diff --git a/CVE-2019/CVE-2019-251xx/CVE-2019-25147.json b/CVE-2019/CVE-2019-251xx/CVE-2019-25147.json index ee733e9d985..21023878fbc 100644 --- a/CVE-2019/CVE-2019-251xx/CVE-2019-25147.json +++ b/CVE-2019/CVE-2019-251xx/CVE-2019-25147.json @@ -2,8 +2,8 @@ "id": "CVE-2019-25147", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-07T02:15:10.577", - "lastModified": "2023-06-07T02:45:10.733", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T18:13:05.987", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,18 +76,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:prettylinks:pretty_links:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.1.10", + "matchCriteriaId": "8AF2C12E-ABA2-455A-A670-50AE141AB505" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.nintechnet.com/stored-xss-and-csv-injection-vulnerabilities-in-wordpress-shortlinks-by-pretty-links-plugin/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2108490%40pretty-link%2Ftrunk&old=2078274%40pretty-link%2Ftrunk&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ae058c5b-b90b-4a1e-9f56-d56dbd2d3607?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2019/CVE-2019-251xx/CVE-2019-25148.json b/CVE-2019/CVE-2019-251xx/CVE-2019-25148.json index 26bfd2a7add..348ee377c6d 100644 --- a/CVE-2019/CVE-2019-251xx/CVE-2019-25148.json +++ b/CVE-2019/CVE-2019-251xx/CVE-2019-25148.json @@ -2,8 +2,8 @@ "id": "CVE-2019-25148", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-07T02:15:10.633", - "lastModified": "2023-06-07T02:45:10.733", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T18:10:40.977", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,18 +76,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codemiq:wp_html_mail:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.9.1", + "matchCriteriaId": "99FD15D6-A5CB-452B-8FEE-40B9010D1F0F" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-vulnerable-to-html-injection/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://plugins.svn.wordpress.org/wp-html-mail/trunk/readme.txt", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b3af900c-4048-4f4f-93e9-c60ca34d015b?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36700.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36700.json index 45fbf2a87b6..883b68af650 100644 --- a/CVE-2020/CVE-2020-367xx/CVE-2020-36700.json +++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36700.json @@ -2,8 +2,8 @@ "id": "CVE-2020-36700", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-07T02:15:11.127", - "lastModified": "2023-06-07T02:45:04.330", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T19:46:56.790", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,22 +76,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:king-theme:page_builder_kingcomposer:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.9.3", + "matchCriteriaId": "AB1652EB-EF15-4462-BE4B-524C309BCEA8" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.nintechnet.com/wordpress-kingcomposer-page-builder-fixed-multiple-critical-vulnerabilities/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2320014%40kingcomposer&new=2320014%40kingcomposer&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://wordpress.org/plugins/kingcomposer/#developers", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1bdba04e-df4d-4094-877e-611d69e2e25d?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36703.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36703.json index 83b04fa10ba..17e50b96c70 100644 --- a/CVE-2020/CVE-2020-367xx/CVE-2020-36703.json +++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36703.json @@ -2,8 +2,8 @@ "id": "CVE-2020-36703", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-07T02:15:11.327", - "lastModified": "2023-06-07T02:45:04.330", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T19:33:40.297", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,14 +76,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:elementor:website_builder:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.9.7", + "matchCriteriaId": "ACE0E3E7-93F5-465D-9D62-BF6A14A65C76" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.nintechnet.com/wordpress-elementor-plugin-fixed-svg-xss-protection-bypass-vulnerability/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/42db52ae-f881-4082-b475-8577a28641c6?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36704.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36704.json index b7da5245ed0..eb5b6de9bed 100644 --- a/CVE-2020/CVE-2020-367xx/CVE-2020-36704.json +++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36704.json @@ -2,8 +2,8 @@ "id": "CVE-2020-36704", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-07T02:15:11.380", - "lastModified": "2023-06-07T02:45:04.330", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T19:33:03.833", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,14 +76,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fruitfulcode:fruitful_theme:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.8.1", + "matchCriteriaId": "17A66811-5068-4C74-89F5-52E4F40B736D" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.nintechnet.com/authenticated-stored-xss-vulnerability-in-wordpress-fruitful-theme/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/49cf047f-4e8c-4f37-b8c0-d931c02fda7c?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36709.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36709.json index 8ad922bd89b..814cdc92f0d 100644 --- a/CVE-2020/CVE-2020-367xx/CVE-2020-36709.json +++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36709.json @@ -2,8 +2,8 @@ "id": "CVE-2020-36709", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-07T02:15:11.570", - "lastModified": "2023-06-07T02:45:04.330", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T19:32:36.913", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,18 +76,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:king-theme:page_builder_kingcomposer:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.9.4", + "matchCriteriaId": "74952FDC-2651-4034-9340-09D0BCF3B5BF" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.nintechnet.com/wordpress-kingcomposer-page-builder-fixed-multiple-critical-vulnerabilities/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://wpsocket.com/plugin/kingcomposer/changelog/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6447de64-b484-4f64-ad78-7df81b5a0ed7?