From 5e555eff4a2dc53e8af3da40f0905cdf4a8608c5 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 28 Jun 2023 16:00:32 +0000 Subject: [PATCH] Auto-Update: 2023-06-28T16:00:29.495226+00:00 --- CVE-2020/CVE-2020-184xx/CVE-2020-18404.json | 4 +- CVE-2020/CVE-2020-184xx/CVE-2020-18409.json | 8 +- CVE-2020/CVE-2020-184xx/CVE-2020-18414.json | 4 +- CVE-2022/CVE-2022-268xx/CVE-2022-26857.json | 4 +- CVE-2022/CVE-2022-26xx/CVE-2022-2661.json | 4 +- CVE-2022/CVE-2022-26xx/CVE-2022-2675.json | 4 +- CVE-2022/CVE-2022-272xx/CVE-2022-27211.json | 6 +- CVE-2022/CVE-2022-272xx/CVE-2022-27235.json | 4 +- CVE-2022/CVE-2022-276xx/CVE-2022-27660.json | 14 +- CVE-2022/CVE-2022-278xx/CVE-2022-27835.json | 4 +- CVE-2022/CVE-2022-278xx/CVE-2022-27838.json | 4 +- CVE-2022/CVE-2022-278xx/CVE-2022-27858.json | 4 +- CVE-2022/CVE-2022-27xx/CVE-2022-2765.json | 14 +- CVE-2022/CVE-2022-27xx/CVE-2022-2788.json | 14 +- CVE-2022/CVE-2022-27xx/CVE-2022-2792.json | 4 +- CVE-2022/CVE-2022-281xx/CVE-2022-28193.json | 4 +- CVE-2022/CVE-2022-281xx/CVE-2022-28196.json | 4 +- CVE-2022/CVE-2022-283xx/CVE-2022-28331.json | 14 +- CVE-2022/CVE-2022-28xx/CVE-2022-2820.json | 4 +- CVE-2022/CVE-2022-28xx/CVE-2022-2824.json | 4 +- CVE-2022/CVE-2022-442xx/CVE-2022-44276.json | 20 ++ CVE-2022/CVE-2022-485xx/CVE-2022-48505.json | 4 +- CVE-2023/CVE-2023-09xx/CVE-2023-0969.json | 57 +++- CVE-2023/CVE-2023-12xx/CVE-2023-1295.json | 71 +++++ CVE-2023/CVE-2023-18xx/CVE-2023-1844.json | 8 +- CVE-2023/CVE-2023-200xx/CVE-2023-20006.json | 55 ++++ CVE-2023/CVE-2023-200xx/CVE-2023-20028.json | 55 ++++ CVE-2023/CVE-2023-201xx/CVE-2023-20105.json | 55 ++++ CVE-2023/CVE-2023-201xx/CVE-2023-20108.json | 55 ++++ CVE-2023/CVE-2023-201xx/CVE-2023-20116.json | 55 ++++ CVE-2023/CVE-2023-201xx/CVE-2023-20119.json | 55 ++++ CVE-2023/CVE-2023-201xx/CVE-2023-20120.json | 55 ++++ CVE-2023/CVE-2023-201xx/CVE-2023-20136.json | 55 ++++ CVE-2023/CVE-2023-201xx/CVE-2023-20178.json | 55 ++++ CVE-2023/CVE-2023-201xx/CVE-2023-20188.json | 55 ++++ CVE-2023/CVE-2023-201xx/CVE-2023-20192.json | 55 ++++ CVE-2023/CVE-2023-201xx/CVE-2023-20199.json | 55 ++++ CVE-2023/CVE-2023-242xx/CVE-2023-24261.json | 77 ++++- CVE-2023/CVE-2023-250xx/CVE-2023-25001.json | 4 +- CVE-2023/CVE-2023-250xx/CVE-2023-25002.json | 4 +- CVE-2023/CVE-2023-261xx/CVE-2023-26134.json | 4 +- CVE-2023/CVE-2023-266xx/CVE-2023-26615.json | 24 ++ CVE-2023/CVE-2023-272xx/CVE-2023-27243.json | 78 ++++- CVE-2023/CVE-2023-274xx/CVE-2023-27414.json | 47 ++- CVE-2023/CVE-2023-274xx/CVE-2023-27432.json | 47 ++- CVE-2023/CVE-2023-289xx/CVE-2023-28956.json | 79 ++++- CVE-2023/CVE-2023-297xx/CVE-2023-29711.json | 82 ++++- CVE-2023/CVE-2023-302xx/CVE-2023-30259.json | 20 ++ CVE-2023/CVE-2023-30xx/CVE-2023-3034.json | 4 +- CVE-2023/CVE-2023-31xx/CVE-2023-3110.json | 57 +++- CVE-2023/CVE-2023-324xx/CVE-2023-32449.json | 312 +++++++++++++++++++- CVE-2023/CVE-2023-326xx/CVE-2023-32623.json | 4 +- CVE-2023/CVE-2023-334xx/CVE-2023-33405.json | 65 +++- CVE-2023/CVE-2023-335xx/CVE-2023-33591.json | 68 ++++- CVE-2023/CVE-2023-338xx/CVE-2023-33842.json | 108 ++++++- CVE-2023/CVE-2023-338xx/CVE-2023-33869.json | 71 ++++- CVE-2023/CVE-2023-33xx/CVE-2023-3303.json | 56 +++- CVE-2023/CVE-2023-33xx/CVE-2023-3304.json | 68 ++++- CVE-2023/CVE-2023-33xx/CVE-2023-3325.json | 72 ++++- CVE-2023/CVE-2023-33xx/CVE-2023-3330.json | 4 +- CVE-2023/CVE-2023-33xx/CVE-2023-3331.json | 4 +- CVE-2023/CVE-2023-33xx/CVE-2023-3332.json | 4 +- CVE-2023/CVE-2023-33xx/CVE-2023-3333.json | 4 +- CVE-2023/CVE-2023-340xx/CVE-2023-34012.json | 47 ++- CVE-2023/CVE-2023-343xx/CVE-2023-34340.json | 57 +++- CVE-2023/CVE-2023-349xx/CVE-2023-34928.json | 20 ++ CVE-2023/CVE-2023-349xx/CVE-2023-34929.json | 20 ++ CVE-2023/CVE-2023-349xx/CVE-2023-34930.json | 20 ++ CVE-2023/CVE-2023-349xx/CVE-2023-34931.json | 20 ++ CVE-2023/CVE-2023-349xx/CVE-2023-34932.json | 20 ++ CVE-2023/CVE-2023-349xx/CVE-2023-34933.json | 20 ++ CVE-2023/CVE-2023-349xx/CVE-2023-34934.json | 20 ++ CVE-2023/CVE-2023-349xx/CVE-2023-34935.json | 20 ++ CVE-2023/CVE-2023-349xx/CVE-2023-34936.json | 20 ++ CVE-2023/CVE-2023-349xx/CVE-2023-34937.json | 20 ++ CVE-2023/CVE-2023-34xx/CVE-2023-3407.json | 8 +- CVE-2023/CVE-2023-34xx/CVE-2023-3427.json | 4 +- CVE-2023/CVE-2023-34xx/CVE-2023-3436.json | 4 +- CVE-2023/CVE-2023-34xx/CVE-2023-3445.json | 59 ++++ CVE-2023/CVE-2023-364xx/CVE-2023-36464.json | 4 +- CVE-2023/CVE-2023-364xx/CVE-2023-36467.json | 67 +++++ CVE-2023/CVE-2023-366xx/CVE-2023-36630.json | 6 +- README.md | 61 +++- 83 files changed, 2679 insertions(+), 151 deletions(-) create mode 100644 CVE-2022/CVE-2022-442xx/CVE-2022-44276.json create mode 100644 CVE-2023/CVE-2023-12xx/CVE-2023-1295.json create mode 100644 CVE-2023/CVE-2023-200xx/CVE-2023-20006.json create mode 100644 CVE-2023/CVE-2023-200xx/CVE-2023-20028.json create mode 100644 CVE-2023/CVE-2023-201xx/CVE-2023-20105.json create mode 100644 CVE-2023/CVE-2023-201xx/CVE-2023-20108.json create mode 100644 CVE-2023/CVE-2023-201xx/CVE-2023-20116.json create mode 100644 CVE-2023/CVE-2023-201xx/CVE-2023-20119.json create mode 100644 CVE-2023/CVE-2023-201xx/CVE-2023-20120.json create mode 100644 CVE-2023/CVE-2023-201xx/CVE-2023-20136.json create mode 100644 CVE-2023/CVE-2023-201xx/CVE-2023-20178.json create mode 100644 CVE-2023/CVE-2023-201xx/CVE-2023-20188.json create mode 100644 CVE-2023/CVE-2023-201xx/CVE-2023-20192.json create mode 100644 CVE-2023/CVE-2023-201xx/CVE-2023-20199.json create mode 100644 CVE-2023/CVE-2023-266xx/CVE-2023-26615.json create mode 100644 CVE-2023/CVE-2023-302xx/CVE-2023-30259.json create mode 100644 CVE-2023/CVE-2023-349xx/CVE-2023-34928.json create mode 100644 CVE-2023/CVE-2023-349xx/CVE-2023-34929.json create mode 100644 CVE-2023/CVE-2023-349xx/CVE-2023-34930.json create mode 100644 CVE-2023/CVE-2023-349xx/CVE-2023-34931.json create mode 100644 CVE-2023/CVE-2023-349xx/CVE-2023-34932.json create mode 100644 CVE-2023/CVE-2023-349xx/CVE-2023-34933.json create mode 100644 CVE-2023/CVE-2023-349xx/CVE-2023-34934.json create mode 100644 CVE-2023/CVE-2023-349xx/CVE-2023-34935.json create mode 100644 CVE-2023/CVE-2023-349xx/CVE-2023-34936.json create mode 100644 CVE-2023/CVE-2023-349xx/CVE-2023-34937.json create mode 100644 CVE-2023/CVE-2023-34xx/CVE-2023-3445.json create mode 100644 CVE-2023/CVE-2023-364xx/CVE-2023-36467.json diff --git a/CVE-2020/CVE-2020-184xx/CVE-2020-18404.json b/CVE-2020/CVE-2020-184xx/CVE-2020-18404.json index 4cbee04dedc..fc2ca81093f 100644 --- a/CVE-2020/CVE-2020-184xx/CVE-2020-18404.json +++ b/CVE-2020/CVE-2020-184xx/CVE-2020-18404.json @@ -2,8 +2,8 @@ "id": "CVE-2020-18404", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-27T21:15:15.650", - "lastModified": "2023-06-27T21:15:15.650", - "vulnStatus": "Received", + "lastModified": "2023-06-28T12:34:43.903", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2020/CVE-2020-184xx/CVE-2020-18409.json b/CVE-2020/CVE-2020-184xx/CVE-2020-18409.json index 536202608e0..b31031a6554 100644 --- a/CVE-2020/CVE-2020-184xx/CVE-2020-18409.json +++ b/CVE-2020/CVE-2020-184xx/CVE-2020-18409.json @@ -2,12 +2,16 @@ "id": "CVE-2020-18409", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-27T21:15:15.717", - "lastModified": "2023-06-27T21:15:15.717", - "vulnStatus": "Received", + "lastModified": "2023-06-28T12:34:43.903", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross Site Request Forgery (CSRF) vulnerability was discovered in CatfishCMS 4.8.63 that would allow attackers to obtain administrator permissions via /index.php/admin/index/modifymanage.html." + }, + { + "lang": "es", + "value": "Se ha descubierto una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) en CatfishCMS v4.8.63 que permite a los atacantes obtener permisos de administrador a trav\u00e9s de \"/index.php/admin/index/modifymanage.html\"." } ], "metrics": {}, diff --git a/CVE-2020/CVE-2020-184xx/CVE-2020-18414.json b/CVE-2020/CVE-2020-184xx/CVE-2020-18414.json index 9dc4bdce4c7..7ec7a8b426d 100644 --- a/CVE-2020/CVE-2020-184xx/CVE-2020-18414.json +++ b/CVE-2020/CVE-2020-184xx/CVE-2020-18414.json @@ -2,8 +2,8 @@ "id": "CVE-2020-18414", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-27T21:15:15.763", - "lastModified": "2023-06-27T21:15:15.763", - "vulnStatus": "Received", + "lastModified": "2023-06-28T12:34:43.903", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-268xx/CVE-2022-26857.json b/CVE-2022/CVE-2022-268xx/CVE-2022-26857.json index 373c944e733..f0dad421322 100644 --- a/CVE-2022/CVE-2022-268xx/CVE-2022-26857.json +++ b/CVE-2022/CVE-2022-268xx/CVE-2022-26857.json @@ -2,7 +2,7 @@ "id": "CVE-2022-26857", "sourceIdentifier": "security_alert@emc.com", "published": "2022-05-26T16:15:08.187", - "lastModified": "2022-06-07T19:14:20.900", + "lastModified": "2023-06-28T13:59:21.027", "vulnStatus": "Analyzed", "descriptions": [ { @@ -90,7 +90,7 @@ "description": [ { "lang": "en", - "value": "CWE-863" + "value": "NVD-CWE-Other" } ] }, diff --git a/CVE-2022/CVE-2022-26xx/CVE-2022-2661.json b/CVE-2022/CVE-2022-26xx/CVE-2022-2661.json index d2f8b5e577e..7f5670cb1f1 100644 --- a/CVE-2022/CVE-2022-26xx/CVE-2022-2661.json +++ b/CVE-2022/CVE-2022-26xx/CVE-2022-2661.json @@ -2,7 +2,7 @@ "id": "CVE-2022-2661", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2022-08-16T21:15:09.717", - "lastModified": "2022-08-17T15:23:58.357", + "lastModified": "2023-06-28T14:20:38.200", "vulnStatus": "Analyzed", "descriptions": [ { @@ -65,7 +65,7 @@ "description": [ { "lang": "en", - "value": "CWE-863" + "value": "NVD-CWE-Other" } ] }, diff --git a/CVE-2022/CVE-2022-26xx/CVE-2022-2675.json b/CVE-2022/CVE-2022-26xx/CVE-2022-2675.json index cd2062dcc1c..429c0f05449 100644 --- a/CVE-2022/CVE-2022-26xx/CVE-2022-2675.json +++ b/CVE-2022/CVE-2022-26xx/CVE-2022-2675.json @@ -2,7 +2,7 @@ "id": "CVE-2022-2675", "sourceIdentifier": "cve@rapid7.con", "published": "2022-08-05T17:15:08.857", - "lastModified": "2022-08-11T15:28:56.363", + "lastModified": "2023-06-28T13:58:54.710", "vulnStatus": "Analyzed", "descriptions": [ { @@ -45,7 +45,7 @@ "description": [ { "lang": "en", - "value": "CWE-287" + "value": "NVD-CWE-Other" } ] }, diff --git a/CVE-2022/CVE-2022-272xx/CVE-2022-27211.json b/CVE-2022/CVE-2022-272xx/CVE-2022-27211.json index e147c1b5724..eb3d7bd389d 100644 --- a/CVE-2022/CVE-2022-272xx/CVE-2022-27211.json +++ b/CVE-2022/CVE-2022-272xx/CVE-2022-27211.json @@ -2,7 +2,7 @@ "id": "CVE-2022-27211", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-03-15T17:15:11.947", - "lastModified": "2022-03-24T20:30:44.143", + "lastModified": "2023-06-28T13:44:06.287", "vulnStatus": "Analyzed", "descriptions": [ { @@ -71,6 +71,10 @@ { "lang": "en", "value": "CWE-862" + }, + { + "lang": "en", + "value": "CWE-863" } ] }, diff --git a/CVE-2022/CVE-2022-272xx/CVE-2022-27235.json b/CVE-2022/CVE-2022-272xx/CVE-2022-27235.json index 466cb672212..cb2447263ee 100644 --- a/CVE-2022/CVE-2022-272xx/CVE-2022-27235.json +++ b/CVE-2022/CVE-2022-272xx/CVE-2022-27235.json @@ -2,7 +2,7 @@ "id": "CVE-2022-27235", "sourceIdentifier": "audit@patchstack.com", "published": "2022-07-22T17:15:08.603", - "lastModified": "2022-07-26T14:49:41.873", + "lastModified": "2023-06-28T13:59:03.167", "vulnStatus": "Analyzed", "descriptions": [ { @@ -65,7 +65,7 @@ "description": [ { "lang": "en", - "value": "NVD-CWE-noinfo" + "value": "NVD-CWE-Other" } ] }, diff --git a/CVE-2022/CVE-2022-276xx/CVE-2022-27660.json b/CVE-2022/CVE-2022-276xx/CVE-2022-27660.json index b7da31f85d3..a8d1c28e514 100644 --- a/CVE-2022/CVE-2022-276xx/CVE-2022-27660.json +++ b/CVE-2022/CVE-2022-276xx/CVE-2022-27660.json @@ -2,7 +2,7 @@ "id": "CVE-2022-27660", "sourceIdentifier": "talos-cna@cisco.com", "published": "2022-08-05T22:15:11.483", - "lastModified": "2022-08-09T19:30:01.567", + "lastModified": "2023-06-28T13:59:57.707", "vulnStatus": "Analyzed", "descriptions": [ { @@ -62,8 +62,18 @@ }, "weaknesses": [ { - "source": "talos-cna@cisco.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, + { + "source": "talos-cna@cisco.com", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-278xx/CVE-2022-27835.json b/CVE-2022/CVE-2022-278xx/CVE-2022-27835.json index c42bae9440c..16929265357 100644 --- a/CVE-2022/CVE-2022-278xx/CVE-2022-27835.json +++ b/CVE-2022/CVE-2022-278xx/CVE-2022-27835.json @@ -2,7 +2,7 @@ "id": "CVE-2022-27835", "sourceIdentifier": "mobile.security@samsung.com", "published": "2022-04-11T20:15:22.873", - "lastModified": "2022-04-18T18:02:26.813", + "lastModified": "2023-06-28T13:50:31.433", "vulnStatus": "Analyzed", "descriptions": [ { @@ -90,7 +90,7 @@ "description": [ { "lang": "en", - "value": "CWE-119" + "value": "CWE-787" } ] }, diff --git a/CVE-2022/CVE-2022-278xx/CVE-2022-27838.json b/CVE-2022/CVE-2022-278xx/CVE-2022-27838.json index 998f4e390b1..d5b97883d41 100644 --- a/CVE-2022/CVE-2022-278xx/CVE-2022-27838.json +++ b/CVE-2022/CVE-2022-278xx/CVE-2022-27838.json @@ -2,7 +2,7 @@ "id": "CVE-2022-27838", "sourceIdentifier": "mobile.security@samsung.com", "published": "2022-04-11T20:15:23.047", - "lastModified": "2022-04-19T15:14:39.430", + "lastModified": "2023-06-28T13:50:49.037", "vulnStatus": "Analyzed", "descriptions": [ { @@ -90,7 +90,7 @@ "description": [ { "lang": "en", - "value": "CWE-863" + "value": "NVD-CWE-Other" } ] }, diff --git a/CVE-2022/CVE-2022-278xx/CVE-2022-27858.json b/CVE-2022/CVE-2022-278xx/CVE-2022-27858.json index d713879f0a5..70ef885c5cd 100644 --- a/CVE-2022/CVE-2022-278xx/CVE-2022-27858.json +++ b/CVE-2022/CVE-2022-278xx/CVE-2022-27858.json @@ -2,7 +2,7 @@ "id": "CVE-2022-27858", "sourceIdentifier": "audit@patchstack.com", "published": "2022-11-08T19:15:11.103", - "lastModified": "2022-11-09T14:04:11.783", + "lastModified": "2023-06-28T14:28:21.057", "vulnStatus": "Analyzed", "descriptions": [ { @@ -61,7 +61,7 @@ "description": [ { "lang": "en", - "value": "CWE-74" + "value": "CWE-1236" } ] }, diff --git a/CVE-2022/CVE-2022-27xx/CVE-2022-2765.json b/CVE-2022/CVE-2022-27xx/CVE-2022-2765.json index b3e3e9722a5..eee3b8540c6 100644 --- a/CVE-2022/CVE-2022-27xx/CVE-2022-2765.json +++ b/CVE-2022/CVE-2022-27xx/CVE-2022-2765.json @@ -2,7 +2,7 @@ "id": "CVE-2022-2765", "sourceIdentifier": "cna@vuldb.com", "published": "2022-08-11T10:15:08.253", - "lastModified": "2022-08-15T15:48:34.603", + "lastModified": "2023-06-28T14:12:37.700", "vulnStatus": "Analyzed", "descriptions": [ { @@ -60,8 +60,18 @@ }, "weaknesses": [ { - "source": "cna@vuldb.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-27xx/CVE-2022-2788.json b/CVE-2022/CVE-2022-27xx/CVE-2022-2788.json index d36ee3725bb..b26481233ba 100644 --- a/CVE-2022/CVE-2022-27xx/CVE-2022-2788.json +++ b/CVE-2022/CVE-2022-27xx/CVE-2022-2788.json @@ -2,7 +2,7 @@ "id": "CVE-2022-2788", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2022-08-19T21:15:08.403", - "lastModified": "2022-08-24T11:54:39.530", + "lastModified": "2023-06-28T14:25:03.167", "vulnStatus": "Analyzed", "descriptions": [ { @@ -60,8 +60,18 @@ }, "weaknesses": [ { - "source": "ics-cert@hq.dhs.gov", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-27xx/CVE-2022-2792.json b/CVE-2022/CVE-2022-27xx/CVE-2022-2792.json index 687e6decfde..45d161f8e4b 100644 --- a/CVE-2022/CVE-2022-27xx/CVE-2022-2792.json +++ b/CVE-2022/CVE-2022-27xx/CVE-2022-2792.json @@ -2,7 +2,7 @@ "id": "CVE-2022-2792", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2022-08-19T23:15:09.347", - "lastModified": "2022-08-24T18:40:37.517", + "lastModified": "2023-06-28T14:26:21.097", "vulnStatus": "Analyzed", "descriptions": [ { @@ -65,7 +65,7 @@ "description": [ { "lang": "en", - "value": "CWE-668" + "value": "NVD-CWE-Other" } ] }, diff --git a/CVE-2022/CVE-2022-281xx/CVE-2022-28193.json b/CVE-2022/CVE-2022-281xx/CVE-2022-28193.json index 65ccb330a30..819e48e1fe5 100644 --- a/CVE-2022/CVE-2022-281xx/CVE-2022-28193.json +++ b/CVE-2022/CVE-2022-281xx/CVE-2022-28193.json @@ -2,7 +2,7 @@ "id": "CVE-2022-28193", "sourceIdentifier": "psirt@nvidia.com", "published": "2022-04-27T18:15:07.917", - "lastModified": "2022-10-14T02:35:57.953", + "lastModified": "2023-06-28T13:51:13.563", "vulnStatus": "Analyzed", "descriptions": [ { @@ -90,7 +90,7 @@ "description": [ { "lang": "en", - "value": "CWE-20" + "value": "CWE-787" } ] }, diff --git a/CVE-2022/CVE-2022-281xx/CVE-2022-28196.json b/CVE-2022/CVE-2022-281xx/CVE-2022-28196.json index 0f6f1a33d59..66a246cdf86 100644 --- a/CVE-2022/CVE-2022-281xx/CVE-2022-28196.json +++ b/CVE-2022/CVE-2022-281xx/CVE-2022-28196.json @@ -2,7 +2,7 @@ "id": "CVE-2022-28196", "sourceIdentifier": "psirt@nvidia.com", "published": "2022-04-27T18:15:08.097", - "lastModified": "2022-07-14T15:20:46.600", + "lastModified": "2023-06-28T13:59:39.710", "vulnStatus": "Analyzed", "descriptions": [ { @@ -90,7 +90,7 @@ "description": [ { "lang": "en", - "value": "CWE-20" + "value": "CWE-787" } ] }, diff --git a/CVE-2022/CVE-2022-283xx/CVE-2022-28331.json b/CVE-2022/CVE-2022-283xx/CVE-2022-28331.json index ae3ae608d4b..c53e0dd5d54 100644 --- a/CVE-2022/CVE-2022-283xx/CVE-2022-28331.json +++ b/CVE-2022/CVE-2022-283xx/CVE-2022-28331.json @@ -2,7 +2,7 @@ "id": "CVE-2022-28331", "sourceIdentifier": "security@apache.org", "published": "2023-01-31T16:15:08.977", - "lastModified": "2023-02-08T18:48:12.623", + "lastModified": "2023-06-28T14:28:29.000", "vulnStatus": "Analyzed", "descriptions": [ { @@ -36,8 +36,18 @@ }, "weaknesses": [ { - "source": "security@apache.org", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + }, + { + "source": "security@apache.org", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-28xx/CVE-2022-2820.json b/CVE-2022/CVE-2022-28xx/CVE-2022-2820.json index 311654b8904..233f68e5ba8 100644 --- a/CVE-2022/CVE-2022-28xx/CVE-2022-2820.json +++ b/CVE-2022/CVE-2022-28xx/CVE-2022-2820.json @@ -2,7 +2,7 @@ "id": "CVE-2022-2820", "sourceIdentifier": "security@huntr.dev", "published": "2022-08-15T11:21:31.687", - "lastModified": "2022-08-16T16:27:07.747", + "lastModified": "2023-06-28T14:13:45.360", "vulnStatus": "Analyzed", "descriptions": [ { @@ -67,7 +67,7 @@ "description": [ { "lang": "en", - "value": "CWE-613" + "value": "CWE-384" } ] }, diff --git a/CVE-2022/CVE-2022-28xx/CVE-2022-2824.json b/CVE-2022/CVE-2022-28xx/CVE-2022-2824.json index 530c18a6fcd..55545f30b7d 100644 --- a/CVE-2022/CVE-2022-28xx/CVE-2022-2824.json +++ b/CVE-2022/CVE-2022-28xx/CVE-2022-2824.json @@ -2,7 +2,7 @@ "id": "CVE-2022-2824", "sourceIdentifier": "security@huntr.dev", "published": "2022-08-15T16:15:07.903", - "lastModified": "2022-08-16T19:08:07.167", + "lastModified": "2023-06-28T14:15:11.573", "vulnStatus": "Analyzed", "descriptions": [ { @@ -67,7 +67,7 @@ "description": [ { "lang": "en", - "value": "NVD-CWE-Other" + "value": "CWE-639" } ] }, diff --git a/CVE-2022/CVE-2022-442xx/CVE-2022-44276.json b/CVE-2022/CVE-2022-442xx/CVE-2022-44276.json new file mode 100644 index 00000000000..270dd7a30b7 --- /dev/null +++ b/CVE-2022/CVE-2022-442xx/CVE-2022-44276.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-44276", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-28T15:15:09.323", + "lastModified": "2023-06-28T15:25:19.233", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In Responsive Filemanager < 9.12.0, an attacker can bypass upload restrictions resulting in RCE." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/HerrLeStrate/CVE-2022-44276-PoC", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48505.