diff --git a/CVE-2013/CVE-2013-100xx/CVE-2013-10029.json b/CVE-2013/CVE-2013-100xx/CVE-2013-10029.json index 7dba4fe542f..67abece9259 100644 --- a/CVE-2013/CVE-2013-100xx/CVE-2013-10029.json +++ b/CVE-2013/CVE-2013-100xx/CVE-2013-10029.json @@ -2,8 +2,8 @@ "id": "CVE-2013-10029", "sourceIdentifier": "cna@vuldb.com", "published": "2023-06-05T21:15:09.250", - "lastModified": "2023-06-06T12:50:56.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T16:37:57.647", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:angrybte:wordpress_exit_box_lite:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.06", + "matchCriteriaId": "D2E7965F-2F2B-4A71-BD48-AF3944BEE68C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/wp-plugins/wordpress-exit-box-lite/commit/fad26701addb862c51baf85c6e3cc136aa79c309", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Patch" + ] }, { "url": "https://vuldb.com/?ctiid.230671", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.230671", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2015/CVE-2015-101xx/CVE-2015-10116.json b/CVE-2015/CVE-2015-101xx/CVE-2015-10116.json index 933bb039dce..fe4d202eda6 100644 --- a/CVE-2015/CVE-2015-101xx/CVE-2015-10116.json +++ b/CVE-2015/CVE-2015-101xx/CVE-2015-10116.json @@ -2,8 +2,8 @@ "id": "CVE-2015-10116", "sourceIdentifier": "cna@vuldb.com", "published": "2023-06-06T01:15:40.430", - "lastModified": "2023-06-06T12:50:56.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T16:43:44.810", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,49 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:realfavicongenerator:favicon_by_realfavicongenerator:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2.12", + "matchCriteriaId": "9C64FC32-ED6F-4D51-BB64-899C0D185F6B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/wp-plugins/favicon-by-realfavicongenerator/commit/949a1ae7216216350458844f50a72f100b56d4e7", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Patch" + ] }, { "url": "https://vuldb.com/?ctiid.230661", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.230661", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2015/CVE-2015-101xx/CVE-2015-10117.json b/CVE-2015/CVE-2015-101xx/CVE-2015-10117.json index b52041938db..f69d5a83be3 100644 --- a/CVE-2015/CVE-2015-101xx/CVE-2015-10117.json +++ b/CVE-2015/CVE-2015-101xx/CVE-2015-10117.json @@ -2,8 +2,8 @@ "id": "CVE-2015-10117", "sourceIdentifier": "cna@vuldb.com", "published": "2023-06-06T02:15:08.830", - "lastModified": "2023-06-06T12:50:56.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T16:40:39.573", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -61,7 +83,7 @@ }, "weaknesses": [ { - "source": "cna@vuldb.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -69,24 +91,67 @@ "value": "CWE-79" } ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:webaware:gf_windcave_free:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.4.3", + "matchCriteriaId": "811DDC09-2E58-4E0B-A281-58B0E52BABF1" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/wp-plugins/gravity-forms-dps-pxpay/commit/5966a5e6343e3d5610bdfa126a5cfbae95e629b6", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/wp-plugins/gravity-forms-dps-pxpay/releases/tag/1.4.3", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://vuldb.com/?ctiid.230664", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.230664", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2019/CVE-2019-251xx/CVE-2019-25150.json b/CVE-2019/CVE-2019-251xx/CVE-2019-25150.json index 8cf86b10c9b..cada520ecd1 100644 --- a/CVE-2019/CVE-2019-251xx/CVE-2019-25150.json +++ b/CVE-2019/CVE-2019-251xx/CVE-2019-25150.json @@ -2,8 +2,8 @@ "id": "CVE-2019-25150", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-07T02:15:10.773", - "lastModified": "2023-06-07T02:45:10.733", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T17:32:50.557", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,18 +76,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpexperts:email_templates:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.3.1", + "matchCriteriaId": "9818170C-E3D6-4E58-B3A4-B0194AFF1D48" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-vulnerable-to-html-injection/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://wordpress.org/plugins/email-templates/#developers", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f5c449f1-4715-4033-b0a3-6a8ca968aabc?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2019/CVE-2019-251xx/CVE-2019-25151.json b/CVE-2019/CVE-2019-251xx/CVE-2019-25151.json index 0bd23670217..5870e8fd323 100644 --- a/CVE-2019/CVE-2019-251xx/CVE-2019-25151.json +++ b/CVE-2019/CVE-2019-251xx/CVE-2019-25151.json @@ -2,8 +2,8 @@ "id": "CVE-2019-25151", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-07T02:15:10.843", - "lastModified": "2023-06-07T02:45:10.733", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T17:23:35.957", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,22 +76,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cartflows:funnel_builder:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.3.1", + "matchCriteriaId": "8408513D-2970-4319-A73B-7CBB5C6D46F5" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.nintechnet.com/privilege-escalation-vulnerability-fixed-in-wordpress-cartflows-plugin/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://wpscan.com/vulnerability/b6725319-909f-4d5c-9b34-8b6ea627b223%5D", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-funnel-builder-by-cartflows-create-high-converting-sales-funnels-for-wordpress-privilege-escalation-1-3-0/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f0b95670-0767-4325-88d0-4ae6d7302558?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-366xx/CVE-2020-36696.json b/CVE-2020/CVE-2020-366xx/CVE-2020-36696.json index 7e50feb091e..54f4dd1dd68 100644 --- a/CVE-2020/CVE-2020-366xx/CVE-2020-36696.json +++ b/CVE-2020/CVE-2020-366xx/CVE-2020-36696.json @@ -2,8 +2,8 @@ "id": "CVE-2020-36696", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-07T02:15:10.930", - "lastModified": "2023-06-07T02:45:10.733", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T17:19:23.177", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,22 +76,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.2.7", + "matchCriteriaId": "45F62E3B-155B-4DC6-8649-BF9639E0FF62" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.nintechnet.com/high-severity-vulnerability-fixed-in-product-input-fields-for-woocommerce/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2349889%40product-input-fields-for-woocommerce&new=2349889%40product-input-fields-for-woocommerce&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://wpscan.com/vulnerability/15f345e6-fc53-4bac-bc5a-de898181ea74", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01e41573-9329-48e1-9191-e8e1532f7afc?