From 6f891fd934533b80c79e166641b7e3c0729bebc4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Helmke?= Date: Tue, 2 May 2023 20:00:28 +0200 Subject: [PATCH] Auto-Update: 2023-05-02T18:00:25.091988+00:00 --- CVE-2022/CVE-2022-369xx/CVE-2022-36963.json | 62 +++++++++- CVE-2022/CVE-2022-475xx/CVE-2022-47505.json | 62 +++++++++- CVE-2022/CVE-2022-479xx/CVE-2022-47930.json | 69 +++++++++++- CVE-2023/CVE-2023-12xx/CVE-2023-1255.json | 83 ++++++++++++-- CVE-2023/CVE-2023-13xx/CVE-2023-1324.json | 53 ++++++++- CVE-2023/CVE-2023-226xx/CVE-2023-22686.json | 47 +++++++- CVE-2023/CVE-2023-22xx/CVE-2023-2215.json | 63 ++++++++++- CVE-2023/CVE-2023-22xx/CVE-2023-2216.json | 62 +++++++++- CVE-2023/CVE-2023-22xx/CVE-2023-2217.json | 61 +++++++++- CVE-2023/CVE-2023-22xx/CVE-2023-2240.json | 54 ++++++++- CVE-2023/CVE-2023-22xx/CVE-2023-2242.json | 60 +++++++++- CVE-2023/CVE-2023-22xx/CVE-2023-2243.json | 60 +++++++++- CVE-2023/CVE-2023-22xx/CVE-2023-2245.json | 60 +++++++++- CVE-2023/CVE-2023-237xx/CVE-2023-23753.json | 70 +++++++++++- CVE-2023/CVE-2023-239xx/CVE-2023-23938.json | 71 +++++++++++- CVE-2023/CVE-2023-255xx/CVE-2023-25514.json | 74 +++++++++++- CVE-2023/CVE-2023-265xx/CVE-2023-26556.json | 80 +++++++++++-- CVE-2023/CVE-2023-265xx/CVE-2023-26557.json | 80 +++++++++++-- CVE-2023/CVE-2023-273xx/CVE-2023-27350.json | 119 ++++++++++++++++++-- CVE-2023/CVE-2023-273xx/CVE-2023-27351.json | 91 ++++++++++++++- CVE-2023/CVE-2023-295xx/CVE-2023-29575.json | 72 +++++++++++- CVE-2023/CVE-2023-298xx/CVE-2023-29848.json | 70 +++++++++++- CVE-2023/CVE-2023-298xx/CVE-2023-29849.json | 70 +++++++++++- CVE-2023/CVE-2023-298xx/CVE-2023-29867.json | 20 ++++ CVE-2023/CVE-2023-298xx/CVE-2023-29868.json | 20 ++++ CVE-2023/CVE-2023-299xx/CVE-2023-29918.json | 20 ++++ CVE-2023/CVE-2023-310xx/CVE-2023-31043.json | 112 ++++++++++++++++-- README.md | 85 ++++++-------- 28 files changed, 1673 insertions(+), 177 deletions(-) create mode 100644 CVE-2023/CVE-2023-298xx/CVE-2023-29867.json create mode 100644 CVE-2023/CVE-2023-298xx/CVE-2023-29868.json create mode 100644 CVE-2023/CVE-2023-299xx/CVE-2023-29918.json diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36963.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36963.json index e79ef0cf0d8..72f8ac7cebf 100644 --- a/CVE-2022/CVE-2022-369xx/CVE-2022-36963.json +++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36963.json @@ -2,8 +2,8 @@ "id": "CVE-2022-36963", "sourceIdentifier": "psirt@solarwinds.com", "published": "2023-04-21T20:15:07.087", - "lastModified": "2023-04-24T13:02:19.050", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-02T17:09:42.237", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "psirt@solarwinds.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + }, { "source": "psirt@solarwinds.com", "type": "Secondary", @@ -46,14 +76,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:solarwinds:orion_platform:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.2", + "matchCriteriaId": "813EF4B0-6B36-47B1-9AEE-83040037F7EE" + } + ] + } + ] + } + ], "references": [ { "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm", - "source": "psirt@solarwinds.com" + "source": "psirt@solarwinds.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36963", - "source": "psirt@solarwinds.com" + "source": "psirt@solarwinds.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-475xx/CVE-2022-47505.json b/CVE-2022/CVE-2022-475xx/CVE-2022-47505.json index 6e7525a2e1e..ec76cba77bf 100644 --- a/CVE-2022/CVE-2022-475xx/CVE-2022-47505.json +++ b/CVE-2022/CVE-2022-475xx/CVE-2022-47505.json @@ -2,8 +2,8 @@ "id": "CVE-2022-47505", "sourceIdentifier": "psirt@solarwinds.com", "published": "2023-04-21T20:15:07.173", - "lastModified": "2023-04-24T13:02:19.050", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-02T17:10:35.553", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "psirt@solarwinds.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + }, { "source": "psirt@solarwinds.com", "type": "Secondary", @@ -46,14 +76,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:solarwinds:orion_platform:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.2", + "matchCriteriaId": "813EF4B0-6B36-47B1-9AEE-83040037F7EE" + } + ] + } + ] + } + ], "references": [ { "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm", - "source": "psirt@solarwinds.com" + "source": "psirt@solarwinds.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-47505", - "source": "psirt@solarwinds.com" + "source": "psirt@solarwinds.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-479xx/CVE-2022-47930.json b/CVE-2022/CVE-2022-479xx/CVE-2022-47930.json index 1ce2ba8ed17..fcb779d6e9d 100644 --- a/CVE-2022/CVE-2022-479xx/CVE-2022-47930.json +++ b/CVE-2022/CVE-2022-479xx/CVE-2022-47930.json @@ -2,23 +2,82 @@ "id": "CVE-2022-47930", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-21T18:15:07.377", - "lastModified": "2023-04-24T13:02:19.050", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-02T16:45:58.687", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session id, context, or random nonce in the generation of the challenge. This could allow a malicious user or an eavesdropper to replay a valid proof sent in the past." