admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 11:07:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-06-30T18:00:39.608665+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-06-30 18:00:43 +00:00
parent 8bbba50dd5
commit 6aa0372d2f
78 changed files with 13754 additions and 281 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
CVE-2020/CVE-2020-207xx/CVE-2020-20725.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2020-20725",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-20T15:15:10.677",
"lastModified": "2023-06-20T15:49:15.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T16:16:14.333",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:taogogo:taocms:2.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "DD27C8D4-1FAB-4E1E-A7C7-9EF840F833E9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/taogogo/taocms/issues/2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

6
CVE-2021/CVE-2021-12xx/CVE-2021-1256.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1256",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-04-29T18:15:08.840",
"lastModified": "2022-07-29T18:48:44.150",
"lastModified": "2023-06-30T17:08:37.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -90,6 +90,10 @@
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-552"

4
CVE-2021/CVE-2021-16xx/CVE-2021-1624.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1624",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-09-23T03:15:13.610",
"lastModified": "2021-10-05T19:26:54.487",
"lastModified": "2023-06-30T17:09:18.313",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -92,7 +92,7 @@
"description": [
{
"lang": "en",
"value": "CWE-400"
"value": "NVD-CWE-Other"
}
]
},

14
CVE-2021/CVE-2021-202xx/CVE-2021-20268.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-20268",
"sourceIdentifier": "secalert@redhat.com",
"published": "2021-03-09T18:15:15.687",
"lastModified": "2021-04-12T16:38:26.693",
"lastModified": "2023-06-30T17:50:04.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -65,8 +65,18 @@
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",

4
CVE-2021/CVE-2021-203xx/CVE-2021-20320.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-20320",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-02-18T18:15:08.877",
"lastModified": "2022-03-03T14:43:00.690",
"lastModified": "2023-06-30T16:57:26.953",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -70,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-200"
"value": "NVD-CWE-Other"
}
]
},

4
CVE-2021/CVE-2021-203xx/CVE-2021-20325.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-20325",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-02-18T18:15:09.080",
"lastModified": "2022-03-08T18:18:04.310",
"lastModified": "2023-06-30T17:06:00.033",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -70,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-119"
"value": "CWE-787"
},
{
"lang": "en",

14
CVE-2021/CVE-2021-214xx/CVE-2021-21428.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-21428",
"sourceIdentifier": "security-advisories@github.com",
"published": "2021-05-10T19:15:08.060",
"lastModified": "2021-05-17T17:43:17.213",
"lastModified": "2023-06-30T17:43:37.307",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -85,8 +85,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",

4
CVE-2021/CVE-2021-215xx/CVE-2021-21522.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-21522",
"sourceIdentifier": "security_alert@emc.com",
"published": "2021-09-28T20:15:07.397",
"lastModified": "2021-10-04T14:11:38.380",
"lastModified": "2023-06-30T17:51:46.287",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -90,7 +90,7 @@
"description": [
{
"lang": "en",
"value": "CWE-522"
"value": "NVD-CWE-noinfo"
}
]
},

4
CVE-2021/CVE-2021-228xx/CVE-2021-22864.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-22864",
"sourceIdentifier": "product-cna@github.com",
"published": "2021-03-23T22:15:12.423",
"lastModified": "2021-03-26T21:08:56.187",
"lastModified": "2023-06-30T17:50:26.783",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -70,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-77"
"value": "NVD-CWE-noinfo"
}
]
},

6
CVE-2021/CVE-2021-229xx/CVE-2021-22923.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-22923",
"sourceIdentifier": "support@hackerone.com",
"published": "2021-08-05T21:15:11.293",
"lastModified": "2023-01-05T18:17:34.963",
"lastModified": "2023-06-30T17:47:16.583",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -68,6 +68,10 @@
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-319"
},
{
"lang": "en",
"value": "CWE-522"

4
CVE-2021/CVE-2021-229xx/CVE-2021-22948.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-22948",
"sourceIdentifier": "support@hackerone.com",
"published": "2021-09-23T13:15:08.760",
"lastModified": "2021-09-29T20:28:17.167",
"lastModified": "2023-06-30T17:50:34.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -70,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-327"
"value": "CWE-338"
}
]
},

16
CVE-2021/CVE-2021-238xx/CVE-2021-23874.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2021-23874",
"sourceIdentifier": "psirt@mcafee.com",
"published": "2021-02-10T11:15:12.943",
"lastModified": "2021-02-11T22:58:00.993",
"lastModified": "2023-06-30T17:49:58.287",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2021-11-03",
"cisaActionDue": "2021-11-17",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "McAfee Total Protection MTP Arbitrary Process Execution",
"cisaVulnerabilityName": "McAfee Total Protection (MTP) Improper Privilege Management Vulnerability",
"descriptions": [
{
"lang": "en",
@ -89,8 +89,18 @@
},
"weaknesses": [
{
"source": "psirt@mcafee.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
},
{
"source": "psirt@mcafee.com",
"type": "Secondary",
"description": [
{
"lang": "en",

8
CVE-2021/CVE-2021-242xx/CVE-2021-24209.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-24209",
"sourceIdentifier": "contact@wpscan.com",
"published": "2021-04-05T19:15:17.407",
"lastModified": "2021-05-04T15:02:12.937",
"lastModified": "2023-06-30T17:43:30.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -65,17 +65,17 @@
},
"weaknesses": [
{
"source": "contact@wpscan.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
"value": "CWE-94"
}
]
},
{
"source": "nvd@nist.gov",
"source": "contact@wpscan.com",
"type": "Secondary",
"description": [
{

4
CVE-2021/CVE-2021-253xx/CVE-2021-25354.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-25354",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2021-03-25T17:15:13.773",
"lastModified": "2021-03-30T21:16:48.487",
"lastModified": "2023-06-30T17:43:26.253",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -90,7 +90,7 @@
"description": [
{
"lang": "en",
"value": "CWE-20"
"value": "NVD-CWE-Other"
}
]
},

4
CVE-2021/CVE-2021-263xx/CVE-2021-26314.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-26314",
"sourceIdentifier": "psirt@amd.com",
"published": "2021-06-09T12:15:07.810",
"lastModified": "2022-06-03T13:45:52.813",
"lastModified": "2023-06-30T17:47:49.887",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -70,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-668"
"value": "CWE-203"
}
]
},

4
CVE-2021/CVE-2021-274xx/CVE-2021-27499.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-27499",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2021-08-02T21:15:08.050",
"lastModified": "2021-08-11T13:17:40.970",
"lastModified": "2023-06-30T17:43:42.500",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -70,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-330"
}
]
},