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-366xx/CVE-2020-36697.json b/CVE-2020/CVE-2020-366xx/CVE-2020-36697.json index f1f22189321..2f1d6a3311e 100644 --- a/CVE-2020/CVE-2020-366xx/CVE-2020-36697.json +++ b/CVE-2020/CVE-2020-366xx/CVE-2020-36697.json @@ -2,8 +2,8 @@ "id": "CVE-2020-36697", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-07T02:15:10.997", - "lastModified": "2023-06-07T02:45:10.733", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T17:14:39.967", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,18 +76,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:appsaloon:wp_gdpr:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.1.1", + "matchCriteriaId": "DCC1AA40-3570-462E-A50A-EC320064F949" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.nintechnet.com/unauthenticated-stored-xss-and-content-spoofing-vulnerabilities-in-wordpress-wp-gdpr-plugin-unpatched/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wp-gdpr-multiple-vulnerabilities-2-1-1/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/032e775a-97be-4d93-bac3-094e35be4b11?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-366xx/CVE-2020-36699.json b/CVE-2020/CVE-2020-366xx/CVE-2020-36699.json index 4c7df4d9420..5f803966521 100644 --- a/CVE-2020/CVE-2020-366xx/CVE-2020-36699.json +++ b/CVE-2020/CVE-2020-366xx/CVE-2020-36699.json @@ -2,8 +2,8 @@ "id": "CVE-2020-36699", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-07T02:15:11.060", - "lastModified": "2023-06-07T02:45:04.330", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T17:06:27.573", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,22 +76,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:quick_page\\/post_redirect_project:quick_page\\/post_redirect:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "5.1.9", + "matchCriteriaId": "EFF2FFB7-62CF-4F85-B30C-3A79CA041E8C" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-wordpress-quick-page-post-redirect-plugin-unpatched/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://wpscan.com/vulnerability/10198", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-quick-page-post-redirect-security-bypass-5-1-9/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/11c4b855-8589-4ad2-b414-566ac8eb4632?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-381xx/CVE-2022-38156.json b/CVE-2022/CVE-2022-381xx/CVE-2022-38156.json index f0c6647d140..892fe3c77e1 100644 --- a/CVE-2022/CVE-2022-381xx/CVE-2022-38156.json +++ b/CVE-2022/CVE-2022-381xx/CVE-2022-38156.json @@ -2,8 +2,8 @@ "id": "CVE-2022-38156", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-12T14:15:17.660", - "lastModified": "2023-06-12T14:15:17.660", - "vulnStatus": "Received", + "lastModified": "2023-06-12T16:20:38.360", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-12xx/CVE-2023-1297.json b/CVE-2023/CVE-2023-12xx/CVE-2023-1297.json index 11f690f1f3c..40f91ba9727 100644 --- a/CVE-2023/CVE-2023-12xx/CVE-2023-1297.json +++ b/CVE-2023/CVE-2023-12xx/CVE-2023-1297.json @@ -2,8 +2,8 @@ "id": "CVE-2023-1297", "sourceIdentifier": "security@hashicorp.com", "published": "2023-06-02T23:15:09.293", - "lastModified": "2023-06-05T13:03:17.903", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T16:10:55.347", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security@hashicorp.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "security@hashicorp.com", "type": "Secondary", @@ -46,10 +76,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*", + "versionStartIncluding": "1.13.0", + "versionEndExcluding": "1.14.7", + "matchCriteriaId": "0047DE25-5AF8-4BE3-BAE0-883C5B933D56" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "1.13.0", + "versionEndExcluding": "1.14.7", + "matchCriteriaId": "A54134BC-44F1-490A-90C6-DA20ADFF2239" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*", + "versionStartIncluding": "1.15.0", + "versionEndExcluding": "1.15.3", + "matchCriteriaId": "9D592391-F006-4F99-BF39-DAA3D2B86305" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "1.15.0", + "versionEndExcluding": "1.15.3", + "matchCriteriaId": "12E16E32-03E5-44B6-BAB5-8809E6E852F4" + } + ] + } + ] + } + ], "references": [ { "url": "https://discuss.hashicorp.com/t/hcsec-2023-15-consul-cluster-peering-can-result-in-denial-of-service/54515", - "source": "security@hashicorp.com" + "source": "security@hashicorp.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-224xx/CVE-2023-22450.json b/CVE-2023/CVE-2023-224xx/CVE-2023-22450.json index 4c1b6acc1d9..7b2b0d0298d 100644 --- a/CVE-2023/CVE-2023-224xx/CVE-2023-22450.json +++ b/CVE-2023/CVE-2023-224xx/CVE-2023-22450.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22450", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-06-06T00:15:09.310", - "lastModified": "2023-06-06T12:50:56.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T16:56:27.357", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,10 +66,33 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:advantech:webaccess\\/scada:*:*:*:*:*:*:*:*", + "versionEndIncluding": "9.1.3", + "matchCriteriaId": "BA8305E1-A2D7-4DBB-A5FB-E748E41FB060" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-01", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Mitigation", + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-238xx/CVE-2023-23819.json b/CVE-2023/CVE-2023-238xx/CVE-2023-23819.json index ae0d2dd011a..0d7c84e0708 100644 --- a/CVE-2023/CVE-2023-238xx/CVE-2023-23819.json +++ b/CVE-2023/CVE-2023-238xx/CVE-2023-23819.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23819", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-12T14:15:17.930", - "lastModified": "2023-06-12T14:15:17.930", - "vulnStatus": "Received", + "lastModified": "2023-06-12T16:20:33.897", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-238xx/CVE-2023-23822.json b/CVE-2023/CVE-2023-238xx/CVE-2023-23822.json index faf144ab4e1..d5a880de621 100644 --- a/CVE-2023/CVE-2023-238xx/CVE-2023-23822.json +++ b/CVE-2023/CVE-2023-238xx/CVE-2023-23822.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23822", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-12T14:15:18.237", - "lastModified": "2023-06-12T14:15:18.237", - "vulnStatus": "Received", + "lastModified": "2023-06-12T16:20:33.897", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-271xx/CVE-2023-27126.json b/CVE-2023/CVE-2023-271xx/CVE-2023-27126.json index 1f56c1660f6..9f91fff8a9f 100644 --- a/CVE-2023/CVE-2023-271xx/CVE-2023-27126.json +++ b/CVE-2023/CVE-2023-271xx/CVE-2023-27126.json @@ -2,27 +2,101 @@ "id": "CVE-2023-27126", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-06T18:15:10.343", - "lastModified": "2023-06-06T18:33:59.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T16:28:33.977", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:tapo_c200_firmware:1.2.2:build_220725:*:*:*:*:*:*", + "matchCriteriaId": "C39386E6-329F-418D-8603-21B000694452" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:tapo_c200:3:*:*:*:*:*:*:*", + "matchCriteriaId": "101FA54E-1A3D-4A38-BBD0-8DAFAC414EA3" + } + ] + } + ] + } + ], "references": [ { "url": "http://tapo.