From 7647f469258380ee8faab5bf244eeaa1416c41d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Helmke?= Date: Tue, 16 May 2023 20:00:28 +0200 Subject: [PATCH] Auto-Update: 2023-05-16T18:00:25.654977+00:00 --- CVE-2002/CVE-2002-200xx/CVE-2002-20001.json | 429 +++++++++++++++++++- CVE-2020/CVE-2020-233xx/CVE-2020-23362.json | 65 ++- CVE-2022/CVE-2022-468xx/CVE-2022-46819.json | 47 ++- CVE-2022/CVE-2022-468xx/CVE-2022-46861.json | 47 ++- CVE-2023/CVE-2023-249xx/CVE-2023-24953.json | 79 +++- CVE-2023/CVE-2023-249xx/CVE-2023-24954.json | 137 ++++++- CVE-2023/CVE-2023-258xx/CVE-2023-25833.json | 67 ++- CVE-2023/CVE-2023-258xx/CVE-2023-25834.json | 57 ++- CVE-2023/CVE-2023-27xx/CVE-2023-2739.json | 84 ++++ CVE-2023/CVE-2023-27xx/CVE-2023-2740.json | 88 ++++ CVE-2023/CVE-2023-280xx/CVE-2023-28076.json | 55 +++ CVE-2023/CVE-2023-300xx/CVE-2023-30086.json | 75 +++- CVE-2023/CVE-2023-300xx/CVE-2023-30087.json | 65 ++- CVE-2023/CVE-2023-311xx/CVE-2023-31136.json | 82 +++- CVE-2023/CVE-2023-311xx/CVE-2023-31137.json | 57 ++- CVE-2023/CVE-2023-311xx/CVE-2023-31139.json | 77 +++- CVE-2023/CVE-2023-311xx/CVE-2023-31143.json | 53 ++- CVE-2023/CVE-2023-318xx/CVE-2023-31890.json | 20 + CVE-2023/CVE-2023-320xx/CVE-2023-32060.json | 74 +++- CVE-2023/CVE-2023-320xx/CVE-2023-32069.json | 63 ++- CVE-2023/CVE-2023-320xx/CVE-2023-32071.json | 87 +++- CVE-2023/CVE-2023-329xx/CVE-2023-32977.json | 20 + CVE-2023/CVE-2023-329xx/CVE-2023-32978.json | 20 + CVE-2023/CVE-2023-329xx/CVE-2023-32979.json | 20 + CVE-2023/CVE-2023-329xx/CVE-2023-32980.json | 20 + CVE-2023/CVE-2023-329xx/CVE-2023-32981.json | 20 + CVE-2023/CVE-2023-329xx/CVE-2023-32982.json | 20 + CVE-2023/CVE-2023-329xx/CVE-2023-32983.json | 20 + CVE-2023/CVE-2023-329xx/CVE-2023-32984.json | 20 + CVE-2023/CVE-2023-329xx/CVE-2023-32985.json | 20 + CVE-2023/CVE-2023-329xx/CVE-2023-32986.json | 20 + CVE-2023/CVE-2023-329xx/CVE-2023-32987.json | 20 + CVE-2023/CVE-2023-329xx/CVE-2023-32988.json | 20 + CVE-2023/CVE-2023-329xx/CVE-2023-32989.json | 20 + CVE-2023/CVE-2023-329xx/CVE-2023-32990.json | 20 + CVE-2023/CVE-2023-329xx/CVE-2023-32991.json | 20 + CVE-2023/CVE-2023-329xx/CVE-2023-32992.json | 20 + CVE-2023/CVE-2023-329xx/CVE-2023-32993.json | 20 + CVE-2023/CVE-2023-329xx/CVE-2023-32994.json | 20 + CVE-2023/CVE-2023-329xx/CVE-2023-32995.json | 20 + CVE-2023/CVE-2023-329xx/CVE-2023-32996.json | 20 + CVE-2023/CVE-2023-329xx/CVE-2023-32997.json | 20 + CVE-2023/CVE-2023-329xx/CVE-2023-32998.json | 20 + CVE-2023/CVE-2023-329xx/CVE-2023-32999.json | 20 + CVE-2023/CVE-2023-330xx/CVE-2023-33000.json | 20 + CVE-2023/CVE-2023-330xx/CVE-2023-33001.json | 20 + CVE-2023/CVE-2023-330xx/CVE-2023-33002.json | 20 + CVE-2023/CVE-2023-330xx/CVE-2023-33003.json | 20 + CVE-2023/CVE-2023-330xx/CVE-2023-33004.json | 20 + CVE-2023/CVE-2023-330xx/CVE-2023-33005.json | 20 + CVE-2023/CVE-2023-330xx/CVE-2023-33006.json | 20 + CVE-2023/CVE-2023-330xx/CVE-2023-33007.json | 20 + README.md | 96 +++-- 53 files changed, 2395 insertions(+), 129 deletions(-) create mode 100644 CVE-2023/CVE-2023-27xx/CVE-2023-2739.json create mode 100644 CVE-2023/CVE-2023-27xx/CVE-2023-2740.json create mode 100644 CVE-2023/CVE-2023-280xx/CVE-2023-28076.json create mode 100644 CVE-2023/CVE-2023-318xx/CVE-2023-31890.json create mode 100644 CVE-2023/CVE-2023-329xx/CVE-2023-32977.json create mode 100644 CVE-2023/CVE-2023-329xx/CVE-2023-32978.json create mode 100644 CVE-2023/CVE-2023-329xx/CVE-2023-32979.json create mode 100644 CVE-2023/CVE-2023-329xx/CVE-2023-32980.json create mode 100644 CVE-2023/CVE-2023-329xx/CVE-2023-32981.json create mode 100644 CVE-2023/CVE-2023-329xx/CVE-2023-32982.json create mode 100644 CVE-2023/CVE-2023-329xx/CVE-2023-32983.json create mode 100644 CVE-2023/CVE-2023-329xx/CVE-2023-32984.json create mode 100644 CVE-2023/CVE-2023-329xx/CVE-2023-32985.json create mode 100644 CVE-2023/CVE-2023-329xx/CVE-2023-32986.json create mode 100644 CVE-2023/CVE-2023-329xx/CVE-2023-32987.json create mode 100644 CVE-2023/CVE-2023-329xx/CVE-2023-32988.json create mode 100644 CVE-2023/CVE-2023-329xx/CVE-2023-32989.json create mode 100644 CVE-2023/CVE-2023-329xx/CVE-2023-32990.json create mode 100644 CVE-2023/CVE-2023-329xx/CVE-2023-32991.json create mode 100644 CVE-2023/CVE-2023-329xx/CVE-2023-32992.json create mode 100644 CVE-2023/CVE-2023-329xx/CVE-2023-32993.json create mode 100644 CVE-2023/CVE-2023-329xx/CVE-2023-32994.json create mode 100644 CVE-2023/CVE-2023-329xx/CVE-2023-32995.json create mode 100644 CVE-2023/CVE-2023-329xx/CVE-2023-32996.json create mode 100644 CVE-2023/CVE-2023-329xx/CVE-2023-32997.json create mode 100644 CVE-2023/CVE-2023-329xx/CVE-2023-32998.json create mode 100644 CVE-2023/CVE-2023-329xx/CVE-2023-32999.json create mode 100644 CVE-2023/CVE-2023-330xx/CVE-2023-33000.json create mode 100644 CVE-2023/CVE-2023-330xx/CVE-2023-33001.json create mode 100644 CVE-2023/CVE-2023-330xx/CVE-2023-33002.json create mode 100644 CVE-2023/CVE-2023-330xx/CVE-2023-33003.json create mode 100644 CVE-2023/CVE-2023-330xx/CVE-2023-33004.json create mode 100644 CVE-2023/CVE-2023-330xx/CVE-2023-33005.json create mode 100644 CVE-2023/CVE-2023-330xx/CVE-2023-33006.json create mode 100644 CVE-2023/CVE-2023-330xx/CVE-2023-33007.json diff --git a/CVE-2002/CVE-2002-200xx/CVE-2002-20001.json b/CVE-2002/CVE-2002-200xx/CVE-2002-20001.json index 8eadb07f5f3..57641f08dd0 100644 --- a/CVE-2002/CVE-2002-200xx/CVE-2002-20001.json +++ b/CVE-2002/CVE-2002-200xx/CVE-2002-20001.json @@ -2,8 +2,8 @@ "id": "CVE-2002-20001", "sourceIdentifier": "cve@mitre.org", "published": "2021-11-11T19:15:07.380", - "lastModified": "2022-11-09T18:15:10.340", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-05-16T16:15:29.937", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -77,6 +77,7 @@ ], "configurations": [ { + "operator": "AND", "nodes": [ { "operator": "OR", @@ -90,48 +91,449 @@ ] } ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*", + "matchCriteriaId": "F13F07CC-739B-465C-9184-0E9D708BD4C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", + "matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:*:*:*", + "matchCriteriaId": "70A029CD-2AC4-4877-B1A4-5C72B351BA27" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.1.0", + "versionEndIncluding": "17.1.0", + "matchCriteriaId": "CE73DAA2-9CCA-4BD6-B11A-9326F79D9ABB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.1.0", + "versionEndIncluding": "17.1.0", + "matchCriteriaId": "475E283C-8F3C-4051-B9E8-349845F8C528" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.1.0", + "versionEndIncluding": "17.1.0", + "matchCriteriaId": "956AC9F3-2042-4C21-A5E4-D2D4334D2FC3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.1.0", + "versionEndIncluding": "17.1.0", + "matchCriteriaId": "E17DBD3E-F5AC-4A35-81E0-C4804CAD78F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.1.0", + "versionEndIncluding": "17.1.0", + "matchCriteriaId": "346B71B1-D583-4463-ADF8-BEE700B0CA3A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.1.0", + "versionEndIncluding": "17.1.0", + "matchCriteriaId": "B2AA25BA-72C5-48A9-BDBC-CA108208011F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.1.0", + "versionEndIncluding": "17.1.0", + "matchCriteriaId": "308B0070-6716-4754-A5E4-C3D70CAB376B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.1.0", + "versionEndIncluding": "17.1.0", + "matchCriteriaId": "8F26AB06-7FEB-4A56-B722-DBDEEE628DB8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.1.0", + "versionEndIncluding": "17.1.0", + "matchCriteriaId": "EE48C9C9-6B84-4A4A-963D-6DFE0C2FB312" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.1.0", + "versionEndIncluding": "17.1.0", + "matchCriteriaId": "878CD8E6-6B9B-431D-BD15-F954C7B8076F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.1.0", + "versionEndIncluding": "17.1.0", + "matchCriteriaId": "4D9DB9B9-2959-448E-9B59-C873584A0E11" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.1.0", + "versionEndIncluding": "17.1.0", + "matchCriteriaId": "6AF04191