From 669df9fb489ea95e14cc0477a7f71b7d31d197f0 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 11 Jul 2023 02:00:55 +0000 Subject: [PATCH] Auto-Update: 2023-07-11T02:00:51.334562+00:00 --- CVE-2021/CVE-2021-468xx/CVE-2021-46890.json | 73 +++++++++- CVE-2021/CVE-2021-468xx/CVE-2021-46891.json | 71 ++++++++- CVE-2023/CVE-2023-341xx/CVE-2023-34107.json | 53 ++++++- CVE-2023/CVE-2023-342xx/CVE-2023-34244.json | 53 ++++++- CVE-2023/CVE-2023-359xx/CVE-2023-35924.json | 53 ++++++- CVE-2023/CVE-2023-359xx/CVE-2023-35939.json | 53 ++++++- CVE-2023/CVE-2023-359xx/CVE-2023-35940.json | 65 ++++++++- CVE-2023/CVE-2023-359xx/CVE-2023-35973.json | 153 +++++++++++++++++++- CVE-2023/CVE-2023-368xx/CVE-2023-36808.json | 53 ++++++- CVE-2023/CVE-2023-371xx/CVE-2023-37191.json | 24 +++ README.md | 63 ++------ 11 files changed, 629 insertions(+), 85 deletions(-) create mode 100644 CVE-2023/CVE-2023-371xx/CVE-2023-37191.json diff --git a/CVE-2021/CVE-2021-468xx/CVE-2021-46890.json b/CVE-2021/CVE-2021-468xx/CVE-2021-46890.json index 67461f4b65b..fd440efa85c 100644 --- a/CVE-2021/CVE-2021-468xx/CVE-2021-46890.json +++ b/CVE-2021/CVE-2021-468xx/CVE-2021-46890.json @@ -2,23 +2,86 @@ "id": "CVE-2021-46890", "sourceIdentifier": "psirt@huawei.com", "published": "2023-07-05T12:15:09.507", - "lastModified": "2023-07-05T13:00:26.547", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-11T00:24:44.113", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3AD62E8B-CB4B-43A6-98E8-09A8A1A3505B" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/7/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-468xx/CVE-2021-46891.json b/CVE-2021/CVE-2021-468xx/CVE-2021-46891.json index 92c096b7d40..753cb411af3 100644 --- a/CVE-2021/CVE-2021-468xx/CVE-2021-46891.json +++ b/CVE-2021/CVE-2021-468xx/CVE-2021-46891.json @@ -2,16 +2,49 @@ "id": "CVE-2021-46891", "sourceIdentifier": "psirt@huawei.com", "published": "2023-07-05T13:15:09.413", - "lastModified": "2023-07-05T16:25:43.523", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-11T00:28:45.877", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + }, { "source": "psirt@huawei.com", "type": "Secondary", @@ -23,14 +56,42 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3AD62E8B-CB4B-43A6-98E8-09A8A1A3505B" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/7/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34107.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34107.json index a52d93918d2..42eecd4b325 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34107.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34107.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34107", "sourceIdentifier": "security-advisories@github.com", "published": "2023-07-05T20:15:10.177", - "lastModified": "2023-07-05T20:31:30.957", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-11T00:21:52.767", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,14 +70,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.2.0", + "versionEndExcluding": "10.0.8", + "matchCriteriaId": "E4EB281D-CA0A-41FD-94AE-F0DD97DA641F" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.8", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-966h-xrf5-pmj4", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34244.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34244.json index 9762e00e0b3..af7ca15bfca 100644 --- a/CVE-2023/CVE-2023-342xx/CVE-2023-34244.json +++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34244.