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-294" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:iofinnet:tss-lib:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.0.0", + "matchCriteriaId": "5A407DB0-D561-404E-941A-EF988ABB8BDB" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/IoFinnet/tss-lib/releases/tag/v2.0.0", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://medium.com/@iofinnet/security-disclosure-for-ecdsa-and-eddsa-threshold-signature-schemes-4e969af7155b", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-12xx/CVE-2023-1255.json b/CVE-2023/CVE-2023-12xx/CVE-2023-1255.json index 41348c1fa94..bbc6ced3849 100644 --- a/CVE-2023/CVE-2023-12xx/CVE-2023-1255.json +++ b/CVE-2023/CVE-2023-12xx/CVE-2023-1255.json @@ -2,27 +2,92 @@ "id": "CVE-2023-1255", "sourceIdentifier": "openssl-security@openssl.org", "published": "2023-04-20T17:15:06.883", - "lastModified": "2023-04-21T09:15:07.340", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-02T16:42:01.440", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM\nplatform contains a bug that could cause it to read past the input buffer,\nleading to a crash.\n\nImpact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM\nplatform can crash in rare circumstances. The AES-XTS algorithm is usually\nused for disk encryption.\n\nThe AES-XTS cipher decryption implementation for 64 bit ARM platform will read\npast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16\nbyte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext\nbuffer is unmapped, this will trigger a crash which results in a denial of\nservice.\n\nIf an attacker can control the size and location of the ciphertext buffer\nbeing decrypted by an application using AES-XTS on 64 bit ARM, the\napplication is affected. This is fairly unlikely making this issue\na Low severity one." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.0.9", + "matchCriteriaId": "4C637E94-F5EC-4D4B-836F-8C8219F1ECEC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.1.0", + "versionEndExcluding": "3.1.1", + "matchCriteriaId": "68821BE0-7889-48B0-888D-CEC8BB9BDEA9" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=02ac9c9420275868472f33b01def01218742b8bb", - "source": "openssl-security@openssl.org" + "source": "openssl-security@openssl.org", + "tags": [ + "Mailing List", + "Patch" + ] }, { "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bc2f61ad70971869b242fc1cb445b98bad50074a", - "source": "openssl-security@openssl.org" - }, - { - "url": "https://www.openssl.org/news/secadv/20230419.txt", - "source": "openssl-security@openssl.org" + "source": "openssl-security@openssl.org", + "tags": [ + "Mailing List", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-13xx/CVE-2023-1324.json b/CVE-2023/CVE-2023-13xx/CVE-2023-1324.json index 0ebc994d840..a316ae65be0 100644 --- a/CVE-2023/CVE-2023-13xx/CVE-2023-1324.json +++ b/CVE-2023/CVE-2023-13xx/CVE-2023-1324.json @@ -2,15 +2,38 @@ "id": "CVE-2023-1324", "sourceIdentifier": "contact@wpscan.com", "published": "2023-04-24T19:15:09.343", - "lastModified": "2023-04-25T12:52:57.877", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-02T16:35:34.763", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yikesinc:easy_forms_for_mailchimp:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "6.8.8", + "matchCriteriaId": "6DB1A377-21C2-4F95-8AA1-01F8F9632ACA" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/8f510b8c-b97a-44c9-a36d-2d775a4f7b81", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-226xx/CVE-2023-22686.json b/CVE-2023/CVE-2023-226xx/CVE-2023-22686.json index 1bdeeec91fb..b883f998bfe 100644 --- a/CVE-2023/CVE-2023-226xx/CVE-2023-22686.json +++ b/CVE-2023/CVE-2023-226xx/CVE-2023-22686.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22686", "sourceIdentifier": "audit@patchstack.com", "published": "2023-04-23T12:15:13.767", - "lastModified": "2023-04-24T13:01:50.087", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-02T17:16:41.387", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trinitronic:nice_paypal_button_lite:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.3.5", + "matchCriteriaId": "35D21048-984D-4EBF-9A89-5CF3D47CEDAE" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/nice-paypal-button-lite/wordpress-nice-paypal-button-lite-plugin-1-3-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2215.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2215.json index f58aaca08e8..70a5b2a5224 100644 --- a/CVE-2023/CVE-2023-22xx/CVE-2023-2215.json +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2215.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2215", "sourceIdentifier": "cna@vuldb.com", "published": "2023-04-21T10:15:07.803", - "lastModified": "2023-04-24T13:02:28.070", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-02T17:35:03.033", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,49 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:coffee_shop_pos_system_project:coffee_shop_pos_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0F4D1D90-B3B0-4E6B-9B75-C6A2C6FF6909" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/E1CHO/cve_hub/blob/main/Coffee%20Shop%20POS%20System/Coffee%20Shop%20POS%20System%20-%20vuln%207.pdf", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.226980", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.226980", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2216.