diff --git a/CVE-2022/CVE-2022-303xx/CVE-2022-30308.json b/CVE-2022/CVE-2022-303xx/CVE-2022-30308.json index d12154c72a4..6e7b12d1f36 100644 --- a/CVE-2022/CVE-2022-303xx/CVE-2022-30308.json +++ b/CVE-2022/CVE-2022-303xx/CVE-2022-30308.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30308", "sourceIdentifier": "info@cert.vde.com", "published": "2022-06-13T14:15:09.097", - "lastModified": "2023-07-21T16:56:05.973", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-10T08:15:09.227", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \"cecc-x-web-viewer-request-on\" POST request doesn\u00e2\u20ac\u2122t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection." + "value": "In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \"cecc-x-web-viewer-request-on\" POST request doesn\u2019t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.\n\n" }, { "lang": "es", @@ -65,7 +65,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "info@cert.vde.com", "type": "Primary", "description": [ { @@ -79,9 +79,13 @@ ] }, { - "source": "info@cert.vde.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ + { + "lang": "en", + "value": "CWE-78" + }, { "lang": "en", "value": "CWE-863" diff --git a/CVE-2022/CVE-2022-303xx/CVE-2022-30309.json b/CVE-2022/CVE-2022-303xx/CVE-2022-30309.json index b6610e5dad4..2b99c60d98e 100644 --- a/CVE-2022/CVE-2022-303xx/CVE-2022-30309.json +++ b/CVE-2022/CVE-2022-303xx/CVE-2022-30309.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30309", "sourceIdentifier": "info@cert.vde.com", "published": "2022-06-13T14:15:09.163", - "lastModified": "2023-07-21T16:55:49.477", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-10T08:15:09.527", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \"cecc-x-web-viewer-request-off\" POST request doesn\u00e2\u20ac\u2122t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection." + "value": "In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \"cecc-x-web-viewer-request-off\" POST request doesn\u2019t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.\n\n" }, { "lang": "es", @@ -65,7 +65,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "info@cert.vde.com", "type": "Primary", "description": [ { @@ -79,9 +79,13 @@ ] }, { - "source": "info@cert.vde.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ + { + "lang": "en", + "value": "CWE-78" + }, { "lang": "en", "value": "CWE-863" diff --git a/CVE-2022/CVE-2022-303xx/CVE-2022-30310.json b/CVE-2022/CVE-2022-303xx/CVE-2022-30310.json index b63ae1bddfb..1e94c50655e 100644 --- a/CVE-2022/CVE-2022-303xx/CVE-2022-30310.json +++ b/CVE-2022/CVE-2022-303xx/CVE-2022-30310.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30310", "sourceIdentifier": "info@cert.vde.com", "published": "2022-06-13T14:15:09.227", - "lastModified": "2023-07-21T16:56:15.323", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-10T08:15:09.683", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \"cecc-x-acknerr-request\" POST request doesn\u00e2\u20ac\u2122t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection." + "value": "In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \"cecc-x-acknerr-request\" POST request doesn\u2019t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.\n\n" }, { "lang": "es", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "info@cert.vde.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -37,7 +37,7 @@ "impactScore": 5.9 }, { - "source": "info@cert.vde.com", + "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", @@ -85,7 +85,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "info@cert.vde.com", "type": "Primary", "description": [ { @@ -99,9 +99,13 @@ ] }, { - "source": "info@cert.vde.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ + { + "lang": "en", + "value": "CWE-78" + }, { "lang": "en", "value": "CWE-863" diff --git a/CVE-2022/CVE-2022-303xx/CVE-2022-30311.json b/CVE-2022/CVE-2022-303xx/CVE-2022-30311.json index 1e618662869..91235be2dbb 100644 --- a/CVE-2022/CVE-2022-303xx/CVE-2022-30311.json +++ b/CVE-2022/CVE-2022-303xx/CVE-2022-30311.json @@ -2,12 +2,12 @@ "id": "CVE-2022-30311", "sourceIdentifier": "info@cert.vde.com", "published": "2022-06-13T14:15:09.300", - "lastModified": "2023-07-21T16:56:12.163", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-10T08:15:09.837", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \"cecc-x-refresh-request\" POST request doesn\u00e2\u20ac\u2122t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection." + "value": "In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \"cecc-x-refresh-request\" POST request doesn\u2019t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.\n\n" }, { "lang": "es", @@ -65,7 +65,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "info@cert.vde.com", "type": "Primary", "description": [ { @@ -79,9 +79,13 @@ ] }, { - "source": "info@cert.vde.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ + { + "lang": "en", + "value": "CWE-78" + }, { "lang": "en", "value": "CWE-863" diff --git a/CVE-2023/CVE-2023-263xx/CVE-2023-26309.json b/CVE-2023/CVE-2023-263xx/CVE-2023-26309.json new file mode 100644 index 00000000000..25741851f4a --- /dev/null +++ b/CVE-2023/CVE-2023-263xx/CVE-2023-26309.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-26309", + "sourceIdentifier": "security@oppo.com", + "published": "2023-08-10T09:15:09.623", + "lastModified": "2023-08-10T09:15:09.623", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A remote code execution vulnerability in the webview component of OnePlus Mall app.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@oppo.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 3.7 + } + ] + }, + "references": [ + { + "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1689464826201645056", + "source": "security@oppo.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31209.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31209.json new file mode 100644 index 00000000000..2450dff8a58 --- /dev/null +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31209.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-31209", + "sourceIdentifier": "security@checkmk.com", + "published": "2023-08-10T09:15:12.123", + "lastModified": "2023-08-10T09:15:12.123", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@checkmk.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@checkmk.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + } + ], + "references": [ + { + "url": "https://checkmk.com/werk/15194", + "source": "security@checkmk.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 23297cb556a..d9d6f973709 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-10T08:00:28.903345+00:00 +2023-08-10T10:00:30.243663+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-10T07:15:37.797000+00:00 +2023-08-10T09:15:12.123000+00:00 ``` ### Last Data Feed Release @@ -29,22 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -222241 +222243 ``` ### CVEs added in the last Commit Recently added CVEs: `2` -* [CVE-2023-4276](CVE-2023/CVE-2023-42xx/CVE-2023-4276.json) (`2023-08-10T07:15:37.463`) -* [CVE-2023-4277](CVE-2023/CVE-2023-42xx/CVE-2023-4277.json) (`2023-08-10T07:15:37.797`) +* [CVE-2023-26309](CVE-2023/CVE-2023-263xx/CVE-2023-26309.json) (`2023-08-10T09:15:09.623`) +* [CVE-2023-31209](CVE-2023/CVE-2023-312xx/CVE-2023-31209.json) (`2023-08-10T09:15:12.123`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `4` -* [CVE-2023-3772](CVE-2023/CVE-2023-37xx/CVE-2023-3772.json) (`2023-08-10T06:15:42.903`) +* [CVE-2022-30308](CVE-2022/CVE-2022-303xx/CVE-2022-30308.json) (`2023-08-10T08:15:09.227`) +* [CVE-2022-30309](CVE-2022/CVE-2022-303xx/CVE-2022-30309.json) (`2023-08-10T08:15:09.527`) +* [CVE-2022-30310](CVE-2022/CVE-2022-303xx/CVE-2022-30310.json) (`2023-08-10T08:15:09.683`) +* [CVE-2022-30311](CVE-2022/CVE-2022-303xx/CVE-2022-30311.json) (`2023-08-10T08:15:09.837`) ## Download and Usage