-019B-4BC9-A9A7-7B7AA9B5B7D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.1.0", + "versionEndIncluding": "17.1.0", + "matchCriteriaId": "F62D754D-A4A1-4093-AB42-9F51C19976CA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.1.0", + "versionEndIncluding": "17.1.0", + "matchCriteriaId": "90084CD6-FA4B-4305-BC65-58237BAF714E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.1.0", + "versionEndIncluding": "17.1.0", + "matchCriteriaId": "BC9D4626-915F-42E5-81E0-6F8271084773" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.1.0", + "versionEndIncluding": "17.1.0", + "matchCriteriaId": "7056F1FA-24AC-4D9F-8DDC-B3CA4740BF5E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_service_proxy:1.6.0:*:*:*:*:kubernetes:*:*", + "matchCriteriaId": "BC5AC8C7-92BA-48D4-81A1-F5323DA952A9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.1.0", + "versionEndIncluding": "17.1.0", + "matchCriteriaId": "E48AC50D-19B3-4E97-ADD2-B661BD891ED7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.1.0", + "versionEndIncluding": "17.1.0", + "matchCriteriaId": "B13C4244-BE15-4F2C-BBBA-35072571B041" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.1.0", + "versionEndIncluding": "17.1.0", + "matchCriteriaId": "C1B4FBF6-C23A-4BD2-ADFB-9617C03B603A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndIncluding": "8.2.0", + "matchCriteriaId": "360D8842-2C55-450F-9AFA-09CA34B12598" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:big-iq_centralized_management:7.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DA0B396A-B5CE-4337-A33A-EF58C4589CB3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:f5os-a:1.3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C4A3C86A-CA2F-4AC8-A43E-765829A96147" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:f5os-a:1.3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "03E01235-F9B0-4CCF-AA08-FECF61C62B21" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:f5os-c:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.3.0", + "versionEndIncluding": "1.3.2", + "matchCriteriaId": "3BFAE8EC-9A5F-421D-990D-B6D454DECAEC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:f5os-c:1.5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BC3EDB8D-5C16-49DF-BE48-C83744AD7788" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:f5os-c:1.5.1:*:*:*:*:*:*:*", + "matchCriteriaId": "12FEEABD-9A4A-4A33-9B74-7B053352C47D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:traffix_sdc:5.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "693DE548-00FA-4057-8FC9-6EB3761FBB24" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:f5:traffix_sdc:5.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "E2D78E00-C168-4493-A279-699E480F59E2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.06.0000", + "versionEndExcluding": "10.06.0180", + "matchCriteriaId": "3B3AD582-9909-4FF5-B541-571F18E22356" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.07.0000", + "versionEndExcluding": "10.07.0030", + "matchCriteriaId": "21F81EB2-3916-4DC6-9600-B7FD17906B53" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.08.0000", + "versionEndExcluding": "10.08.0010", + "matchCriteriaId": "71284AA8-9E0E-4B2F-8464-B49E1D6965B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.09.0000", + "versionEndExcluding": "10.09.0002", + "matchCriteriaId": "F059E5A9-E613-4BE1-BF61-C477B3441175" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hpe:aruba_cx_4100i:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B7C2B56C-203F-4290-BCE7-8BD751DF9CEF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hpe:aruba_cx_6100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FF1DD310-3D31-4204-92E0-70C33EE44F08" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hpe:aruba_cx_6200f:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FCD1A83B-109B-4596-AE37-706751E2B57D" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hpe:aruba_cx_6200m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1218AAA5-01ED-4D89-A7AE-A600356ABD46" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hpe:aruba_cx_6300f:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4D6F748F-89E9-45FB-8BE7-2201E5EB2755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hpe:aruba_cx_6300m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8066A871-2683-4F74-9750-E73BF004209F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hpe:aruba_cx_6405:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D118A9A6-BBA4-4149-AE0D-1DA2EB45B53F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hpe:aruba_cx_6410:-:*:*:*:*:*:*:*", + "matchCriteriaId": "790C5E7A-3405-4873-83E8-4D9C0FEC5E6D" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hpe:aruba_cx_8320:-:*:*:*:*:*:*:*", + "matchCriteriaId": "10B5F18A-28B0-49B4-8374-C681C2B48D2A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hpe:aruba_cx_8325-32c:-:*:*:*:*:*:*:*", + "matchCriteriaId": "59B7E2D3-0B72-4A78-AEFA-F106FAD38156" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hpe:aruba_cx_8325-48y8c:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7E87A92B-4EE5-4235-A0DA-195F27841DBB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hpe:aruba_cx_8360-12c:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6BC24E52-13C0-402F-9ABF-A1DE51719AEF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hpe:aruba_cx_8360-16y2c:-:*:*:*:*:*:*:*", + "matchCriteriaId": "76EF979E-061A-42A3-B161-B835E92ED180" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hpe:aruba_cx_8360-24xf2c:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DE04919C-9289-4FB3-938F-F8BB15EC6A74" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hpe:aruba_cx_8360-32y4c:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B630C64B-C474-477D-A80B-A0FB73ACCC49" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hpe:aruba_cx_8360-48xt4c:-:*:*:*:*:*:*:*", + "matchCriteriaId": "53ABE8B8-A4F6-400B-A893-314BE24D06B8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hpe:aruba_cx_8360-48y6c:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C44383CC-3751-455E-B1AB-39B16F40DC76" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hpe:aruba_cx_8400:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B25A9CD2-5E5F-4BDB-8707-5D6941411A2B" + } + ] + } + ] } ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://dheatattack.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/Balasys/dheater", "source": "cve@mitre.org", "tags": [ - "Third Party Advisory" + "Product" ] }, { "url": "https://github.com/mozilla/ssl-config-generator/issues/162", "source": "cve@mitre.org", "tags": [ - "Third Party Advisory" + "Issue Tracking" ] }, { "url": "https://support.f5.com/csp/article/K83120834", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.reddit.com/r/netsec/comments/qdoosy/server_overload_by_enforcing_dhe_key_exchange/", "source": "cve@mitre.org", "tags": [ - "Third Party Advisory" + "Issue Tracking" ] }, { @@ -139,12 +541,15 @@ "source": "cve@mitre.org", "tags": [ "Exploit", - "Third Party Advisory" + "Technical Description" ] }, { "url": "https://www.suse.com/support/kb/doc/?id=000020510", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-233xx/CVE-2020-23362.json b/CVE-2020/CVE-2020-233xx/CVE-2020-23362.json index 26d3e37bbe6..9bdbd194df1 100644 --- a/CVE-2020/CVE-2020-233xx/CVE-2020-23362.json +++ b/CVE-2020/CVE-2020-233xx/CVE-2020-23362.json @@ -2,19 +2,76 @@ "id": "CVE-2020-23362", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-09T16:15:13.963", - "lastModified": "2023-05-09T17:37:00.247", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-16T17:17:58.727", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Insecure Permissons vulnerability found in Shop_CMS YerShop all versions allows a remote attacker to escalate privileges via the cover_id parameter." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yershop_project:yershop:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7EA9478C-AE02-4BEA-9ECF-CBE71D8FB501" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/huyiwill/shopcms_lang/issues/1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-468xx/CVE-2022-46819.json b/CVE-2022/CVE-2022-468xx/CVE-2022-46819.json index 61311b23ecb..e1070cd1990 100644 --- a/CVE-2022/CVE-2022-468xx/CVE-2022-46819.json +++ b/CVE-2022/CVE-2022-468xx/CVE-2022-46819.json @@ -2,8 +2,8 @@ "id": "CVE-2022-46819", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-10T10:15:10.437", - "lastModified": "2023-05-10T13:06:16.563", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-16T16:17:27.237", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gopiplus:continuous_announcement_scroller:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "13.0", + "matchCriteriaId": "1454894D-AA5A-4AD0-B6E6-8467FE64F140" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/continuous-announcement-scroller/wordpress-continuous-announcement-scroller-plugin-13-0-cross-site-scripting-xss?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-468xx/CVE-2022-46861.json b/CVE-2022/CVE-2022-468xx/CVE-2022-46861.json index 54227014838..f7e1331f351 100644 --- a/CVE-2022/CVE-2022-468xx/CVE-2022-46861.json +++ b/CVE-2022/CVE-2022-468xx/CVE-2022-46861.json @@ -2,8 +2,8 @@ "id": "CVE-2022-46861", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-10T10:15:10.537", - "lastModified": "2023-05-10T13:06:16.563", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-16T16:17:13.987", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:web-settler:custom_login_page_styler:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "6.2", + "matchCriteriaId": "6F2C7872-13E1-445E-ADA2-5974105715DB" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/login-page-styler/wordpress-login-page-styler-plugin-6-2-cross-site-scripting-xss?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-249xx/CVE-2023-24953.json b/CVE-2023/CVE-2023-249xx/CVE-2023-24953.json index 43b0c6c5514..145be981d57 100644 --- a/CVE-2023/CVE-2023-249xx/CVE-2023-24953.json +++ b/CVE-2023/CVE-2023-249xx/CVE-2023-24953.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24953", "sourceIdentifier": "secure@microsoft.com", "published": "2023-05-09T18:15:13.203", - "lastModified": "2023-05-09T18:23:25.203", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-16T16:16:11.117", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -34,10 +34,83 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "40C15EDD-98D4-4D06-BA06-21AE0F33C72D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*", + "matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", + "matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*", + "matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", + "matchCriteriaId": "FF177984-A906-43FA-BF60-298133FBBD6B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", + "matchCriteriaId": "40961B9E-80B6-42E0-A876-58B3CE056E4E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:*:*", + "matchCriteriaId": "6C9D7C93-E8CB-4A8A-BA15-093B03ACC62F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*", + "matchCriteriaId": "BF0E8112-5B6F-4E55-8E40-38ADCF6FC654" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E98AE986-FA31-4301-8025-E8915BA4AC5E" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24953", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-249xx/CVE-2023-24954.json b/CVE-2023/CVE-2023-249xx/CVE-2023-24954.json index 6e0c326b643..02818bb8adb 100644 --- a/CVE-2023/CVE-2023-249xx/CVE-2023-24954.json +++ b/CVE-2023/CVE-2023-249xx/CVE-2023-24954.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24954", "sourceIdentifier": "secure@microsoft.com", "published": "2023-05-09T18:15:13.260", - "lastModified": "2023-05-09T18:23:25.203", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-16T16:10:02.777", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -34,10 +34,141 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.10240.19926", + "matchCriteriaId": "0855C3A7-36C3-4398-9208-1FC8A02F40D0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.5921", + "matchCriteriaId": "BAB00F09-4CCF-4AB6-85CE-07298A21C1D9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.4377", + "matchCriteriaId": "DAF1C808-45D2-4C43-81F0-0E3DC697A31A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19042.2965", + "matchCriteriaId": "8B7C959F-A277-4B18-B7D8-6CC8A5D01469" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19044.2965", + "matchCriteriaId": "B1DB7F7A-A2CA-462C-A75C-A6739899C14B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19045.2965", + "matchCriteriaId": "A7450AB6-B09E-4C37-82FD-274675C0F8AF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.1936", + "matchCriteriaId": "7E42EF0F-F78C-49E8-BC26-09AF1C0730E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.1702", + "matchCriteriaId": "C8267EF4-E3E6-4FA1-8090-965AE770B313" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", + "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", + "matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", + "matchCriteriaId": "9C082CC4-6128-475D-BC19-B239E348FDB2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", + "matchCriteriaId": "AC8BB33F-44C4-41FE-8B17-68E3C4B38142" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", + "matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24954", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-258xx/CVE-2023-25833.json b/CVE-2023/CVE-2023-258xx/CVE-2023-25833.json index 872b83f64be..3d820fbd423 100644 --- a/CVE-2023/CVE-2023-258xx/CVE-2023-25833.json +++ b/CVE-2023/CVE-2023-258xx/CVE-2023-25833.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25833", "sourceIdentifier": "psirt@esri.com", "published": "2023-05-10T02:15:08.933", - "lastModified": "2023-05-10T02:29:55.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-16T17:50:14.373", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,8 +13,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "psirt@esri.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, + { + "source": "psirt@esri.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "psirt@esri.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, + { + "source": "psirt@esri.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,14 +76,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:*", + "versionEndIncluding": "11.0", + "matchCriteriaId": "6BE67D5A-F389-4819-BEF6-F17CE6114D54" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8095", - "source": "psirt@esri.com" + "source": "psirt@esri.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2023-update-1-patch-is-now-available/", - "source": "psirt@esri.com" + "source": "psirt@esri.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-258xx/CVE-2023-25834.json b/CVE-2023/CVE-2023-258xx/CVE-2023-25834.json index cc8268c5ca3..7b9f951ce65 100644 --- a/CVE-2023/CVE-2023-258xx/CVE-2023-25834.json +++ b/CVE-2023/CVE-2023-258xx/CVE-2023-25834.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25834", "sourceIdentifier": "psirt@esri.com", "published": "2023-05-09T16:15:14.263", - "lastModified": "2023-05-09T17:37:00.247", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-16T17:26:50.917", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,8 +13,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "psirt@esri.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + }, + { + "source": "psirt@esri.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", @@ -46,14 +66,41 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.7.1", + "versionEndIncluding": "10.9.1", + "matchCriteriaId": "92E7BFF6-A949-45B0-BC21-4D219732F6FE" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8095", - "source": "psirt@esri.com" + "source": "psirt@esri.com", + "tags": [ + "Patch", + "Release Notes" + ] }, { "url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2023-update-1-patch-is-now-available/", - "source": "psirt@esri.com" + "source": "psirt@esri.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2739.