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2216.json index e0e7189f288..985ac6108da 100644 --- a/CVE-2023/CVE-2023-22xx/CVE-2023-2216.json +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2216.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2216", "sourceIdentifier": "cna@vuldb.com", "published": "2023-04-21T11:15:06.933", - "lastModified": "2023-04-24T13:02:28.070", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-02T17:58:01.530", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,48 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:coffee_shop_pos_system_project:coffee_shop_pos_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0F4D1D90-B3B0-4E6B-9B75-C6A2C6FF6909" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/E1CHO/cve_hub/blob/main/Coffee%20Shop%20POS%20System/Coffee%20Shop%20POS%20System%20-%20vuln%208.pdf", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.226981", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.226981", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2217.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2217.json index 1c391912c81..63b61944888 100644 --- a/CVE-2023/CVE-2023-22xx/CVE-2023-2217.json +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2217.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2217", "sourceIdentifier": "cna@vuldb.com", "published": "2023-04-21T11:15:07.003", - "lastModified": "2023-04-24T13:02:23.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-02T17:58:39.340", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:task_reminder_system_project:task_reminder_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "AD2D793D-38A9-47EE-A7AE-7DAE3441BBB0" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/E1CHO/cve_hub/blob/main/Task%20Reminder%20System/Task%20Reminder%20System%20-%20vuln%202.pdf", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.226983", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.226983", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2240.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2240.json index 567f74d971c..907ca452e11 100644 --- a/CVE-2023/CVE-2023-22xx/CVE-2023-2240.json +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2240.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2240", "sourceIdentifier": "security@huntr.dev", "published": "2023-04-22T01:15:08.147", - "lastModified": "2023-04-24T13:02:13.210", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-02T17:39:02.753", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.3.4", + "matchCriteriaId": "E503E14E-D4EE-4F4C-8431-DE2EB7A58ABA" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/microweber/microweber/commit/f43d5b767ad5814fc5f84bbaf0b77996262f3a4b", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/8f595559-7b4b-4b00-954c-7a627766e203", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2242.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2242.json index b113b2ef8d0..79bbdf1e40a 100644 --- a/CVE-2023/CVE-2023-22xx/CVE-2023-2242.json +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2242.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2242", "sourceIdentifier": "cna@vuldb.com", "published": "2023-04-22T16:15:42.157", - "lastModified": "2023-04-24T13:01:54.663", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-02T17:21:58.343", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:online_computer_and_laptop_store_project:online_computer_and_laptop_store:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "6ADFB9B5-9CB8-4261-902B-4DF0680DF274" + } + ] + } + ] + } + ], "references": [ { "url": "https://docs.google.com/document/d/1GZt9MKB2K-nDrg0cnrnU6_z9wDd9xPE-YJbPV2Qgqg4/edit", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.227227", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.227227", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2243.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2243.json index b3dcb00f768..aae428c14d8 100644 --- a/CVE-2023/CVE-2023-22xx/CVE-2023-2243.json +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2243.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2243", "sourceIdentifier": "cna@vuldb.com", "published": "2023-04-22T17:15:07.127", - "lastModified": "2023-04-24T13:01:54.663", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-02T17:20:46.443", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:complaint_management_system_project:complaint_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "37FB2709-4441-4348-A5AB-C7257108803E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/HibuMk/bug_report/blob/main/SQLi.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.227228", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.227228", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2245.