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "http://tp-link.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://www.claranet.fr/blog/dans-les-entrailles-dune-camera-connectee-tp-link-14", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-279xx/CVE-2023-27916.json b/CVE-2023/CVE-2023-279xx/CVE-2023-27916.json index bce9164b888..9f75bede8f0 100644 --- a/CVE-2023/CVE-2023-279xx/CVE-2023-27916.json +++ b/CVE-2023/CVE-2023-279xx/CVE-2023-27916.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27916", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-06-06T17:15:13.200", - "lastModified": "2023-06-06T18:33:59.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T16:36:34.853", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,10 +66,36 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp8:*:*:*:*:*:*", + "matchCriteriaId": "F9866251-8120-422D-9764-E4D7F8A5EE51" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hornerautomation:cscape_envisionrv:4.70:*:*:*:*:*:*:*", + "matchCriteriaId": "D1CC8502-4810-4BFA-BC19-5F1DEBAFF678" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-279xx/CVE-2023-27989.json b/CVE-2023/CVE-2023-279xx/CVE-2023-27989.json index ea614210a38..8551d3e78cf 100644 --- a/CVE-2023/CVE-2023-279xx/CVE-2023-27989.json +++ b/CVE-2023/CVE-2023-279xx/CVE-2023-27989.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27989", "sourceIdentifier": "security@zyxel.com.tw", "published": "2023-06-05T12:15:09.360", - "lastModified": "2023-06-05T13:02:53.787", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T16:50:33.283", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security@zyxel.com.tw", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + }, { "source": "security@zyxel.com.tw", "type": "Secondary", @@ -46,10 +76,128 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:lte7480-m804_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.00\\(abra.6\\)c0", + "matchCriteriaId": "C90AA436-A6F7-4F65-8EBA-39A98832D1FA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:lte7480-m804:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E3480021-1538-48ED-BE89-BB0DF562C7DE" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:lte7490-m904_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.00\\(abqy.5\\)c0", + "matchCriteriaId": "993F8165-F285-4B51-95D5-FA2054C6CE8B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:lte7490-m904:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DC75F6DE-DCAF-47A0-B6BB-0E050C68AF25" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:nr7101_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.00\\(abuv.7\\)c0", + "matchCriteriaId": "495C9DCB-885C-47EE-A1BA-14D431C6E5F9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:nr7101:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E4D27B24-9822-432C-8B8B-9546EE32DEC6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:nebula_nr7101_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.15\\(accc.3\\)c0", + "matchCriteriaId": "A052B9C6-8462-4D2B-9B03-9CC29EEB43D9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:nebula_nr7101:-:*:*:*:*:*:*:*", + "matchCriteriaId": "52096C1F-F73C-413E-9D37-82EFA4703AEC" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerability-in-4g-lte-and-5g-nr-outdoor-routers", - "source": "security@zyxel.com.tw" + "source": "security@zyxel.com.tw", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-286xx/CVE-2023-28653.json b/CVE-2023/CVE-2023-286xx/CVE-2023-28653.json index 7f53444fe5e..ea0437ba74b 100644 --- a/CVE-2023/CVE-2023-286xx/CVE-2023-28653.json +++ b/CVE-2023/CVE-2023-286xx/CVE-2023-28653.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28653", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-06-06T17:15:13.543", - "lastModified": "2023-06-06T18:33:59.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T16:34:17.150", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,10 +66,36 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp8:*:*:*:*:*:*", + "matchCriteriaId": "F9866251-8120-422D-9764-E4D7F8A5EE51" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hornerautomation:cscape_envisionrv:4.70:*:*:*:*:*:*:*", + "matchCriteriaId": "D1CC8502-4810-4BFA-BC19-5F1DEBAFF678" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-289xx/CVE-2023-28933.json b/CVE-2023/CVE-2023-289xx/CVE-2023-28933.json new file mode 100644 index 00000000000..2b378766c8c --- /dev/null +++ b/CVE-2023/CVE-2023-289xx/CVE-2023-28933.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28933", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-12T16:15:09.763", + "lastModified": "2023-06-12T16:20:33.897", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in StPeteDesign Call Now Accessibility Button plugin <=\u00a01.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/accessibility-help-button/wordpress-call-now-accessibility-button-plugin-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2816.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2816.json index 71899e8120b..ef336daa7c7 100644 --- a/CVE-2023/CVE-2023-28xx/CVE-2023-2816.json +++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2816.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2816", "sourceIdentifier": "security@hashicorp.com", "published": "2023-06-02T23:15:09.503", - "lastModified": "2023-06-05T13:03:17.903", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T16:32:32.880", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security@hashicorp.com", "type": "Secondary", @@ -34,10 +54,51 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*", + "versionStartIncluding": "1.15.0", + "versionEndExcluding": "1.15.3", + "matchCriteriaId": "9D592391-F006-4F99-BF39-DAA3D2B86305" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "1.15.0", + "versionEndExcluding": "1.15.3", + "matchCriteriaId": "12E16E32-03E5-44B6-BAB5-8809E6E852F4" + } + ] + } + ] + } + ], "references": [ { "url": "https://discuss.hashicorp.com/t/hcsec-2023-16-consul-envoy-extension-downstream-proxy-configuration-by-upstream-service-owner/54525", - "source": "security@hashicorp.com" + "source": "security@hashicorp.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-293xx/CVE-2023-29385.json b/CVE-2023/CVE-2023-293xx/CVE-2023-29385.json new file mode 100644 index 00000000000..3f2c30f7e5e --- /dev/null +++ b/CVE-2023/CVE-2023-293xx/CVE-2023-29385.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-29385", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-12T16:15:09.860", + "lastModified": "2023-06-12T16:20:33.897", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kevon Adonis WP Abstracts plugin <=\u00a02.6.2 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-abstracts-manuscripts-manager/wordpress-wp-abstracts-plugin-2-6-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29503.