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36710.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36710.json index 36fe2c283e2..ab1dd241021 100644 --- a/CVE-2020/CVE-2020-367xx/CVE-2020-36710.json +++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36710.json @@ -2,8 +2,8 @@ "id": "CVE-2020-36710", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-07T02:15:11.637", - "lastModified": "2023-06-07T02:45:04.330", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T19:32:04.073", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,14 +76,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpserveur:wps_hide_login:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.5.4.2", + "matchCriteriaId": "D732986E-15ED-4FA8-A052-51E185AFC06C" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.nintechnet.com/wordpress-wps-hide-login-fixed-security-issue/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7808329f-1688-480c-a83c-c4ab2fa86da6?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36711.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36711.json index a726b57a37c..62295bec166 100644 --- a/CVE-2020/CVE-2020-367xx/CVE-2020-36711.json +++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36711.json @@ -2,8 +2,8 @@ "id": "CVE-2020-36711", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-07T02:15:11.707", - "lastModified": "2023-06-07T02:45:04.330", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T19:31:24.717", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,18 +76,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:theme-fusion:avada:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "6.2.3", + "matchCriteriaId": "7CACCA02-BAEB-438B-9CC3-5FFA7EC0E4EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.nintechnet.com/avada-wordpress-theme-fixed-multiple-vulnerabilities/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://theme-fusion.com/security-fix-added-in-6-2-3/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/684a1e8e-30f2-47dd-9df6-145198030c52?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36712.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36712.json index 854947f74ee..ebac48a9374 100644 --- a/CVE-2020/CVE-2020-367xx/CVE-2020-36712.json +++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36712.json @@ -2,8 +2,8 @@ "id": "CVE-2020-36712", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-07T02:15:11.770", - "lastModified": "2023-06-07T02:45:04.330", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T19:28:01.167", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,14 +76,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kaliforms:kali_forms:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.1.1", + "matchCriteriaId": "439FD37F-B352-4A09-B798-2EABC348AF96" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.nintechnet.com/wordpress-kali-forms-plugin-fixed-multiple-vulnerabilities/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/92644676-add4-415c-9a1a-c6616108688d?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36713.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36713.json index 8c00c868c32..cb5592e7772 100644 --- a/CVE-2020/CVE-2020-367xx/CVE-2020-36713.json +++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36713.json @@ -2,8 +2,8 @@ "id": "CVE-2020-36713", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-07T02:15:11.837", - "lastModified": "2023-06-07T02:45:04.330", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T19:27:16.933", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,18 +76,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:inspireui:mstore_api:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.1.5", + "matchCriteriaId": "01DB4E16-37CF-4AEF-B52C-AD545AC25C01" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.nintechnet.com/critical-vulnerability-fixed-in-wordpress-mstore-api-plugin/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-mstore-api-security-bypass-2-1-5/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/934c3ce9-cf2d-4bf6-9a34-f448cb2e5a1d?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36715.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36715.json index 58e2fa62c41..bb5fe1f46bc 100644 --- a/CVE-2020/CVE-2020-367xx/CVE-2020-36715.json +++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36715.json @@ -2,8 +2,8 @@ "id": "CVE-2020-36715", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-07T02:15:11.920", - "lastModified": "2023-06-07T02:45:04.330", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T19:26:19.960", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 2.5 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,18 +76,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xootix:login\\/signup_popup:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.4", + "matchCriteriaId": "DA47E476-44B8-4005-BA8B-C80F056F4619" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.nintechnet.com/zero-day-vulnerability-fixed-in-wordpress-login-signup-popup-plugin/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2304979/easy-login-woocommerce", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/96d264fe-e7e1-4eec-b235-9d288bc5a22f?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36716.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36716.json index 918142372f9..9a7e807f392 100644 --- a/CVE-2020/CVE-2020-367xx/CVE-2020-36716.json +++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36716.json @@ -2,8 +2,8 @@ "id": "CVE-2020-36716", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-07T02:15:11.987", - "lastModified": "2023-06-07T02:45:04.330", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T19:23:42.477", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,18 +76,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpwhitesecurity:wp_activity_log:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.0.1", + "matchCriteriaId": "52B6B5CE-E007-4EC5-BFD4-408565679A69" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-wp-security-audit-log-plugin/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2252006", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9d0a8be3-6630-4cf7-b6cb-cdc86b99acb3?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36731.