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2739.json new file mode 100644 index 00000000000..58e00525f7e --- /dev/null +++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2739.json @@ -0,0 +1,84 @@ +{ + "id": "CVE-2023-2739", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-05-16T16:15:10.027", + "lastModified": "2023-05-16T16:15:10.027", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic was found in Gira HomeServer up to 4.12.0.220829 beta. This vulnerability affects unknown code of the file /hslist. The manipulation of the argument lst with the input debug%27\"> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-229150 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 5.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.229150", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.229150", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2740.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2740.json new file mode 100644 index 00000000000..335f71020f3 --- /dev/null +++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2740.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-2740", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-05-16T17:15:11.433", + "lastModified": "2023-05-16T17:15:11.433", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, has been found in SourceCodester Guest Management System 1.0. Affected by this issue is some unknown functionality of the file dateTest.php of the component GET Parameter Handler. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229160." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/xryj920/CVE/blob/main/XSS.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.229160", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.229160", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-280xx/CVE-2023-28076.json b/CVE-2023/CVE-2023-280xx/CVE-2023-28076.json new file mode 100644 index 00000000000..86ee6ac0064 --- /dev/null +++ b/CVE-2023/CVE-2023-280xx/CVE-2023-28076.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28076", + "sourceIdentifier": "security_alert@emc.com", + "published": "2023-05-16T16:15:09.513", + "lastModified": "2023-05-16T16:15:09.513", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nCloudLink 7.1.2 and all prior versions contain a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability leading to some information disclosure.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security_alert@emc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security_alert@emc.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-327" + } + ] + } + ], + "references": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000212095/dsa-2023-121-dell-cloudlink-security-update-for-aes-gcm-ciphers-vulnerability", + "source": "security_alert@emc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-300xx/CVE-2023-30086.json b/CVE-2023/CVE-2023-300xx/CVE-2023-30086.json index e88c523b20f..414c54451b0 100644 --- a/CVE-2023/CVE-2023-300xx/CVE-2023-30086.json +++ b/CVE-2023/CVE-2023-300xx/CVE-2023-30086.json @@ -2,27 +2,90 @@ "id": "CVE-2023-30086", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-09T16:15:14.507", - "lastModified": "2023-05-09T17:37:00.247", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-16T17:11:01.003", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:libtiff:libtiff:4.0.7:*:*:*:*:*:*:*", + "matchCriteriaId": "FE968DD2-24BE-4417-A6DF-D79E40E07766" + } + ] + } + ] + } + ], "references": [ { "url": "http://libtiff-release-v4-0-7.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "http://tiffcp.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://gitlab.com/libtiff/libtiff/-/issues/538", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-300xx/CVE-2023-30087.json b/CVE-2023/CVE-2023-300xx/CVE-2023-30087.json index bc2806b4dc0..bd3cb35957b 100644 --- a/CVE-2023/CVE-2023-300xx/CVE-2023-30087.json +++ b/CVE-2023/CVE-2023-300xx/CVE-2023-30087.json @@ -2,19 +2,76 @@ "id": "CVE-2023-30087", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-09T16:15:14.547", - "lastModified": "2023-05-09T17:36:56.357", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-16T17:06:52.870", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_mk_string function in mjs.c." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cesanta:mjs:1.26:*:*:*:*:*:*:*", + "matchCriteriaId": "25C97820-C80A-41CE-B510-F292D2AF665E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/cesanta/mjs/issues/244", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31136.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31136.json index 05800c49049..c2b448e2519 100644 --- a/CVE-2023/CVE-2023-311xx/CVE-2023-31136.json +++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31136.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31136", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-09T14:15:13.520", - "lastModified": "2023-05-09T14:30:54.950", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-16T16:43:07.007", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,38 +66,80 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vapor:postgresnio:*:*:*:*:*:postgresql:*:*", + "versionEndExcluding": "1.14.2", + "matchCriteriaId": "F30C6121-3F39-47E8-8EDF-DB10D6A63BDB" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/advisories/GHSA-467w-rrqc-395f", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Not Applicable" + ] }, { "url": "https://github.com/advisories/GHSA-735f-7qx4-jqq5", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Not Applicable" + ] }, { "url": "https://github.com/apple/swift-nio/pull/2419", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/vapor/postgres-nio/commit/2df54bc94607f44584ae6ffa74e3cd754fffafc7", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/vapor/postgres-nio/releases/tag/1.14.2", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/vapor/postgres-nio/security/advisories/GHSA-9cfh-vx93-84vv", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.postgresql.org/support/security/CVE-2021-23214/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Not Applicable" + ] }, { "url": "https://www.postgresql.org/support/security/CVE-2021-23222/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31137.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31137.json index e11557e1e68..332d82579dc 100644 --- a/CVE-2023/CVE-2023-311xx/CVE-2023-31137.json +++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31137.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31137", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-09T14:15:13.607", - "lastModified": "2023-05-09T14:30:54.950", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-16T16:47:46.977", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +66,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:maradns:maradns:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.5.0024", + "matchCriteriaId": "7CE5BE73-8D74-4618-AECC-3D28D3E70521" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/samboy/MaraDNS/blob/08b21ea20d80cedcb74aa8f14979ec7c61846663/dns/Decompress.c#L886", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/samboy/MaraDNS/commit/bab062bde40b2ae8a91eecd522e84d8b993bab58", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/samboy/MaraDNS/security/advisories/GHSA-58m7-826v-9c3c", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31139.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31139.json index 1bd68ab1fc4..4039ae9e34e 100644 --- a/CVE-2023/CVE-2023-311xx/CVE-2023-31139.json +++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31139.