diff --git a/CVE-2019/CVE-2019-65xx/CVE-2019-6502.json b/CVE-2019/CVE-2019-65xx/CVE-2019-6502.json index 3b619759759..31f82c28a96 100644 --- a/CVE-2019/CVE-2019-65xx/CVE-2019-6502.json +++ b/CVE-2019/CVE-2019-65xx/CVE-2019-6502.json @@ -2,7 +2,7 @@ "id": "CVE-2019-6502", "sourceIdentifier": "cve@mitre.org", "published": "2019-01-22T08:29:00.200", - "lastModified": "2020-08-24T17:37:01.140", + "lastModified": "2023-06-21T02:15:09.040", "vulnStatus": "Modified", "descriptions": [ { @@ -105,6 +105,10 @@ "Exploit", "Third Party Advisory" ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-427xx/CVE-2021-42779.json b/CVE-2021/CVE-2021-427xx/CVE-2021-42779.json index 037b17d415b..c25e3ecf043 100644 --- a/CVE-2021/CVE-2021-427xx/CVE-2021-42779.json +++ b/CVE-2021/CVE-2021-427xx/CVE-2021-42779.json @@ -2,8 +2,8 @@ "id": "CVE-2021-42779", "sourceIdentifier": "secalert@redhat.com", "published": "2022-04-18T17:15:16.177", - "lastModified": "2022-09-29T15:56:44.520", - "vulnStatus": "Analyzed", + "lastModified": "2023-06-21T02:15:09.177", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -166,6 +166,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html", + "source": "secalert@redhat.com" + }, { "url": "https://security.gentoo.org/glsa/202209-03", "source": "secalert@redhat.com", diff --git a/CVE-2021/CVE-2021-427xx/CVE-2021-42780.json b/CVE-2021/CVE-2021-427xx/CVE-2021-42780.json index fe569936144..0f8da5afb40 100644 --- a/CVE-2021/CVE-2021-427xx/CVE-2021-42780.json +++ b/CVE-2021/CVE-2021-427xx/CVE-2021-42780.json @@ -2,8 +2,8 @@ "id": "CVE-2021-42780", "sourceIdentifier": "secalert@redhat.com", "published": "2022-04-18T17:15:16.243", - "lastModified": "2022-09-29T15:59:54.143", - "vulnStatus": "Analyzed", + "lastModified": "2023-06-21T02:15:09.270", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -161,6 +161,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html", + "source": "secalert@redhat.com" + }, { "url": "https://security.gentoo.org/glsa/202209-03", "source": "secalert@redhat.com", diff --git a/CVE-2021/CVE-2021-427xx/CVE-2021-42781.json b/CVE-2021/CVE-2021-427xx/CVE-2021-42781.json index db2bdce6530..40d1a45e1c4 100644 --- a/CVE-2021/CVE-2021-427xx/CVE-2021-42781.json +++ b/CVE-2021/CVE-2021-427xx/CVE-2021-42781.json @@ -2,8 +2,8 @@ "id": "CVE-2021-42781", "sourceIdentifier": "secalert@redhat.com", "published": "2022-04-18T17:15:16.303", - "lastModified": "2022-09-29T16:00:09.747", - "vulnStatus": "Analyzed", + "lastModified": "2023-06-21T02:15:09.360", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -183,6 +183,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html", + "source": "secalert@redhat.com" + }, { "url": "https://security.gentoo.org/glsa/202209-03", "source": "secalert@redhat.com", diff --git a/CVE-2021/CVE-2021-427xx/CVE-2021-42782.json b/CVE-2021/CVE-2021-427xx/CVE-2021-42782.json index 1825c454667..d4b43bffdec 100644 --- a/CVE-2021/CVE-2021-427xx/CVE-2021-42782.json +++ b/CVE-2021/CVE-2021-427xx/CVE-2021-42782.json @@ -2,8 +2,8 @@ "id": "CVE-2021-42782", "sourceIdentifier": "secalert@redhat.com", "published": "2022-04-18T17:15:16.380", - "lastModified": "2022-09-29T16:00:07.160", - "vulnStatus": "Analyzed", + "lastModified": "2023-06-21T02:15:09.443", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -169,6 +169,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html", + "source": "secalert@redhat.com" + }, { "url": "https://security.gentoo.org/glsa/202209-03", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-03xx/CVE-2023-0342.json b/CVE-2023/CVE-2023-03xx/CVE-2023-0342.json index e3c28d23fea..35a635a4c4e 100644 --- a/CVE-2023/CVE-2023-03xx/CVE-2023-0342.json +++ b/CVE-2023/CVE-2023-03xx/CVE-2023-0342.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0342", "sourceIdentifier": "cna@mongodb.com", "published": "2023-06-09T09:15:09.383", - "lastModified": "2023-06-09T13:03:24.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-21T02:00:33.950", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "cna@mongodb.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "cna@mongodb.com", "type": "Secondary", @@ -46,14 +76,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mongodb:ops_manager_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.0.0", + "versionEndExcluding": "5.0.21", + "matchCriteriaId": "5B1BE420-87B6-4D30-84DE-6106C65B7FC5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mongodb:ops_manager_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0.0", + "versionEndExcluding": "6.0.12", + "matchCriteriaId": "74F22467-A0D5-4611-80EF-EB5B7F149867" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.mongodb.com/docs/ops-manager/current/release-notes/application/#onprem-server-5-0-21", - "source": "cna@mongodb.com" + "source": "cna@mongodb.