79
CVE-2023/CVE-2023-208xx/CVE-2023-20885.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20885",
"sourceIdentifier": "security@vmware.com",
"published": "2023-06-16T13:15:09.463",
"lastModified": "2023-06-16T16:41:02.630",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T16:12:51.393",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@vmware.com",
"type": "Secondary",
@ -34,10 +54,63 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pivotal:cloud_foundry_nfs_volume:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.0.27",
"matchCriteriaId": "708A44E3-874B-4A4F-9B91-432E7D4131BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pivotal:cloud_foundry_nfs_volume:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.1.0",
"versionEndExcluding": "7.1.19",
"matchCriteriaId": "4887C1A5-6FD4-49C3-A33E-01BD57C785F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pivotal:cloud_foundry_notifications:*:*:*:*:*:*:*:*",
"versionEndExcluding": "63",
"matchCriteriaId": "17581E39-7468-41C0-A0F3-8247B35F36C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pivotal:cloud_foundry_smb_volume:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1.19",
"matchCriteriaId": "14458EC9-C02D-4DB8-A93E-87C1057F0AA8"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cloudfoundry.org/blog/cve-2023-20885-cf-workflows-leak-credentials-in-system-audit-logs/",
"source": "security@vmware.com"
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-20xx/CVE-2023-2080.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2080",
"sourceIdentifier": "psirt@forcepoint.com",
"published": "2023-06-15T23:15:09.020",
"lastModified": "2023-06-16T03:19:08.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T16:39:02.840",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "psirt@forcepoint.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "psirt@forcepoint.com",
"type": "Secondary",
@ -46,10 +76,35 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:forcepoint:email_security:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DD17A1-E6F8-4ED5-9566-C5C3A62EFCDE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:forcepoint:web_security:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66F97068-979A-4D45-B2C6-A98FF1887EED"
}
]
}
]
}
],
"references": [
{
"url": "https://support.forcepoint.com/s/article/000041871",
"source": "psirt@forcepoint.com"
"source": "psirt@forcepoint.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-211xx/CVE-2023-21169.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-21169",
"sourceIdentifier": "security@android.com",
"published": "2023-06-28T18:15:14.237",
"lastModified": "2023-06-28T19:27:43.520",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T17:50:07.150",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In inviteInternal of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-274443441"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-06-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-211xx/CVE-2023-21170.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-21170",
"sourceIdentifier": "security@android.com",
"published": "2023-06-28T18:15:14.287",
"lastModified": "2023-06-28T19:27:43.520",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T17:52:59.093",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In executeSetClientTarget of ComposerCommandEngine.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-252764410"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-06-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-211xx/CVE-2023-21171.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-21171",
"sourceIdentifier": "security@android.com",
"published": "2023-06-28T18:15:14.343",
"lastModified": "2023-06-28T19:27:43.520",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T17:58:56.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In verifyInputEvent of InputDispatcher.cpp, there is a possible way to conduct click fraud due to side channel information disclosure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261085213"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-06-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-235xx/CVE-2023-23539.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-23539",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-06-23T18:15:10.843",
"lastModified": "2023-06-23T19:24:47.997",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T16:53:58.180",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.2",
"matchCriteriaId": "9CEC72CB-1F5B-4BF5-80F0-357E27855D2A"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213605",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}

103
CVE-2023/CVE-2023-24xx/CVE-2023-2431.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2431",
"sourceIdentifier": "jordan@liggitt.net",
"published": "2023-06-16T08:15:08.770",
"lastModified": "2023-06-27T13:15:09.597",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T16:37:52.273",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "jordan@liggitt.net",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "jordan@liggitt.net",
"type": "Secondary",
@ -46,18 +76,81 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.24.14",
"matchCriteriaId": "59A9CBF2-B94B-4311-AE41-6CEA2DA7E24B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.25.0",
"versionEndExcluding": "1.25.10",
"matchCriteriaId": "E2D70178-BDE0-430B-8446-0A93FB2323FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.26.0",
"versionEndExcluding": "1.26.5",
"matchCriteriaId": "D02A28B2-70E6-4B48-9D58-39525AD66C20"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.27.0",
"versionEndExcluding": "1.27.2",
"matchCriteriaId": "1C04A62B-D3F5-4E63-819A-0A8868F34643"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/kubernetes/kubernetes/issues/118690",
"source": "jordan@liggitt.net"
"source": "jordan@liggitt.net",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://groups.google.com/g/kubernetes-security-announce/c/QHmx0HOQa10",
"source": "jordan@liggitt.net"
"source": "jordan@liggitt.net",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBX4RL4UOC7JHWWYB2AJCKSUM7EG5Y5G/",
"source": "jordan@liggitt.net"
"source": "jordan@liggitt.net",
"tags": [
"Mailing List"
]
}
]
}

95
CVE-2023/CVE-2023-251xx/CVE-2023-25188.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25188",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-16T19:15:14.477",
"lastModified": "2023-06-17T02:32:29.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T16:10:18.383",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -34,14 +54,81 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nokia:asika_airscale_firmware:19b:*:*:*:*:*:*:*",
"matchCriteriaId": "FE8E3A0E-3B21-49D8-A4EE-33FE5FBA7B51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nokia:asika_airscale_firmware:20a:*:*:*:*:*:*:*",
"matchCriteriaId": "A612E565-7686-4C20-99AF-67B283328A42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nokia:asika_airscale_firmware:20b:*:*:*:*:*:*:*",
"matchCriteriaId": "5AE52024-F5EE-42F6-AC3A-702E87B1ABF2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nokia:asika_airscale_firmware:20c:*:*:*:*:*:*:*",
"matchCriteriaId": "DA68A71E-A8FB-4448-BE75-318E4582FC43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nokia:asika_airscale_firmware:21a:*:*:*:*:*:*:*",
"matchCriteriaId": "B2FAA373-A46D-48A6-8A08-F66F4F3604C7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nokia:asika_airscale:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61C0B724-C7EA-4214-98CF-49812292332B"
}
]
}
]
}
],
"references": [
{
"url": "https://Nokia.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25188/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

126
CVE-2023/CVE-2023-254xx/CVE-2023-25499.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25499",
"sourceIdentifier": "security@vaadin.com",
"published": "2023-06-22T13:15:09.660",
"lastModified": "2023-06-22T14:49:18.643",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T16:32:37.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@vaadin.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
},
{
"source": "security@vaadin.com",
"type": "Secondary",
@ -46,14 +76,102 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0",
"versionEndExcluding": "10.0.23",
"matchCriteriaId": "12F1F29D-69E8-406E-BB2F-EA3F141CECD7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0.0",
"versionEndExcluding": "14.10.1",
"matchCriteriaId": "B100421F-58C7-454A-949C-338C4B990925"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0.0",
"versionEndIncluding": "22.0.28",
"matchCriteriaId": "D0719ACD-F9D0-4E28-82BC-AEFE4EB19729"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*",
"versionStartIncluding": "23.0.0",
"versionEndExcluding": "23.3.13",
"matchCriteriaId": "74BA613E-932F-45A3-88D2-EA8B42158429"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*",
"versionStartIncluding": "24.0.0",
"versionEndExcluding": "24.0.6",
"matchCriteriaId": "7F7402D6-2F33-4352-9E70-16EA3C45B795"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:vaadin:24.1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "5131784E-6951-4BA6-A473-10BE06E3E0F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:vaadin:24.1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "07747F12-9827-4543-B66F-253326EC247F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:vaadin:24.1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "BD57A5F3-CB86-4B35-823B-DCAEB163D4CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:vaadin:24.1.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "EB94F579-CDCE-4FA4-BCAF-7747813FB7A6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:vaadin:24.1.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "4464403F-682A-4506-99E7-2CC4E4288C0E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:vaadin:24.1.0:alpha6:*:*:*:*:*:*",
"matchCriteriaId": "ECF91FB7-2806-40C1-B27D-461B6836AC7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:vaadin:24.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4ECE8939-9AB8-44AB-8ECC-96844410A973"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/vaadin/flow/pull/15885",
"source": "security@vaadin.com"
"source": "security@vaadin.com",
"tags": [
"Patch"
]
},
{
"url": "https://vaadin.com/security/CVE-2023-25499",
"source": "security@vaadin.com"
"source": "security@vaadin.com",
"tags": [
"Vendor Advisory"
]
}
]
}