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48505.json index 61a39cbeeb2..d1bebcdb4e4 100644 --- a/CVE-2022/CVE-2022-485xx/CVE-2022-48505.json +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48505.json @@ -2,8 +2,8 @@ "id": "CVE-2022-48505", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-28T02:15:49.447", - "lastModified": "2023-06-28T02:15:49.447", - "vulnStatus": "Received", + "lastModified": "2023-06-28T12:34:43.903", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-09xx/CVE-2023-0969.json b/CVE-2023/CVE-2023-09xx/CVE-2023-0969.json index 7d5f0c30485..61f2db40e0d 100644 --- a/CVE-2023/CVE-2023-09xx/CVE-2023-0969.json +++ b/CVE-2023/CVE-2023-09xx/CVE-2023-0969.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0969", "sourceIdentifier": "product-security@silabs.com", "published": "2023-06-21T20:15:09.660", - "lastModified": "2023-06-22T12:51:30.407", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T14:59:30.573", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + }, { "source": "product-security@silabs.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + }, { "source": "product-security@silabs.com", "type": "Secondary", @@ -50,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:silabs:z\\/ip_gateway_sdk:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.18.01", + "matchCriteriaId": "6F96CB0A-344E-4061-808B-79DBA47375A3" + } + ] + } + ] + } + ], "references": [ { "url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000V6HZzQAN?operationContext=S1", - "source": "product-security@silabs.com" + "source": "product-security@silabs.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-12xx/CVE-2023-1295.json b/CVE-2023/CVE-2023-12xx/CVE-2023-1295.json new file mode 100644 index 00000000000..4613aa9ef6a --- /dev/null +++ b/CVE-2023/CVE-2023-12xx/CVE-2023-1295.json @@ -0,0 +1,71 @@ +{ + "id": "CVE-2023-1295", + "sourceIdentifier": "cve-coordination@google.com", + "published": "2023-06-28T12:15:09.340", + "lastModified": "2023-06-28T12:34:43.903", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A time-of-check to time-of-use issue exists in io_uring subsystem's IORING_OP_CLOSE operation in the Linux kernel's versions 5.6 - 5.11 (inclusive), which allows a local user to elevate their privileges to root. Introduced in b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb, patched in 9eac1904d3364254d622bf2c771c4f85cd435fc2, backported to stable in 788d0824269bef539fe31a785b1517882eafed93." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-367" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=788d0824269bef539fe31a785b1517882eafed93", + "source": "cve-coordination@google.com" + }, + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9eac1904d3364254d622bf2c771c4f85cd435fc2", + "source": "cve-coordination@google.com" + }, + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb", + "source": "cve-coordination@google.com" + }, + { + "url": "https://kernel.dance/788d0824269bef539fe31a785b1517882eafed93", + "source": "cve-coordination@google.com" + }, + { + "url": "https://kernel.dance/9eac1904d3364254d622bf2c771c4f85cd435fc2", + "source": "cve-coordination@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1844.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1844.json index d18a612fbab..d7519276508 100644 --- a/CVE-2023/CVE-2023-18xx/CVE-2023-1844.json +++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1844.json @@ -2,12 +2,16 @@ "id": "CVE-2023-1844", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-28T03:15:09.140", - "lastModified": "2023-06-28T03:15:09.140", - "vulnStatus": "Received", + "lastModified": "2023-06-28T12:34:43.903", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Subscribe2 plugin for WordPress is vulnerable to unauthorized access to email functionality due to a missing capability check when sending test emails in versions up to, and including, 10.40. This makes it possible for author-level attackers to send emails with arbitrary content and attachments to site users." + }, + { + "lang": "es", + "value": "El plugin Subscribe2 para WordPress es vulnerable al acceso no autorizado a la funcionalidad de correo electr\u00f3nico debido a la falta de una comprobaci\u00f3n de capacidad al enviar correos electr\u00f3nicos de prueba en versiones hasta la 10.40 inclusive. Esto se hace posible que los atacantes a nivel de autor env\u00eden correos electr\u00f3nicos con contenido arbitrario y archivos adjuntos a los usuarios del sitio. " } ], "metrics": { diff --git a/CVE-2023/CVE-2023-200xx/CVE-2023-20006.json b/CVE-2023/CVE-2023-200xx/CVE-2023-20006.json new file mode 100644 index 00000000000..c1e3b874860 --- /dev/null +++ b/CVE-2023/CVE-2023-200xx/CVE-2023-20006.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-20006", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2023-06-28T15:15:09.387", + "lastModified": "2023-06-28T15:25:19.233", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to an implementation error within the cryptographic functions for SSL/TLS traffic processing when they are offloaded to the hardware. An attacker could exploit this vulnerability by sending a crafted stream of SSL/TLS traffic to an affected device. A successful exploit could allow the attacker to cause an unexpected error in the hardware-based cryptography engine, which could cause the device to reload." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-681" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ssl-dos-uu7mV5p6", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-200xx/CVE-2023-20028.json b/CVE-2023/CVE-2023-200xx/CVE-2023-20028.json new file mode 100644 index 00000000000..bf0f85a6be5 --- /dev/null +++ b/CVE-2023/CVE-2023-200xx/CVE-2023-20028.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-20028", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2023-06-28T15:15:09.457", + "lastModified": "2023-06-28T15:25:19.233", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-cP9DuEmq", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-201xx/CVE-2023-20105.json b/CVE-2023/CVE-2023-201xx/CVE-2023-20105.json new file mode 100644 index 00000000000..e50a80a5e9c --- /dev/null +++ b/CVE-2023/CVE-2023-201xx/CVE-2023-20105.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-20105", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2023-06-28T15:15:09.517", + "lastModified": "2023-06-28T15:25:19.233", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write credentials on an affected system. Note: \"Cisco Expressway Series\" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details section of this advisory." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-priv-esc-Ls2B9t7b", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-201xx/CVE-2023-20108.json b/CVE-2023/CVE-2023-201xx/CVE-2023-20108.json new file mode 100644 index 00000000000..f978d8b0f9f --- /dev/null +++ b/CVE-2023/CVE-2023-201xx/CVE-2023-20108.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-20108", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2023-06-28T15:15:09.577", + "lastModified": "2023-06-28T15:25:19.233", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM&P users who are attempting to authenticate to the service, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted login message to the affected device. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing new users from successfully authenticating. Exploitation of this vulnerability does not impact Cisco Unified CM IM&P users who were authenticated prior to an attack." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-789" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-dos-49GL7rzT", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-201xx/CVE-2023-20116.json b/CVE-2023/CVE-2023-201xx/CVE-2023-20116.json new file mode 100644 index 00000000000..156df8f190e --- /dev/null +++ b/CVE-2023/CVE-2023-201xx/CVE-2023-20116.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-20116", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2023-06-28T15:15:09.640", + "lastModified": "2023-06-28T15:25:19.233", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of user-supplied input to the web UI of the Self Care Portal. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-835" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-dos-4Ag3yWbD", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-201xx/CVE-2023-20119.json b/CVE-2023/CVE-2023-201xx/CVE-2023-20119.json new file mode 100644 index 00000000000..bc1533125d4 --- /dev/null +++ b/CVE-2023/CVE-2023-201xx/CVE-2023-20119.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-20119", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2023-06-28T15:15:09.700", + "lastModified": "2023-06-28T15:25:19.233", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-cP9DuEmq", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-201xx/CVE-2023-20120.json b/CVE-2023/CVE-2023-201xx/CVE-2023-20120.json new file mode 100644 index 00000000000..dc53202142d --- /dev/null +++ b/CVE-2023/CVE-2023-201xx/CVE-2023-20120.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-20120", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2023-06-28T15:15:09.760", + "lastModified": "2023-06-28T15:25:19.233", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-cP9DuEmq", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-201xx/CVE-2023-20136.json b/CVE-2023/CVE-2023-201xx/CVE-2023-20136.json new file mode 100644 index 00000000000..f438a9e49be --- /dev/null +++ b/CVE-2023/CVE-2023-201xx/CVE-2023-20136.