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36731.json index e72af5e8956..089373b034d 100644 --- a/CVE-2020/CVE-2020-367xx/CVE-2020-36731.json +++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36731.json @@ -2,8 +2,8 @@ "id": "CVE-2020-36731", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-07T02:15:12.863", - "lastModified": "2023-06-07T02:44:59.217", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T19:49:28.137", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,18 +76,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpdesk:flexible_checkout_fields_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.3.1", + "matchCriteriaId": "CDFA38D2-3A88-4986-A11A-8CA8B7E300CF" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.nintechnet.com/zero-day-vulnerability-fixed-in-wordpress-flexible-checkout-fields-for-woocommerce-plugin/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://www.wordfence.com/blog/2020/02/site-takeover-campaign-exploits-multiple-zero-day-vulnerabilities/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd12a952-2e99-41f7-b74c-55c2b7d8deed?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-275xx/CVE-2022-27539.json b/CVE-2022/CVE-2022-275xx/CVE-2022-27539.json new file mode 100644 index 00000000000..fccb1e7aeec --- /dev/null +++ b/CVE-2022/CVE-2022-275xx/CVE-2022-27539.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-27539", + "sourceIdentifier": "hp-security-alert@hp.com", + "published": "2023-06-12T19:15:09.600", + "lastModified": "2023-06-12T19:15:09.600", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.hp.com/us-en/document/ish_7709808-7709835-16/hpsbhf03835", + "source": "hp-security-alert@hp.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-275xx/CVE-2022-27541.json b/CVE-2022/CVE-2022-275xx/CVE-2022-27541.json new file mode 100644 index 00000000000..c3612fac36b --- /dev/null +++ b/CVE-2022/CVE-2022-275xx/CVE-2022-27541.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-27541", + "sourceIdentifier": "hp-security-alert@hp.com", + "published": "2023-06-12T19:15:09.677", + "lastModified": "2023-06-12T19:15:09.677", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.hp.com/us-en/document/ish_7709808-7709835-16/hpsbhf03835", + "source": "hp-security-alert@hp.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-363xx/CVE-2022-36331.json b/CVE-2022/CVE-2022-363xx/CVE-2022-36331.json new file mode 100644 index 00000000000..8dc571d4159 --- /dev/null +++ b/CVE-2022/CVE-2022-363xx/CVE-2022-36331.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-36331", + "sourceIdentifier": "psirt@wdc.com", + "published": "2023-06-12T18:15:09.747", + "lastModified": "2023-06-12T18:22:56.843", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data.\nThis issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@wdc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@wdc.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-290" + } + ] + } + ], + "references": [ + { + "url": "https://https://www.westerndigital.com/support/product-security/wdc-22020-my-cloud-os-5-my-cloud-home-ibi-firmware-update", + "source": "psirt@wdc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-04xx/CVE-2023-0431.json b/CVE-2023/CVE-2023-04xx/CVE-2023-0431.json new file mode 100644 index 00000000000..a8fa1a27e2e --- /dev/null +++ b/CVE-2023/CVE-2023-04xx/CVE-2023-0431.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-0431", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-06-12T18:15:09.847", + "lastModified": "2023-06-12T18:22:56.843", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The File Away WordPress plugin through 3.9.9.0.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/fdcbd9a3-552d-439e-b283-1d3d934889af", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0636.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0636.json index cae828049cf..6a71f418030 100644 --- a/CVE-2023/CVE-2023-06xx/CVE-2023-0636.json +++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0636.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0636", "sourceIdentifier": "cybersecurity@ch.abb.com", "published": "2023-06-05T04:15:10.587", - "lastModified": "2023-06-05T13:02:53.787", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T18:50:07.447", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cybersecurity@ch.abb.com", "type": "Secondary", @@ -46,10 +66,566 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:abb:aspect-ent-2_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.07.01", + "matchCriteriaId": "90915F51-F953-463D-9DC9-920A6BDE339A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:abb:aspect-ent-2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4C6351DE-8170-4023-B815-536030F9236E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:abb:aspect-ent-12_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.07.01", + "matchCriteriaId": "A584338E-68E3-4A18-9210-EC9B5BB1931B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:abb:aspect-ent-12:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D3FE8A0-B7B1-496F-918B-83AECEC80486" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:abb:aspect-ent-256_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.07.01", + "matchCriteriaId": "886F345B-B8A8-4FB5-B7E8-E1814B5C9649" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:abb:aspect-ent-256:-:*:*:*:*:*:*:*", + "matchCriteriaId": "125AAF0E-3CB2-4F5A-BA04-742918422422" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:abb:aspect-ent-96_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.07.01", + "matchCriteriaId": "28963E35-B5B5-417F-B49B-5A4836F95949" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:abb:aspect-ent-96:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9CC1901E-7476-4070-B649-E2EAE52A38A6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:abb:nexus-2128_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.07.01", + "matchCriteriaId": "96C574A1-D4AB-4973-8F59-623FBA23ABE9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:abb:nexus-2128:-:*:*:*:*:*:*:*", + "matchCriteriaId": "697D73AC-8567-4D25-B42F-FB584DAFF05F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:abb:nexus-2128-a_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.07.01", + "matchCriteriaId": "529748B3-25B5-4D40-B71E-F8DBC5AA4CFB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:abb:nexus-2128-a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A1C4B551-EC7D-4D96-9B44-5