146
CVE-2023/CVE-2023-255xx/CVE-2023-25500.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25500",
"sourceIdentifier": "security@vaadin.com",
"published": "2023-06-22T13:15:09.737",
"lastModified": "2023-06-22T14:49:18.643",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T16:32:11.590",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@vaadin.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
},
{
"source": "security@vaadin.com",
"type": "Secondary",
@ -46,14 +76,122 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0",
"versionEndExcluding": "10.0.23",
"matchCriteriaId": "12F1F29D-69E8-406E-BB2F-EA3F141CECD7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0.0",
"versionEndExcluding": "14.10.2",
"matchCriteriaId": "78FA5E6A-3D73-4CB9-8724-B7DBFC48A1B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0.0",
"versionEndIncluding": "22.0.28",
"matchCriteriaId": "D0719ACD-F9D0-4E28-82BC-AEFE4EB19729"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*",
"versionStartIncluding": "23.0.0",
"versionEndExcluding": "23.3.14",
"matchCriteriaId": "9346B94F-48B9-429C-8976-DEC37B7D00F4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*",
"versionStartIncluding": "24.0.0",
"versionEndExcluding": "24.0.7",
"matchCriteriaId": "48E0C567-8C7F-4572-BC4F-F174C6058974"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:vaadin:24.1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "5131784E-6951-4BA6-A473-10BE06E3E0F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:vaadin:24.1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "07747F12-9827-4543-B66F-253326EC247F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:vaadin:24.1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "BD57A5F3-CB86-4B35-823B-DCAEB163D4CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:vaadin:24.1.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "EB94F579-CDCE-4FA4-BCAF-7747813FB7A6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:vaadin:24.1.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "4464403F-682A-4506-99E7-2CC4E4288C0E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:vaadin:24.1.0:alpha6:*:*:*:*:*:*",
"matchCriteriaId": "ECF91FB7-2806-40C1-B27D-461B6836AC7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:vaadin:24.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4ECE8939-9AB8-44AB-8ECC-96844410A973"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:vaadin:24.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "30853513-0CB0-4AD2-B351-635834EA5C40"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:vaadin:24.1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6EA983BC-02B6-4F2F-A80B-6505529F8690"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:vaadin:24.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "520B32C2-8D7C-4C6B-8384-4AD5EE575492"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vaadin:vaadin:24.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "32B73D72-C04F-4771-AC85-B6369A98685D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/vaadin/flow/pull/16935",
"source": "security@vaadin.com"
"source": "security@vaadin.com",
"tags": [
"Patch"
]
},
{
"url": "https://vaadin.com/security/cve-2023-25500",
"source": "security@vaadin.com"
"source": "security@vaadin.com",
"tags": [
"Vendor Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-260xx/CVE-2023-26062.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26062",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-14T20:15:09.383",
"lastModified": "2023-06-28T19:35:18.573",
"lastModified": "2023-06-30T16:10:12.110",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -76,8 +76,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nokia:web_element_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "sran_22r1",
"matchCriteriaId": "DFCC1576-B473-4ADE-9A1B-E4CD57384022"
"versionEndExcluding": "22r1",
"matchCriteriaId": "5B764A87-CB3F-4F9C-8AFE-20F8E3572695"
}
]
}

20
CVE-2023/CVE-2023-262xx/CVE-2023-26299.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-26299",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2023-06-30T16:15:09.543",
"lastModified": "2023-06-30T16:15:09.543",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has released updates to mitigate the potential vulnerability."
}
],
"metrics": {},
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_8642715-8642746-16/hpsbhf03850",
"source": "hp-security-alert@hp.com"
}
]
}

96
CVE-2023/CVE-2023-270xx/CVE-2023-27083.json
View File

@ -2,19 +2,107 @@
"id": "CVE-2023-27083",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-22T20:15:09.213",
"lastModified": "2023-06-23T13:03:44.217",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T16:08:24.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pluck-cms:pluck:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.7.15",
"versionEndExcluding": "4.7.16",
"matchCriteriaId": "B41F06FF-81EC-4D18-A140-9E23D3D2A24F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pluck-cms:pluck:4.7.16:-:*:*:*:*:*:*",
"matchCriteriaId": "B69F46BD-10D8-497D-81FB-AF7A5B1FC55A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pluck-cms:pluck:4.7.16:dev1:*:*:*:*:*:*",
"matchCriteriaId": "202CB88D-BDA3-4F58-8CAB-6224367CA33B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pluck-cms:pluck:4.7.16:dev2:*:*:*:*:*:*",
"matchCriteriaId": "6C20AFCB-BF33-42E3-A735-E0B7E9C6D4E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pluck-cms:pluck:4.7.16:dev3:*:*:*:*:*:*",
"matchCriteriaId": "7CD1FF6D-A0F9-46CF-AF24-1CBC4F858D13"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pluck-cms:pluck:4.7.16:dev4:*:*:*:*:*:*",
"matchCriteriaId": "2A0E277D-0CB2-448C-9508-1E5719128EDC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pluck-cms:pluck:4.7.16:dev5:*:*:*:*:*:*",
"matchCriteriaId": "B63818E7-30A0-4BEE-93B7-5B4942C4DD91"
}
]
}
]
}
],
"references": [
{
"url": "https://medium.com/@syed.pentester/authenticated-remote-code-execution-rce-on-pluckcms-4-7-15-c309ac1bd145",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8636
CVE-2023/CVE-2023-273xx/CVE-2023-27396.json
View File

File diff suppressed because it is too large Load Diff

53
CVE-2023/CVE-2023-27xx/CVE-2023-2711.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-2711",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-27T14:15:11.267",
"lastModified": "2023-06-27T16:15:35.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T17:36:44.303",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Product Catalog WordPress plugin before 5.2.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:etoilewebdesign:ultimate_product_catalog:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "5.2.6",
"matchCriteriaId": "5CFF58EB-F9E0-448C-9AA8-20083AB64521"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/71c5b5b5-8694-4738-8e4b-8670a8d21c86",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-27xx/CVE-2023-2743.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-2743",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-27T14:15:11.373",
"lastModified": "2023-06-27T16:15:35.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T17:40:00.627",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The ERP WordPress plugin before 1.12.4 does not sanitise and escape the employee_name parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wedevs:wp_erp:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.12.4",
"matchCriteriaId": "BE3A5587-B779-4B9A-9606-78A0DE115618"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/517c6aa4-a56d-4f13-b370-7c864dd9c7db",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-27xx/CVE-2023-2744.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-2744",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-27T14:15:11.433",
"lastModified": "2023-06-27T16:15:35.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T17:41:02.260",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the `type` parameter in the `erp/v1/accounting/v1/people` REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wedevs:wp_erp:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.12.4",
"matchCriteriaId": "BE3A5587-B779-4B9A-9606-78A0DE115618"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/435da8a1-9955-46d7-a508-b5738259e731",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

112
CVE-2023/CVE-2023-287xx/CVE-2023-28799.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28799",
"sourceIdentifier": "cve@zscaler.com",
"published": "2023-06-22T20:15:09.283",
"lastModified": "2023-06-23T13:03:39.067",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T17:15:59.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cve@zscaler.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
},
{
"source": "cve@zscaler.com",
"type": "Secondary",
@ -46,30 +76,96 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:linux:*:*",
"versionEndExcluding": "1.4",
"matchCriteriaId": "904F4E73-6782-4AD8-8521-FEB473BF11CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "1.9.3",
"matchCriteriaId": "8580E274-19E5-454B-9FA4-F79D6E67C244"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:chrome_os:*:*",
"versionEndExcluding": "1.10.1",
"matchCriteriaId": "1A4B24E4-D317-4D64-8BBC-EF86290F812C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:android:*:*",
"versionEndExcluding": "1.10.2",
"matchCriteriaId": "753A378D-ECC2-4CBD-B142-58F413AF5497"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "3.7",
"matchCriteriaId": "B549DC33-2238-4356-8079-A7D18323255E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "3.9",
"matchCriteriaId": "A2D8B3BE-B451-4596-8FDB-BD43BC2BB923"
}
]
}
]
}
],
"references": [
{
"url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=Linux&applicable_version=1.4&deployment_date=2022-10-31&id=1420246",
"source": "cve@zscaler.com"
"source": "cve@zscaler.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Android&applicable_version=1.10.2&deployment_date=2023-03-09&id=1447706",
"source": "cve@zscaler.com"
"source": "cve@zscaler.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Chrome%20OS&applicable_version=1.10.1&deployment_date=2023-03-10&id=1447771",
"source": "cve@zscaler.com"
"source": "cve@zscaler.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=iOS&applicable_version=1.9.3&deployment_date=2023-03-03&id=1447071",
"source": "cve@zscaler.com"
"source": "cve@zscaler.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=macOS&applicable_version=3.9&deployment_date=2023-01-25&id=1443546",
"source": "cve@zscaler.com"
"source": "cve@zscaler.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=Windows&applicable_version=3.7&deployment_date=2021-11-26&id=1386541",
"source": "cve@zscaler.com"
"source": "cve@zscaler.com",
"tags": [
"Release Notes"
]
}
]
}