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.mongodb.com/docs/ops-manager/current/release-notes/application/#onprem-server-6-0-12", - "source": "cna@mongodb.com" + "source": "cna@mongodb.com", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2977.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2977.json index 0766112925b..da2e6e93787 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2977.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2977.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2977", "sourceIdentifier": "secalert@redhat.com", "published": "2023-06-01T01:15:17.917", - "lastModified": "2023-06-07T18:45:22.567", - "vulnStatus": "Analyzed", + "lastModified": "2023-06-21T02:15:09.563", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -123,6 +123,10 @@ "tags": [ "Patch" ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html", + "source": "secalert@redhat.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-319xx/CVE-2023-31975.json b/CVE-2023/CVE-2023-319xx/CVE-2023-31975.json index 67155d43b6b..8ca1adb7aef 100644 --- a/CVE-2023/CVE-2023-319xx/CVE-2023-31975.json +++ b/CVE-2023/CVE-2023-319xx/CVE-2023-31975.json @@ -2,19 +2,79 @@ "id": "CVE-2023-31975", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-09T13:15:18.590", - "lastModified": "2023-05-09T14:30:54.950", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-21T03:15:09.253", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tortall:yasm:1.3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "1453CF78-5025-49BF-A1A6-C62F948B5735" + } + ] + } + ] + } + ], "references": [ { - "url": "https://github.com/yasm/yasm/issues/210", + "url": "http://www.openwall.com/lists/oss-security/2023/06/20/6", "source": "cve@mitre.org" + }, + { + "url": "https://github.com/yasm/yasm/issues/210", + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3214.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3214.json index 7eab00051f1..9ed2733fb3b 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3214.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3214.json @@ -2,31 +2,124 @@ "id": "CVE-2023-3214", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-06-13T18:15:22.170", - "lastModified": "2023-06-20T02:15:43.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-21T02:24:53.437", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "114.0.5735.133", + "matchCriteriaId": "E6AD45B6-EE3E-4378-B98D-40E0C3C3A089" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1450568", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O362DC3ZCFRXVHOXMPIL73YOWABQEUYD/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5428", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3215.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3215.json index 552f279460b..77a36fe56b7 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3215.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3215.json @@ -2,31 +2,125 @@ "id": "CVE-2023-3215", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-06-13T18:15:22.223", - "lastModified": "2023-06-20T02:15:43.477", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-21T02:29:33.547", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "114.0.5735.133", + "matchCriteriaId": "E6AD45B6-EE3E-4378-B98D-40E0C3C3A089" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1446274", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Issue Tracking", + "Permissions Required", + "Vendor Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O362DC3ZCFRXVHOXMPIL73YOWABQEUYD/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5428", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3216.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3216.json index c1878c193f3..4fc6a9e1ec0 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3216.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3216.json @@ -2,31 +2,125 @@ "id": "CVE-2023-3216", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-06-13T18:15:22.273", - "lastModified": "2023-06-20T02:15:43.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-21T02:34:10.360", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-843" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "114.0.5735.133", + "matchCriteriaId": "E6AD45B6-EE3E-4378-B98D-40E0C3C3A089" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1450114", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Issue Tracking", + "Permissions Required", + "Vendor Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O362DC3ZCFRXVHOXMPIL73YOWABQEUYD/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5428", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34212.