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2245.json index 70f653812e6..8fac829161a 100644 --- a/CVE-2023/CVE-2023-22xx/CVE-2023-2245.json +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2245.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2245", "sourceIdentifier": "cna@vuldb.com", "published": "2023-04-22T17:15:07.227", - "lastModified": "2023-04-24T13:01:54.663", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-02T17:41:11.897", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hansuncms_project:hansuncms:1.4.3:*:*:*:*:*:*:*", + "matchCriteriaId": "93E189DF-ADAE-4250-9CE3-D58953B553C5" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/MorStardust/hansuncmswebshell/blob/main/README.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.227230", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.227230", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-237xx/CVE-2023-23753.json b/CVE-2023/CVE-2023-237xx/CVE-2023-23753.json index e722b1cc569..fa9ae22cf32 100644 --- a/CVE-2023/CVE-2023-237xx/CVE-2023-23753.json +++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23753.json @@ -2,23 +2,83 @@ "id": "CVE-2023-23753", "sourceIdentifier": "security@joomla.org", "published": "2023-04-23T21:15:06.910", - "lastModified": "2023-04-24T13:01:43.960", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-02T17:10:25.427", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The 'Visforms Base Package for Joomla 3' extension is vulnerable to SQL Injection as concatenation is used to construct an SQL Query. An attacker can interact with the database and could be able to read, modify and delete data on it." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vi-solutions:visforms:*:*:*:*:*:joomla\\!:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.0.5", + "matchCriteriaId": "1FA01C78-A253-41F5-9700-B19508CF19AE" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.asturhackers.es/sql-injection-en-visforms-base-package-for-joomla-3-0-5-cve-2023-23753", - "source": "security@joomla.org" + "source": "security@joomla.org", + "tags": [ + "Exploit" + ] }, { "url": "https://vi-solutions.de/en/announcements/867-security-announcement-cve-2023-23754", - "source": "security@joomla.org" + "source": "security@joomla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-239xx/CVE-2023-23938.json b/CVE-2023/CVE-2023-239xx/CVE-2023-23938.json index fd6cadd4b43..3ba0d52c132 100644 --- a/CVE-2023/CVE-2023-239xx/CVE-2023-23938.json +++ b/CVE-2023/CVE-2023-239xx/CVE-2023-23938.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23938", "sourceIdentifier": "security-advisories@github.com", "published": "2023-04-20T17:15:07.120", - "lastModified": "2023-04-20T17:18:19.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-02T17:29:19.817", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +66,59 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*", + "versionEndExcluding": "14.4-7", + "matchCriteriaId": "1092E5D2-592F-45AE-AAD7-055F42EEBA67" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:enalean:tuleap:*:*:*:*:community:*:*:*", + "versionStartIncluding": "13.8.99.49", + "versionEndExcluding": "14.5.99.4", + "matchCriteriaId": "F4555DF2-D6B6-4CE1-901B-4E886DA794E2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "14.5", + "versionEndExcluding": "14.5-2", + "matchCriteriaId": "5E58AAFA-7D70-4AF5-9916-1F43B5286072" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Enalean/tuleap/commit/aacd5e798301f24f218298ec8236ec7bef0f5d52", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-mqjm-c6rm-9h87", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://tuleap.net/plugins/tracker/?aid=30734", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-255xx/CVE-2023-25514.json b/CVE-2023/CVE-2023-255xx/CVE-2023-25514.json index 08d31285a1d..2018828d7cf 100644 --- a/CVE-2023/CVE-2023-255xx/CVE-2023-25514.json +++ b/CVE-2023/CVE-2023-255xx/CVE-2023-25514.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25514", "sourceIdentifier": "psirt@nvidia.com", "published": "2023-04-22T03:15:10.787", - "lastModified": "2023-04-24T13:01:54.663", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-02T17:26:57.987", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 6.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 4.7 + }, { "source": "psirt@nvidia.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "psirt@nvidia.com", "type": "Secondary", @@ -46,10 +76,48 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nvidia:cuda_toolkit:*:*:*:*:*:*:*:*", + "versionEndExcluding": "12.1.1", + "matchCriteriaId": "BF2583F9-0D2C-4CA2-BEAE-C8BF6B6AB0EC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5456", - "source": "psirt@nvidia.com" + "source": "psirt@nvidia.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26556.