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29503.json index 041c1dd5314..1ba2ae708e8 100644 --- a/CVE-2023/CVE-2023-295xx/CVE-2023-29503.json +++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29503.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29503", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-06-06T17:15:13.777", - "lastModified": "2023-06-06T18:33:59.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T16:33:56.060", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,10 +66,36 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp8:*:*:*:*:*:*", + "matchCriteriaId": "F9866251-8120-422D-9764-E4D7F8A5EE51" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hornerautomation:cscape_envisionrv:4.70:*:*:*:*:*:*:*", + "matchCriteriaId": "D1CC8502-4810-4BFA-BC19-5F1DEBAFF678" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-301xx/CVE-2023-30198.json b/CVE-2023/CVE-2023-301xx/CVE-2023-30198.json new file mode 100644 index 00000000000..067ddd4a9a2 --- /dev/null +++ b/CVE-2023/CVE-2023-301xx/CVE-2023-30198.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-30198", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-12T17:15:09.760", + "lastModified": "2023-06-12T17:15:09.760", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Control via modules/winbizpayment/downloads/download.php." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://friends-of-presta.github.io/security-advisories/modules/2023/06/08/winbizpayment.html", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/PrestaShop/PrestaShop/blob/6c05518b807d014ee8edb811041e3de232520c28/classes/Tools.php#L1247", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30745.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30745.json index dbcf0e7c581..b149aa6ddaf 100644 --- a/CVE-2023/CVE-2023-307xx/CVE-2023-30745.json +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30745.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30745", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-12T14:15:18.590", - "lastModified": "2023-06-12T14:15:18.590", - "vulnStatus": "Received", + "lastModified": "2023-06-12T16:20:33.897", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30753.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30753.json index 6212003d1b7..16b28775432 100644 --- a/CVE-2023/CVE-2023-307xx/CVE-2023-30753.json +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30753.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30753", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-12T14:15:18.727", - "lastModified": "2023-06-12T14:15:18.727", - "vulnStatus": "Received", + "lastModified": "2023-06-12T16:20:33.897", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3027.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3027.json index 59215ebfe8f..8c386c446ca 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3027.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3027.json @@ -2,16 +2,49 @@ "id": "CVE-2023-3027", "sourceIdentifier": "secalert@redhat.com", "published": "2023-06-05T22:15:12.293", - "lastModified": "2023-06-06T12:50:56.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T16:02:32.613", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values (instead of the policy apply a static manifest on a managed cluster) of taking advantage of cluster scoped access in a created policy. This feature does not restrict properly to lookup content from the namespace where the policy was created." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -23,10 +56,41 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.5:*:*:*:*:*:*:*", + "matchCriteriaId": "197BE970-ABE7-44E9-A4E9-E8DB098DAABF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.6:*:*:*:*:*:*:*", + "matchCriteriaId": "5139FE24-948C-4E38-B8BB-7C176D19309C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.7:*:*:*:*:*:*:*", + "matchCriteriaId": "324C9591-3472-472E-9445-176388966FEC" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211468#c0", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3031.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3031.json index 36ea08d043a..6b24a733656 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3031.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3031.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3031", "sourceIdentifier": "vulnerability@ncsc.ch", "published": "2023-06-02T13:15:10.007", - "lastModified": "2023-06-02T14:32:29.847", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T16:48:57.833", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + }, { "source": "vulnerability@ncsc.ch", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "vulnerability@ncsc.ch", "type": "Secondary", @@ -46,10 +76,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:webbax:king-avis:*:*:*:*:*:prestashop:*:*", + "versionEndExcluding": "17.3.15", + "matchCriteriaId": "FBB54E94-4A21-486D-B8F0-32DB6CFDCECA" + } + ] + } + ] + } + ], "references": [ { "url": "https://borelenzo.github.io/stuff/2023/06/01/cve-2023-3031.html", - "source": "vulnerability@ncsc.ch" + "source": "vulnerability@ncsc.ch", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3079.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3079.json index e9db7d9624a..ea8f7e3ec48 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3079.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3079.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3079", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-06-05T22:15:12.383", - "lastModified": "2023-06-11T04:15:47.247", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T16:47:28.817", + "vulnStatus": "Analyzed", "cisaExploitAdd": "2023-06-07", "cisaActionDue": "2023-06-28", "cisaRequiredAction": "Apply updates per vendor instructions.", @@ -14,23 +14,124 @@ "value": "Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-843" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "114.0.5735.110", + "matchCriteriaId": "EB69CD96-74B6-49C5-8589-99136EE565C6" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://crbug.com/1450481", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYTXO5E3FI3I2ETDP3HF4SHYYTFMKMIC/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5420", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3085.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3085.json index cd43b8a557a..861d7c94c99 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3085.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3085.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3085", "sourceIdentifier": "cna@vuldb.com", "published": "2023-06-03T11:15:21.443", - "lastModified": "2023-06-05T13:03:03.327", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T17:25:40.813", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -65,7 +87,7 @@ }, "weaknesses": [ { - "source": "cna@vuldb.