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34244", "sourceIdentifier": "security-advisories@github.com", "published": "2023-07-05T20:15:10.260", - "lastModified": "2023-07-05T20:31:30.957", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-11T00:14:17.360", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +66,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.4.0", + "versionEndExcluding": "10.0.8", + "matchCriteriaId": "04DC3FB6-3BF0-4269-AACF-BD52DC25EEB1" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.8", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-p93p-pwg9-w95w", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-359xx/CVE-2023-35924.json b/CVE-2023/CVE-2023-359xx/CVE-2023-35924.json index 9e9ef0ae167..722b86aec75 100644 --- a/CVE-2023/CVE-2023-359xx/CVE-2023-35924.json +++ b/CVE-2023/CVE-2023-359xx/CVE-2023-35924.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35924", "sourceIdentifier": "security-advisories@github.com", "published": "2023-07-05T20:15:10.483", - "lastModified": "2023-07-05T20:31:30.957", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-11T00:11:06.083", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +66,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.0.0", + "versionEndExcluding": "10.0.8", + "matchCriteriaId": "AD9F0BED-0131-4054-BA93-5F7A65358262" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.8", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-gxh4-j63w-8jmm", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-359xx/CVE-2023-35939.json b/CVE-2023/CVE-2023-359xx/CVE-2023-35939.json index 666673e1c56..95fb452aa1a 100644 --- a/CVE-2023/CVE-2023-359xx/CVE-2023-35939.json +++ b/CVE-2023/CVE-2023-359xx/CVE-2023-35939.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35939", "sourceIdentifier": "security-advisories@github.com", "published": "2023-07-05T21:15:09.707", - "lastModified": "2023-07-06T11:55:38.310", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-11T00:03:34.423", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,14 +70,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.5.0", + "versionEndExcluding": "10.0.8", + "matchCriteriaId": "890DEF65-8D7D-44EC-A053-B847F0163B14" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.8", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-cjcx-pwcx-v34c", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-359xx/CVE-2023-35940.json b/CVE-2023/CVE-2023-359xx/CVE-2023-35940.json index 6032543fbf7..dd443f260a8 100644 --- a/CVE-2023/CVE-2023-359xx/CVE-2023-35940.json +++ b/CVE-2023/CVE-2023-359xx/CVE-2023-35940.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35940", "sourceIdentifier": "security-advisories@github.com", "published": "2023-07-05T21:15:09.787", - "lastModified": "2023-07-06T11:55:38.310", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-11T00:02:21.370", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -50,14 +80,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.5.0", + "versionEndExcluding": "10.0.8", + "matchCriteriaId": "890DEF65-8D7D-44EC-A053-B847F0163B14" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.8", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-qrh8-rg45-45fw", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-359xx/CVE-2023-35973.json b/CVE-2023/CVE-2023-359xx/CVE-2023-35973.json index 2bf9ac94214..e833e93d73c 100644 --- a/CVE-2023/CVE-2023-359xx/CVE-2023-35973.json +++ b/CVE-2023/CVE-2023-359xx/CVE-2023-35973.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35973", "sourceIdentifier": "security-alert@hpe.com", "published": "2023-07-05T15:15:09.437", - "lastModified": "2023-07-05T16:25:41.353", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-11T00:50:42.443", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security-alert@hpe.com", "type": "Secondary", @@ -34,10 +54,137 