1081
CVE-2023/CVE-2023-288xx/CVE-2023-28810.json
View File

File diff suppressed because it is too large Load Diff

81
CVE-2023/CVE-2023-297xx/CVE-2023-29709.json
View File

@ -2,23 +2,94 @@
"id": "CVE-2023-29709",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-22T11:15:09.437",
"lastModified": "2023-06-22T12:51:23.447",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T16:33:44.100",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in /cgi-bin/login_rj.cgi in Wildix WSG24POE version 103SP7D190822, allows attackers to bypass authentication."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:wildix:wsg24poe_firmware:103sp7d190822:*:*:*:*:*:*:*",
"matchCriteriaId": "331CF3D2-88D6-4964-9345-6281FA11A663"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:wildix:wsg24poe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A64F75D-4758-4150-A82D-EB8A463F0667"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/shellpei/Wildix-Logical/blob/main/CVE-2023-29709",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://holistic-height-e6d.notion.site/Wildix-WSG24POE-Logical-vulnerability-7780c24cc25b40dd9d2830f7b21f04a3",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-298xx/CVE-2023-29860.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-29860",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-23T12:15:09.420",
"lastModified": "2023-06-23T13:03:18.900",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T16:43:02.477",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An insecure permissions in /Taier/API/tenant/listTenant interface in DTStack Taier 1.3.0 allows attackers to view sensitive information via the getCookie method."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dtstack:taier:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57272DA3-20D3-4F6A-9448-1EF30C48057F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/DTStack/Taier/issues/1003",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

121
CVE-2023/CVE-2023-31xx/CVE-2023-3128.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3128",
"sourceIdentifier": "security@grafana.com",
"published": "2023-06-22T21:15:09.573",
"lastModified": "2023-06-23T13:03:39.067",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T17:49:02.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@grafana.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-290"
}
]
},
{
"source": "security@grafana.com",
"type": "Secondary",
@ -46,10 +76,95 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*",
"versionStartIncluding": "6.7.0",
"versionEndExcluding": "8.5.27",
"matchCriteriaId": "83E4CB78-7F97-4B9A-B644-ED98761C6213"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "6.7.0",
"versionEndExcluding": "8.5.27",
"matchCriteriaId": "26C597A7-F2D1-4A33-BBBD-352669DB8E91"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*",
"versionStartIncluding": "9.2.0",
"versionEndExcluding": "9.2.20",
"matchCriteriaId": "C47AA0E0-72E8-4235-8D27-7F579929D179"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "9.2.0",
"versionEndExcluding": "9.2.20",
"matchCriteriaId": "F825B098-EEA7-415F-A9EA-6E72D741E614"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*",
"versionStartIncluding": "9.3.0",
"versionEndExcluding": "9.3.16",
"matchCriteriaId": "4F05305B-94D2-4687-8AE9-F55CE840B647"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "9.3.0",
"versionEndExcluding": "9.3.16",
"matchCriteriaId": "C32F2F70-18A1-47D6-8B5E-F20D096AEBD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*",
"versionStartIncluding": "9.4.0",
"versionEndExcluding": "9.4.13",
"matchCriteriaId": "C40FF772-6C54-4B5C-BD5C-560E192B79F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "9.4.0",
"versionEndExcluding": "9.4.13",
"matchCriteriaId": "61DA1D1A-D969-492E-9A43-A99E9A918A5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*",
"versionStartIncluding": "9.5.0",
"versionEndExcluding": "9.5.4",
"matchCriteriaId": "B08F1010-C1F8-4F29-A65D-D9A741F77AA3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "9.5.0",
"versionEndExcluding": "9.5.4",
"matchCriteriaId": "E61B4ECF-7DC6-4487-9F27-8660BD8AD179"
}
]
}
]
}
],
"references": [
{
"url": "https://grafana.com/security/security-advisories/cve-2023-3128/",
"source": "security@grafana.com"
"source": "security@grafana.com",
"tags": [
"Vendor Advisory"
]
}
]
}

108
CVE-2023/CVE-2023-323xx/CVE-2023-32320.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32320",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-22T21:15:09.287",
"lastModified": "2023-06-23T13:03:39.067",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T17:49:57.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +66,96 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "21.0.0",
"versionEndExcluding": "21.0.9.12",
"matchCriteriaId": "C3851B67-74A7-4D1D-8B7C-F5A0075B2700"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "22.0.0",
"versionEndExcluding": "22.2.10.12",
"matchCriteriaId": "C5FA775A-1796-4C82-B943-CEC91FDA6A00"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "23.0.0",
"versionEndExcluding": "23.0.12.7",
"matchCriteriaId": "57E82EBA-930D-4B32-B2B5-3B7119C2EF8F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "24.0.0",
"versionEndExcluding": "24.0.12.2",
"matchCriteriaId": "9603AC3F-5104-4C18-BF51-25B52BC7E146"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "25.0.0",
"versionEndExcluding": "25.0.7",
"matchCriteriaId": "DD58A3B6-945E-4AFC-AE5C-A374C884167B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "25.0.0",
"versionEndExcluding": "25.0.7",
"matchCriteriaId": "7AC695D0-BD79-42B5-BA1D-3356791E4DEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "26.0.0",
"versionEndExcluding": "26.0.2",
"matchCriteriaId": "CB3473C7-E5B9-44B1-AC74-F7224D9AB78B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "26.0.0",
"versionEndExcluding": "26.0.2",
"matchCriteriaId": "AE95CF9F-D964-4857-8805-2CE4CF2F6328"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qphh-6xh7-vffg",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/nextcloud/server/pull/38274",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://hackerone.com/reports/1918525",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Permissions Required"
]
}
]
}

70
CVE-2023/CVE-2023-325xx/CVE-2023-32521.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-32521",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:10.017",
"lastModified": "2023-06-26T22:22:38.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T16:48:47.217",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:mobile_security:9.8:sp5:*:*:enterprise:windows:*:*",
"matchCriteriaId": "B72F17DB-148B-4426-968C-F7CF94DAF717"
}
]
}
]
}
],
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.tenable.com/security/research/tra-2023-17",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-325xx/CVE-2023-32522.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-32522",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:10.057",
"lastModified": "2023-06-26T22:22:38.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T17:10:43.140",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an authenticated remote attacker to delete arbitrary files.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:mobile_security:9.8:sp5:*:*:enterprise:windows:*:*",
"matchCriteriaId": "B72F17DB-148B-4426-968C-F7CF94DAF717"
}
]
}
]
}
],
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.tenable.com/security/research/tra-2023-17",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

82
CVE-2023/CVE-2023-325xx/CVE-2023-32557.json
View File

@ -2,19 +2,93 @@
"id": "CVE-2023-32557",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:10.977",
"lastModified": "2023-06-26T22:22:30.843",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T18:00:02.733",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:*:*:*",
"versionEndExcluding": "14.0.12105",
"matchCriteriaId": "2BEB6165-97A6-4EE9-B7D8-66D62469AE79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "AF019D2D-C426-4D2D-A254-442CE777B41E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-326xx/CVE-2023-32604.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-32604",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:11.020",
"lastModified": "2023-06-26T22:22:30.843",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T17:59:30.717",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. \r\n\r\nPlease note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32605."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:*:windows:*:*",
"matchCriteriaId": "7F2620DA-8727-43FF-8A4D-72145CDDE4CD"
}
]
}
]
}
],
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-326xx/CVE-2023-32605.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-32605",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:11.063",
"lastModified": "2023-06-26T22:22:30.843",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T17:59:17.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. \r\n\r\nPlease note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32604."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:*:windows:*:*",
"matchCriteriaId": "7F2620DA-8727-43FF-8A4D-72145CDDE4CD"
}
]
}
]
}
],
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

26
CVE-2023/CVE-2023-327xx/CVE-2023-32753.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32753",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-06-16T04:15:13.863",
"lastModified": "2023-06-16T12:47:18.707",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T16:38:30.680",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,10 +50,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:itpison:omicard_edm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD5717D-1285-494C-8C34-54ACFF4A6EA1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/en/cp-139-7190-d73c1-2.html",
"source": "twcert@cert.org.tw"
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
]
}
]
}