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31139", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-09T15:15:10.233", - "lastModified": "2023-05-09T17:37:00.247", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-16T16:50:03.370", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,22 +66,67 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dhis2:dhis_2:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.37.0", + "versionEndExcluding": "2.37.9.1", + "matchCriteriaId": "C9B6C005-C18C-465C-871B-81E6574421D3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dhis2:dhis_2:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.38.0", + "versionEndExcluding": "2.38.3.1", + "matchCriteriaId": "BBFE0152-8392-4ECC-93FA-D6FEC9475846" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dhis2:dhis_2:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.39.0", + "versionEndExcluding": "2.39.1.2", + "matchCriteriaId": "9306C196-9620-47A0-AC31-84A85FB60BA0" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/dhis2/dhis2-core/security/advisories/GHSA-44g3-9mp4-prv3", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/dhis2/dhis2-releases/blob/master/releases/2.37/ReleaseNote-2.37.9.1.md", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/dhis2/dhis2-releases/blob/master/releases/2.38/ReleaseNote-2.38.3.1.md", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/dhis2/dhis2-releases/blob/master/releases/2.39/ReleaseNote-2.39.1.2.md", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31143.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31143.json index e07362f74aa..d3b87736a34 100644 --- a/CVE-2023/CVE-2023-311xx/CVE-2023-31143.json +++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31143.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31143", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-09T15:15:10.303", - "lastModified": "2023-05-09T17:37:00.247", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-16T16:56:16.440", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +66,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mage:mage-ai:*:*:*:*:*:python:*:*", + "versionStartIncluding": "0.8.34", + "versionEndExcluding": "0.8.72", + "matchCriteriaId": "ADC4138D-0C19-4231-AB14-FBF575748E57" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/mage-ai/mage-ai/commit/f63cd00f6a3be372397d37a4c9a49bfaf50d7650", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/mage-ai/mage-ai/security/advisories/GHSA-c6mm-2g84-v4m7", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-318xx/CVE-2023-31890.json b/CVE-2023/CVE-2023-318xx/CVE-2023-31890.json new file mode 100644 index 00000000000..3252ef1f57f --- /dev/null +++ b/CVE-2023/CVE-2023-318xx/CVE-2023-31890.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-31890", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-16T16:15:10.343", + "lastModified": "2023-05-16T16:15:10.343", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An XML Deserialization vulnerability in glazedlists v1.11.0 allows an attacker to execute arbitrary code via the BeanXMLByteCoder.decode() parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/glazedlists/glazedlists/issues/709", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32060.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32060.json index a6ff1f2af3b..8bc9617f0eb 100644 --- a/CVE-2023/CVE-2023-320xx/CVE-2023-32060.json +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32060.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32060", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-09T15:15:10.367", - "lastModified": "2023-05-09T17:37:00.247", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-16T17:04:16.300", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -50,10 +80,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dhis2:dhis_2:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.35.0", + "versionEndExcluding": "2.36.13", + "matchCriteriaId": "74791199-BB09-41D9-A1F8-AF5496A2599C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dhis2:dhis_2:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.37.0", + "versionEndExcluding": "2.37.8", + "matchCriteriaId": "94F6CC42-75F0-4E51-9E92-0FE0EC14B08F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dhis2:dhis_2:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.38.0", + "versionEndExcluding": "2.38.2", + "matchCriteriaId": "083AAA85-872D-4A80-9420-F0DE48B3E9FD" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/dhis2/dhis2-core/security/advisories/GHSA-7pwm-6rh2-2388", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32069.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32069.json index 6367c50d3cd..63dce240d06 100644 --- a/CVE-2023/CVE-2023-320xx/CVE-2023-32069.json +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32069.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32069", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-09T16:15:15.230", - "lastModified": "2023-05-09T17:36:56.357", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-16T17:34:32.947", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +66,51 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "14.10.4", + "matchCriteriaId": "BA7FCE38-8843-4EDE-AC01-DA70DC141AAB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:xwiki:3.3:milestone2:*:*:*:*:*:*", + "matchCriteriaId": "ED1AD3A5-E286-47E6-9DD5-023F165A8263" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/xwiki/xwiki-platform/commit/de72760d4a3e1e9be64a10660a0c19e9534e2ec4", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-36fm-j33w-c25f", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://jira.xwiki.org/browse/XWIKI-20566", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32071.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32071.json index a839b483526..6bfef52f4e0 100644 --- a/CVE-2023/CVE-2023-320xx/CVE-2023-32071.json +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32071.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32071", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-09T16:15:15.297", - "lastModified": "2023-05-09T17:36:56.357", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-16T17:41:40.890", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -50,22 +80,65 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.3", + "versionEndExcluding": "14.4.8", + "matchCriteriaId": "E0A4507D-89A9-4E23-960D-B04AFEC2D9C9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.5.0", + "versionEndExcluding": "14.10.4", + "matchCriteriaId": "AB27526E-A5F9-4592-9F16-A55A2253A22D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:xwiki:2.2:milestone1:*:*:*:*:*:*", + "matchCriteriaId": "C5DB4CA3-913F-48F6-95A9-25F350DDB537" + } + ] + } + ] + } + ], "references": [ { "url": "https://app.intigriti.com/company/submissions/e95a7ad5-7029-4627-abf0-3e3e3ea0b4ce/XWIKI-E93DFEYK", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://github.com/xwiki/xwiki-platform/commit/28905f7f518cc6f21ea61fe37e9e1ed97ef36f01", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j9h5-vcgv-2jfm", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://jira.xwiki.org/browse/XWIKI-20340", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32977.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32977.json new file mode 100644 index 00000000000..a0f828349ad --- /dev/null +++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32977.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-32977", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-05-16T16:15:10.507", + "lastModified": "2023-05-16T17:15:11.553", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32978.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32978.json new file mode 100644 index 00000000000..13a52a2f2ea --- /dev/null +++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32978.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-32978", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-05-16T16:15:10.610", + "lastModified": "2023-05-16T17:15:11.610", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins LDAP Plugin allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3046", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32979.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32979.json new file mode 100644 index 00000000000..922f8658a71 --- /dev/null +++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32979.