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.5.4.0", + "versionEndExcluding": "8.6.0.21", + "matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.7.0.0", + "versionEndExcluding": "8.10.0.7", + "matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.11.0.0", + "versionEndExcluding": "8.11.1.1", + "matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.4.0.0", + "versionEndExcluding": "10.4.0.2", + "matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*", + "matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*", + "matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*", + "matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt", - "source": "security-alert@hpe.com" + "source": "security-alert@hpe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-368xx/CVE-2023-36808.json b/CVE-2023/CVE-2023-368xx/CVE-2023-36808.json index aefd63d80cc..49201041aec 100644 --- a/CVE-2023/CVE-2023-368xx/CVE-2023-36808.json +++ b/CVE-2023/CVE-2023-368xx/CVE-2023-36808.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36808", "sourceIdentifier": "security-advisories@github.com", "published": "2023-07-05T21:15:10.017", - "lastModified": "2023-07-06T11:55:38.310", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-10T23:58:42.933", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +66,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*", + "versionStartIncluding": "0.80", + "versionEndExcluding": "10.0.8", + "matchCriteriaId": "F1A3115A-400D-4977-93AA-D33F2516C35E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.8", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-vf5h-jh9q-2gjm", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-371xx/CVE-2023-37191.json b/CVE-2023/CVE-2023-371xx/CVE-2023-37191.json new file mode 100644 index 00000000000..d0f7df0d7b0 --- /dev/null +++ b/CVE-2023/CVE-2023-371xx/CVE-2023-37191.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-37191", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-11T01:15:12.883", + "lastModified": "2023-07-11T01:15:12.883", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Group and Description parameters." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/sahiloj/CVE-2023-37191/blob/main/README.md", + "source": "cve@mitre.org" + }, + { + "url": "https://reference3.example.com/index.php?menu=faxnew", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index a19438648d9..afc0cb4d7e5 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-07-10T23:55:47.047247+00:00 +2023-07-11T02:00:51.334562+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-07-10T23:55:12.697000+00:00 +2023-07-11T01:15:12.883000+00:00 ``` ### Last Data Feed Release @@ -23,66 +23,35 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-07-10T00:00:13.552837+00:00 +2023-07-11T00:00:13.555672+00:00 ``` ### Total Number of included CVEs ```plain -219654 +219655 ``` ### CVEs added in the last Commit -Recently added CVEs: `16` +Recently added CVEs: `1` -* [CVE-2023-30765](CVE-2023/CVE-2023-307xx/CVE-2023-30765.json) (`2023-07-10T20:15:15.237`) -* [CVE-2023-34316](CVE-2023/CVE-2023-343xx/CVE-2023-34316.json) (`2023-07-10T20:15:15.310`) -* [CVE-2023-3605](CVE-2023/CVE-2023-36xx/CVE-2023-3605.json) (`2023-07-10T20:15:15.377`) -* [CVE-2023-22835](CVE-2023/CVE-2023-228xx/CVE-2023-22835.json) (`2023-07-10T21:15:10.540`) -* [CVE-2023-24486](CVE-2023/CVE-2023-244xx/CVE-2023-24486.json) (`2023-07-10T21:15:10.600`) -* [CVE-2023-24487](CVE-2023/CVE-2023-244xx/CVE-2023-24487.json) (`2023-07-10T21:15:10.650`) -* [CVE-2023-24488](CVE-2023/CVE-2023-244xx/CVE-2023-24488.json) (`2023-07-10T21:15:10.707`) -* [CVE-2023-34432](CVE-2023/CVE-2023-344xx/CVE-2023-34432.json) (`2023-07-10T21:15:10.763`) -* [CVE-2023-3606](CVE-2023/CVE-2023-36xx/CVE-2023-3606.json) (`2023-07-10T21:15:10.823`) -* [CVE-2023-3607](CVE-2023/CVE-2023-36xx/CVE-2023-3607.json) (`2023-07-10T21:15:10.887`) -* [CVE-2023-24489](CVE-2023/CVE-2023-244xx/CVE-2023-24489.json) (`2023-07-10T22:15:09.197`) -* [CVE-2023-24490](CVE-2023/CVE-2023-244xx/CVE-2023-24490.json) (`2023-07-10T22:15:09.263`) -* [CVE-2023-30956](CVE-2023/CVE-2023-309xx/CVE-2023-30956.json) (`2023-07-10T22:15:09.337`) -* [CVE-2023-30960](CVE-2023/CVE-2023-309xx/CVE-2023-30960.json) (`2023-07-10T22:15:09.410`) -* [CVE-2023-30963](CVE-2023/CVE-2023-309xx/CVE-2023-30963.json) (`2023-07-10T22:15:09.477`) -* [CVE-2023-3608](CVE-2023/CVE-2023-36xx/CVE-2023-3608.json) (`2023-07-10T22:15:09.530`) +* [CVE-2023-37191](CVE-2023/CVE-2023-371xx/CVE-2023-37191.json) (`2023-07-11T01:15:12.883`) ### CVEs