46
CVE-2023/CVE-2023-331xx/CVE-2023-33141.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33141",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-06-23T02:15:09.513",
"lastModified": "2023-06-23T13:03:31.027",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T16:35:43.033",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -34,10 +34,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:yet_another_reverse_proxy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.0",
"versionEndExcluding": "1.1.2",
"matchCriteriaId": "4BE2C6E7-6DF4-47EC-8B54-95CA34F089E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:yet_another_reverse_proxy:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA8B5638-5F72-4D24-BBC1-C2F419B89C49"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33141",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

155
CVE-2023/CVE-2023-33xx/CVE-2023-3326.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-3326",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2023-06-22T17:15:44.833",
"lastModified": "2023-06-22T20:05:36.757",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T16:31:33.127",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pam_krb5 has no way to validate the response from the KDC, and essentially trusts the tgt provided over the network as being valid. In a non-default FreeBSD installation that leverages pam_krb5 for authentication and does not have a keytab provisioned, an attacker that is able to control both the password and the KDC responses can return a valid tgt, allowing authentication to occur for any user on the system.\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "secteam@freebsd.org",
"type": "Secondary",
@ -23,10 +56,124 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.4",
"matchCriteriaId": "A7F6C8B0-9D75-476C-ADBA-754416FBC186"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.1",
"matchCriteriaId": "D79AAEBE-0D5A-4C9C-95FD-6287A53EE1C0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:-:*:*:*:*:*:*",
"matchCriteriaId": "24920B4D-96C0-401F-B679-BEB086760EAF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p1:*:*:*:*:*:*",
"matchCriteriaId": "3CE32730-A9F5-4E8D-BDA4-6B8232F84787"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p2:*:*:*:*:*:*",
"matchCriteriaId": "552E81DE-D409-475F-8ED0-E10A0BE43D29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:rc2-p1:*:*:*:*:*:*",
"matchCriteriaId": "BA821886-B26B-47A6-ABC9-B8F70CE0ACFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:rc2-p2:*:*:*:*:*:*",
"matchCriteriaId": "220629AD-32CC-4303-86AE-1DD27F0E4C65"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DEEE6D52-27E4-438D-AE8D-7141320B5973"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:b1-p1:*:*:*:*:*:*",
"matchCriteriaId": "66364EA4-83B1-4597-8C18-D5633B361A9C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:b2-p2:*:*:*:*:*:*",
"matchCriteriaId": "EF9292DD-EFB1-4B50-A941-7485D901489F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:p1:*:*:*:*:*:*",
"matchCriteriaId": "EFB18F55-4F5C-4166-9A7E-6F6617179A90"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:p2:*:*:*:*:*:*",
"matchCriteriaId": "66E1C269-841F-489A-9A0A-5D145B417E0A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:p3:*:*:*:*:*:*",
"matchCriteriaId": "ECF1B567-F764-45F5-A793-BEA93720F952"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:p4:*:*:*:*:*:*",
"matchCriteriaId": "DAFE3F33-2C57-4B52-B658-82572607BD8C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:p5:*:*:*:*:*:*",
"matchCriteriaId": "C925DF75-2785-44BD-91CA-66D29C296689"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:p6:*:*:*:*:*:*",
"matchCriteriaId": "BCE2DAEC-81A5-49E9-B7E7-4F143FA6B3F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:p7:*:*:*:*:*:*",
"matchCriteriaId": "7725D503-1437-4F90-B30C-007193D5F0E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:rc1-p1:*:*:*:*:*:*",
"matchCriteriaId": "B536EE52-ED49-4A85-BC9D-A27828D5A961"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:-:*:*:*:*:*:*",
"matchCriteriaId": "A87EFA20-DD6B-41C5-98FD-A29F67D2E732"
}
]
}
]
}
],
"references": [
{
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:04.pam_krb5.asc",
"source": "secteam@freebsd.org"
"source": "secteam@freebsd.org",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

88
CVE-2023/CVE-2023-341xx/CVE-2023-34144.json
View File

@ -2,23 +2,101 @@
"id": "CVE-2023-34144",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:11.107",
"lastModified": "2023-06-26T22:22:30.843",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T17:58:49.123",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is a similar, but not identical vulnerability as CVE-2023-34145."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-426"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:*:*:*",
"versionEndExcluding": "14.0.12518",
"matchCriteriaId": "0A9B37D4-BC67-44F0-BEA7-918A5E834C7F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "AF019D2D-C426-4D2D-A254-442CE777B41E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-835/",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

88
CVE-2023/CVE-2023-341xx/CVE-2023-34145.json
View File

@ -2,23 +2,101 @@
"id": "CVE-2023-34145",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:11.147",
"lastModified": "2023-06-26T22:22:30.843",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T17:58:29.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is a similar, but not identical vulnerability as CVE-2023-34144."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-426"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:*:*:*",
"versionEndExcluding": "14.0.12518",
"matchCriteriaId": "0A9B37D4-BC67-44F0-BEA7-918A5E834C7F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "AF019D2D-C426-4D2D-A254-442CE777B41E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-836/",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

88
CVE-2023/CVE-2023-341xx/CVE-2023-34146.json
View File

@ -2,23 +2,101 @@
"id": "CVE-2023-34146",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:11.187",
"lastModified": "2023-06-26T22:22:30.843",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T17:58:09.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is a similar, but not identical vulnerability as CVE-2023-34147 and CVE-2023-34148."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:*:*:*",
"versionEndExcluding": "14.0.12518",
"matchCriteriaId": "0A9B37D4-BC67-44F0-BEA7-918A5E834C7F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "AF019D2D-C426-4D2D-A254-442CE777B41E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-832/",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

88
CVE-2023/CVE-2023-341xx/CVE-2023-34147.json
View File

@ -2,23 +2,101 @@
"id": "CVE-2023-34147",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:11.230",
"lastModified": "2023-06-26T22:22:30.843",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T17:56:50.020",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34148."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:*:*:*",
"versionEndExcluding": "14.0.12518",
"matchCriteriaId": "0A9B37D4-BC67-44F0-BEA7-918A5E834C7F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "AF019D2D-C426-4D2D-A254-442CE777B41E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-833/",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

88
CVE-2023/CVE-2023-341xx/CVE-2023-34148.json
View File

@ -2,23 +2,101 @@
"id": "CVE-2023-34148",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:11.270",
"lastModified": "2023-06-26T22:22:30.843",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T17:53:51.130",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34147."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:*:*:*",
"versionEndExcluding": "14.0.12518",
"matchCriteriaId": "0A9B37D4-BC67-44F0-BEA7-918A5E834C7F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "AF019D2D-C426-4D2D-A254-442CE777B41E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-834/",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

63
CVE-2023/CVE-2023-341xx/CVE-2023-34165.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-34165",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-06-16T07:15:08.840",
"lastModified": "2023-06-16T12:47:18.707",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T16:38:17.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Unauthorized access vulnerability in the Save for later feature provided by AI Touch.Successful exploitation of this vulnerability may cause third-party apps to forge a URI for unauthorized access with zero permissions."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE0AFB0-A112-484B-BEAD-A7F1BDDCE313"
}
]
}
]
}
],
"references": [
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202306-0000001560777672",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-344xx/CVE-2023-34462.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34462",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-22T23:15:09.573",
"lastModified": "2023-06-23T13:03:31.027",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T17:21:12.957",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +76,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.1.94",
"matchCriteriaId": "81839C38-65FD-4F9E-A654-29E4FB5D047C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/netty/netty/commit/535da17e45201ae4278c0479e6162bb4127d4c32",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/netty/netty/security/advisories/GHSA-6mjq-h674-j845",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-347xx/CVE-2023-34796.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-34796",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-22T19:15:08.917",
"lastModified": "2023-06-22T20:05:36.757",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T16:30:21.087",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross site scripting (XSS) vulnerabiliy in dmarcts-report-viewer dashboard versions 1.1 and thru commit 8a1d882b4c481a05e296e9b38a7961e912146a0f, allows unauthenticated attackers to execute arbitrary code via the org_name or domain values."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:techsneeze:dmarc_report:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A1E182-D90D-4FA5-BC6C-B06331D4C582"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/techsneeze/dmarcts-report-viewer/pull/88",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://xmit.xyz/security/dmarcd-for-death/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