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-20136", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2023-06-28T15:15:09.820", + "lastModified": "2023-06-28T15:25:19.233", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. The attacker would need valid user credentials. This vulnerability is due to improper role-based access control (RBAC) of certain OpenAPI operations. An attacker could exploit this vulnerability by issuing a crafted OpenAPI function call with valid credentials. A successful exploit could allow the attacker to execute OpenAPI operations that are reserved for the Administrator user, including the creation and deletion of user labels." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-648" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-auth-openapi-kTndjdNX", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-201xx/CVE-2023-20178.json b/CVE-2023/CVE-2023-201xx/CVE-2023-20178.json new file mode 100644 index 00000000000..dc1f8205efc --- /dev/null +++ b/CVE-2023/CVE-2023-201xx/CVE-2023-20178.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-20178", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2023-06-28T15:15:09.880", + "lastModified": "2023-06-28T15:25:19.233", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-201xx/CVE-2023-20188.json b/CVE-2023/CVE-2023-201xx/CVE-2023-20188.json new file mode 100644 index 00000000000..b8d366c5177 --- /dev/null +++ b/CVE-2023/CVE-2023-201xx/CVE-2023-20188.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-20188", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2023-06-28T15:15:09.943", + "lastModified": "2023-06-28T15:25:19.233", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have valid credentials to access the web-based management interface of the affected device. Cisco has not released software updates to address this vulnerability." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-87" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-sxss-OPYJZUmE", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-201xx/CVE-2023-20192.json b/CVE-2023/CVE-2023-201xx/CVE-2023-20192.json new file mode 100644 index 00000000000..52b27990ba6 --- /dev/null +++ b/CVE-2023/CVE-2023-201xx/CVE-2023-20192.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-20192", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2023-06-28T15:15:10.007", + "lastModified": "2023-06-28T15:25:19.233", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write credentials on an affected system. Note: \"Cisco Expressway Series\" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details section of this advisory." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-priv-esc-Ls2B9t7b", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-201xx/CVE-2023-20199.json b/CVE-2023/CVE-2023-201xx/CVE-2023-20199.json new file mode 100644 index 00000000000..20781adee48 --- /dev/null +++ b/CVE-2023/CVE-2023-201xx/CVE-2023-20199.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-20199", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2023-06-28T15:15:10.070", + "lastModified": "2023-06-28T15:25:19.233", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated, physical attacker to bypass secondary authentication and access an affected macOS device. This vulnerability is due to the incorrect handling of responses from Cisco Duo when the application is configured to fail open. An attacker with primary user credentials could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the affected device without valid permission." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.3, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-mac-bypass-OyZpVPnx", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-242xx/CVE-2023-24261.json b/CVE-2023/CVE-2023-242xx/CVE-2023-24261.json index 93afc7a4806..161bb1a4163 100644 --- a/CVE-2023/CVE-2023-242xx/CVE-2023-24261.json +++ b/CVE-2023/CVE-2023-242xx/CVE-2023-24261.json @@ -2,19 +2,88 @@ "id": "CVE-2023-24261", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-21T21:15:10.867", - "lastModified": "2023-06-22T12:51:30.407", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T15:57:40.363", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:gl-inet:gl-e750_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.216", + "matchCriteriaId": "1435C66B-38C7-4ECC-993D-F4EDD2853898" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:gl-inet:gl-e750:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B5C88C24-42C5-4512-83B5-F7DED1D70E86" + } + ] + } + ] + } + ], "references": [ { "url": "https://justinapplegate.me/2023/glinet-CVE-2023-24261/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-250xx/CVE-2023-25001.json b/CVE-2023/CVE-2023-250xx/CVE-2023-25001.json index b860d915a71..d49b0697ed6 100644 --- a/CVE-2023/CVE-2023-250xx/CVE-2023-25001.json +++ b/CVE-2023/CVE-2023-250xx/CVE-2023-25001.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25001", "sourceIdentifier": "psirt@autodesk.com", "published": "2023-06-27T23:15:09.537", - "lastModified": "2023-06-27T23:15:09.537", - "vulnStatus": "Received", + "lastModified": "2023-06-28T12:34:43.903", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-250xx/CVE-2023-25002.json b/CVE-2023/CVE-2023-250xx/CVE-2023-25002.json index 2b986b5f537..a1f83116383 100644 --- a/CVE-2023/CVE-2023-250xx/CVE-2023-25002.json +++ b/CVE-2023/CVE-2023-250xx/CVE-2023-25002.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25002", "sourceIdentifier": "psirt@autodesk.com", "published": "2023-06-27T23:15:09.590", - "lastModified": "2023-06-27T23:15:09.590", - "vulnStatus": "Received", + "lastModified": "2023-06-28T12:34:43.903", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-261xx/CVE-2023-26134.json b/CVE-2023/CVE-2023-261xx/CVE-2023-26134.json index 17a8d1bbe0e..d02ac611799 100644 --- a/CVE-2023/CVE-2023-261xx/CVE-2023-26134.json +++ b/CVE-2023/CVE-2023-261xx/CVE-2023-26134.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26134", "sourceIdentifier": "report@snyk.io", "published": "2023-06-28T05:15:10.467", - "lastModified": "2023-06-28T05:15:10.467", - "vulnStatus": "Received", + "lastModified": "2023-06-28T12:34:43.903", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-266xx/CVE-2023-26615.json b/CVE-2023/CVE-2023-266xx/CVE-2023-26615.json new file mode 100644 index 00000000000..71569c2cbfc --- /dev/null +++ b/CVE-2023/CVE-2023-266xx/CVE-2023-26615.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-26615", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-28T15:15:10.137", + "lastModified": "2023-06-28T15:25:19.233", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates from the SetMultipleActions API, allowing unauthorized attackers to reset the WEB page management password." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/726232111/VulIoT/tree/main/D-Link/DIR823G%20V1.0.2B05/HNAP1", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/726232111/VulIoT/tree/main/D-Link/DIR823G%20V1.0.2B05/HNAP1/SetMultipleActions", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-272xx/CVE-2023-27243.json b/CVE-2023/CVE-2023-272xx/CVE-2023-27243.json index 40e9599e635..dfdfa0b074d 100644 --- a/CVE-2023/CVE-2023-272xx/CVE-2023-27243.json +++ b/CVE-2023/CVE-2023-272xx/CVE-2023-27243.json @@ -2,27 +2,93 @@ "id": "CVE-2023-27243", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-21T16:15:11.347", - "lastModified": "2023-06-21T18:57:48.280", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T13:50:19.303", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:makves:dcap:3.0.0.122:*:*:*:*:*:*:*", + "matchCriteriaId": "B00FDE30-C048-4F56-BF8B-3EE89E901D6B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:makves:dcap:3.0.0.183:*:*:*:*:*:*:*", + "matchCriteriaId": "4F28C15F-9375-4567-95B8-02D75FCB2EC6" + } + ] + } + ] + } + ], "references": [ { "url": "http://dcap.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] }, { "url": "http://makves.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] }, { "url": "https://pastebin.com/L5BkBeEE", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-274xx/CVE-2023-27414.json b/CVE-2023/CVE-2023-274xx/CVE-2023-27414.json index 09ea73dd55f..680777c2036 100644 --- a/CVE-2023/CVE-2023-274xx/CVE-2023-27414.json +++ b/CVE-2023/CVE-2023-274xx/CVE-2023-27414.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27414", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-21T14:15:09.603", - "lastModified": "2023-06-21T15:14:56.427", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T14:30:54.427", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ays-pro:popup_box:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.4.5", + "matchCriteriaId": "9F749839-8038-478F-A1B1-FDA4B80DF54F" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/ays-popup-box/wordpress-popup-box-plugin-3-4-4-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-274xx/CVE-2023-27432.json b/CVE-2023/CVE-2023-274xx/CVE-2023-27432.json index 6ec4617cfe9..1d0db209560 100644 --- a/CVE-2023/CVE-2023-274xx/CVE-2023-27432.json +++ b/CVE-2023/CVE-2023-274xx/CVE-2023-27432.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27432", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-21T14:15:09.763", - "lastModified": "2023-06-21T15:14:56.427", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T14:31:07.147", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:manage_upload_limit_project:manage_upload_limit:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.4", + "matchCriteriaId": "77ADCAAD-7F85-4BAC-84EF-AD0BB554506F" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wpsimpletools-upload-limit/wordpress-manage-upload-limit-plugin-1-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-289xx/CVE-2023-28956.json b/CVE-2023/CVE-2023-289xx/CVE-2023-28956.json index 514527d72c6..d96f8e0c3bf 100644 --- a/CVE-2023/CVE-2023-289xx/CVE-2023-28956.json +++ b/CVE-2023/CVE-2023-289xx/CVE-2023-28956.