238B2671F38" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:abb:nexus-2128-g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.07.01", + "matchCriteriaId": "1DC90491-EEF2-4893-BA1E-4F41E716ED8B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:abb:nexus-2128-g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "86993CA6-E80C-464D-A208-EB119F41E106" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:abb:nexus-2128-f_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.07.01", + "matchCriteriaId": "C2D20353-5535-4DFC-972D-D7C0AE020943" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:abb:nexus-2128-f:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DC1B0FAC-EE50-41E7-8C6A-63E28649A539" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:abb:nexus-3-2128_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.07.01", + "matchCriteriaId": "AC6B5035-9627-4A06-B4D1-BC845A5387A2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:abb:nexus-3-2128:-:*:*:*:*:*:*:*", + "matchCriteriaId": "66A14E33-5416-45D9-BBE4-61EFEC246E20" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:abb:nexus-3-264_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.07.01", + "matchCriteriaId": "862E9C0F-1334-4BEF-9E22-AE3EC9E0A17F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:abb:nexus-3-264:-:*:*:*:*:*:*:*", + "matchCriteriaId": "96BF51C6-E220-4347-9505-48DAE2BB26B7" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:abb:nexus-264_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.07.01", + "matchCriteriaId": "CDC4937A-5EF3-40A5-A5F8-AEB617C87481" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:abb:nexus-264:-:*:*:*:*:*:*:*", + "matchCriteriaId": "979B2BF4-885C-46B4-9093-E7CC35EBB397" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:abb:nexus-264-a_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.07.01", + "matchCriteriaId": "A4524FEB-AA98-4515-A140-6B53DEE82545" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:abb:nexus-264-a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F3961881-0563-443D-8381-428058A008DF" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:abb:nexus-264-g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.07.01", + "matchCriteriaId": "257FD712-153D-48A7-83BA-94B07BACD8D4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:abb:nexus-264-g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2E7E5C1B-CFA0-4584-89F5-BE9190DC7DB7" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:abb:nexus-264-f_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.07.01", + "matchCriteriaId": "531B160D-0FE9-44A2-A64D-C310CBF48433" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:abb:nexus-264-f:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43EB9B15-B1DF-49DC-B69C-00D0342E0592" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:abb:matrix-216_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.07.01", + "matchCriteriaId": "D5C6E19F-9B07-45D0-A001-6F0D909B9D13" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:abb:matrix-216:-:*:*:*:*:*:*:*", + "matchCriteriaId": "653A6815-9BC7-4BD4-BB67-DBCC666ED860" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:abb:matrix-232_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.07.01", + "matchCriteriaId": "994F4371-2AFF-4FC5-ABC7-CCE3E260643A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:abb:matrix-232:-:*:*:*:*:*:*:*", + "matchCriteriaId": "40C07D72-CA89-40A1-8EE8-F48A06DB7992" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:abb:matrix-296_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.07.01", + "matchCriteriaId": "EC58A9B8-2D12-4117-890A-53B52DCAE1EC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:abb:matrix-296:-:*:*:*:*:*:*:*", + "matchCriteriaId": "699E0759-590A-4362-9B5B-F876C1A020D1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:abb:matrix-264_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.07.01", + "matchCriteriaId": "340901DB-3492-4202-9B54-F107D2B9E8C0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:abb:matrix-264:-:*:*:*:*:*:*:*", + "matchCriteriaId": "80E8A1A8-8476-4C36-A6F6-258C2DC60388" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:abb:matrix-11_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.07.01", + "matchCriteriaId": "13A433D2-9A61-49EB-8382-1D5024E70B88" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:abb:matrix-11:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CC44F95-4AE8-48B3-AC2C-6A4EB20F62DD" + } + ] + } + ] + } + ], "references": [ { "url": "https://search.abb.com/library/Download.aspx?DocumentID=2CKA000073B5403&LanguageCode=en&DocumentPartId=&Action=Launch", - "source": "cybersecurity@ch.abb.com" + "source": "cybersecurity@ch.abb.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-09xx/CVE-2023-0921.json b/CVE-2023/CVE-2023-09xx/CVE-2023-0921.json index 8818b7ab49e..a52b0e6f335 100644 --- a/CVE-2023/CVE-2023-09xx/CVE-2023-0921.json +++ b/CVE-2023/CVE-2023-09xx/CVE-2023-0921.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0921", "sourceIdentifier": "cve@gitlab.com", "published": "2023-06-06T17:15:12.747", - "lastModified": "2023-06-06T18:33:59.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T18:43:08.817", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -34,18 +54,94 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionStartIncluding": "8.3.0", + "versionEndExcluding": "15.10.8", + "matchCriteriaId": "BFC6BDDE-CB74-47B6-9655-453DE9708F34" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "8.3.0", + "versionEndExcluding": "15.10.8", + "matchCriteriaId": "A28C670F-257D-437A-8566-FF4694730A76" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionStartIncluding": "15.11.0", + "versionEndExcluding": "15.11.7", + "matchCriteriaId": "C612DD9C-BFBD-49A3-9936-BB7D2C7ADBED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "15.11.0", + "versionEndExcluding": "15.11.7", + "matchCriteriaId": "A6944880-86FD-4D58-8217-667BD48B019A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionStartIncluding": "16.0.0", + "versionEndExcluding": "16.0.2", + "matchCriteriaId": "C060C573-5005-487A-8AB2-DE66531685A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "16.0.0", + "versionEndExcluding": "16.0.2", + "matchCriteriaId": "D19BAB29-C57C-4410-A093-44AFFF3984DF" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0921.json", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/392433", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://hackerone.com/reports/1869839", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-13xx/CVE-2023-1323.json b/CVE-2023/CVE-2023-13xx/CVE-2023-1323.json new file mode 100644 index 00000000000..9e71903c68d --- /dev/null +++ b/CVE-2023/CVE-2023-13xx/CVE-2023-1323.