28
CVE-2023/CVE-2023-348xx/CVE-2023-34840.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-34840",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-30T16:15:09.600",
"lastModified": "2023-06-30T16:15:09.600",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovered to contain a cross-site scripting (XSS) vulnerability."
}
],
"metrics": {},
"references": [
{
"url": "http://alexcrack.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Xh4H/CVE-2023-34840",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/alexcrack/angular-ui-notification",
"source": "cve@mitre.org"
}
]
}

70
CVE-2023/CVE-2023-349xx/CVE-2023-34923.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-34923",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-22T19:15:08.987",
"lastModified": "2023-06-22T20:05:36.757",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T16:20:02.137",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the Identity Provider (IP) to impersonate any TOPdesk user via SAML Response manipulation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:topdesk:topdesk:12.10.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFB9431-22FE-46C4-AC0B-F0E0ED9ABD28"
}
]
}
]
}
],
"references": [
{
"url": "https://char49.com/articles/topdesk-vulnerable-to-xml-signature-wrapping-attacks",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
},
{
"url": "https://my.topdesk.com/tas/public/ssp/content/detail/knowledgeitem?unid=56a16ba1c2824e9a82655892ba75d3c0",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
]
}
]
}

20
CVE-2023/CVE-2023-351xx/CVE-2023-35175.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-35175",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2023-06-30T16:15:09.643",
"lastModified": "2023-06-30T16:15:09.643",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service Eventing model."
}
],
"metrics": {},
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_8651322-8651446-16/hpsbpi03851",
"source": "hp-security-alert@hp.com"
}
]
}

20
CVE-2023/CVE-2023-351xx/CVE-2023-35176.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-35176",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2023-06-30T16:15:09.687",
"lastModified": "2023-06-30T16:15:09.687",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using the backup & restore feature through the embedded web service on the device."
}
],
"metrics": {},
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_8651671-8651697-16/hpsbpi03852",
"source": "hp-security-alert@hp.com"
}
]
}

20
CVE-2023/CVE-2023-351xx/CVE-2023-35177.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-35177",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2023-06-30T16:15:09.737",
"lastModified": "2023-06-30T16:15:09.737",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser."
}
],
"metrics": {},
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_8651888-8651916-16/hpsbpi03853",
"source": "hp-security-alert@hp.com"
}
]
}

20
CVE-2023/CVE-2023-351xx/CVE-2023-35178.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-35178",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2023-06-30T16:15:09.787",
"lastModified": "2023-06-30T16:15:09.787",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow when performing a GET request to scan jobs."
}
],
"metrics": {},
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_8651729-8651769-16/hpsbpi03854",
"source": "hp-security-alert@hp.com"
}
]
}

70
CVE-2023/CVE-2023-356xx/CVE-2023-35695.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-35695",
"sourceIdentifier": "security@trendmicro.com",
"published": "2023-06-26T22:15:11.387",
"lastModified": "2023-06-26T22:22:30.843",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T17:49:14.680",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A remote attacker could leverage a vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 to download a particular log file which may contain sensitive information regarding the product."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trendmicro:mobile_security:9.8:sp5:*:*:enterprise:windows:*:*",
"matchCriteriaId": "B72F17DB-148B-4426-968C-F7CF94DAF717"
}
]
}
]
}
],
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.tenable.com/security/research/tra-2023-17",
"source": "security@trendmicro.com"
"source": "security@trendmicro.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-358xx/CVE-2023-35855.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35855",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-19T04:15:11.363",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T17:15:06.973",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Un desbordamiento de b\u00fafer en Counter-Strike a trav\u00e9s de 8684 permite a un servidor de juegos ejecutar c\u00f3digo arbitrario en la m\u00e1quina de un cliente remoto modificando la variable de consola \"lservercfgfile\"."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:valvesoftware:counter-strike:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8684",
"matchCriteriaId": "DF838908-A57C-47C9-8742-C872D9847C5F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/MikeIsAStar/Counter-Strike-Remote-Code-Execution",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-358xx/CVE-2023-35856.json
View File

@ -2,19 +2,89 @@
"id": "CVE-2023-35856",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-19T04:15:11.430",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T17:08:42.590",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow in Nintendo Mario Kart Wii RMCP01, RMCE01, RMCJ01, and RMCK01 can be exploited by a game client to execute arbitrary code on a client's machine via a crafted packet."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nintendo:mario_kart_wii:rmce01:*:*:*:*:*:*:*",
"matchCriteriaId": "AF406D0D-8207-444D-95C1-EBF86EE6295D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nintendo:mario_kart_wii:rmcj01:*:*:*:*:*:*:*",
"matchCriteriaId": "507126E3-EDA4-4DD9-967F-EB806B1C712A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nintendo:mario_kart_wii:rmck01:*:*:*:*:*:*:*",
"matchCriteriaId": "1A66CE48-A1F1-470D-8F31-E8250238B66C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nintendo:mario_kart_wii:rmcp01:*:*:*:*:*:*:*",
"matchCriteriaId": "BC865F52-0507-4CAF-A087-EA05C0BE6D75"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/MikeIsAStar/Mario-Kart-Wii-Remote-Code-Execution",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

64
CVE-2023/CVE-2023-361xx/CVE-2023-36191.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-36191",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-23T02:15:09.597",
"lastModified": "2023-06-23T13:03:31.027",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T16:30:51.853",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "sqlite3 v3.40.1 was discovered to contain a segmentation violation at /sqlite3_aflpp/shell.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sqlite:sqlite:3.40.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DACE324B-C8FE-46BD-930B-63706E43981D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.sqlite.org/forum/forumpost/19f55ef73b",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-361xx/CVE-2023-36192.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-36192",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-23T02:15:09.650",
"lastModified": "2023-06-23T13:03:31.027",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T16:41:14.160",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_ws_check_packet at /src/capture.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irontec:sngrep:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "86F5A8B5-378C-45C8-8F83-4012F88FBEFD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/irontec/sngrep/issues/438",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-361xx/CVE-2023-36193.json
View File

@ -2,19 +2,77 @@
"id": "CVE-2023-36193",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-23T02:15:09.703",
"lastModified": "2023-06-23T13:03:31.027",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T17:31:02.620",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Gifsicle v1.9.3 was discovered to contain a heap buffer overflow via the ambiguity_error component at /src/clp.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gifsicle_project:gifsicle:1.93:*:*:*:*:*:*:*",
"matchCriteriaId": "A319ACEB-3148-493D-B050-FF4E6D3C4156"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/kohler/gifsicle/issues/191",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
}
]
}

238
CVE-2023/CVE-2023-363xx/CVE-2023-36356.json
View File

@ -2,19 +2,249 @@
"id": "CVE-2023-36356",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-22T20:15:09.780",
"lastModified": "2023-06-23T13:03:39.067",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T16:18:59.383",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8, TL-WR941ND V5, and TL-WR740N V1/V2 were discovered to contain a buffer read out-of-bounds via the component /userRpm/VirtualServerRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr940n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2492A6CA-DFF1-42DC-8800-4A66D8943C33"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr940n:v4:*:*:*:*:*:*:*",
"matchCriteriaId": "2537DC7E-8024-45B5-924C-18C9B702DAFC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr841n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F95370-1001-4194-A0CB-B3CEA027AB6D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr841n:v8:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9738A0-4CC4-4C8C-A4BA-843395B0AA55"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr740n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13CA99B0-BE20-4850-9D5E-2CC6020C4775"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr740n:v1:*:*:*:*:*:*:*",
"matchCriteriaId": "89AF2EC8-F679-4A9D-BB1C-E3EABCC7A086"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr740n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13CA99B0-BE20-4850-9D5E-2CC6020C4775"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr740n:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CA5AB9-F342-4E8D-9658-569198DDE8F9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr940n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2492A6CA-DFF1-42DC-8800-4A66D8943C33"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr940n:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "029B4B03-94CE-41FF-A635-41682AE4B26D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr941nd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7600C377-2A63-4127-8958-32E04E7983CA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr941nd:v5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0FC0E0-6C5B-49CA-95E3-D4AAC9D51518"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr940n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2492A6CA-DFF1-42DC-8800-4A66D8943C33"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr940n:v6:*:*:*:*:*:*:*",
"matchCriteriaId": "714E7A62-634A-4DF8-B5AF-D6B306808B54"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/4/TL-WR941ND_TL-WR940N_TL-WR740N_userRpm_VirtualServerRpm.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