modified in the last Commit -Recently modified CVEs: `41` +Recently modified CVEs: `9` -* [CVE-2022-41186](CVE-2022/CVE-2022-411xx/CVE-2022-41186.json) (`2023-07-10T21:15:09.467`) -* [CVE-2022-41187](CVE-2022/CVE-2022-411xx/CVE-2022-41187.json) (`2023-07-10T21:15:09.540`) -* [CVE-2022-41189](CVE-2022/CVE-2022-411xx/CVE-2022-41189.json) (`2023-07-10T21:15:09.613`) -* [CVE-2022-41190](CVE-2022/CVE-2022-411xx/CVE-2022-41190.json) (`2023-07-10T21:15:09.690`) -* [CVE-2022-41191](CVE-2022/CVE-2022-411xx/CVE-2022-41191.json) (`2023-07-10T21:15:09.763`) -* [CVE-2022-41193](CVE-2022/CVE-2022-411xx/CVE-2022-41193.json) (`2023-07-10T21:15:09.837`) -* [CVE-2022-41195](CVE-2022/CVE-2022-411xx/CVE-2022-41195.json) (`2023-07-10T21:15:09.913`) -* [CVE-2022-41196](CVE-2022/CVE-2022-411xx/CVE-2022-41196.json) (`2023-07-10T21:15:09.993`) -* [CVE-2022-41198](CVE-2022/CVE-2022-411xx/CVE-2022-41198.json) (`2023-07-10T21:15:10.063`) -* [CVE-2022-41199](CVE-2022/CVE-2022-411xx/CVE-2022-41199.json) (`2023-07-10T21:15:10.147`) -* [CVE-2022-41200](CVE-2022/CVE-2022-412xx/CVE-2022-41200.json) (`2023-07-10T21:15:10.223`) -* [CVE-2022-41201](CVE-2022/CVE-2022-412xx/CVE-2022-41201.json) (`2023-07-10T21:15:10.300`) -* [CVE-2022-41202](CVE-2022/CVE-2022-412xx/CVE-2022-41202.json) (`2023-07-10T21:15:10.373`) -* [CVE-2022-41211](CVE-2022/CVE-2022-412xx/CVE-2022-41211.json) (`2023-07-10T21:15:10.447`) -* [CVE-2022-47927](CVE-2022/CVE-2022-479xx/CVE-2022-47927.json) (`2023-07-10T23:15:08.933`) -* [CVE-2023-26136](CVE-2023/CVE-2023-261xx/CVE-2023-26136.json) (`2023-07-10T23:15:09.030`) -* [CVE-2023-3505](CVE-2023/CVE-2023-35xx/CVE-2023-3505.json) (`2023-07-10T23:18:54.143`) -* [CVE-2023-21635](CVE-2023/CVE-2023-216xx/CVE-2023-21635.json) (`2023-07-10T23:27:42.030`) -* [CVE-2023-21637](CVE-2023/CVE-2023-216xx/CVE-2023-21637.json) (`2023-07-10T23:31:13.807`) -* [CVE-2023-21638](CVE-2023/CVE-2023-216xx/CVE-2023-21638.json) (`2023-07-10T23:32:10.557`) -* [CVE-2023-35786](CVE-2023/CVE-2023-357xx/CVE-2023-35786.json) (`2023-07-10T23:33:29.193`) -* [CVE-2023-3336](CVE-2023/CVE-2023-33xx/CVE-2023-3336.json) (`2023-07-10T23:37:04.847`) -* [CVE-2023-21640](CVE-2023/CVE-2023-216xx/CVE-2023-21640.json) (`2023-07-10T23:38:21.937`) -* [CVE-2023-35972](CVE-2023/CVE-2023-359xx/CVE-2023-35972.json) (`2023-07-10T23:48:12.443`) -* [CVE-2023-22319](CVE-2023/CVE-2023-223xx/CVE-2023-22319.json) (`2023-07-10T23:55:12.697`) +* [CVE-2021-46890](CVE-2021/CVE-2021-468xx/CVE-2021-46890.json) (`2023-07-11T00:24:44.113`) +* [CVE-2021-46891](CVE-2021/CVE-2021-468xx/CVE-2021-46891.json) (`2023-07-11T00:28:45.877`) +* [CVE-2023-36808](CVE-2023/CVE-2023-368xx/CVE-2023-36808.json) (`2023-07-10T23:58:42.933`) +* [CVE-2023-35940](CVE-2023/CVE-2023-359xx/CVE-2023-35940.json) (`2023-07-11T00:02:21.370`) +* [CVE-2023-35939](CVE-2023/CVE-2023-359xx/CVE-2023-35939.json) (`2023-07-11T00:03:34.423`) +* [CVE-2023-35924](CVE-2023/CVE-2023-359xx/CVE-2023-35924.json) (`2023-07-11T00:11:06.083`) +* [CVE-2023-34244](CVE-2023/CVE-2023-342xx/CVE-2023-34244.json) (`2023-07-11T00:14:17.360`) +* [CVE-2023-34107](CVE-2023/CVE-2023-341xx/CVE-2023-34107.json) (`2023-07-11T00:21:52.767`) +* [CVE-2023-35973](CVE-2023/CVE-2023-359xx/CVE-2023-35973.json) (`2023-07-11T00:50:42.443`) ## Download and Usage