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -73,24 +95,66 @@ "value": "CWE-79" } ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:x-wrt:luci:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.10_b202303121313", + "matchCriteriaId": "09A24A0C-F67C-41C5-AAAB-144C49FB5110" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/x-wrt/luci/commit/24d7da2416b9ab246825c33c213fe939a89b369c", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/x-wrt/luci/releases/tag/22.10_b202303121313", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://vuldb.com/?ctiid.230663", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.230663", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31236.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31236.json index a8b1fefa5c9..e6636254857 100644 --- a/CVE-2023/CVE-2023-312xx/CVE-2023-31236.json +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31236.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31236", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-12T15:15:09.553", - "lastModified": "2023-06-12T15:15:09.553", - "vulnStatus": "Received", + "lastModified": "2023-06-12T16:20:33.897", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31244.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31244.json index dd97b41edcb..aaed1a2d4aa 100644 --- a/CVE-2023/CVE-2023-312xx/CVE-2023-31244.json +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31244.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31244", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-06-06T17:15:14.360", - "lastModified": "2023-06-06T18:33:59.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T16:33:20.073", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,10 +66,36 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp8:*:*:*:*:*:*", + "matchCriteriaId": "F9866251-8120-422D-9764-E4D7F8A5EE51" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hornerautomation:cscape_envisionrv:4.70:*:*:*:*:*:*:*", + "matchCriteriaId": "D1CC8502-4810-4BFA-BC19-5F1DEBAFF678" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31278.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31278.json index a4da42ef364..d8ba2129047 100644 --- a/CVE-2023/CVE-2023-312xx/CVE-2023-31278.json +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31278.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31278", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-06-06T17:15:14.573", - "lastModified": "2023-06-06T18:33:59.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T16:32:50.127", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,10 +66,36 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp8:*:*:*:*:*:*", + "matchCriteriaId": "F9866251-8120-422D-9764-E4D7F8A5EE51" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hornerautomation:cscape_envisionrv:4.70:*:*:*:*:*:*:*", + "matchCriteriaId": "D1CC8502-4810-4BFA-BC19-5F1DEBAFF678" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-316xx/CVE-2023-31606.json b/CVE-2023/CVE-2023-316xx/CVE-2023-31606.json index 954a3dd177c..febdc901534 100644 --- a/CVE-2023/CVE-2023-316xx/CVE-2023-31606.json +++ b/CVE-2023/CVE-2023-316xx/CVE-2023-31606.json @@ -2,27 +2,93 @@ "id": "CVE-2023-31606", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-06T17:15:14.843", - "lastModified": "2023-06-06T18:33:59.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T16:32:16.480", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1333" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:promptworks:redcloth:*:*:*:*:*:ruby:*:*", + "versionStartIncluding": "4.0.0", + "versionEndIncluding": "4.3.2", + "matchCriteriaId": "86D9E3AB-BACA-428A-83B9-9EF75B28878D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/e23e/CVE-2023-31606#readme", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/jgarber/redcloth", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/jgarber/redcloth/issues/73", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-321xx/CVE-2023-32118.json b/CVE-2023/CVE-2023-321xx/CVE-2023-32118.json index b204e6f3aca..76dcb2b4bee 100644 --- a/CVE-2023/CVE-2023-321xx/CVE-2023-32118.json +++ b/CVE-2023/CVE-2023-321xx/CVE-2023-32118.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32118", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-12T15:15:09.633", - "lastModified": "2023-06-12T15:15:09.633", - "vulnStatus": "Received", + "lastModified": "2023-06-12T16:20:33.897", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32203.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32203.json index 36ddab58f79..268722bab6b 100644 --- a/CVE-2023/CVE-2023-322xx/CVE-2023-32203.json +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32203.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32203", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-06-06T17:15:15.023", - "lastModified": "2023-06-06T18:33:59.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T16:29:38.377", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "ics-cert@hq.dhs.gov", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +76,36 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp8:*:*:*:*:*:*", + "matchCriteriaId": "F9866251-8120-422D-9764-E4D7F8A5EE51" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hornerautomation:cscape_envisionrv:4.70:*:*:*:*:*:*:*", + "matchCriteriaId": "D1CC8502-4810-4BFA-BC19-5F1DEBAFF678" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32281.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32281.json index 2026fc1908d..398c7391df2 100644 --- a/CVE-2023/CVE-2023-322xx/CVE-2023-32281.json +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32281.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32281", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-06-06T16:15:09.603", - "lastModified": "2023-06-06T18:34:03.700", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T16:38:00.760", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,10 +66,36 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp8:*:*:*:*:*:*", + "matchCriteriaId": "F9866251-8120-422D-9764-E4D7F8A5EE51" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hornerautomation:cscape_envisionrv:4.70:*:*:*:*:*:*:*", + "matchCriteriaId": "D1CC8502-4810-4BFA-BC19-5F1DEBAFF678" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32289.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32289.json index 2bdaf5c1869..a02110e6ed0 100644 --- a/CVE-2023/CVE-2023-322xx/CVE-2023-32289.json +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32289.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32289", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-06-06T16:15:10.073", - "lastModified": "2023-06-06T18:33:59.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T16:37:10.407", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,10 +66,36 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp8:*:*:*:*:*:*", + "matchCriteriaId": "F9866251-8120-422D-9764-E4D7F8A5EE51" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hornerautomation:cscape_envisionrv:4.70:*:*:*:*:*:*:*", + "matchCriteriaId": "D1CC8502-4810-4BFA-BC19-5F1DEBAFF678" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32539.