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-1323", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-06-12T18:15:09.910", + "lastModified": "2023-06-12T18:22:56.843", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Easy Forms for Mailchimp WordPress plugin through 6.8.8 does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/d3a2af00-719c-4b86-8877-b1d68a589192", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2362.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2362.json new file mode 100644 index 00000000000..51416a8f690 --- /dev/null +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2362.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-2362", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-06-12T18:15:09.973", + "lastModified": "2023-06-12T18:22:56.843", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPress plugin before 5.2.2, Popup Box WordPress plugin before 2.2.2, Side Menu Lite WordPress plugin before 4.0.2, Sticky Buttons WordPress plugin before 3.1.1, Wow Skype Buttons WordPress plugin before 4.0.2, WP Coder WordPress plugin before 2.5.6 do not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/27e70507-fd68-4915-88cf-0b96ed55208e", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2398.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2398.json new file mode 100644 index 00000000000..50be79f3e2b --- /dev/null +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2398.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-2398", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-06-12T18:15:10.037", + "lastModified": "2023-06-12T18:22:56.843", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Icegram Engage WordPress plugin before 3.1.12 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/16d47d20-58aa-4d04-9275-fd91ce926ff3", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2546.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2546.json index 519ea646c8a..0d0c05a86e0 100644 --- a/CVE-2023/CVE-2023-25xx/CVE-2023-2546.json +++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2546.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2546", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-06T02:15:09.943", - "lastModified": "2023-06-07T20:15:09.643", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T18:40:25.907", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,18 +66,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wp_user_switch_project:wp_user_switch:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.2", + "matchCriteriaId": "152441A4-DC2D-4DCD-8A61-BD3E22053968" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/wp-user-switch/trunk/inc/functions.php?rev=2237142#L33", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2921182/wp-user-switch/trunk/inc/functions.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e89d912d-fa7a-4fb1-8872-95fa861c21ca?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2568.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2568.json new file mode 100644 index 00000000000..2665ef31d42 --- /dev/null +++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2568.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-2568", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-06-12T18:15:10.093", + "lastModified": "2023-06-12T18:22:56.843", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/b1704a12-459b-4f5d-aa2d-a96646ddaf3e", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2718.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2718.json new file mode 100644 index 00000000000..4c5a8d4f037 --- /dev/null +++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2718.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-2718", + "sourceIdentifier": "contact@wpscan.com", + "published": "2023-06-12T18:15:10.167", + "lastModified": "2023-06-12T18:22:56.843", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Contact Form Email WordPress plugin before 1.3.38 does not escape submitted values before displaying them in the HTML, leading to a Stored XSS vulnerability." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "contact@wpscan.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://wpscan.com/vulnerability/8ad824a6-2d49-4f02-8252-393c59aa9705", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2833.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2833.json index cb74d95af26..d3a7b44ddaf 100644 --- a/CVE-2023/CVE-2023-28xx/CVE-2023-2833.json +++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2833.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2833", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-06T10:15:09.953", - "lastModified": "2023-06-06T12:50:56.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T18:25:01.743", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,26 +76,62 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpdeveloper:reviewx:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.6.13", + "matchCriteriaId": "3FBCC7D4-78AA-4AA3-913E-A4B72A41EA93" + } + ] + } + ] + } + ], "references": [ { "url": "https://lana.codes/lanavdb/a889c3ff-5df0-4d7e-951f-0b0406468efa/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/reviewx/tags/1.6.13/includes/rx-functions.php#L972", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2916148%40reviewx&old=2912114%40reviewx&sfp_email=&sfph_mail=#file472", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/blog/2023/05/wpdeveloper-addresses-privilege-escalation-vulnerability-in-reviewx-wordpress-plugin/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/70e1d701-2cff-4793-9e4c-5b16a4038e8d?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-301xx/CVE-2023-30198.json b/CVE-2023/CVE-2023-301xx/CVE-2023-30198.json index 067ddd4a9a2..0d5bb510833 100644 --- a/CVE-2023/CVE-2023-301xx/CVE-2023-30198.json +++ b/CVE-2023/CVE-2023-301xx/CVE-2023-30198.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30198", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-12T17:15:09.760", - "lastModified": "2023-06-12T17:15:09.760", - "vulnStatus": "Received", + "lastModified": "2023-06-12T18:22:56.843", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32217.