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28956", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-06-22T02:15:48.717", - "lastModified": "2023-06-22T12:51:30.407", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T14:51:02.947", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -34,14 +54,65 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:spectrum_protect_backup-archive_client:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.1.0.0", + "versionEndIncluding": "8.1.17.2", + "matchCriteriaId": "D80F002B-D62A-46C1-A5B3-5385F9934E3A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251767", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7005519", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-297xx/CVE-2023-29711.json b/CVE-2023/CVE-2023-297xx/CVE-2023-29711.json index 2d0ac203adf..f8dbc6d220b 100644 --- a/CVE-2023/CVE-2023-297xx/CVE-2023-29711.json +++ b/CVE-2023/CVE-2023-297xx/CVE-2023-29711.json @@ -2,23 +2,95 @@ "id": "CVE-2023-29711", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-22T12:15:11.793", - "lastModified": "2023-06-22T12:51:15.117", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T15:33:24.683", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An incorrect access control issue was discovered in Interlink PSG-5124 version 1.0.4, allows attackers to execute arbitrary code via crafted GET request." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:interlink:psg-5124_firmware:1.0.4:*:*:*:*:*:*:*", + "matchCriteriaId": "96258895-AC41-499A-AAC1-6D5B3FF59BE5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:interlink:psg-5124:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4D200B2-1E4E-4D36-9B75-BD4A29C473E2" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/shellpei/LINK-Unauthorized/blob/main/CVE-2023-29711", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://holistic-height-e6d.notion.site/LINK-PSG-5124-Switch-remote-command-vulnerability-da4fd8fb450d42879b07ef3a953a2366", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-302xx/CVE-2023-30259.json b/CVE-2023/CVE-2023-302xx/CVE-2023-30259.json new file mode 100644 index 00000000000..6734c2562a1 --- /dev/null +++ b/CVE-2023/CVE-2023-302xx/CVE-2023-30259.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-30259", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-28T14:15:09.677", + "lastModified": "2023-06-28T15:25:24.900", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A Buffer Overflow vulnerability in importshp plugin in LibreCAD 2.2.0 allows attackers to obtain sensitive information via a crafted DBF file." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/LibreCAD/LibreCAD/issues/1481", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3034.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3034.json index 503b8367a22..33e13328f6b 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3034.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3034.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3034", "sourceIdentifier": "vulnerability@ncsc.ch", "published": "2023-06-28T09:15:09.677", - "lastModified": "2023-06-28T09:15:09.677", - "vulnStatus": "Received", + "lastModified": "2023-06-28T12:34:43.903", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3110.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3110.json index 4b2de57b2dc..5e4c9d7f803 100644 --- a/CVE-2023/CVE-2023-31xx/CVE-2023-3110.json +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3110.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3110", "sourceIdentifier": "product-security@silabs.com", "published": "2023-06-21T20:15:10.263", - "lastModified": "2023-06-22T12:51:30.407", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T15:59:59.863", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "product-security@silabs.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + }, { "source": "product-security@silabs.com", "type": "Secondary", @@ -50,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:silabs:unify_software_development_kit:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.3.1", + "matchCriteriaId": "A46D0A98-4348-4FE1-A8B1-A86891F7851E" + } + ] + } + ] + } + ], "references": [ { "url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000V6HZzQAN?operationContext=S1", - "source": "product-security@silabs.com" + "source": "product-security@silabs.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32449.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32449.json index 3d0ce60c725..8fc2ed023d7 100644 --- a/CVE-2023/CVE-2023-324xx/CVE-2023-32449.json +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32449.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32449", "sourceIdentifier": "security_alert@emc.com", "published": "2023-06-22T07:15:08.867", - "lastModified": "2023-06-22T12:51:30.407", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T15:21:44.097", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -46,10 +66,296 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dell:powerstoret_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.0.0-2050321", + "matchCriteriaId": "A280B79D-02B3-434A-9186-D99F839FFE05" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dell:powerstore_500t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6B529671-71A1-428C-BC17-C8E002222FEA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dell:powerstoret_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.0.0-2050321", + "matchCriteriaId": "A280B79D-02B3-434A-9186-D99F839FFE05" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dell:powerstore_1000t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FD5BE2B0-BB56-4E6C-8818-26910B23CE31" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dell:powerstoret_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.0.0-2050321", + "matchCriteriaId": "A280B79D-02B3-434A-9186-D99F839FFE05" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dell:powerstore_1200t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AB965674-7EBA-437E-A13B-39BC3F3FE139" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dell:powerstoret_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.0.0-2050321", + "matchCriteriaId": "A280B79D-02B3-434A-9186-D99F839FFE05" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dell:powerstore_3200t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0A29ED1-5CE6-4D49-A079-7F4E6D782DE1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dell:powerstoret_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.0.0-2050321", + "matchCriteriaId": "A280B79D-02B3-434A-9186-D99F839FFE05" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dell:powerstore_3000t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "861B5BE7-159A-41FF-9658-D243051CAC88" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dell:powerstoret_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.0.0-2050321", + "matchCriteriaId": "A280B79D-02B3-434A-9186-D99F839FFE05" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dell:powerstore_5200t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F0FCFFD4-A989-4AF3-99DF-32AE2547D9C1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dell:powerstoret_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.0.0-2050321", + "matchCriteriaId": "A280B79D-02B3-434A-9186-D99F839FFE05" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dell:powerstore_5000t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2D5EE934-AD08-4C2B-B3EA-878975EE825E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dell:powerstoret_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.0.0-2050321", + "matchCriteriaId": "A280B79D-02B3-434A-9186-D99F839FFE05" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dell:powerstore_7000t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "37E8CD6E-65F4-48A0-B796-93E4EE51BD06" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dell:powerstoret_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.0.0-2050321", + "matchCriteriaId": "A280B79D-02B3-434A-9186-D99F839FFE05" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dell:powerstore_9000t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D9BB1B88-C9C0-4B08-84C6-279C79E34CD3" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dell:powerstoret_os:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.0.0-2050321", + "matchCriteriaId": "A280B79D-02B3-434A-9186-D99F839FFE05" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dell:powerstore_9200t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F90EFCBC-F720-4426-8043-EB1489820C22" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000215171/dsa-2023-173-dell-powerstore-family-security-update-for-multiple-vulnerabilities", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32623.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32623.json index 76b9c9e33ef..507372fe94d 100644 --- a/CVE-2023/CVE-2023-326xx/CVE-2023-32623.json +++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32623.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32623", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-06-28T05:15:10.733", - "lastModified": "2023-06-28T05:15:10.733", - "vulnStatus": "Received", + "lastModified": "2023-06-28T12:34:43.903", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-334xx/CVE-2023-33405.json b/CVE-2023/CVE-2023-334xx/CVE-2023-33405.json index 3264ee39d32..57861a1a9cf 100644 --- a/CVE-2023/CVE-2023-334xx/CVE-2023-33405.json +++ b/CVE-2023/CVE-2023-334xx/CVE-2023-33405.json @@ -2,19 +2,76 @@ "id": "CVE-2023-33405", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-21T21:15:11.357", - "lastModified": "2023-06-22T12:51:30.407", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T15:46:39.587", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:blogengine:blogengine.net:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.3.8.0", + "matchCriteriaId": "FF6301ED-2F5D-40E7-8620-67405198A2A2" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/hacip/CVE-2023-33405", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33591.