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32539.json index 1630aa1d4fa..15552988ddb 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32539.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32539.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32539", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-06-06T16:15:10.297", - "lastModified": "2023-06-06T18:33:59.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T16:35:32.033", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "ics-cert@hq.dhs.gov", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +76,36 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp8:*:*:*:*:*:*", + "matchCriteriaId": "F9866251-8120-422D-9764-E4D7F8A5EE51" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hornerautomation:cscape_envisionrv:4.70:*:*:*:*:*:*:*", + "matchCriteriaId": "D1CC8502-4810-4BFA-BC19-5F1DEBAFF678" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32540.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32540.json index e8ac55a783b..636e8c3fc77 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32540.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32540.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32540", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-06-06T00:15:10.067", - "lastModified": "2023-06-06T12:50:56.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T16:55:37.857", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,10 +66,33 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:advantech:webaccess\\/scada:*:*:*:*:*:*:*:*", + "versionEndIncluding": "9.1.3", + "matchCriteriaId": "BA8305E1-A2D7-4DBB-A5FB-E748E41FB060" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-01", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Mitigation", + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32545.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32545.json index 3f0bb9f2255..47c99d7a373 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32545.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32545.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32545", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-06-06T15:15:09.867", - "lastModified": "2023-06-06T18:34:03.700", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T16:38:15.397", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,10 +66,36 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp8:*:*:*:*:*:*", + "matchCriteriaId": "F9866251-8120-422D-9764-E4D7F8A5EE51" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hornerautomation:cscape_envisionrv:4.70:*:*:*:*:*:*:*", + "matchCriteriaId": "D1CC8502-4810-4BFA-BC19-5F1DEBAFF678" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32628.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32628.json index 4d4d5c6d174..2c158b7407b 100644 --- a/CVE-2023/CVE-2023-326xx/CVE-2023-32628.json +++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32628.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32628", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-06-06T00:15:10.177", - "lastModified": "2023-06-06T12:50:56.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T16:53:19.953", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,10 +66,33 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:advantech:webaccess\\/scada:*:*:*:*:*:*:*:*", + "versionEndIncluding": "9.1.3", + "matchCriteriaId": "BA8305E1-A2D7-4DBB-A5FB-E748E41FB060" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-01", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Mitigation", + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32961.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32961.json index 7bc12fbf20b..e82a982e983 100644 --- a/CVE-2023/CVE-2023-329xx/CVE-2023-32961.json +++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32961.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32961", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-12T15:15:09.703", - "lastModified": "2023-06-12T15:15:09.703", - "vulnStatus": "Received", + "lastModified": "2023-06-12T16:20:33.897", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3206.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3206.json index 19939869382..16b11710064 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3206.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3206.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3206", "sourceIdentifier": "cna@vuldb.com", "published": "2023-06-12T15:15:09.887", - "lastModified": "2023-06-12T15:15:09.887", - "vulnStatus": "Received", + "lastModified": "2023-06-12T16:20:33.897", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3208.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3208.json index 25adc5cb0dc..93333a2d131 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3208.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3208.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3208", "sourceIdentifier": "cna@vuldb.com", "published": "2023-06-12T15:15:09.987", - "lastModified": "2023-06-12T15:15:09.987", - "vulnStatus": "Received", + "lastModified": "2023-06-12T16:20:33.897", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33532.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33532.json index dc2ff739494..c7f602ed995 100644 --- a/CVE-2023/CVE-2023-335xx/CVE-2023-33532.json +++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33532.json @@ -2,23 +2,94 @@ "id": "CVE-2023-33532", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-06T14:15:12.740", - "lastModified": "2023-06-06T18:34:03.700", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T16:39:14.450", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netgear:r6250_firmware:1.0.4.48:*:*:*:*:*:*:*", + "matchCriteriaId": "0B7946DC-F8BA-4CBC-9A4F-18B773D10310" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netgear:r6250:-:*:*:*:*:*:*:*", + "matchCriteriaId": "321BE843-52C4-4638-A321-439CA7B3A6F2" + } + ] + } + ] + } + ], "references": [ { "url": "http://netgear.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/D2y6p/CVE/blob/main/Netgear/CVE-2023-33532/Netgear_R6250_RCE.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33613.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33613.json index 69535ea601a..744e8466114 100644 --- a/CVE-2023/CVE-2023-336xx/CVE-2023-33613.json +++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33613.json @@ -2,19 +2,76 @@ "id": "CVE-2023-33613", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-06T18:15:11.357", - "lastModified": "2023-06-06T18:33:59.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T16:23:43.803", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "axTLS v2.1.5 was discovered to contain a heap buffer overflow in the bi_import function in axtls-code/crypto/bigint.c. This vulnerability allows attackers to cause a Denial of Service (DoS) when parsing a private key." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:axtls_project:axtls:2.1.5:*:*:*:*:*:*:*", + "matchCriteriaId": "C8AD18AB-9D68-4BE7-AD0B-A204CA4C0F53" + } + ] + } + ] + } + ], "references": [ { "url": "https://sourceforge.net/p/axtls/mailman/message/37843071/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33747.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33747.json index cd1861c0c5e..5122fa69a52 100644 --- a/CVE-2023/CVE-2023-337xx/CVE-2023-33747.json +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33747.json @@ -2,39 +2,114 @@ "id": "CVE-2023-33747", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-06T18:15:11.497", - "lastModified": "2023-06-07T18:15:09.757", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T16:59:41.887", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "CloudPanel v2.2.2 allows attackers to execute a path traversal." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mgt-commerce:cloudpanel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.0.0", + "versionEndIncluding": "2.2.2", + "matchCriteriaId": "3B5B5B9F-3749-457C-8E6C-87C164F00ADD" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/172768/CloudPanel-2.2.2-Privilege-Escalation-Path-Traversal.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://cwe.mitre.org/data/definitions/264.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] }, { "url": "https://cwe.mitre.org/data/definitions/269.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] }, { "url": "https://cwe.mitre.org/data/definitions/35.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] }, { "url": "https://github.com/EagleTube/CloudPanel", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.cloudpanel.io/docs/v2/changelog/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33968.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33968.json index 2443207efdc..451fb4c066e 100644 --- a/CVE-2023/CVE-2023-339xx/CVE-2023-33968.json +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33968.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33968", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-05T20:15:09.750", - "lastModified": "2023-06-06T12:50:56.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T17:56:58.817", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +66,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.2.30", + "matchCriteriaId": "082DAE98-80F0-4423-8581-AB8D0051EAA1" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/kanboard/kanboard/commit/c20be8f5fa26e54005a90c645e80b11481a65053", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-gf8r-4p6m-v8vr", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33969.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33969.json index e89304dd514..22bf7cd8b72 100644 --- a/CVE-2023/CVE-2023-339xx/CVE-2023-33969.json +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33969.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33969", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-05T20:15:09.867", - "lastModified": "2023-06-06T12:50:56.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T17:57:57.837", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +66,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.2.30", + "matchCriteriaId": "082DAE98-80F0-4423-8581-AB8D0051EAA1" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/kanboard/kanboard/commit/05f1d23d821152cd61536d3b09e522c0f7573e3c", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-8qvf-9847-gpc9", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34026.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34026.json new file mode 100644 index 00000000000..00a97caf4c0 --- /dev/null +++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34026.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-34026", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-06-12T16:15:09.950", + "lastModified": "2023-06-12T16:20:33.897", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in BrokenCrust This Day In History plugin <=\u00a03.10.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/this-day-in-history/wordpress-this-day-in-history-plugin-3-10-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34102.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34102.json index ccca52ceaa3..bd91f826428 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34102.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34102.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34102", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-05T23:15:12.220", - "lastModified": "2023-06-06T12:50:56.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T16:46:32.247", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-470" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,14 +76,44 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:avohq:avo:*:*:*:*:*:ruby:*:*", + "versionEndIncluding": "2.33.2", + "matchCriteriaId": "27594A1A-CFFC-4741-9F4F-45532F8FFCFD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:avohq:avo:3.0.0:pre12:*:*:*:ruby:*:*", + "matchCriteriaId": "33F74798-D928-4FA3-B890-81C43DAC8F91" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/avo-hq/avo/commit/ec117882ddb1b519481bdd046dc3cfa4474e6e17", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/avo-hq/avo/security/advisories/GHSA-86h2-2g4g-29qx", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34103.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34103.json index d0852fb1aa7..6bab036ace4 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34103.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34103.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34103", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-05T23:15:12.627", - "lastModified": "2023-06-06T12:50:56.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T17:01:22.817", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +66,44 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:avohq:avo:*:*:*:*:*:ruby:*:*", + "versionEndIncluding": "2.33.2", + "matchCriteriaId": "27594A1A-CFFC-4741-9F4F-45532F8FFCFD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:avohq:avo:3.0.0:pre12:*:*:*:ruby:*:*", + "matchCriteriaId": "33F74798-D928-4FA3-B890-81C43DAC8F91" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/avo-hq/avo/commit/7891c01e1fba9ca5d7dbccc43d27f385e5d08563", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/avo-hq/avo/security/advisories/GHSA-5cr9-5jx3-2g39", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34105.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34105.json new file mode 100644 index 00000000000..4808dd56e40 --- /dev/null +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34105.