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-32979", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-05-16T16:15:10.673", + "lastModified": "2023-05-16T17:15:11.657", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3088%20(1)", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32980.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32980.json new file mode 100644 index 00000000000..c420214ae82 --- /dev/null +++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32980.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-32980", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-05-16T16:15:10.753", + "lastModified": "2023-05-16T17:15:11.703", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3088%20(2)", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32981.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32981.json new file mode 100644 index 00000000000..ec7405485bf --- /dev/null +++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32981.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-32981", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-05-16T16:15:10.833", + "lastModified": "2023-05-16T16:15:10.833", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32982.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32982.json new file mode 100644 index 00000000000..c95432439ee --- /dev/null +++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32982.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-32982", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-05-16T16:15:10.920", + "lastModified": "2023-05-16T16:15:10.920", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3017", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32983.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32983.json new file mode 100644 index 00000000000..f641fa5ae82 --- /dev/null +++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32983.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-32983", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-05-16T16:15:10.980", + "lastModified": "2023-05-16T16:15:10.980", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3017", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32984.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32984.json new file mode 100644 index 00000000000..0b6ed09d77e --- /dev/null +++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32984.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-32984", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-05-16T16:15:11.033", + "lastModified": "2023-05-16T16:15:11.033", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin's test information pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a crafted TestNG report file." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3047", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32985.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32985.json new file mode 100644 index 00000000000..85c2d575ea6 --- /dev/null +++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32985.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-32985", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-05-16T16:15:11.090", + "lastModified": "2023-05-16T16:15:11.090", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Jenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3125", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32986.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32986.json new file mode 100644 index 00000000000..4179269dcec --- /dev/null +++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32986.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-32986", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-05-16T16:15:11.147", + "lastModified": "2023-05-16T16:15:11.147", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Jenkins File Parameter Plugin 285.v757c5b_67a_c25 and earlier does not restrict the name (and resulting uploaded file name) of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3123", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32987.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32987.json new file mode 100644 index 00000000000..a6a056adc24 --- /dev/null +++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32987.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-32987", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-05-16T16:15:11.200", + "lastModified": "2023-05-16T16:15:11.200", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3002", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32988.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32988.json new file mode 100644 index 00000000000..df063c09360 --- /dev/null +++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32988.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-32988", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-05-16T16:15:11.257", + "lastModified": "2023-05-16T16:15:11.257", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2855%20(1)", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32989.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32989.json new file mode 100644 index 00000000000..88f1f217270 --- /dev/null +++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32989.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-32989", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-05-16T16:15:11.310", + "lastModified": "2023-05-16T16:15:11.310", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2855%20(2)", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32990.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32990.json new file mode 100644 index 00000000000..4022e51affa --- /dev/null +++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32990.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-32990", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-05-16T17:15:11.753", + "lastModified": "2023-05-16T17:15:11.753", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2855%20(2)", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32991.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32991.json new file mode 100644 index 00000000000..ec072529628 --- /dev/null +++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32991.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-32991", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-05-16T17:15:11.803", + "lastModified": "2023-05-16T17:15:11.803", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2993", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32992.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32992.json new file mode 100644 index 00000000000..c787973d2c7 --- /dev/null +++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32992.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-32992", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-05-16T17:15:11.850", + "lastModified": "2023-05-16T17:15:11.850", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Missing permission checks in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2993", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32993.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32993.json new file mode 100644 index 00000000000..b26e1b34bc2 --- /dev/null +++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32993.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-32993", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-05-16T17:15:11.893", + "lastModified": "2023-05-16T17:15:11.893", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3001%20(1)", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32994.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32994.json new file mode 100644 index 00000000000..03cd0576edd --- /dev/null +++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32994.