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32217.json index be9fb17dbaa..9db449d33ec 100644 --- a/CVE-2023/CVE-2023-322xx/CVE-2023-32217.json +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32217.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32217", "sourceIdentifier": "psirt@sailpoint.com", "published": "2023-06-05T04:15:10.927", - "lastModified": "2023-06-05T13:02:53.787", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T18:27:46.077", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "psirt@sailpoint.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-470" + } + ] + }, { "source": "psirt@sailpoint.com", "type": "Secondary", @@ -46,10 +76,110 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sailpoint:identityiq:8.0:-:*:*:*:*:*:*", + "matchCriteriaId": "331C62A4-620B-483A-87A6-9AA51679AF92" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sailpoint:identityiq:8.0:patch1:*:*:*:*:*:*", + "matchCriteriaId": "C84FC633-5B3C-4A40-A588-EF3AF509BBE9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sailpoint:identityiq:8.0:patch2:*:*:*:*:*:*", + "matchCriteriaId": "6080940F-819D-468F-90B7-D1E135020777" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sailpoint:identityiq:8.0:patch3:*:*:*:*:*:*", + "matchCriteriaId": "E018B45E-96CF-45C2-B405-3AFCC683BF9C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sailpoint:identityiq:8.0:patch4:*:*:*:*:*:*", + "matchCriteriaId": "CE18C753-3EE9-49C4-A99F-4429E0B20A1A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:-:*:*:*:*:*:*", + "matchCriteriaId": "00C8E5FB-5B6D-4C1B-AEFE-C884B28392D8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:patch1:*:*:*:*:*:*", + "matchCriteriaId": "216615A8-0E21-4597-871C-AC121BF0E150" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:patch2:*:*:*:*:*:*", + "matchCriteriaId": "35ECC22F-B2A2-4750-B995-2944F12C1BFF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:patch3:*:*:*:*:*:*", + "matchCriteriaId": "9ECEF57B-DA34-402A-86F0-713A3683A172" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:patch4:*:*:*:*:*:*", + "matchCriteriaId": "1815D4C7-50FC-45DA-8130-E9258CAFBD09" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:patch5:*:*:*:*:*:*", + "matchCriteriaId": "F784765E-8B3C-4F96-B57A-E6E7AECE628C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sailpoint:identityiq:8.2:-:*:*:*:*:*:*", + "matchCriteriaId": "224129BF-667F-4F6A-8E9A-15390F6FA3D5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sailpoint:identityiq:8.2:patch1:*:*:*:*:*:*", + "matchCriteriaId": "2A8C2668-C1F1-4A67-A2B3-99B5746C6A52" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sailpoint:identityiq:8.2:patch2:*:*:*:*:*:*", + "matchCriteriaId": "A9D91EB5-EC8E-4200-9245-13E37312343D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sailpoint:identityiq:8.2:patch4:*:*:*:*:*:*", + "matchCriteriaId": "63352C53-ADD8-49CD-B9E6-648183BDED68" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sailpoint:identityiq:8.3:-:*:*:*:*:*:*", + "matchCriteriaId": "1173CC53-CBE5-450C-96BF-8583D1B3D185" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sailpoint:identityiq:8.3:patch1:*:*:*:*:*:*", + "matchCriteriaId": "2C0F5E55-5D33-425F-9DA7-49FE66CD84C4" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.sailpoint.com/security-advisories/sailpoint-identityiq-unsafe-use-of-reflection-vulnerability-cve-2023-32217/", - "source": "psirt@sailpoint.com" + "source": "psirt@sailpoint.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33970.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33970.json index 850b53ff832..7779b9cd521 100644 --- a/CVE-2023/CVE-2023-339xx/CVE-2023-33970.json +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33970.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33970", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-05T20:15:09.980", - "lastModified": "2023-06-06T12:50:56.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-12T18:16:44.043", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +66,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.2.30", + "matchCriteriaId": "082DAE98-80F0-4423-8581-AB8D0051EAA1" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/kanboard/kanboard/commit/b501ef44bc28ee9cf603a4fa446ee121d66f652f", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-wfch-8rhv-v286", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34105.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34105.json index 4808dd56e40..b771b3fb283 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34105.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34105.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34105", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-12T17:15:09.887", - "lastModified": "2023-06-12T17:15:09.887", - "vulnStatus": "Received", + "lastModified": "2023-06-12T18:22:56.843", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34246.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34246.json index 0cdaa72cfd2..768d4a84308 100644 --- a/CVE-2023/CVE-2023-342xx/CVE-2023-34246.json +++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34246.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34246", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-12T17:15:09.967", - "lastModified": "2023-06-12T17:15:09.967", - "vulnStatus": "Received", + "lastModified": "2023-06-12T18:22:56.843", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34334.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34334.json new file mode 100644 index 00000000000..cee528c7e1d --- /dev/null +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34334.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-34334", + "sourceIdentifier": "biossecurity@ami.com", + "published": "2023-06-12T18:15:10.243", + "lastModified": "2023-06-12T18:22:56.843", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "AMI BMC contains a vulnerability in the SPX REST API, where an\nattacker with the required privileges can inject arbitrary shell commands,\nwhich may lead to code execution, denial of service, information disclosure, or\ndata tampering.\n\n\u00a0\n\n\n\n\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf", + "source": "biossecurity@ami.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34335.