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33591.json index d1e540b7c04..1b6699f6125 100644 --- a/CVE-2023/CVE-2023-335xx/CVE-2023-33591.json +++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33591.json @@ -2,23 +2,81 @@ "id": "CVE-2023-33591", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-21T20:15:10.213", - "lastModified": "2023-06-22T12:51:30.407", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T15:47:35.893", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "User Registration & Login and User Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-result.php." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:user_registration_\\&_login_and_user_management_system_project:user_registration_\\&_login_and_user_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "EE9D4C11-FD02-4308-B3D2-3D4737AA23A8" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/DARSHANAGUPTA10/CVE/blob/main/CVE%202023-33591", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33842.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33842.json index 62805128ea0..ae6ce798419 100644 --- a/CVE-2023/CVE-2023-338xx/CVE-2023-33842.json +++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33842.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33842", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-06-22T02:15:48.857", - "lastModified": "2023-06-22T12:51:30.407", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T15:08:42.347", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -34,14 +54,94 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:spss_modeler:17.0:*:*:*:*:*:*:*", + "matchCriteriaId": "9EED1126-9582-4697-90FA-BFEE594B430D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:spss_modeler:18.0:*:*:*:*:*:*:*", + "matchCriteriaId": "6DA0F9C4-551E-4D06-A7E4-666B9E756E53" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:spss_modeler:18.2.2:*:*:*:*:*:*:*", + "matchCriteriaId": "88279320-527E-470B-8331-F21AF782B5BA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:spss_modeler:18.3:*:*:*:*:*:*:*", + "matchCriteriaId": "9E57C233-A5C2-4729-894F-2BA3798770C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:spss_modeler:18.4:*:*:*:*:*:*:*", + "matchCriteriaId": "3FFF09E6-BD10-46EF-B1B8-D6498D6128A5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:spss_modeler:18.5:*:*:*:*:*:*:*", + "matchCriteriaId": "D438467A-875E-43F6-AF96-BE4C908550C1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/256117", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://https://www.ibm.com/support/pages/node/7004299", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Broken Link", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33869.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33869.json index ab4cb4946fa..5329603cb94 100644 --- a/CVE-2023/CVE-2023-338xx/CVE-2023-33869.json +++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33869.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33869", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-06-20T20:15:09.493", - "lastModified": "2023-06-21T12:29:48.917", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T12:51:10.270", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "ics-cert@hq.dhs.gov", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +64,55 @@ "value": "CWE-78" } ] + }, + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:enphase:envoy_firmware:d7.0.88:*:*:*:*:*:*:*", + "matchCriteriaId": "2F2EC2F1-624D-422B-B568-92CBE7A153E0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:enphase:envoy:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A9FE4788-74CB-4DAB-ABF9-0C6D361E7B9B" + } + ] + } + ] } ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-171-01", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3303.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3303.json index 3c4edf37a35..34bf366f831 100644 --- a/CVE-2023/CVE-2023-33xx/CVE-2023-3303.json +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3303.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3303", "sourceIdentifier": "security@huntr.dev", "published": "2023-06-23T13:15:10.587", - "lastModified": "2023-06-23T15:14:22.530", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T15:19:14.713", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:admidio:admidio:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.2.9", + "matchCriteriaId": "E38D2EC2-B220-473C-ABD0-5CD26F447C2E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/admidio/admidio/commit/3d8bafaa4e9b7a314ffdf548622a8c7b38faee8a", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/65d260cc-55a9-4e71-888d-cb2f66c071af", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3304.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3304.json index 1e853c28a9d..52c70027a6f 100644 --- a/CVE-2023/CVE-2023-33xx/CVE-2023-3304.json +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3304.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3304", "sourceIdentifier": "security@huntr.dev", "published": "2023-06-23T13:15:10.663", - "lastModified": "2023-06-23T15:14:22.530", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T15:21:27.977", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -36,8 +58,18 @@ }, "weaknesses": [ { - "source": "security@huntr.dev", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, + { + "source": "security@huntr.dev", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,14 +78,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:admidio:admidio:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.2.9", + "matchCriteriaId": "E38D2EC2-B220-473C-ABD0-5CD26F447C2E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/admidio/admidio/commit/3b248b7d5e0e60a00ee2f9a6908d538d62a5837f", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/721fae61-3c8c-4e4b-8407-64321bc0ed17", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3325.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3325.json index e6d96403ae6..351fe76c5f1 100644 --- a/CVE-2023/CVE-2023-33xx/CVE-2023-3325.json +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3325.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3325", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-20T05:15:09.170", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T13:26:34.913", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,8 +13,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-331" + } + ] + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,18 +76,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cmscommander:cms_commander:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.287", + "matchCriteriaId": "9EC459F5-5904-426F-8464-E7B387A51944" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/cms-commander-client/tags/2.287/init.php#L88", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2927811/cms-commander-client", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ca37d453-9f9a-46b2-a17f-65a16e3e2ed1?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3330.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3330.json index c5d4dfafbd9..75d17a09bc8 100644 --- a/CVE-2023/CVE-2023-33xx/CVE-2023-3330.json +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3330.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3330", "sourceIdentifier": "psirt-info@cyber.jp.nec.com", "published": "2023-06-28T02:15:49.523", - "lastModified": "2023-06-28T02:15:49.523", - "vulnStatus": "Received", + "lastModified": "2023-06-28T12:34:43.903", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3331.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3331.json index b982b0d3815..ae1471388db 100644 --- a/CVE-2023/CVE-2023-33xx/CVE-2023-3331.json +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3331.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3331", "sourceIdentifier": "psirt-info@cyber.jp.nec.com", "published": "2023-06-28T02:15:49.590", - "lastModified": "2023-06-28T02:15:49.590", - "vulnStatus": "Received", + "lastModified": "2023-06-28T12:34:43.903", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3332.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3332.json index adfdc8049c9..ca0b14864c4 100644 --- a/CVE-2023/CVE-2023-33xx/CVE-2023-3332.json +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3332.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3332", "sourceIdentifier": "psirt-info@cyber.jp.nec.com", "published": "2023-06-28T02:15:49.650", - "lastModified": "2023-06-28T02:15:49.650", - "vulnStatus": "Received", + "lastModified": "2023-06-28T12:34:43.903", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3333.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3333.json index eff4b725d95..a60684f1cfa 100644 --- a/CVE-2023/CVE-2023-33xx/CVE-2023-3333.json +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3333.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3333", "sourceIdentifier": "psirt-info@cyber.jp.nec.com", "published": "2023-06-28T02:15:49.713", - "lastModified": "2023-06-28T02:15:49.713", - "vulnStatus": "Received", + "lastModified": "2023-06-28T12:34:43.903", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34012.