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26556.json index 243c272bb30..a89ea9339e7 100644 --- a/CVE-2023/CVE-2023-265xx/CVE-2023-26556.json +++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26556.json @@ -2,31 +2,97 @@ "id": "CVE-2023-26556", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-21T18:15:07.927", - "lastModified": "2023-04-24T13:02:19.050", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-02T17:05:35.907", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time (there is an if statement in a loop). One leak is in ecdsa/keygen/round_2.go. (bnb-chain/tss-lib and thorchain/tss are also affected.)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:iofinnet:tss-lib:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.0.0", + "matchCriteriaId": "5A407DB0-D561-404E-941A-EF988ABB8BDB" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/IoFinnet/tss-lib/releases/tag/v2.0.0", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/bnb-chain/tss-lib/tree/v1.3.5", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://gitlab.com/thorchain/tss/tss-lib/-/tags/v0.1.3", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://medium.com/@iofinnet/security-disclosure-for-ecdsa-and-eddsa-threshold-signature-schemes-4e969af7155b", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26557.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26557.json index d3c434276b4..874b74f0af8 100644 --- a/CVE-2023/CVE-2023-265xx/CVE-2023-26557.json +++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26557.json @@ -2,31 +2,97 @@ "id": "CVE-2023-26557", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-21T18:15:07.990", - "lastModified": "2023-04-24T13:02:19.050", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-02T17:06:10.073", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. (bnb-chain/tss-lib and thorchain/tss are also affected.)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:iofinnet:tss-lib:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.0.0", + "matchCriteriaId": "5A407DB0-D561-404E-941A-EF988ABB8BDB" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/IoFinnet/tss-lib/releases/tag/v2.0.0", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/bnb-chain/tss-lib/tree/v1.3.5", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://gitlab.com/thorchain/tss/tss-lib/-/tags/v0.1.3", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://medium.com/@iofinnet/security-disclosure-for-ecdsa-and-eddsa-threshold-signature-schemes-4e969af7155b", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-273xx/CVE-2023-27350.json b/CVE-2023/CVE-2023-273xx/CVE-2023-27350.json index 40381efc413..d89b994954c 100644 --- a/CVE-2023/CVE-2023-273xx/CVE-2023-27350.json +++ b/CVE-2023/CVE-2023-273xx/CVE-2023-27350.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27350", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2023-04-20T16:15:07.653", - "lastModified": "2023-04-27T22:15:09.740", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-05-02T16:06:04.117", + "vulnStatus": "Analyzed", "cisaExploitAdd": "2023-04-21", "cisaActionDue": "2023-05-12", "cisaRequiredAction": "Apply updates per vendor instructions.", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -48,28 +70,111 @@ "value": "CWE-284" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "20.1.7", + "matchCriteriaId": "0D42B6B6-D35D-4CCD-BB11-B06658BA1959" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*", + "versionStartIncluding": "21.0.0", + "versionEndExcluding": "21.2.11", + "matchCriteriaId": "7D231C34-F58C-4CA1-B158-64778AC17991" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*", + "versionStartIncluding": "22.0.0", + "versionEndExcluding": "22.0.9", + "matchCriteriaId": "A326E88D-635E-4AC1-B5CE-455306FC9D55" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "20.1.7", + "matchCriteriaId": "ECE9BB0C-3650-46F4-A0D4-EAAF15E368D7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*", + "versionStartIncluding": "21.0.0", + "versionEndExcluding": "21.2.11", + "matchCriteriaId": "4DE19845-02F0-4BB9-BECB-49B34FACB55D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*", + "versionStartIncluding": "22.0.0", + "versionEndExcluding": "22.0.9", + "matchCriteriaId": "C1852E7B-0B3F-4208-A26E-CB117E0C0CD8" + } + ] + } + ] } ], "references": [ { "url": "http://packetstormsecurity.com/files/171982/PaperCut-MF-NG-Authentication-Bypass-Remote-Code-Execution.html", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://packetstormsecurity.com/files/172022/PaperCut-NG-MG-22.0.4-Authentication-Bypass.html", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://news.sophos.com/en-us/2023/04/27/increased-exploitation-of-papercut-drawing-blood-around-the-internet/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-233/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-273xx/CVE-2023-27351.json b/CVE-2023/CVE-2023-273xx/CVE-2023-27351.json index ba1b83640ec..40d5ddfef28 100644 --- a/CVE-2023/CVE-2023-273xx/CVE-2023-27351.json +++ b/CVE-2023/CVE-2023-273xx/CVE-2023-27351.