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-32994", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-05-16T17:15:11.937", + "lastModified": "2023-05-16T17:15:11.937", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 and earlier unconditionally disables SSL/TLS certificate validation for connections to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3001%20(2)", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32995.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32995.json new file mode 100644 index 00000000000..4ee3a26a1f8 --- /dev/null +++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32995.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-32995", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-05-16T17:15:11.980", + "lastModified": "2023-05-16T17:15:11.980", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2994", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32996.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32996.json new file mode 100644 index 00000000000..2e5410d05f8 --- /dev/null +++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32996.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-32996", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-05-16T17:15:12.027", + "lastModified": "2023-05-16T17:15:12.027", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2994", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32997.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32997.json new file mode 100644 index 00000000000..1cd67e1a08c --- /dev/null +++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32997.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-32997", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-05-16T17:15:12.067", + "lastModified": "2023-05-16T17:15:12.067", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3000", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32998.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32998.json new file mode 100644 index 00000000000..409baa80b79 --- /dev/null +++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32998.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-32998", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-05-16T17:15:12.110", + "lastModified": "2023-05-16T17:15:12.110", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3121", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32999.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32999.json new file mode 100644 index 00000000000..1a2101fe09d --- /dev/null +++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32999.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-32999", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-05-16T17:15:12.160", + "lastModified": "2023-05-16T17:15:12.160", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3121", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33000.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33000.json new file mode 100644 index 00000000000..8cde550713f --- /dev/null +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33000.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33000", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-05-16T17:15:12.207", + "lastModified": "2023-05-16T17:15:12.207", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier does not mask credentials displayed on the configuration form, increasing the potential for attackers to observe and capture them." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2962", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33001.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33001.json new file mode 100644 index 00000000000..5f7b6cdd947 --- /dev/null +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33001.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33001", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-05-16T17:15:12.250", + "lastModified": "2023-05-16T17:15:12.250", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3077", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33002.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33002.json new file mode 100644 index 00000000000..65177c12272 --- /dev/null +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33002.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33002", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-05-16T17:15:12.293", + "lastModified": "2023-05-16T17:15:12.293", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2892", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33003.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33003.json new file mode 100644 index 00000000000..33f8f59b14e --- /dev/null +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33003.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33003", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-05-16T17:15:12.340", + "lastModified": "2023-05-16T17:15:12.340", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers to reset profiler statistics." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3083", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33004.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33004.json new file mode 100644 index 00000000000..e9da7d2442f --- /dev/null +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33004.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33004", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-05-16T17:15:12.377", + "lastModified": "2023-05-16T17:15:12.377", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A missing permission check in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers with Overall/Read permission to reset profiler statistics." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3083", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33005.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33005.json new file mode 100644 index 00000000000..5f09ec5bc15 --- /dev/null +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33005.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33005", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-05-16T17:15:12.420", + "lastModified": "2023-05-16T17:15:12.420", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2991", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33006.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33006.json new file mode 100644 index 00000000000..26546eba022 --- /dev/null +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33006.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33006", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-05-16T17:15:12.467", + "lastModified": "2023-05-16T17:15:12.467", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2990", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33007.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33007.json new file mode 100644 index 00000000000..0f9008d2bfd --- /dev/null +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33007.