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34012.json index d91fc593d4b..734a4d99958 100644 --- a/CVE-2023/CVE-2023-340xx/CVE-2023-34012.json +++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34012.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34012", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-23T12:15:09.687", - "lastModified": "2023-06-23T13:03:18.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T15:04:03.897", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:leap13:premium_addons_for_elementor:*:*:*:*:pro:wordpress:*:*", + "versionEndIncluding": "2.8.24", + "matchCriteriaId": "977101B3-0AA0-46E2-B152-8634C18FD0BE" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/premium-addons-pro/wordpress-premium-addons-pro-plugin-2-8-24-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34340.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34340.json index d13838ea46a..e5cf2096b52 100644 --- a/CVE-2023/CVE-2023-343xx/CVE-2023-34340.json +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34340.json @@ -2,15 +2,38 @@ "id": "CVE-2023-34340", "sourceIdentifier": "security@apache.org", "published": "2023-06-21T08:15:10.740", - "lastModified": "2023-06-21T12:29:48.917", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T12:43:31.883", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Authentication vulnerability in Apache Software Foundation Apache Accumulo.\nThis issue affects Apache Accumulo: 2.1.0.\n\nAccumulo 2.1.0 contains a defect in the user authentication process that may succeed when invalid credentials are provided. Users are advised to upgrade to 2.1.1.\n\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "security@apache.org", @@ -23,14 +46,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:accumulo:2.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "1CC467CA-6E34-4CD0-9F6B-0520399C6701" + } + ] + } + ] + } + ], "references": [ { "url": "https://accumulo.apache.org/release/accumulo-2.1.1/", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://lists.apache.org/thread/syy6jftvy9l6tlhn33o0rzwhh4rd0z4t", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34928.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34928.json new file mode 100644 index 00000000000..23690a661d7 --- /dev/null +++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34928.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-34928", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-28T14:15:09.743", + "lastModified": "2023-06-28T15:25:24.900", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A stack overflow in the Edit_BasicSSID function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/h4kuy4/vuln/blob/main/H3C_B1STW/CVE-2023-34928.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34929.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34929.json new file mode 100644 index 00000000000..9c0bef1cb55 --- /dev/null +++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34929.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-34929", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-28T14:15:09.790", + "lastModified": "2023-06-28T15:25:24.900", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A stack overflow in the AddMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/h4kuy4/vuln/blob/main/H3C_B1STW/CVE-2023-34929.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34930.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34930.json new file mode 100644 index 00000000000..8fc28e2457d --- /dev/null +++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34930.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-34930", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-28T14:15:09.833", + "lastModified": "2023-06-28T15:25:24.900", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A stack overflow in the EditMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/h4kuy4/vuln/blob/main/H3C_B1STW/CVE-2023-34930.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34931.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34931.json new file mode 100644 index 00000000000..270c49a51c3 --- /dev/null +++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34931.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-34931", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-28T14:15:09.877", + "lastModified": "2023-06-28T15:25:24.900", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A stack overflow in the EditWlanMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/h4kuy4/vuln/blob/main/H3C_B1STW/CVE-2023-34931.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34932.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34932.json new file mode 100644 index 00000000000..932850d02ae --- /dev/null +++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34932.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-34932", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-28T14:15:09.923", + "lastModified": "2023-06-28T15:25:24.900", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A stack overflow in the UpdateWanMode function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/h4kuy4/vuln/blob/main/H3C_B1STW/CVE-2023-34932.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34933.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34933.json new file mode 100644 index 00000000000..971ae4b4b41 --- /dev/null +++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34933.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-34933", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-28T15:15:10.193", + "lastModified": "2023-06-28T15:25:19.233", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A stack overflow in the UpdateWanParams function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/h4kuy4/vuln/blob/main/H3C_B1STW/CVE-2023-34933.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34934.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34934.json new file mode 100644 index 00000000000..09e82b8f4a2 --- /dev/null +++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34934.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-34934", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-28T15:15:10.240", + "lastModified": "2023-06-28T15:25:19.233", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A stack overflow in the Edit_BasicSSID_5G function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/h4kuy4/vuln/blob/main/H3C_B1STW/CVE-2023-34934.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34935.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34935.json new file mode 100644 index 00000000000..f8fa94ba6a9 --- /dev/null +++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34935.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-34935", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-28T15:15:10.283", + "lastModified": "2023-06-28T15:25:19.233", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A stack overflow in the AddWlanMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/h4kuy4/vuln/blob/main/H3C_B1STW/CVE-2023-34935.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34936.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34936.json new file mode 100644 index 00000000000..475fcf91607 --- /dev/null +++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34936.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-34936", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-28T15:15:10.333", + "lastModified": "2023-06-28T15:25:19.233", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A stack overflow in the UpdateMacClone function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/h4kuy4/vuln/blob/main/H3C_B1STW/CVE-2023-34936.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34937.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34937.json new file mode 100644 index 00000000000..541f12b162d --- /dev/null +++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34937.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-34937", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-28T15:15:10.377", + "lastModified": "2023-06-28T15:25:19.233", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A stack overflow in the UpdateSnat function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/h4kuy4/vuln/blob/main/H3C_B1STW/CVE-2023-34937.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3407.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3407.json index bdef3399345..789d8e524fe 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3407.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3407.json @@ -2,12 +2,16 @@ "id": "CVE-2023-3407", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-28T03:15:09.243", - "lastModified": "2023-06-28T03:15:09.243", - "vulnStatus": "Received", + "lastModified": "2023-06-28T12:34:43.903", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Subscribe2 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.40. This is due to missing or incorrect nonce validation when sending test emails. This makes it possible for unauthenticated attackers to send test emails with custom content to users on sites running a vulnerable version of this plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El plugin Subscribe2 para WordPress es vulnerable a ataques de tipo Cross-Site Request Forgery (CSRF) en versiones hasta la 10.40 inclusive. Esto se debe a la falta o incorrecta validaci\u00f3n nonce al enviar correos electr\u00f3nicos de prueba. Esto hace posible que los atacantes no autenticados env\u00eden correos electr\u00f3nicos de prueba con contenido personalizado en los sitios que ejecutan una versi\u00f3n vulnerable de este plugin a trav\u00e9s de una petici\u00f3n falsificada pudiendo enga\u00f1ar a un administrador del sitio para realizar una acci\u00f3n como hacer clic en un enlace. " } ], "metrics": { diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3427.