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27351", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2023-04-20T16:15:07.723", - "lastModified": "2023-04-20T23:15:06.910", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-02T16:19:23.810", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,14 +68,75 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15.0.0", + "versionEndExcluding": "20.1.7", + "matchCriteriaId": "87F5547A-059F-46A7-A8DB-0613BEF043A5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*", + "versionStartIncluding": "21.0.0", + "versionEndExcluding": "21.2.11", + "matchCriteriaId": "7D231C34-F58C-4CA1-B158-64778AC17991" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*", + "versionStartIncluding": "22.0.0", + "versionEndExcluding": "22.0.9", + "matchCriteriaId": "A326E88D-635E-4AC1-B5CE-455306FC9D55" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15.0.0", + "versionEndExcluding": "20.1.7", + "matchCriteriaId": "5EDC8CF8-64FB-4A9A-95FB-F0F5AEB98CC9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*", + "versionStartIncluding": "21.0.0", + "versionEndExcluding": "21.2.11", + "matchCriteriaId": "4DE19845-02F0-4BB9-BECB-49B34FACB55D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*", + "versionStartIncluding": "22.0.0", + "versionEndExcluding": "22.0.9", + "matchCriteriaId": "C1852E7B-0B3F-4208-A26E-CB117E0C0CD8" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-232/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29575.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29575.json index 77acb66c96c..584a74f6313 100644 --- a/CVE-2023/CVE-2023-295xx/CVE-2023-29575.json +++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29575.json @@ -2,23 +2,85 @@ "id": "CVE-2023-29575", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-21T14:15:07.373", - "lastModified": "2023-04-24T13:02:23.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-02T17:35:02.573", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42aac component." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:axiosys:bento4:1.6.0-639:*:*:*:*:*:*:*", + "matchCriteriaId": "A003FBD1-339C-409D-A304-7FEE97E23250" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/axiomatic-systems/Bento4/issues/842", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory", + "Vendor Advisory" + ] }, { "url": "https://github.com/z1r00/fuzz_vuln/blob/main/Bento4/mp42aac/readme.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-298xx/CVE-2023-29848.json b/CVE-2023/CVE-2023-298xx/CVE-2023-29848.json index 5d5485a84e4..2f4326783af 100644 --- a/CVE-2023/CVE-2023-298xx/CVE-2023-29848.json +++ b/CVE-2023/CVE-2023-298xx/CVE-2023-29848.json @@ -2,23 +2,83 @@ "id": "CVE-2023-29848", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-24T15:15:08.813", - "lastModified": "2023-04-24T15:35:56.667", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-02T16:44:29.473", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Bang Resto 1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the itemName parameter in the admin/menu.php Add New Menu function." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hockeycomputindo:bang_resto:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "E00A0E16-145F-4356-9B38-1BE60D2E4EAB" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/171899/Bang-Resto-1.0-Cross-Site-Scripting.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/mesinkasir/bangresto/issues/2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-298xx/CVE-2023-29849.json b/CVE-2023/CVE-2023-298xx/CVE-2023-29849.json index 048349d863e..2f3df6db5f1 100644 --- a/CVE-2023/CVE-2023-298xx/CVE-2023-29849.json +++ b/CVE-2023/CVE-2023-298xx/CVE-2023-29849.json @@ -2,23 +2,83 @@ "id": "CVE-2023-29849", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-24T15:15:08.853", - "lastModified": "2023-04-24T15:35:56.667", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-02T16:43:18.270", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Bang Resto 1.0 was discovered to contain multiple SQL injection vulnerabilities via the btnMenuItemID, itemID, itemPrice, menuID, staffID, or itemqty parameter." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hockeycomputindo:bang_resto:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "E00A0E16-145F-4356-9B38-1BE60D2E4EAB" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/171900/Bang-Resto-1.0-SQL-Injection.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/mesinkasir/bangresto/issues/3", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-298xx/CVE-2023-29867.json b/CVE-2023/CVE-2023-298xx/CVE-2023-29867.json new file mode 100644 index 00000000000..bd10f52463d --- /dev/null +++ b/CVE-2023/CVE-2023-298xx/CVE-2023-29867.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-29867", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-02T16:15:08.923", + "lastModified": "2023-05-02T16:15:08.923", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about linked accounts of users involved in their tickets using the Zammad API." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://zammad.com/en/advisories/zaa-2023-02", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-298xx/CVE-2023-29868.json b/CVE-2023/CVE-2023-298xx/CVE-2023-29868.json new file mode 100644 index 00000000000..eb726ea6539 --- /dev/null +++ b/CVE-2023/CVE-2023-298xx/CVE-2023-29868.