211
CVE-2023/CVE-2023-363xx/CVE-2023-36357.json
View File

@ -2,19 +2,222 @@
"id": "CVE-2023-36357",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-22T20:15:09.823",
"lastModified": "2023-06-23T13:03:39.067",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-30T16:26:56.567",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in the /userRpm/LocalManageControlRpm component of TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8/V10, and TL-WR941ND V5 allows attackers to cause a Denial of Service (DoS) via a crafted GET request."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr940n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2492A6CA-DFF1-42DC-8800-4A66D8943C33"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr940n:v4:*:*:*:*:*:*:*",
"matchCriteriaId": "2537DC7E-8024-45B5-924C-18C9B702DAFC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr841n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F95370-1001-4194-A0CB-B3CEA027AB6D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr841n:v8:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9738A0-4CC4-4C8C-A4BA-843395B0AA55"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr841n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F95370-1001-4194-A0CB-B3CEA027AB6D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr841n:v10:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC4230D-3A3A-4D0E-BBD3-79C3054E90F8"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr940n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2492A6CA-DFF1-42DC-8800-4A66D8943C33"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr940n:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "029B4B03-94CE-41FF-A635-41682AE4B26D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr941nd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7600C377-2A63-4127-8958-32E04E7983CA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr941nd:v5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0FC0E0-6C5B-49CA-95E3-D4AAC9D51518"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-wr940n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2492A6CA-DFF1-42DC-8800-4A66D8943C33"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-wr940n:v6:*:*:*:*:*:*:*",
"matchCriteriaId": "714E7A62-634A-4DF8-B5AF-D6B306808B54"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/5/TL-WR941ND_TL-WR940N_TL-WR841N_userRpm_LocalManageControlRpm.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-373xx/CVE-2023-37300.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-37300",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-30T17:15:09.477",
"lastModified": "2023-06-30T17:15:09.477",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users."
}
],
"metrics": {},
"references": [
{
"url": "https://gerrit.wikimedia.org/r/q/I993fdcae1fedb7dd543b35a477026bc727615b0a",
"source": "cve@mitre.org"
},
{
"url": "https://phabricator.wikimedia.org/T330968",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-373xx/CVE-2023-37301.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-37301",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-30T17:15:09.527",
"lastModified": "2023-06-30T17:15:09.527",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur."
}
],
"metrics": {},
"references": [
{
"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/933663",
"source": "cve@mitre.org"
},
{
"url": "https://phabricator.wikimedia.org/T250720",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-373xx/CVE-2023-37302.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-37302",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-30T17:15:09.573",
"lastModified": "2023-06-30T17:15:09.573",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute)."
}
],
"metrics": {},
"references": [
{
"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/933649",
"source": "cve@mitre.org"
},
{
"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/933650",
"source": "cve@mitre.org"
},
{
"url": "https://phabricator.wikimedia.org/T339111",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-373xx/CVE-2023-37303.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-37303",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-30T17:15:09.617",
"lastModified": "2023-06-30T17:15:09.617",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message."
}
],
"metrics": {},
"references": [
{
"url": "https://gerrit.wikimedia.org/r/q/I10a9273c542576b3f7bb38de68dcd2aa41cfb1b0",
"source": "cve@mitre.org"
},
{
"url": "https://phabricator.wikimedia.org/T338276",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-373xx/CVE-2023-37304.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-37304",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-30T17:15:09.660",
"lastModified": "2023-06-30T17:15:09.660",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature."
}
],
"metrics": {},
"references": [
{
"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/DoubleWiki/+/932825",
"source": "cve@mitre.org"
},
{
"url": "https://phabricator.wikimedia.org/T323651",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-373xx/CVE-2023-37305.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-37305",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-30T17:15:09.707",
"lastModified": "2023-06-30T17:15:09.707",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces."
}
],
"metrics": {},
"references": [
{
"url": "https://gerrit.wikimedia.org/r/q/Ibe5f8e25dea155bbd811a65833394c0d4b906a34",
"source": "cve@mitre.org"
},
{
"url": "https://phabricator.wikimedia.org/T326952",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-373xx/CVE-2023-37306.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-37306",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-30T17:15:09.757",
"lastModified": "2023-06-30T17:15:09.757",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MISP/MISP/commit/f125630c1c2d0f5d11079d3653ab7bb2ab5cd908",
"source": "cve@mitre.org"
},
{
"url": "https://www.synacktiv.com/publications/php-filter-chains-file-read-from-error-based-oracle",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-373xx/CVE-2023-37307.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-37307",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-30T17:15:09.800",
"lastModified": "2023-06-30T17:15:09.800",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MISP/MISP/commit/286c84fab0047726a6a396ceefaae1bb666fc485",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/MISP/MISP/compare/v2.4.171...v2.4.172",
"source": "cve@mitre.org"
}
]
}

76
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-06-30T16:00:33.771640+00:00
2023-06-30T18:00:39.608665+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-06-30T15:58:40.550000+00:00
2023-06-30T18:00:02.733000+00:00
```
### Last Data Feed Release
@ -29,46 +29,58 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
218945
218959
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `14`
* [CVE-2023-33276](CVE-2023/CVE-2023-332xx/CVE-2023-33276.json) (`2023-06-30T14:15:09.427`)
* [CVE-2023-37298](CVE-2023/CVE-2023-372xx/CVE-2023-37298.json) (`2023-06-30T15:15:09.007`)
* [CVE-2023-37299](CVE-2023/CVE-2023-372xx/CVE-2023-37299.json) (`2023-06-30T15:15:09.053`)
* [CVE-2023-26299](CVE-2023/CVE-2023-262xx/CVE-2023-26299.json) (`2023-06-30T16:15:09.543`)
* [CVE-2023-34840](CVE-2023/CVE-2023-348xx/CVE-2023-34840.json) (`2023-06-30T16:15:09.600`)
* [CVE-2023-35175](CVE-2023/CVE-2023-351xx/CVE-2023-35175.json) (`2023-06-30T16:15:09.643`)
* [CVE-2023-35176](CVE-2023/CVE-2023-351xx/CVE-2023-35176.json) (`2023-06-30T16:15:09.687`)
* [CVE-2023-35177](CVE-2023/CVE-2023-351xx/CVE-2023-35177.json) (`2023-06-30T16:15:09.737`)
* [CVE-2023-35178](CVE-2023/CVE-2023-351xx/CVE-2023-35178.json) (`2023-06-30T16:15:09.787`)
* [CVE-2023-37300](CVE-2023/CVE-2023-373xx/CVE-2023-37300.json) (`2023-06-30T17:15:09.477`)
* [CVE-2023-37301](CVE-2023/CVE-2023-373xx/CVE-2023-37301.json) (`2023-06-30T17:15:09.527`)
* [CVE-2023-37302](CVE-2023/CVE-2023-373xx/CVE-2023-37302.json) (`2023-06-30T17:15:09.573`)
* [CVE-2023-37303](CVE-2023/CVE-2023-373xx/CVE-2023-37303.json) (`2023-06-30T17:15:09.617`)
* [CVE-2023-37304](CVE-2023/CVE-2023-373xx/CVE-2023-37304.json) (`2023-06-30T17:15:09.660`)
* [CVE-2023-37305](CVE-2023/CVE-2023-373xx/CVE-2023-37305.json) (`2023-06-30T17:15:09.707`)
* [CVE-2023-37306](CVE-2023/CVE-2023-373xx/CVE-2023-37306.json) (`2023-06-30T17:15:09.757`)
* [CVE-2023-37307](CVE-2023/CVE-2023-373xx/CVE-2023-37307.json) (`2023-06-30T17:15:09.800`)
### CVEs modified in the last Commit
Recently modified CVEs: `24`
Recently modified CVEs: `63`
* [CVE-2023-29707](CVE-2023/CVE-2023-297xx/CVE-2023-29707.json) (`2023-06-30T14:03:49.057`)
* [CVE-2023-34601](CVE-2023/CVE-2023-346xx/CVE-2023-34601.json) (`2023-06-30T14:05:14.080`)
* [CVE-2023-33190](CVE-2023/CVE-2023-331xx/CVE-2023-33190.json) (`2023-06-30T14:15:09.353`)
* [CVE-2023-34642](CVE-2023/CVE-2023-346xx/CVE-2023-34642.json) (`2023-06-30T14:15:09.480`)
* [CVE-2023-30902](CVE-2023/CVE-2023-309xx/CVE-2023-30902.json) (`2023-06-30T14:15:33.933`)
* [CVE-2023-32388](CVE-2023/CVE-2023-323xx/CVE-2023-32388.json) (`2023-06-30T14:16:25.170`)
* [CVE-2023-32554](CVE-2023/CVE-2023-325xx/CVE-2023-32554.json) (`2023-06-30T14:26:36.230`)
* [CVE-2023-32553](CVE-2023/CVE-2023-325xx/CVE-2023-32553.json) (`2023-06-30T14:27:02.910`)
* [CVE-2023-32530](CVE-2023/CVE-2023-325xx/CVE-2023-32530.json) (`2023-06-30T14:33:26.047`)
* [CVE-2023-32552](CVE-2023/CVE-2023-325xx/CVE-2023-32552.json) (`2023-06-30T14:36:57.970`)
* [CVE-2023-32537](CVE-2023/CVE-2023-325xx/CVE-2023-32537.json) (`2023-06-30T14:37:11.727`)
* [CVE-2023-32536](CVE-2023/CVE-2023-325xx/CVE-2023-32536.json) (`2023-06-30T14:37:22.800`)
* [CVE-2023-32535](CVE-2023/CVE-2023-325xx/CVE-2023-32535.json) (`2023-06-30T14:37:40.420`)
* [CVE-2023-32534](CVE-2023/CVE-2023-325xx/CVE-2023-32534.json) (`2023-06-30T14:37:48.250`)
* [CVE-2023-32533](CVE-2023/CVE-2023-325xx/CVE-2023-32533.json) (`2023-06-30T14:37:55.680`)
* [CVE-2023-32532](CVE-2023/CVE-2023-325xx/CVE-2023-32532.json) (`2023-06-30T14:38:02.893`)
* [CVE-2023-32531](CVE-2023/CVE-2023-325xx/CVE-2023-32531.json) (`2023-06-30T14:38:23.707`)
* [CVE-2023-28800](CVE-2023/CVE-2023-288xx/CVE-2023-28800.json) (`2023-06-30T15:08:41.290`)
* [CVE-2023-32528](CVE-2023/CVE-2023-325xx/CVE-2023-32528.json) (`2023-06-30T15:17:43.777`)
* [CVE-2023-32527](CVE-2023/CVE-2023-325xx/CVE-2023-32527.json) (`2023-06-30T15:19:55.490`)
* [CVE-2023-23841](CVE-2023/CVE-2023-238xx/CVE-2023-23841.json) (`2023-06-30T15:27:38.070`)
* [CVE-2023-29708](CVE-2023/CVE-2023-297xx/CVE-2023-29708.json) (`2023-06-30T15:36:24.177`)
* [CVE-2023-30222](CVE-2023/CVE-2023-302xx/CVE-2023-30222.json) (`2023-06-30T15:52:51.067`)
* [CVE-2023-30223](CVE-2023/CVE-2023-302xx/CVE-2023-30223.json) (`2023-06-30T15:58:40.550`)
* [CVE-2023-23539](CVE-2023/CVE-2023-235xx/CVE-2023-23539.json) (`2023-06-30T16:53:58.180`)
* [CVE-2023-27396](CVE-2023/CVE-2023-273xx/CVE-2023-27396.json) (`2023-06-30T17:08:06.930`)
* [CVE-2023-35856](CVE-2023/CVE-2023-358xx/CVE-2023-35856.json) (`2023-06-30T17:08:42.590`)
* [CVE-2023-32522](CVE-2023/CVE-2023-325xx/CVE-2023-32522.json) (`2023-06-30T17:10:43.140`)
* [CVE-2023-35855](CVE-2023/CVE-2023-358xx/CVE-2023-35855.json) (`2023-06-30T17:15:06.973`)
* [CVE-2023-28799](CVE-2023/CVE-2023-287xx/CVE-2023-28799.json) (`2023-06-30T17:15:59.797`)
* [CVE-2023-34462](CVE-2023/CVE-2023-344xx/CVE-2023-34462.json) (`2023-06-30T17:21:12.957`)
* [CVE-2023-36193](CVE-2023/CVE-2023-361xx/CVE-2023-36193.json) (`2023-06-30T17:31:02.620`)
* [CVE-2023-2711](CVE-2023/CVE-2023-27xx/CVE-2023-2711.json) (`2023-06-30T17:36:44.303`)
* [CVE-2023-2743](CVE-2023/CVE-2023-27xx/CVE-2023-2743.json) (`2023-06-30T17:40:00.627`)
* [CVE-2023-2744](CVE-2023/CVE-2023-27xx/CVE-2023-2744.json) (`2023-06-30T17:41:02.260`)
* [CVE-2023-3128](CVE-2023/CVE-2023-31xx/CVE-2023-3128.json) (`2023-06-30T17:49:02.207`)
* [CVE-2023-35695](CVE-2023/CVE-2023-356xx/CVE-2023-35695.json) (`2023-06-30T17:49:14.680`)
* [CVE-2023-32320](CVE-2023/CVE-2023-323xx/CVE-2023-32320.json) (`2023-06-30T17:49:57.387`)
* [CVE-2023-21169](CVE-2023/CVE-2023-211xx/CVE-2023-21169.json) (`2023-06-30T17:50:07.150`)
* [CVE-2023-21170](CVE-2023/CVE-2023-211xx/CVE-2023-21170.json) (`2023-06-30T17:52:59.093`)
* [CVE-2023-34148](CVE-2023/CVE-2023-341xx/CVE-2023-34148.json) (`2023-06-30T17:53:51.130`)
* [CVE-2023-34147](CVE-2023/CVE-2023-341xx/CVE-2023-34147.json) (`2023-06-30T17:56:50.020`)
* [CVE-2023-34146](CVE-2023/CVE-2023-341xx/CVE-2023-34146.json) (`2023-06-30T17:58:09.347`)
* [CVE-2023-34145](CVE-2023/CVE-2023-341xx/CVE-2023-34145.json) (`2023-06-30T17:58:29.067`)
* [CVE-2023-34144](CVE-2023/CVE-2023-341xx/CVE-2023-34144.json) (`2023-06-30T17:58:49.123`)
* [CVE-2023-21171](CVE-2023/CVE-2023-211xx/CVE-2023-21171.json) (`2023-06-30T17:58:56.977`)
* [CVE-2023-32605](CVE-2023/CVE-2023-326xx/CVE-2023-32605.json) (`2023-06-30T17:59:17.467`)
* [CVE-2023-32604](CVE-2023/CVE-2023-326xx/CVE-2023-32604.json) (`2023-06-30T17:59:30.717`)
* [CVE-2023-32557](CVE-2023/CVE-2023-325xx/CVE-2023-32557.json) (`2023-06-30T18:00:02.733`)
## Download and Usage