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3427.json index 05838835fe4..df8563ffc9a 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3427.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3427.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3427", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-28T02:15:49.783", - "lastModified": "2023-06-28T02:15:49.783", - "vulnStatus": "Received", + "lastModified": "2023-06-28T12:34:43.903", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3436.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3436.json index 1074f5a4503..7b920769cde 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3436.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3436.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3436", "sourceIdentifier": "xpdf@xpdfreader.com", "published": "2023-06-27T21:15:16.047", - "lastModified": "2023-06-27T21:15:16.047", - "vulnStatus": "Received", + "lastModified": "2023-06-28T12:34:43.903", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3445.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3445.json new file mode 100644 index 00000000000..8e3ac876daf --- /dev/null +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3445.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3445", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-06-28T14:15:10.117", + "lastModified": "2023-06-28T15:25:19.233", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cross-site Scripting (XSS) - Stored in GitHub repository spinacms/spina prior to 2.15.1." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/spinacms/spina/commit/9adfe7b4807b3cc10dbb7351a26cc32f5d8c14a3", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/18a74a9d-4a2d-4bf8-ae62-56a909427070", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36464.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36464.json index 574f04ac70e..5e5a2a7d65b 100644 --- a/CVE-2023/CVE-2023-364xx/CVE-2023-36464.json +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36464.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36464", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-27T22:15:11.790", - "lastModified": "2023-06-27T22:15:11.790", - "vulnStatus": "Received", + "lastModified": "2023-06-28T12:34:43.903", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36467.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36467.json new file mode 100644 index 00000000000..082e00091b7 --- /dev/null +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36467.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-36467", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-06-28T14:15:09.967", + "lastModified": "2023-06-28T15:25:24.900", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. data.all versions 1.2.0 through 1.5.1 do not prevent remote code execution when a user injects Python commands into the \u2018Template\u2019 field when configuring a data pipeline. The issue can only be triggered by authenticated users. A fix for this issue is available in data.all version 1.5.2 and later. There is no recommended work around." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/awslabs/aws-dataall/pull/472", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/awslabs/aws-dataall/releases/tag/v1.5.2", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/awslabs/aws-dataall/releases/tag/v1.5.4", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/awslabs/aws-dataall/security/advisories/GHSA-m922-chh7-8qcr", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36630.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36630.json index d84ef64507f..6b42ac027ac 100644 --- a/CVE-2023/CVE-2023-366xx/CVE-2023-36630.json +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36630.json @@ -2,7 +2,7 @@ "id": "CVE-2023-36630", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-25T16:15:09.480", - "lastModified": "2023-06-26T13:02:36.297", + "lastModified": "2023-06-28T14:15:10.047", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -12,6 +12,10 @@ ], "metrics": {}, "references": [ + { + "url": "https://github.com/yunaranyancat/poc-dump/blob/main/cloudpanel/README.md", + "source": "cve@mitre.org" + }, { "url": "https://www.cloudpanel.io/docs/v2/changelog/", "source": "cve@mitre.org" diff --git a/README.md b/README.md index f88eb620e39..6be2c9a000a 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-06-28T12:00:41.204318+00:00 +2023-06-28T16:00:29.495226+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-06-28T10:15:09.607000+00:00 +2023-06-28T15:59:59.863000+00:00 ``` ### Last Data Feed Release @@ -29,20 +29,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -218709 +218737 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `28` +* [CVE-2023-20006](CVE-2023/CVE-2023-200xx/CVE-2023-20006.json) (`2023-06-28T15:15:09.387`) +* [CVE-2023-20028](CVE-2023/CVE-2023-200xx/CVE-2023-20028.json) (`2023-06-28T15:15:09.457`) +* [CVE-2023-20105](CVE-2023/CVE-2023-201xx/CVE-2023-20105.json) (`2023-06-28T15:15:09.517`) +* [CVE-2023-20108](CVE-2023/CVE-2023-201xx/CVE-2023-20108.json) (`2023-06-28T15:15:09.577`) +* [CVE-2023-20116](CVE-2023/CVE-2023-201xx/CVE-2023-20116.json) (`2023-06-28T15:15:09.640`) +* [CVE-2023-20119](CVE-2023/CVE-2023-201xx/CVE-2023-20119.json) (`2023-06-28T15:15:09.700`) +* [CVE-2023-20120](CVE-2023/CVE-2023-201xx/CVE-2023-20120.json) (`2023-06-28T15:15:09.760`) +* [CVE-2023-20136](CVE-2023/CVE-2023-201xx/CVE-2023-20136.json) (`2023-06-28T15:15:09.820`) +* [CVE-2023-20178](CVE-2023/CVE-2023-201xx/CVE-2023-20178.json) (`2023-06-28T15:15:09.880`) +* [CVE-2023-20188](CVE-2023/CVE-2023-201xx/CVE-2023-20188.json) (`2023-06-28T15:15:09.943`) +* [CVE-2023-20192](CVE-2023/CVE-2023-201xx/CVE-2023-20192.json) (`2023-06-28T15:15:10.007`) +* [CVE-2023-20199](CVE-2023/CVE-2023-201xx/CVE-2023-20199.json) (`2023-06-28T15:15:10.070`) +* [CVE-2023-26615](CVE-2023/CVE-2023-266xx/CVE-2023-26615.json) (`2023-06-28T15:15:10.137`) +* [CVE-2023-34933](CVE-2023/CVE-2023-349xx/CVE-2023-34933.json) (`2023-06-28T15:15:10.193`) +* [CVE-2023-34934](CVE-2023/CVE-2023-349xx/CVE-2023-34934.json) (`2023-06-28T15:15:10.240`) +* [CVE-2023-34935](CVE-2023/CVE-2023-349xx/CVE-2023-34935.json) (`2023-06-28T15:15:10.283`) +* [CVE-2023-34936](CVE-2023/CVE-2023-349xx/CVE-2023-34936.json) (`2023-06-28T15:15:10.333`) +* [CVE-2023-34937](CVE-2023/CVE-2023-349xx/CVE-2023-34937.json) (`2023-06-28T15:15:10.377`) +* [CVE-2023-30259](CVE-2023/CVE-2023-302xx/CVE-2023-30259.json) (`2023-06-28T14:15:09.677`) +* [CVE-2023-34928](CVE-2023/CVE-2023-349xx/CVE-2023-34928.json) (`2023-06-28T14:15:09.743`) +* [CVE-2023-34929](CVE-2023/CVE-2023-349xx/CVE-2023-34929.json) (`2023-06-28T14:15:09.790`) +* [CVE-2023-34930](CVE-2023/CVE-2023-349xx/CVE-2023-34930.json) (`2023-06-28T14:15:09.833`) +* [CVE-2023-34931](CVE-2023/CVE-2023-349xx/CVE-2023-34931.json) (`2023-06-28T14:15:09.877`) +* [CVE-2023-34932](CVE-2023/CVE-2023-349xx/CVE-2023-34932.json) (`2023-06-28T14:15:09.923`) +* [CVE-2023-36467](CVE-2023/CVE-2023-364xx/CVE-2023-36467.json) (`2023-06-28T14:15:09.967`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `54` -* [CVE-2023-2785](CVE-2023/CVE-2023-27xx/CVE-2023-2785.json) (`2023-06-28T10:15:09.607`) +* [CVE-2023-3427](CVE-2023/CVE-2023-34xx/CVE-2023-3427.json) (`2023-06-28T12:34:43.903`) +* [CVE-2023-1844](CVE-2023/CVE-2023-18xx/CVE-2023-1844.json) (`2023-06-28T12:34:43.903`) +* [CVE-2023-3407](CVE-2023/CVE-2023-34xx/CVE-2023-3407.json) (`2023-06-28T12:34:43.903`) +* [CVE-2023-26134](CVE-2023/CVE-2023-261xx/CVE-2023-26134.json) (`2023-06-28T12:34:43.903`) +* [CVE-2023-32623](CVE-2023/CVE-2023-326xx/CVE-2023-32623.json) (`2023-06-28T12:34:43.903`) +* [CVE-2023-3034](CVE-2023/CVE-2023-30xx/CVE-2023-3034.json) (`2023-06-28T12:34:43.903`) +* [CVE-2023-34340](CVE-2023/CVE-2023-343xx/CVE-2023-34340.json) (`2023-06-28T12:43:31.883`) +* [CVE-2023-33869](CVE-2023/CVE-2023-338xx/CVE-2023-33869.json) (`2023-06-28T12:51:10.270`) +* [CVE-2023-3325](CVE-2023/CVE-2023-33xx/CVE-2023-3325.json) (`2023-06-28T13:26:34.913`) +* [CVE-2023-27243](CVE-2023/CVE-2023-272xx/CVE-2023-27243.json) (`2023-06-28T13:50:19.303`) +* [CVE-2023-36630](CVE-2023/CVE-2023-366xx/CVE-2023-36630.json) (`2023-06-28T14:15:10.047`) +* [CVE-2023-27414](CVE-2023/CVE-2023-274xx/CVE-2023-27414.json) (`2023-06-28T14:30:54.427`) +* [CVE-2023-27432](CVE-2023/CVE-2023-274xx/CVE-2023-27432.json) (`2023-06-28T14:31:07.147`) +* [CVE-2023-28956](CVE-2023/CVE-2023-289xx/CVE-2023-28956.json) (`2023-06-28T14:51:02.947`) +* [CVE-2023-0969](CVE-2023/CVE-2023-09xx/CVE-2023-0969.json) (`2023-06-28T14:59:30.573`) +* [CVE-2023-34012](CVE-2023/CVE-2023-340xx/CVE-2023-34012.json) (`2023-06-28T15:04:03.897`) +* [CVE-2023-33842](CVE-2023/CVE-2023-338xx/CVE-2023-33842.json) (`2023-06-28T15:08:42.347`) +* [CVE-2023-3303](CVE-2023/CVE-2023-33xx/CVE-2023-3303.json) (`2023-06-28T15:19:14.713`) +* [CVE-2023-3304](CVE-2023/CVE-2023-33xx/CVE-2023-3304.json) (`2023-06-28T15:21:27.977`) +* [CVE-2023-32449](CVE-2023/CVE-2023-324xx/CVE-2023-32449.json) (`2023-06-28T15:21:44.097`) +* [CVE-2023-29711](CVE-2023/CVE-2023-297xx/CVE-2023-29711.json) (`2023-06-28T15:33:24.683`) +* [CVE-2023-33405](CVE-2023/CVE-2023-334xx/CVE-2023-33405.json) (`2023-06-28T15:46:39.587`) +* [CVE-2023-33591](CVE-2023/CVE-2023-335xx/CVE-2023-33591.json) (`2023-06-28T15:47:35.893`) +* [CVE-2023-24261](CVE-2023/CVE-2023-242xx/CVE-2023-24261.json) (`2023-06-28T15:57:40.363`) +* [CVE-2023-3110](CVE-2023/CVE-2023-31xx/CVE-2023-3110.json) (`2023-06-28T15:59:59.863`) ## Download and Usage