-2023-2557.json) (`2023-06-14T19:26:43.670`) -* [CVE-2023-20889](CVE-2023/CVE-2023-208xx/CVE-2023-20889.json) (`2023-06-14T19:35:42.450`) -* [CVE-2023-0692](CVE-2023/CVE-2023-06xx/CVE-2023-0692.json) (`2023-06-14T19:41:44.033`) -* [CVE-2023-33863](CVE-2023/CVE-2023-338xx/CVE-2023-33863.json) (`2023-06-14T19:44:08.787`) -* [CVE-2023-33864](CVE-2023/CVE-2023-338xx/CVE-2023-33864.json) (`2023-06-14T19:48:06.770`) -* [CVE-2023-30948](CVE-2023/CVE-2023-309xx/CVE-2023-30948.json) (`2023-06-14T19:53:58.033`) -* [CVE-2023-32551](CVE-2023/CVE-2023-325xx/CVE-2023-32551.json) (`2023-06-14T19:58:43.870`) +* [CVE-2023-34585](CVE-2023/CVE-2023-345xx/CVE-2023-34585.json) (`2023-06-14T20:15:09.687`) +* [CVE-2023-0694](CVE-2023/CVE-2023-06xx/CVE-2023-0694.json) (`2023-06-14T20:16:49.710`) +* [CVE-2023-1169](CVE-2023/CVE-2023-11xx/CVE-2023-1169.json) (`2023-06-14T20:17:58.803`) +* [CVE-2023-0693](CVE-2023/CVE-2023-06xx/CVE-2023-0693.json) (`2023-06-14T20:19:12.043`) +* [CVE-2023-0691](CVE-2023/CVE-2023-06xx/CVE-2023-0691.json) (`2023-06-14T20:21:14.983`) +* [CVE-2023-0688](CVE-2023/CVE-2023-06xx/CVE-2023-0688.json) (`2023-06-14T20:25:54.320`) +* [CVE-2023-0292](CVE-2023/CVE-2023-02xx/CVE-2023-0292.json) (`2023-06-14T20:33:30.690`) +* [CVE-2023-1016](CVE-2023/CVE-2023-10xx/CVE-2023-1016.json) (`2023-06-14T20:36:18.430`) +* [CVE-2023-33533](CVE-2023/CVE-2023-335xx/CVE-2023-33533.json) (`2023-06-14T20:41:17.157`) +* [CVE-2023-0993](CVE-2023/CVE-2023-09xx/CVE-2023-0993.json) (`2023-06-14T20:44:32.200`) +* [CVE-2023-2086](CVE-2023/CVE-2023-20xx/CVE-2023-2086.json) (`2023-06-14T20:58:29.057`) +* [CVE-2023-2085](CVE-2023/CVE-2023-20xx/CVE-2023-2085.json) (`2023-06-14T20:59:30.477`) +* [CVE-2023-2084](CVE-2023/CVE-2023-20xx/CVE-2023-2084.json) (`2023-06-14T21:00:00.970`) +* [CVE-2023-2083](CVE-2023/CVE-2023-20xx/CVE-2023-2083.json) (`2023-06-14T21:00:43.850`) +* [CVE-2023-1709](CVE-2023/CVE-2023-17xx/CVE-2023-1709.json) (`2023-06-14T21:15:09.390`) +* [CVE-2023-34095](CVE-2023/CVE-2023-340xx/CVE-2023-34095.json) (`2023-06-14T21:15:09.707`) ## Download and Usage