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33007", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-05-16T17:15:12.507", + "lastModified": "2023-05-16T17:15:12.507", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Jenkins LoadComplete support Plugin 1.0 and earlier does not escape the LoadComplete test name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2903", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 8e2fc9f7244..5cecb40ac58 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-05-16T16:00:26.016591+00:00 +2023-05-16T18:00:25.654977+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-05-16T15:35:50.050000+00:00 +2023-05-16T17:50:14.373000+00:00 ``` ### Last Data Feed Release @@ -29,53 +29,71 @@ Download and Changelog: [Click](releases/latest) ### Total Number of included CVEs ```plain -215360 +215395 ``` ### CVEs added in the last Commit -Recently added CVEs: `8` +Recently added CVEs: `35` -* [CVE-2023-2738](CVE-2023/CVE-2023-27xx/CVE-2023-2738.json) (`2023-05-16T15:15:09.110`) -* [CVE-2023-29439](CVE-2023/CVE-2023-294xx/CVE-2023-29439.json) (`2023-05-16T15:15:08.983`) -* [CVE-2023-31519](CVE-2023/CVE-2023-315xx/CVE-2023-31519.json) (`2023-05-16T15:15:09.217`) -* [CVE-2023-31572](CVE-2023/CVE-2023-315xx/CVE-2023-31572.json) (`2023-05-16T14:15:09.540`) -* [CVE-2023-31576](CVE-2023/CVE-2023-315xx/CVE-2023-31576.json) (`2023-05-16T14:15:09.603`) -* [CVE-2023-31587](CVE-2023/CVE-2023-315xx/CVE-2023-31587.json) (`2023-05-16T15:15:09.277`) -* [CVE-2023-31856](CVE-2023/CVE-2023-318xx/CVE-2023-31856.json) (`2023-05-16T15:15:09.350`) -* [CVE-2023-31857](CVE-2023/CVE-2023-318xx/CVE-2023-31857.json) (`2023-05-16T15:15:09.467`) +* [CVE-2023-2739](CVE-2023/CVE-2023-27xx/CVE-2023-2739.json) (`2023-05-16T16:15:10.027`) +* [CVE-2023-2740](CVE-2023/CVE-2023-27xx/CVE-2023-2740.json) (`2023-05-16T17:15:11.433`) +* [CVE-2023-28076](CVE-2023/CVE-2023-280xx/CVE-2023-28076.json) (`2023-05-16T16:15:09.513`) +* [CVE-2023-31890](CVE-2023/CVE-2023-318xx/CVE-2023-31890.json) (`2023-05-16T16:15:10.343`) +* [CVE-2023-32977](CVE-2023/CVE-2023-329xx/CVE-2023-32977.json) (`2023-05-16T16:15:10.507`) +* [CVE-2023-32978](CVE-2023/CVE-2023-329xx/CVE-2023-32978.json) (`2023-05-16T16:15:10.610`) +* [CVE-2023-32979](CVE-2023/CVE-2023-329xx/CVE-2023-32979.json) (`2023-05-16T16:15:10.673`) +* [CVE-2023-32980](CVE-2023/CVE-2023-329xx/CVE-2023-32980.json) (`2023-05-16T16:15:10.753`) +* [CVE-2023-32981](CVE-2023/CVE-2023-329xx/CVE-2023-32981.json) (`2023-05-16T16:15:10.833`) +* [CVE-2023-32982](CVE-2023/CVE-2023-329xx/CVE-2023-32982.json) (`2023-05-16T16:15:10.920`) +* [CVE-2023-32983](CVE-2023/CVE-2023-329xx/CVE-2023-32983.json) (`2023-05-16T16:15:10.980`) +* [CVE-2023-32984](CVE-2023/CVE-2023-329xx/CVE-2023-32984.json) (`2023-05-16T16:15:11.033`) +* [CVE-2023-32985](CVE-2023/CVE-2023-329xx/CVE-2023-32985.json) (`2023-05-16T16:15:11.090`) +* [CVE-2023-32986](CVE-2023/CVE-2023-329xx/CVE-2023-32986.json) (`2023-05-16T16:15:11.147`) +* [CVE-2023-32987](CVE-2023/CVE-2023-329xx/CVE-2023-32987.json) (`2023-05-16T16:15:11.200`) +* [CVE-2023-32988](CVE-2023/CVE-2023-329xx/CVE-2023-32988.json) (`2023-05-16T16:15:11.257`) +* [CVE-2023-32989](CVE-2023/CVE-2023-329xx/CVE-2023-32989.json) (`2023-05-16T16:15:11.310`) +* [CVE-2023-32990](CVE-2023/CVE-2023-329xx/CVE-2023-32990.json) (`2023-05-16T17:15:11.753`) +* [CVE-2023-32991](CVE-2023/CVE-2023-329xx/CVE-2023-32991.json) (`2023-05-16T17:15:11.803`) +* [CVE-2023-32992](CVE-2023/CVE-2023-329xx/CVE-2023-32992.json) (`2023-05-16T17:15:11.850`) +* [CVE-2023-32993](CVE-2023/CVE-2023-329xx/CVE-2023-32993.json) (`2023-05-16T17:15:11.893`) +* [CVE-2023-32994](CVE-2023/CVE-2023-329xx/CVE-2023-32994.json) (`2023-05-16T17:15:11.937`) +* [CVE-2023-32995](CVE-2023/CVE-2023-329xx/CVE-2023-32995.json) (`2023-05-16T17:15:11.980`) +* [CVE-2023-32996](CVE-2023/CVE-2023-329xx/CVE-2023-32996.json) (`2023-05-16T17:15:12.027`) +* [CVE-2023-32997](CVE-2023/CVE-2023-329xx/CVE-2023-32997.json) (`2023-05-16T17:15:12.067`) +* [CVE-2023-32998](CVE-2023/CVE-2023-329xx/CVE-2023-32998.json) (`2023-05-16T17:15:12.110`) +* [CVE-2023-32999](CVE-2023/CVE-2023-329xx/CVE-2023-32999.json) (`2023-05-16T17:15:12.160`) +* [CVE-2023-33000](CVE-2023/CVE-2023-330xx/CVE-2023-33000.json) (`2023-05-16T17:15:12.207`) +* [CVE-2023-33001](CVE-2023/CVE-2023-330xx/CVE-2023-33001.json) (`2023-05-16T17:15:12.250`) +* [CVE-2023-33002](CVE-2023/CVE-2023-330xx/CVE-2023-33002.json) (`2023-05-16T17:15:12.293`) +* [CVE-2023-33003](CVE-2023/CVE-2023-330xx/CVE-2023-33003.json) (`2023-05-16T17:15:12.340`) +* [CVE-2023-33004](CVE-2023/CVE-2023-330xx/CVE-2023-33004.json) (`2023-05-16T17:15:12.377`) +* [CVE-2023-33005](CVE-2023/CVE-2023-330xx/CVE-2023-33005.json) (`2023-05-16T17:15:12.420`) +* [CVE-2023-33006](CVE-2023/CVE-2023-330xx/CVE-2023-33006.json) (`2023-05-16T17:15:12.467`) +* [CVE-2023-33007](CVE-2023/CVE-2023-330xx/CVE-2023-33007.json) (`2023-05-16T17:15:12.507`) ### CVEs modified in the last Commit -Recently modified CVEs: `26` +Recently modified CVEs: `17` -* [CVE-2022-32528](CVE-2022/CVE-2022-325xx/CVE-2022-32528.json) (`2023-05-16T14:15:09.230`) -* [CVE-2022-32970](CVE-2022/CVE-2022-329xx/CVE-2022-32970.json) (`2023-05-16T14:11:13.267`) -* [CVE-2023-0514](CVE-2023/CVE-2023-05xx/CVE-2023-0514.json) (`2023-05-16T14:34:45.023`) -* [CVE-2023-0526](CVE-2023/CVE-2023-05xx/CVE-2023-0526.json) (`2023-05-16T14:39:41.193`) -* [CVE-2023-0537](CVE-2023/CVE-2023-05xx/CVE-2023-0537.json) (`2023-05-16T14:56:07.530`) -* [CVE-2023-0542](CVE-2023/CVE-2023-05xx/CVE-2023-0542.json) (`2023-05-16T14:49:36.910`) -* [CVE-2023-1408](CVE-2023/CVE-2023-14xx/CVE-2023-1408.json) (`2023-05-16T14:45:16.247`) -* [CVE-2023-22813](CVE-2023/CVE-2023-228xx/CVE-2023-22813.json) (`2023-05-16T15:01:02.637`) -* [CVE-2023-23543](CVE-2023/CVE-2023-235xx/CVE-2023-23543.json) (`2023-05-16T14:09:57.577`) -* [CVE-2023-23786](CVE-2023/CVE-2023-237xx/CVE-2023-23786.json) (`2023-05-16T14:18:31.467`) -* [CVE-2023-24392](CVE-2023/CVE-2023-243xx/CVE-2023-24392.json) (`2023-05-16T14:17:51.043`) -* [CVE-2023-24418](CVE-2023/CVE-2023-244xx/CVE-2023-24418.json) (`2023-05-16T14:17:01.533`) -* [CVE-2023-24955](CVE-2023/CVE-2023-249xx/CVE-2023-24955.json) (`2023-05-16T15:13:10.220`) -* [CVE-2023-2534](CVE-2023/CVE-2023-25xx/CVE-2023-2534.json) (`2023-05-16T14:13:26.960`) -* [CVE-2023-2609](CVE-2023/CVE-2023-26xx/CVE-2023-2609.json) (`2023-05-16T15:11:22.003`) -* [CVE-2023-2614](CVE-2023/CVE-2023-26xx/CVE-2023-2614.json) (`2023-05-16T14:19:23.913`) -* [CVE-2023-2615](CVE-2023/CVE-2023-26xx/CVE-2023-2615.json) (`2023-05-16T14:26:36.560`) -* [CVE-2023-29338](CVE-2023/CVE-2023-293xx/CVE-2023-29338.json) (`2023-05-16T15:22:50.140`) -* [CVE-2023-29343](CVE-2023/CVE-2023-293xx/CVE-2023-29343.json) (`2023-05-16T14:57:54.693`) -* [CVE-2023-30237](CVE-2023/CVE-2023-302xx/CVE-2023-30237.json) (`2023-05-16T15:12:00.423`) -* [CVE-2023-30608](CVE-2023/CVE-2023-306xx/CVE-2023-30608.json) (`2023-05-16T14:15:09.417`) -* [CVE-2023-31138](CVE-2023/CVE-2023-311xx/CVE-2023-31138.json) (`2023-05-16T15:35:50.050`) -* [CVE-2023-31976](CVE-2023/CVE-2023-319xx/CVE-2023-31976.json) (`2023-05-16T15:21:24.530`) -* [CVE-2023-31979](CVE-2023/CVE-2023-319xx/CVE-2023-31979.json) (`2023-05-16T15:29:41.787`) -* [CVE-2023-31981](CVE-2023/CVE-2023-319xx/CVE-2023-31981.json) (`2023-05-16T15:27:52.140`) -* [CVE-2023-31982](CVE-2023/CVE-2023-319xx/CVE-2023-31982.json) (`2023-05-16T15:29:03.337`) +* [CVE-2002-20001](CVE-2002/CVE-2002-200xx/CVE-2002-20001.json) (`2023-05-16T16:15:29.937`) +* [CVE-2020-23362](CVE-2020/CVE-2020-233xx/CVE-2020-23362.json) (`2023-05-16T17:17:58.727`) +* [CVE-2022-46819](CVE-2022/CVE-2022-468xx/CVE-2022-46819.json) (`2023-05-16T16:17:27.237`) +* [CVE-2022-46861](CVE-2022/CVE-2022-468xx/CVE-2022-46861.json) (`2023-05-16T16:17:13.987`) +* [CVE-2023-24953](CVE-2023/CVE-2023-249xx/CVE-2023-24953.json) (`2023-05-16T16:16:11.117`) +* [CVE-2023-24954](CVE-2023/CVE-2023-249xx/CVE-2023-24954.json) (`2023-05-16T16:10:02.777`) +* [CVE-2023-25833](CVE-2023/CVE-2023-258xx/CVE-2023-25833.json) (`2023-05-16T17:50:14.373`) +* [CVE-2023-25834](CVE-2023/CVE-2023-258xx/CVE-2023-25834.json) (`2023-05-16T17:26:50.917`) +* [CVE-2023-30086](CVE-2023/CVE-2023-300xx/CVE-2023-30086.json) (`2023-05-16T17:11:01.003`) +* [CVE-2023-30087](CVE-2023/CVE-2023-300xx/CVE-2023-30087.json) (`2023-05-16T17:06:52.870`) +* [CVE-2023-31136](CVE-2023/CVE-2023-311xx/CVE-2023-31136.json) (`2023-05-16T16:43:07.007`) +* [CVE-2023-31137](CVE-2023/CVE-2023-311xx/CVE-2023-31137.json) (`2023-05-16T16:47:46.977`) +* [CVE-2023-31139](CVE-2023/CVE-2023-311xx/CVE-2023-31139.json) (`2023-05-16T16:50:03.370`) +* [CVE-2023-31143](CVE-2023/CVE-2023-311xx/CVE-2023-31143.json) (`2023-05-16T16:56:16.440`) +* [CVE-2023-32060](CVE-2023/CVE-2023-320xx/CVE-2023-32060.json) (`2023-05-16T17:04:16.300`) +* [CVE-2023-32069](CVE-2023/CVE-2023-320xx/CVE-2023-32069.json) (`2023-05-16T17:34:32.947`) +* [CVE-2023-32071](CVE-2023/CVE-2023-320xx/CVE-2023-32071.json) (`2023-05-16T17:41:40.890`) ## Download and Usage