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34335.json new file mode 100644 index 00000000000..127968b2a34 --- /dev/null +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34335.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-34335", + "sourceIdentifier": "biossecurity@ami.com", + "published": "2023-06-12T18:15:10.320", + "lastModified": "2023-06-12T18:22:56.843", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "AMI BMC contains a vulnerability in the IPMI handler, where an\nunauthenticated host is allowed to write to a host SPI flash, bypassing secure\nboot protections. An exploitation of this vulnerability may lead to a loss of\nintegrity or denial of service.\n\n\n\n\n\n\u00a0\n\n\n\n\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-288" + } + ] + } + ], + "references": [ + { + "url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf", + "source": "biossecurity@ami.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34336.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34336.json new file mode 100644 index 00000000000..a7c1aa3f712 --- /dev/null +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34336.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-34336", + "sourceIdentifier": "biossecurity@ami.com", + "published": "2023-06-12T18:15:10.390", + "lastModified": "2023-06-12T18:22:56.843", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "AMI BMC contains a vulnerability in the IPMI handler, where an\nattacker with the required privileges can cause a buffer overflow, which may\nlead to code execution, denial of service, or escalation of privileges.\n\n\n\n\n\n\n\u00a0\n\n\n\n\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf", + "source": "biossecurity@ami.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34341.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34341.json index 4120fab0860..d4b4d1769ae 100644 --- a/CVE-2023/CVE-2023-343xx/CVE-2023-34341.json +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34341.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34341", "sourceIdentifier": "biossecurity@ami.com", "published": "2023-06-12T17:15:10.047", - "lastModified": "2023-06-12T17:15:10.047", - "vulnStatus": "Received", + "lastModified": "2023-06-12T18:22:56.843", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34342.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34342.json new file mode 100644 index 00000000000..885b56de5ce --- /dev/null +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34342.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-34342", + "sourceIdentifier": "biossecurity@ami.com", + "published": "2023-06-12T18:15:10.463", + "lastModified": "2023-06-12T18:22:56.843", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "AMI BMC contains a vulnerability in the IPMI handler, where an\nattacker can upload and download arbitrary files under certain circumstances,\nwhich may lead to denial of service, escalation of privileges, information\ndisclosure, or data tampering.\n\n\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf", + "source": "biossecurity@ami.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34343.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34343.json new file mode 100644 index 00000000000..33876f937c6 --- /dev/null +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34343.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-34343", + "sourceIdentifier": "biossecurity@ami.com", + "published": "2023-06-12T18:15:10.533", + "lastModified": "2023-06-12T18:22:56.843", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "AMI BMC contains a vulnerability in the SPX REST API, where an\nattacker with the required privileges can inject arbitrary shell commands,\nwhich may lead to code execution, denial of service, information disclosure, or\ndata tampering.\n\n\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf", + "source": "biossecurity@ami.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34344.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34344.json index 905f6b3771e..b0a43b0e7ef 100644 --- a/CVE-2023/CVE-2023-343xx/CVE-2023-34344.json +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34344.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34344", "sourceIdentifier": "biossecurity@ami.com", "published": "2023-06-12T17:15:10.137", - "lastModified": "2023-06-12T17:15:10.137", - "vulnStatus": "Received", + "lastModified": "2023-06-12T18:22:56.843", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34345.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34345.json index 4f788992b59..8773f3decb3 100644 --- a/CVE-2023/CVE-2023-343xx/CVE-2023-34345.json +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34345.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34345", "sourceIdentifier": "biossecurity@ami.com", "published": "2023-06-12T17:15:10.213", - "lastModified": "2023-06-12T17:15:10.213", - "vulnStatus": "Received", + "lastModified": "2023-06-12T18:22:56.843", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/README.md b/README.md index 5f3b0548391..0a91a7fa356 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-06-12T18:00:27.604964+00:00 +2023-06-12T20:00:28.149453+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-06-12T17:57:57.837000+00:00 +2023-06-12T19:49:28.137000+00:00 ``` ### Last Data Feed Release @@ -29,57 +29,58 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -217445 +217459 ``` ### CVEs added in the last Commit -Recently added CVEs: `13` +Recently added CVEs: `14` -* [CVE-2023-28933](CVE-2023/CVE-2023-289xx/CVE-2023-28933.json) (`2023-06-12T16:15:09.763`) -* [CVE-2023-29385](CVE-2023/CVE-2023-293xx/CVE-2023-29385.json) (`2023-06-12T16:15:09.860`) -* [CVE-2023-34026](CVE-2023/CVE-2023-340xx/CVE-2023-34026.json) (`2023-06-12T16:15:09.950`) -* [CVE-2023-34212](CVE-2023/CVE-2023-342xx/CVE-2023-34212.json) (`2023-06-12T16:15:10.043`) -* [CVE-2023-34468](CVE-2023/CVE-2023-344xx/CVE-2023-34468.json) (`2023-06-12T16:15:10.130`) -* [CVE-2023-35053](CVE-2023/CVE-2023-350xx/CVE-2023-35053.json) (`2023-06-12T16:15:10.240`) -* [CVE-2023-35054](CVE-2023/CVE-2023-350xx/CVE-2023-35054.json) (`2023-06-12T16:15:10.333`) -* [CVE-2023-30198](CVE-2023/CVE-2023-301xx/CVE-2023-30198.json) (`2023-06-12T17:15:09.760`) -* [CVE-2023-34105](CVE-2023/CVE-2023-341xx/CVE-2023-34105.json) (`2023-06-12T17:15:09.887`) -* [CVE-2023-34246](CVE-2023/CVE-2023-342xx/CVE-2023-34246.json) (`2023-06-12T17:15:09.967`) -* [CVE-2023-34341](CVE-2023/CVE-2023-343xx/CVE-2023-34341.json) (`2023-06-12T17:15:10.047`) -* [CVE-2023-34344](CVE-2023/CVE-2023-343xx/CVE-2023-34344.json) (`2023-06-12T17:15:10.137`) -* [CVE-2023-34345](CVE-2023/CVE-2023-343xx/CVE-2023-34345.json) (`2023-06-12T17:15:10.213`) +* [CVE-2022-36331](CVE-2022/CVE-2022-363xx/CVE-2022-36331.json) (`2023-06-12T18:15:09.747`) +* [CVE-2022-27539](CVE-2022/CVE-2022-275xx/CVE-2022-27539.json) (`2023-06-12T19:15:09.600`) +* [CVE-2022-27541](CVE-2022/CVE-2022-275xx/CVE-2022-27541.json) (`2023-06-12T19:15:09.677`) +* [CVE-2023-0431](CVE-2023/CVE-2023-04xx/CVE-2023-0431.json) (`2023-06-12T18:15:09.847`) +* [CVE-2023-1323](CVE-2023/CVE-2023-13xx/CVE-2023-1323.json) (`2023-06-12T18:15:09.910`) +* [CVE-2023-2362](CVE-2023/CVE-2023-23xx/CVE-2023-2362.json) (`2023-06-12T18:15:09.973`) +* [CVE-2023-2398](CVE-2023/CVE-2023-23xx/CVE-2023-2398.json) (`2023-06-12T18:15:10.037`) +* [CVE-2023-2568](CVE-2023/CVE-2023-25xx/CVE-2023-2568.json) (`2023-06-12T18:15:10.093`) +* [CVE-2023-2718](CVE-2023/CVE-2023-27xx/CVE-2023-2718.json) (`2023-06-12T18:15:10.167`) +* [CVE-2023-34334](CVE-2023/CVE-2023-343xx/CVE-2023-34334.json) (`2023-06-12T18:15:10.243`) +* [CVE-2023-34335](CVE-2023/CVE-2023-343xx/CVE-2023-34335.json) (`2023-06-12T18:15:10.320`) +* [CVE-2023-34336](CVE-2023/CVE-2023-343xx/CVE-2023-34336.json) (`2023-06-12T18:15:10.390`) +* [CVE-2023-34342](CVE-2023/CVE-2023-343xx/CVE-2023-34342.json) (`2023-06-12T18:15:10.463`) +* [CVE-2023-34343](CVE-2023/CVE-2023-343xx/CVE-2023-34343.json) (`2023-06-12T18:15:10.533`) ### CVEs modified in the last Commit -Recently modified CVEs: `53` +Recently modified CVEs: `25` -* [CVE-2023-2816](CVE-2023/CVE-2023-28xx/CVE-2023-2816.json) (`2023-06-12T16:32:32.880`) -* [CVE-2023-31278](CVE-2023/CVE-2023-312xx/CVE-2023-31278.json) (`2023-06-12T16:32:50.127`) -* [CVE-2023-31244](CVE-2023/CVE-2023-312xx/CVE-2023-31244.json) (`2023-06-12T16:33:20.073`) -* [CVE-2023-29503](CVE-2023/CVE-2023-295xx/CVE-2023-29503.json) (`2023-06-12T16:33:56.060`) -* [CVE-2023-28653](CVE-2023/CVE-2023-286xx/CVE-2023-28653.json) (`2023-06-12T16:34:17.150`) -* [CVE-2023-32539](CVE-2023/CVE-2023-325xx/CVE-2023-32539.json) (`2023-06-12T16:35:32.033`) -* [CVE-2023-27916](CVE-2023/CVE-2023-279xx/CVE-2023-27916.json) (`2023-06-12T16:36:34.853`) -* [CVE-2023-32289](CVE-2023/CVE-2023-322xx/CVE-2023-32289.json) (`2023-06-12T16:37:10.407`) -* [CVE-2023-32281](CVE-2023/CVE-2023-322xx/CVE-2023-32281.json) (`2023-06-12T16:38:00.760`) -* [CVE-2023-32545](CVE-2023/CVE-2023-325xx/CVE-2023-32545.json) (`2023-06-12T16:38:15.397`) -* [CVE-2023-33532](CVE-2023/CVE-2023-335xx/CVE-2023-33532.json) (`2023-06-12T16:39:14.450`) -* [CVE-2023-34102](CVE-2023/CVE-2023-341xx/CVE-2023-34102.json) (`2023-06-12T16:46:32.247`) -* [CVE-2023-3079](CVE-2023/CVE-2023-30xx/CVE-2023-3079.json) (`2023-06-12T16:47:28.817`) -* [CVE-2023-3031](CVE-2023/CVE-2023-30xx/CVE-2023-3031.json) (`2023-06-12T16:48:57.833`) -* [CVE-2023-27989](CVE-2023/CVE-2023-279xx/CVE-2023-27989.json) (`2023-06-12T16:50:33.283`) -* [CVE-2023-32628](CVE-2023/CVE-2023-326xx/CVE-2023-32628.json) (`2023-06-12T16:53:19.953`) -* [CVE-2023-32540](CVE-2023/CVE-2023-325xx/CVE-2023-32540.json) (`2023-06-12T16:55:37.857`) -* [CVE-2023-22450](CVE-2023/CVE-2023-224xx/CVE-2023-22450.json) (`2023-06-12T16:56:27.357`) -* [CVE-2023-34410](CVE-2023/CVE-2023-344xx/CVE-2023-34410.json) (`2023-06-12T16:57:27.243`) -* [CVE-2023-33747](CVE-2023/CVE-2023-337xx/CVE-2023-33747.json) (`2023-06-12T16:59:41.887`) -* [CVE-2023-34103](CVE-2023/CVE-2023-341xx/CVE-2023-34103.json) (`2023-06-12T17:01:22.817`) -* [CVE-2023-3085](CVE-2023/CVE-2023-30xx/CVE-2023-3085.json) (`2023-06-12T17:25:40.813`) -* [CVE-2023-34411](CVE-2023/CVE-2023-344xx/CVE-2023-34411.json) (`2023-06-12T17:51:53.253`) -* [CVE-2023-33968](CVE-2023/CVE-2023-339xx/CVE-2023-33968.json) (`2023-06-12T17:56:58.817`) -* [CVE-2023-33969](CVE-2023/CVE-2023-339xx/CVE-2023-33969.json) (`2023-06-12T17:57:57.837`) +* [CVE-2019-25148](CVE-2019/CVE-2019-251xx/CVE-2019-25148.json) (`2023-06-12T18:10:40.977`) +* [CVE-2019-25147](CVE-2019/CVE-2019-251xx/CVE-2019-25147.json) (`2023-06-12T18:13:05.987`) +* [CVE-2020-36716](CVE-2020/CVE-2020-367xx/CVE-2020-36716.json) (`2023-06-12T19:23:42.477`) +* [CVE-2020-36715](CVE-2020/CVE-2020-367xx/CVE-2020-36715.json) (`2023-06-12T19:26:19.960`) +* [CVE-2020-36713](CVE-2020/CVE-2020-367xx/CVE-2020-36713.json) (`2023-06-12T19:27:16.933`) +* [CVE-2020-36712](CVE-2020/CVE-2020-367xx/CVE-2020-36712.json) (`2023-06-12T19:28:01.167`) +* [CVE-2020-36711](CVE-2020/CVE-2020-367xx/CVE-2020-36711.json) (`2023-06-12T19:31:24.717`) +* [CVE-2020-36710](CVE-2020/CVE-2020-367xx/CVE-2020-36710.json) (`2023-06-12T19:32:04.073`) +* [CVE-2020-36709](CVE-2020/CVE-2020-367xx/CVE-2020-36709.json) (`2023-06-12T19:32:36.913`) +* [CVE-2020-36704](CVE-2020/CVE-2020-367xx/CVE-2020-36704.json) (`2023-06-12T19:33:03.833`) +* [CVE-2020-36703](CVE-2020/CVE-2020-367xx/CVE-2020-36703.json) (`2023-06-12T19:33:40.297`) +* [CVE-2020-36700](CVE-2020/CVE-2020-367xx/CVE-2020-36700.json) (`2023-06-12T19:46:56.790`) +* [CVE-2020-36731](CVE-2020/CVE-2020-367xx/CVE-2020-36731.json) (`2023-06-12T19:49:28.137`) +* [CVE-2023-33970](CVE-2023/CVE-2023-339xx/CVE-2023-33970.json) (`2023-06-12T18:16:44.043`) +* [CVE-2023-30198](CVE-2023/CVE-2023-301xx/CVE-2023-30198.json) (`2023-06-12T18:22:56.843`) +* [CVE-2023-34105](CVE-2023/CVE-2023-341xx/CVE-2023-34105.json) (`2023-06-12T18:22:56.843`) +* [CVE-2023-34246](CVE-2023/CVE-2023-342xx/CVE-2023-34246.json) (`2023-06-12T18:22:56.843`) +* [CVE-2023-34341](CVE-2023/CVE-2023-343xx/CVE-2023-34341.json) (`2023-06-12T18:22:56.843`) +* [CVE-2023-34344](CVE-2023/CVE-2023-343xx/CVE-2023-34344.json) (`2023-06-12T18:22:56.843`) +* [CVE-2023-34345](CVE-2023/CVE-2023-343xx/CVE-2023-34345.json) (`2023-06-12T18:22:56.843`) +* [CVE-2023-2833](CVE-2023/CVE-2023-28xx/CVE-2023-2833.json) (`2023-06-12T18:25:01.743`) +* [CVE-2023-32217](CVE-2023/CVE-2023-322xx/CVE-2023-32217.json) (`2023-06-12T18:27:46.077`) +* [CVE-2023-2546](CVE-2023/CVE-2023-25xx/CVE-2023-2546.json) (`2023-06-12T18:40:25.907`) +* [CVE-2023-0921](CVE-2023/CVE-2023-09xx/CVE-2023-0921.json) (`2023-06-12T18:43:08.817`) +* [CVE-2023-0636](CVE-2023/CVE-2023-06xx/CVE-2023-0636.json) (`2023-06-12T18:50:07.447`) ## Download and Usage