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-34105", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-06-12T17:15:09.887", + "lastModified": "2023-06-12T17:15:09.887", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV, SRT, MPEG-DASH, and GB28181. Prior to versions 5.0.157, 5.0-b1, and 6.0.48, SRS's `api-server` server is vulnerable to a drive-by command injection. An attacker may send a request to the `/api/v1/snapshots` endpoint containing any commands to be executed as part of the body of the POST request. This issue may lead to Remote Code Execution (RCE). Versions 5.0.157, 5.0-b1, and 6.0.48 contain a fix." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/ossrs/srs/blob/1d11d02e4b82fc3f37e4b048cff483b1581482c1/trunk/research/api-server/server.go#L761", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/ossrs/srs/commit/1d878c2daaf913ad01c6d0bc2f247116c8050338", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/ossrs/srs/security/advisories/GHSA-vpr5-779c-cx62", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34212.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34212.json new file mode 100644 index 00000000000..0132e77a0e4 --- /dev/null +++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34212.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-34212", + "sourceIdentifier": "security@apache.org", + "published": "2023-06-12T16:15:10.043", + "lastModified": "2023-06-12T16:20:33.897", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from a remote location.\n\nThe resolution validates the JNDI URL and restricts locations to a set of allowed schemes.\n\nYou are recommended to upgrade to version 1.22.0 or later which fixes this issue.\n\n\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://lists.apache.org/thread/w5rm46fxmvxy216tglf0dv83wo6gnzr5", + "source": "security@apache.org" + }, + { + "url": "https://nifi.apache.org/security.html#CVE-2023-34212", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34246.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34246.json new file mode 100644 index 00000000000..0cdaa72cfd2 --- /dev/null +++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34246.json @@ -0,0 +1,71 @@ +{ + "id": "CVE-2023-34246", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-06-12T17:15:09.967", + "lastModified": "2023-06-12T17:15:09.967", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot be assured. This issue is fixed in version 5.6.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/doorkeeper-gem/doorkeeper/issues/1589", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/doorkeeper-gem/doorkeeper/pull/1646", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v5.6.6", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-7w2c-w47h-789w", + "source": "security-advisories@github.com" + }, + { + "url": "https://www.rfc-editor.org/rfc/rfc8252#section-8.6", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34341.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34341.json new file mode 100644 index 00000000000..4120fab0860 --- /dev/null +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34341.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-34341", + "sourceIdentifier": "biossecurity@ami.com", + "published": "2023-06-12T17:15:10.047", + "lastModified": "2023-06-12T17:15:10.047", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "AMI BMC contains a vulnerability in the SPX REST API, where an\nattacker with the required privileges can read and write to arbitrary locations\nwithin the memory context of the IPMI server process, which may lead to code\nexecution, denial of service, information disclosure, or data tampering.\n\n\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + } + ], + "references": [ + { + "url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf", + "source": "biossecurity@ami.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34344.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34344.json new file mode 100644 index 00000000000..905f6b3771e --- /dev/null +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34344.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-34344", + "sourceIdentifier": "biossecurity@ami.com", + "published": "2023-06-12T17:15:10.137", + "lastModified": "2023-06-12T17:15:10.137", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "AMI BMC contains a vulnerability in the IPMI\nhandler, where an unauthorized attacker can use certain oracles to guess a\nvalid username, which may lead to information disclosure.\n\n\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "references": [ + { + "url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf", + "source": "biossecurity@ami.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34345.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34345.json new file mode 100644 index 00000000000..4f788992b59 --- /dev/null +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34345.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-34345", + "sourceIdentifier": "biossecurity@ami.com", + "published": "2023-06-12T17:15:10.213", + "lastModified": "2023-06-12T17:15:10.213", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "AMI BMC contains a vulnerability in the SPX REST API, where an\nattacker with the required privileges can access arbitrary files, which may\nlead to information disclosure.\n\n\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf", + "source": "biossecurity@ami.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-344xx/CVE-2023-34410.json b/CVE-2023/CVE-2023-344xx/CVE-2023-34410.json index ba207a351a3..2ffb5de7da5 100644 --- a/CVE-2023/CVE-2023-344xx/CVE-2023-34410.json +++ b/CVE-2023/CVE-2023-344xx/CVE-2023-34410.json @@ -2,23 +2,96 @@ "id": "CVE-2023-34410", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-05T03:15:09.390", - "lastModified": "2023-06-05T13:02:53.787", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T16:57:27.243", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-295" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.15.15", + "matchCriteriaId": "19F5F946-5DD7-4F8D-8171-83BB0D9C5048" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0.0", + "versionEndExcluding": "6.2.9", + "matchCriteriaId": "513DDB0D-A132-4046-8B49-D2776E585826" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.3.0", + "versionEndExcluding": "6.5.2", + "matchCriteriaId": "226FFAAF-14BA-4B15-A7DC-40E7CE23947B" + } + ] + } + ] + } + ], "references": [ { "url": "https://codereview.qt-project.org/c/qt/qtbase/+/477560", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://codereview.qt-project.org/c/qt/qtbase/+/480002", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-344xx/CVE-2023-34411.json b/CVE-2023/CVE-2023-344xx/CVE-2023-34411.json index 235b35ec01e..3e6ea675a17 100644 --- a/CVE-2023/CVE-2023-344xx/CVE-2023-34411.json +++ b/CVE-2023/CVE-2023-344xx/CVE-2023-34411.json @@ -2,31 +2,96 @@ "id": "CVE-2023-34411", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-05T04:15:11.153", - "lastModified": "2023-06-05T13:02:53.787", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T17:51:53.253", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid