From 6e5887b15e4adb625e30841e4e73cabdbcf00158 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 2 Jun 2023 12:00:29 +0000 Subject: [PATCH] Auto-Update: 2023-06-02T12:00:25.659913+00:00 --- CVE-2022/CVE-2022-463xx/CVE-2022-46307.json | 55 +++++++++++++++++++++ CVE-2022/CVE-2022-463xx/CVE-2022-46308.json | 55 +++++++++++++++++++++ CVE-2022/CVE-2022-476xx/CVE-2022-47616.json | 55 +++++++++++++++++++++ CVE-2022/CVE-2022-476xx/CVE-2022-47617.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-257xx/CVE-2023-25780.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-286xx/CVE-2023-28698.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-286xx/CVE-2023-28699.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-287xx/CVE-2023-28700.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-287xx/CVE-2023-28701.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-287xx/CVE-2023-28702.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-287xx/CVE-2023-28703.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-287xx/CVE-2023-28704.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-287xx/CVE-2023-28705.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-306xx/CVE-2023-30602.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-306xx/CVE-2023-30603.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-306xx/CVE-2023-30604.json | 55 +++++++++++++++++++++ README.md | 25 ++++++++-- 17 files changed, 900 insertions(+), 5 deletions(-) create mode 100644 CVE-2022/CVE-2022-463xx/CVE-2022-46307.json create mode 100644 CVE-2022/CVE-2022-463xx/CVE-2022-46308.json create mode 100644 CVE-2022/CVE-2022-476xx/CVE-2022-47616.json create mode 100644 CVE-2022/CVE-2022-476xx/CVE-2022-47617.json create mode 100644 CVE-2023/CVE-2023-257xx/CVE-2023-25780.json create mode 100644 CVE-2023/CVE-2023-286xx/CVE-2023-28698.json create mode 100644 CVE-2023/CVE-2023-286xx/CVE-2023-28699.json create mode 100644 CVE-2023/CVE-2023-287xx/CVE-2023-28700.json create mode 100644 CVE-2023/CVE-2023-287xx/CVE-2023-28701.json create mode 100644 CVE-2023/CVE-2023-287xx/CVE-2023-28702.json create mode 100644 CVE-2023/CVE-2023-287xx/CVE-2023-28703.json create mode 100644 CVE-2023/CVE-2023-287xx/CVE-2023-28704.json create mode 100644 CVE-2023/CVE-2023-287xx/CVE-2023-28705.json create mode 100644 CVE-2023/CVE-2023-306xx/CVE-2023-30602.json create mode 100644 CVE-2023/CVE-2023-306xx/CVE-2023-30603.json create mode 100644 CVE-2023/CVE-2023-306xx/CVE-2023-30604.json diff --git a/CVE-2022/CVE-2022-463xx/CVE-2022-46307.json b/CVE-2022/CVE-2022-463xx/CVE-2022-46307.json new file mode 100644 index 00000000000..eec7a4cd744 --- /dev/null +++ b/CVE-2022/CVE-2022-463xx/CVE-2022-46307.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-46307", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2023-06-02T11:15:09.730", + "lastModified": "2023-06-02T11:15:09.730", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SGUDA U-Lock central lock control service\u2019s lock management function has incorrect authorization. A remote attacker with general privilege can exploit this vulnerability to call privileged APIs to acquire information, manipulate or disrupt the functionality of arbitrary electronic locks." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7099-e8897-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-463xx/CVE-2022-46308.json b/CVE-2022/CVE-2022-463xx/CVE-2022-46308.json new file mode 100644 index 00000000000..0ca3a252822 --- /dev/null +++ b/CVE-2022/CVE-2022-463xx/CVE-2022-46308.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-46308", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2023-06-02T11:15:09.913", + "lastModified": "2023-06-02T11:15:09.913", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SGUDA U-Lock central lock control service\u2019s user management function has incorrect authorization. A remote attacker with general user privilege can exploit this vulnerability to call privileged APIs to access, modify and delete user information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7100-7a15c-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-476xx/CVE-2022-47616.json b/CVE-2022/CVE-2022-476xx/CVE-2022-47616.json new file mode 100644 index 00000000000..041cd7c408d --- /dev/null +++ b/CVE-2022/CVE-2022-476xx/CVE-2022-47616.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-47616", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2023-06-02T11:15:09.997", + "lastModified": "2023-06-02T11:15:09.997", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Hitron CODA-5310 has insufficient filtering for specific parameters in the connection test function. A remote attacker authenticated as an administrator, can use the management page to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7082-373d5-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-476xx/CVE-2022-47617.json b/CVE-2022/CVE-2022-476xx/CVE-2022-47617.json new file mode 100644 index 00000000000..dc5e12fd31e --- /dev/null +++ b/CVE-2022/CVE-2022-476xx/CVE-2022-47617.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-47617", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2023-06-02T11:15:10.077", + "lastModified": "2023-06-02T11:15:10.077", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Hitron CODA-5310 has hard-coded encryption/decryption keys in the program code. A remote attacker authenticated as an administrator can decrypt system files using the hard-coded keys for file access, modification, and cause service disruption." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7083-94e13-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25780.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25780.json new file mode 100644 index 00000000000..497d5a9a9c5 --- /dev/null +++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25780.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25780", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2023-06-02T11:15:10.157", + "lastModified": "2023-06-02T11:15:10.157", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "It is identified a vulnerability of insufficient authentication in an important specific function of Status PowerBPM. A LAN attacker with normal user privilege can exploit this vulnerability to modify substitute agent to arbitrary users, resulting in serious consequence." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7152-d7f5b-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-286xx/CVE-2023-28698.json b/CVE-2023/CVE-2023-286xx/CVE-2023-28698.json new file mode 100644 index 00000000000..b18aa98b259 --- /dev/null +++ b/CVE-2023/CVE-2023-286xx/CVE-2023-28698.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28698", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2023-06-02T11:15:10.230", + "lastModified": "2023-06-02T11:15:10.230", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Wade Graphic Design FANTSY has a vulnerability of insufficient authorization check. An unauthenticated remote user can exploit this vulnerability by modifying URL parameters to gain administrator privileges to perform arbitrary system operation or disrupt service." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7101-f88db-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-286xx/CVE-2023-28699.json b/CVE-2023/CVE-2023-286xx/CVE-2023-28699.json new file mode 100644 index 00000000000..813427e2465 --- /dev/null +++ b/CVE-2023/CVE-2023-286xx/CVE-2023-28699.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28699", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2023-06-02T11:15:10.297", + "lastModified": "2023-06-02T11:15:10.297", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload a PHP file containing a webshell to perform arbitrary system operation or disrupt service." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7102-41ab8-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28700.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28700.json new file mode 100644 index 00000000000..79be5c5a29c --- /dev/null +++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28700.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28700", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2023-06-02T11:15:10.370", + "lastModified": "2023-06-02T11:15:10.370", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "OMICARD EDM backend system\u2019s file uploading function does not restrict upload of file with dangerous type. A local area network attacker with administrator privileges can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7144-b7536-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28701.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28701.json new file mode 100644 index 00000000000..699ef403784 --- /dev/null +++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28701.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28701", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2023-06-02T11:15:10.443", + "lastModified": "2023-06-02T11:15:10.443", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "ELITE TECHNOLOGY CORP. Web Fax has a vulnerability of SQL Injection. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to perform arbitrary system commands, disrupt service or terminate service." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7145-1a0d4-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28702.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28702.json new file mode 100644 index 00000000000..39464d05086 --- /dev/null +++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28702.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28702", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2023-06-02T11:15:10.510", + "lastModified": "2023-06-02T11:15:10.510", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "ASUS RT-AC86U does not filter special characters for parameters in specific web URLs. A remote attacker with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands, disrupt system or terminate service." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7146-ef92a-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28703.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28703.json new file mode 100644 index 00000000000..05b9dd0b838 --- /dev/null +++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28703.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28703", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2023-06-02T11:15:10.580", + "lastModified": "2023-06-02T11:15:10.580", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "ASUS RT-AC86U\u2019s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt system or terminate service." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7147-afcf9-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28704.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28704.json new file mode 100644 index 00000000000..eaaefd25b7d --- /dev/null +++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28704.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28704", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2023-06-02T11:15:10.650", + "lastModified": "2023-06-02T11:15:10.650", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Furbo dog camera has insufficient filtering for special parameter of device log management function. An unauthenticated remote attacker in the Bluetooth network with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands or disrupt service." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7153-68f52-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28705.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28705.json new file mode 100644 index 00000000000..122057c8267 --- /dev/null +++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28705.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28705", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2023-06-02T11:15:10.720", + "lastModified": "2023-06-02T11:15:10.720", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Openfind Mail2000 has insufficient filtering special characters of email content of its content filtering function. A remote attacker can exploit this vulnerability using phishing emails that contain malicious web pages injected with JavaScript. When users access the system and open the email, it triggers an XSS (Reflected Cross-site scripting) attack." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7158-751a6-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30602.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30602.json new file mode 100644 index 00000000000..30ff281a978 --- /dev/null +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30602.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30602", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2023-06-02T11:15:10.793", + "lastModified": "2023-06-02T11:15:10.793", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Hitron Technologies CODA-5310\u2019s Telnet function transfers sensitive data in plaintext. An unauthenticated remote attacker can exploit this vulnerability to access credentials of normal users and administrator." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-311" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7084-74e83-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30603.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30603.json new file mode 100644 index 00000000000..ccaef617457 --- /dev/null +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30603.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30603", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2023-06-02T11:15:10.863", + "lastModified": "2023-06-02T11:15:10.863", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remote attackers can exploit this vulnerability to obtain the administrator\u2019s privilege, resulting in performing arbitrary system operation or disrupt service." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7085-13321-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30604.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30604.json new file mode 100644 index 00000000000..c9fd03315d8 --- /dev/null +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30604.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30604", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2023-06-02T11:15:10.930", + "lastModified": "2023-06-02T11:15:10.930", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "It is identified a vulnerability of insufficient authentication in the system configuration interface of Hitron Technologies CODA-5310. An unauthorized remote attacker can exploit this vulnerability to access system configuration interface, resulting in performing arbitrary system operation or disrupt service." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7086-35622-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index e539171951f..56bdf911c15 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-06-02T10:00:24.168928+00:00 +2023-06-02T12:00:25.659913+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-06-02T08:15:09.003000+00:00 +2023-06-02T11:15:10.930000+00:00 ``` ### Last Data Feed Release @@ -29,14 +29,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -216669 +216685 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `16` -* [CVE-2023-3000](CVE-2023/CVE-2023-30xx/CVE-2023-3000.json) (`2023-06-02T08:15:09.003`) +* [CVE-2022-46307](CVE-2022/CVE-2022-463xx/CVE-2022-46307.json) (`2023-06-02T11:15:09.730`) +* [CVE-2022-46308](CVE-2022/CVE-2022-463xx/CVE-2022-46308.json) (`2023-06-02T11:15:09.913`) +* [CVE-2022-47616](CVE-2022/CVE-2022-476xx/CVE-2022-47616.json) (`2023-06-02T11:15:09.997`) +* [CVE-2022-47617](CVE-2022/CVE-2022-476xx/CVE-2022-47617.json) (`2023-06-02T11:15:10.077`) +* [CVE-2023-25780](CVE-2023/CVE-2023-257xx/CVE-2023-25780.json) (`2023-06-02T11:15:10.157`) +* [CVE-2023-28698](CVE-2023/CVE-2023-286xx/CVE-2023-28698.json) (`2023-06-02T11:15:10.230`) +* [CVE-2023-28699](CVE-2023/CVE-2023-286xx/CVE-2023-28699.json) (`2023-06-02T11:15:10.297`) +* [CVE-2023-28700](CVE-2023/CVE-2023-287xx/CVE-2023-28700.json) (`2023-06-02T11:15:10.370`) +* [CVE-2023-28701](CVE-2023/CVE-2023-287xx/CVE-2023-28701.json) (`2023-06-02T11:15:10.443`) +* [CVE-2023-28702](CVE-2023/CVE-2023-287xx/CVE-2023-28702.json) (`2023-06-02T11:15:10.510`) +* [CVE-2023-28703](CVE-2023/CVE-2023-287xx/CVE-2023-28703.json) (`2023-06-02T11:15:10.580`) +* [CVE-2023-28704](CVE-2023/CVE-2023-287xx/CVE-2023-28704.json) (`2023-06-02T11:15:10.650`) +* [CVE-2023-28705](CVE-2023/CVE-2023-287xx/CVE-2023-28705.json) (`2023-06-02T11:15:10.720`) +* [CVE-2023-30602](CVE-2023/CVE-2023-306xx/CVE-2023-30602.json) (`2023-06-02T11:15:10.793`) +* [CVE-2023-30603](CVE-2023/CVE-2023-306xx/CVE-2023-30603.json) (`2023-06-02T11:15:10.863`) +* [CVE-2023-30604](CVE-2023/CVE-2023-306xx/CVE-2023-30604.json) (`2023-06-02T11:15:10.930`) ### CVEs modified in the last Commit