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-29868", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-02T16:15:08.977", + "lastModified": "2023-05-02T16:15:08.977", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://zammad.com/en/advisories/zaa-2023-01", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-299xx/CVE-2023-29918.json b/CVE-2023/CVE-2023-299xx/CVE-2023-29918.json new file mode 100644 index 00000000000..7405f952d08 --- /dev/null +++ b/CVE-2023/CVE-2023-299xx/CVE-2023-29918.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-29918", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-02T16:15:09.027", + "lastModified": "2023-05-02T16:15:09.027", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://docs.google.com/document/d/1JAhJOlfKKD5Y5zEKo0_8a3A-nQ7Dz_GIMmlXmOvXV48/edit?usp=sharing", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31043.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31043.json index 9326a2b58aa..d6c43ca2be4 100644 --- a/CVE-2023/CVE-2023-310xx/CVE-2023-31043.json +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31043.json @@ -2,35 +2,131 @@ "id": "CVE-2023-31043", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-23T20:15:07.127", - "lastModified": "2023-04-24T13:01:43.960", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-02T17:16:27.860", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edb_filter_log.redact_password_commands. The fixed versions are 10.23.33, 11.18.29, 12.13.17, 13.9.13, and 14.6.0." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.23.33", + "matchCriteriaId": "D03C4D8A-E49C-4F9E-AC37-1FCB30690810" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.1.7", + "versionEndExcluding": "11.18.29", + "matchCriteriaId": "9B69ADDB-38AF-447D-91BD-F11E2A433FBE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.1.2", + "versionEndExcluding": "12.13.17", + "matchCriteriaId": "22DAE6E2-5B34-4D38-9C6E-D06B646AAA67" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.1.4", + "versionEndExcluding": "13.9.13", + "matchCriteriaId": "C92BC79F-6A3A-48BA-B910-1673F37B4963" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.1.0", + "versionEndExcluding": "14.6.0", + "matchCriteriaId": "DBA2791E-4D7F-4FF2-9730-E71CD73FA53E" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.enterprisedb.com/docs/epas/10/epas_rel_notes/epas10_23_33_rel_notes/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.enterprisedb.com/docs/epas/11/epas_rel_notes/epas11_18_29_rel_notes/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.enterprisedb.com/docs/epas/12/epas_rel_notes/epas12_13_17_rel_notes/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.enterprisedb.com/docs/epas/13/epas_rel_notes/epas13_9_13_rel_notes/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.enterprisedb.com/docs/epas/14/epas_rel_notes/epas14_6_0_rel_notes/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 68b8ee3672e..5c61bdb3d0a 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-05-02T16:00:24.186432+00:00 +2023-05-02T18:00:25.091988+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-05-02T15:47:02.633000+00:00 +2023-05-02T17:58:39.340000+00:00 ``` ### Last Data Feed Release @@ -29,67 +29,46 @@ Download and Changelog: [Click](releases/latest) ### Total Number of included CVEs ```plain -213925 +213928 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `3` -* [CVE-2023-2445](CVE-2023/CVE-2023-24xx/CVE-2023-2445.json) (`2023-05-02T14:15:09.207`) -* [CVE-2023-2476](CVE-2023/CVE-2023-24xx/CVE-2023-2476.json) (`2023-05-02T14:15:09.273`) -* [CVE-2023-2477](CVE-2023/CVE-2023-24xx/CVE-2023-2477.json) (`2023-05-02T14:15:09.353`) -* [CVE-2023-2479](CVE-2023/CVE-2023-24xx/CVE-2023-2479.json) (`2023-05-02T15:15:23.760`) -* [CVE-2023-29856](CVE-2023/CVE-2023-298xx/CVE-2023-29856.json) (`2023-05-02T15:15:23.697`) +* [CVE-2023-29867](CVE-2023/CVE-2023-298xx/CVE-2023-29867.json) (`2023-05-02T16:15:08.923`) +* [CVE-2023-29868](CVE-2023/CVE-2023-298xx/CVE-2023-29868.json) (`2023-05-02T16:15:08.977`) +* [CVE-2023-29918](CVE-2023/CVE-2023-299xx/CVE-2023-29918.json) (`2023-05-02T16:15:09.027`) ### CVEs modified in the last Commit -Recently modified CVEs: `43` +Recently modified CVEs: `24` -* [CVE-2022-33891](CVE-2022/CVE-2022-338xx/CVE-2022-33891.json) (`2023-05-02T15:15:23.457`) -* [CVE-2022-36788](CVE-2022/CVE-2022-367xx/CVE-2022-36788.json) (`2023-05-02T15:05:37.250`) -* [CVE-2022-45084](CVE-2022/CVE-2022-450xx/CVE-2022-45084.json) (`2023-05-02T15:27:53.933`) -* [CVE-2022-47158](CVE-2022/CVE-2022-471xx/CVE-2022-47158.json) (`2023-05-02T15:24:50.217`) -* [CVE-2022-47598](CVE-2022/CVE-2022-475xx/CVE-2022-47598.json) (`2023-05-02T15:26:41.773`) -* [CVE-2023-0184](CVE-2023/CVE-2023-01xx/CVE-2023-0184.json) (`2023-05-02T14:24:17.237`) -* [CVE-2023-0190](CVE-2023/CVE-2023-01xx/CVE-2023-0190.json) (`2023-05-02T14:24:38.437`) -* [CVE-2023-0199](CVE-2023/CVE-2023-01xx/CVE-2023-0199.json) (`2023-05-02T14:25:09.480`) -* [CVE-2023-0202](CVE-2023/CVE-2023-02xx/CVE-2023-0202.json) (`2023-05-02T15:16:40.460`) -* [CVE-2023-0206](CVE-2023/CVE-2023-02xx/CVE-2023-0206.json) (`2023-05-02T15:04:40.167`) -* [CVE-2023-0899](CVE-2023/CVE-2023-08xx/CVE-2023-0899.json) (`2023-05-02T15:21:19.640`) -* [CVE-2023-1020](CVE-2023/CVE-2023-10xx/CVE-2023-1020.json) (`2023-05-02T15:18:13.427`) -* [CVE-2023-1126](CVE-2023/CVE-2023-11xx/CVE-2023-1126.json) (`2023-05-02T14:55:35.673`) -* [CVE-2023-1129](CVE-2023/CVE-2023-11xx/CVE-2023-1129.json) (`2023-05-02T14:55:20.087`) -* [CVE-2023-1420](CVE-2023/CVE-2023-14xx/CVE-2023-1420.json) (`2023-05-02T14:52:38.237`) -* [CVE-2023-1435](CVE-2023/CVE-2023-14xx/CVE-2023-1435.json) (`2023-05-02T14:51:05.643`) -* [CVE-2023-2209](CVE-2023/CVE-2023-22xx/CVE-2023-2209.json) (`2023-05-02T14:33:57.820`) -* [CVE-2023-2211](CVE-2023/CVE-2023-22xx/CVE-2023-2211.json) (`2023-05-02T15:18:57.077`) -* [CVE-2023-2212](CVE-2023/CVE-2023-22xx/CVE-2023-2212.json) (`2023-05-02T15:23:35.120`) -* [CVE-2023-2213](CVE-2023/CVE-2023-22xx/CVE-2023-2213.json) (`2023-05-02T15:26:32.377`) -* [CVE-2023-2214](CVE-2023/CVE-2023-22xx/CVE-2023-2214.json) (`2023-05-02T15:47:02.633`) -* [CVE-2023-23892](CVE-2023/CVE-2023-238xx/CVE-2023-23892.json) (`2023-05-02T15:24:12.240`) -* [CVE-2023-25510](CVE-2023/CVE-2023-255xx/CVE-2023-25510.json) (`2023-05-02T14:19:39.090`) -* [CVE-2023-25511](CVE-2023/CVE-2023-255xx/CVE-2023-25511.json) (`2023-05-02T14:33:25.917`) -* [CVE-2023-25512](CVE-2023/CVE-2023-255xx/CVE-2023-25512.json) (`2023-05-02T14:35:30.717`) -* [CVE-2023-25513](CVE-2023/CVE-2023-255xx/CVE-2023-25513.json) (`2023-05-02T14:57:52.180`) -* [CVE-2023-26812](CVE-2023/CVE-2023-268xx/CVE-2023-26812.json) (`2023-05-02T14:15:09.063`) -* [CVE-2023-29907](CVE-2023/CVE-2023-299xx/CVE-2023-29907.json) (`2023-05-02T14:10:44.453`) -* [CVE-2023-29908](CVE-2023/CVE-2023-299xx/CVE-2023-29908.json) (`2023-05-02T14:11:37.147`) -* [CVE-2023-29909](CVE-2023/CVE-2023-299xx/CVE-2023-29909.json) (`2023-05-02T14:12:31.197`) -* [CVE-2023-29910](CVE-2023/CVE-2023-299xx/CVE-2023-29910.json) (`2023-05-02T14:13:13.533`) -* [CVE-2023-29911](CVE-2023/CVE-2023-299xx/CVE-2023-29911.json) (`2023-05-02T14:13:39.450`) -* [CVE-2023-29912](CVE-2023/CVE-2023-299xx/CVE-2023-29912.json) (`2023-05-02T14:13:59.997`) -* [CVE-2023-29913](CVE-2023/CVE-2023-299xx/CVE-2023-29913.json) (`2023-05-02T14:14:13.937`) -* [CVE-2023-29914](CVE-2023/CVE-2023-299xx/CVE-2023-29914.json) (`2023-05-02T14:15:09.597`) -* [CVE-2023-29915](CVE-2023/CVE-2023-299xx/CVE-2023-29915.json) (`2023-05-02T14:15:34.940`) -* [CVE-2023-29916](CVE-2023/CVE-2023-299xx/CVE-2023-29916.json) (`2023-05-02T14:15:59.907`) -* [CVE-2023-29917](CVE-2023/CVE-2023-299xx/CVE-2023-29917.json) (`2023-05-02T14:16:12.623`) -* [CVE-2023-30183](CVE-2023/CVE-2023-301xx/CVE-2023-30183.json) (`2023-05-02T14:15:09.557`) -* [CVE-2023-30458](CVE-2023/CVE-2023-304xx/CVE-2023-30458.json) (`2023-05-02T14:10:32.133`) -* [CVE-2023-31084](CVE-2023/CVE-2023-310xx/CVE-2023-31084.json) (`2023-05-02T14:17:32.120`) -* [CVE-2023-31085](CVE-2023/CVE-2023-310xx/CVE-2023-31085.json) (`2023-05-02T14:11:02.420`) -* [CVE-2023-32007](CVE-2023/CVE-2023-320xx/CVE-2023-32007.json) (`2023-05-02T15:15:23.837`) +* [CVE-2022-36963](CVE-2022/CVE-2022-369xx/CVE-2022-36963.json) (`2023-05-02T17:09:42.237`) +* [CVE-2022-47505](CVE-2022/CVE-2022-475xx/CVE-2022-47505.json) (`2023-05-02T17:10:35.553`) +* [CVE-2022-47930](CVE-2022/CVE-2022-479xx/CVE-2022-47930.json) (`2023-05-02T16:45:58.687`) +* [CVE-2023-1255](CVE-2023/CVE-2023-12xx/CVE-2023-1255.json) (`2023-05-02T16:42:01.440`) +* [CVE-2023-1324](CVE-2023/CVE-2023-13xx/CVE-2023-1324.json) (`2023-05-02T16:35:34.763`) +* [CVE-2023-2215](CVE-2023/CVE-2023-22xx/CVE-2023-2215.json) (`2023-05-02T17:35:03.033`) +* [CVE-2023-2216](CVE-2023/CVE-2023-22xx/CVE-2023-2216.json) (`2023-05-02T17:58:01.530`) +* [CVE-2023-2217](CVE-2023/CVE-2023-22xx/CVE-2023-2217.json) (`2023-05-02T17:58:39.340`) +* [CVE-2023-2240](CVE-2023/CVE-2023-22xx/CVE-2023-2240.json) (`2023-05-02T17:39:02.753`) +* [CVE-2023-2242](CVE-2023/CVE-2023-22xx/CVE-2023-2242.json) (`2023-05-02T17:21:58.343`) +* [CVE-2023-2243](CVE-2023/CVE-2023-22xx/CVE-2023-2243.json) (`2023-05-02T17:20:46.443`) +* [CVE-2023-2245](CVE-2023/CVE-2023-22xx/CVE-2023-2245.json) (`2023-05-02T17:41:11.897`) +* [CVE-2023-22686](CVE-2023/CVE-2023-226xx/CVE-2023-22686.json) (`2023-05-02T17:16:41.387`) +* [CVE-2023-23753](CVE-2023/CVE-2023-237xx/CVE-2023-23753.json) (`2023-05-02T17:10:25.427`) +* [CVE-2023-23938](CVE-2023/CVE-2023-239xx/CVE-2023-23938.json) (`2023-05-02T17:29:19.817`) +* [CVE-2023-25514](CVE-2023/CVE-2023-255xx/CVE-2023-25514.json) (`2023-05-02T17:26:57.987`) +* [CVE-2023-26556](CVE-2023/CVE-2023-265xx/CVE-2023-26556.json) (`2023-05-02T17:05:35.907`) +* [CVE-2023-26557](CVE-2023/CVE-2023-265xx/CVE-2023-26557.json) (`2023-05-02T17:06:10.073`) +* [CVE-2023-27350](CVE-2023/CVE-2023-273xx/CVE-2023-27350.json) (`2023-05-02T16:06:04.117`) +* [CVE-2023-27351](CVE-2023/CVE-2023-273xx/CVE-2023-27351.json) (`2023-05-02T16:19:23.810`) +* [CVE-2023-29575](CVE-2023/CVE-2023-295xx/CVE-2023-29575.json) (`2023-05-02T17:35:02.573`) +* [CVE-2023-29848](CVE-2023/CVE-2023-298xx/CVE-2023-29848.json) (`2023-05-02T16:44:29.473`) +* [CVE-2023-29849](CVE-2023/CVE-2023-298xx/CVE-2023-29849.json) (`2023-05-02T16:43:18.270`) +* [CVE-2023-31043](CVE-2023/CVE-2023-310xx/CVE-2023-31043.json) (`2023-05-02T17:16:27.860`) ## Download and Usage