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34212.json index 97d327e25d6..6933be20a5c 100644 --- a/CVE-2023/CVE-2023-342xx/CVE-2023-34212.json +++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34212.json @@ -2,18 +2,41 @@ "id": "CVE-2023-34212", "sourceIdentifier": "security@apache.org", "published": "2023-06-12T16:15:10.043", - "lastModified": "2023-06-12T21:15:22.797", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-21T02:15:20.727", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from a remote location.\n\nThe resolution validates the JNDI URL and restricts locations to a set of allowed schemes.\n\nYou are recommended to upgrade to version 1.22.0 or later which fixes this issue.\n\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ { - "source": "security@apache.org", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -21,20 +44,61 @@ "value": "CWE-502" } ] + }, + { + "source": "security@apache.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.8.0", + "versionEndIncluding": "1.21.0", + "matchCriteriaId": "7999A951-01F9-4056-B544-250A3F215FE7" + } + ] + } + ] } ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/06/12/2", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread/w5rm46fxmvxy216tglf0dv83wo6gnzr5", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://nifi.apache.org/security.html#CVE-2023-34212", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-344xx/CVE-2023-34468.json b/CVE-2023/CVE-2023-344xx/CVE-2023-34468.json index 2d5d4a82616..06f73c213f0 100644 --- a/CVE-2023/CVE-2023-344xx/CVE-2023-34468.json +++ b/CVE-2023/CVE-2023-344xx/CVE-2023-34468.json @@ -2,15 +2,38 @@ "id": "CVE-2023-34468", "sourceIdentifier": "security@apache.org", "published": "2023-06-12T16:15:10.130", - "lastModified": "2023-06-12T21:15:22.863", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-21T02:20:04.797", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.\n\nThe resolution validates the Database URL and rejects H2 JDBC locations.\n\nYou are recommended to upgrade to version 1.22.0 or later which fixes this issue.\n\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "security@apache.org", @@ -23,18 +46,49 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*", + "versionStartIncluding": "0.0.2", + "versionEndExcluding": "1.22.0", + "matchCriteriaId": "9AE066CD-D3B6-4260-B776-3715D427A433" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/06/12/3", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "https://nifi.apache.org/security.html#CVE-2023-34468", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-348xx/CVE-2023-34855.json b/CVE-2023/CVE-2023-348xx/CVE-2023-34855.json index 28e69f58972..412cf044e7a 100644 --- a/CVE-2023/CVE-2023-348xx/CVE-2023-34855.json +++ b/CVE-2023/CVE-2023-348xx/CVE-2023-34855.json @@ -2,19 +2,76 @@ "id": "CVE-2023-34855", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-12T13:15:11.093", - "lastModified": "2023-06-12T13:28:17.260", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-21T02:11:43.127", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A Cross Site Scripting (XSS) vulnerability in Youxun Electronic Equipment (Shanghai) Co., Ltd AC Centralized Management Platform v1.02.040 allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /upfile.cgi." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ac_centralized_management_platform_project:ac_centralized_management_platform:1.02.040:*:*:*:*:*:*:*", + "matchCriteriaId": "7D9D37A5-23E2-42B2-91EE-CE3A5B2A50EC" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/hashshfza/Vulnerability/issues/1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 21983be6240..a505f32e471 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-06-21T02:00:27.455448+00:00 +2023-06-21T04:00:26.011785+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-06-21T01:55:59.977000+00:00 +2023-06-21T03:15:09.253000+00:00 ``` ### Last Data Feed Release @@ -40,20 +40,22 @@ Recently added CVEs: `0` ### CVEs modified in the last Commit -Recently modified CVEs: `12` +Recently modified CVEs: `14` -* [CVE-2020-12762](CVE-2020/CVE-2020-127xx/CVE-2020-12762.json) (`2023-06-21T00:15:09.887`) -* [CVE-2022-22307](CVE-2022/CVE-2022-223xx/CVE-2022-22307.json) (`2023-06-21T00:00:39.417`) -* [CVE-2022-33159](CVE-2022/CVE-2022-331xx/CVE-2022-33159.json) (`2023-06-21T01:21:02.900`) -* [CVE-2022-33163](CVE-2022/CVE-2022-331xx/CVE-2022-33163.json) (`2023-06-21T01:21:30.867`) -* [CVE-2022-33168](CVE-2022/CVE-2022-331xx/CVE-2022-33168.json) (`2023-06-21T01:21:46.097`) -* [CVE-2022-32752](CVE-2022/CVE-2022-327xx/CVE-2022-32752.json) (`2023-06-21T01:22:07.243`) -* [CVE-2022-32757](CVE-2022/CVE-2022-327xx/CVE-2022-32757.json) (`2023-06-21T01:22:29.450`) -* [CVE-2022-33166](CVE-2022/CVE-2022-331xx/CVE-2022-33166.json) (`2023-06-21T01:22:50.790`) -* [CVE-2023-2745](CVE-2023/CVE-2023-27xx/CVE-2023-2745.json) (`2023-06-21T01:15:08.760`) -* [CVE-2023-25683](CVE-2023/CVE-2023-256xx/CVE-2023-25683.json) (`2023-06-21T01:20:43.117`) -* [CVE-2023-34239](CVE-2023/CVE-2023-342xx/CVE-2023-34239.json) (`2023-06-21T01:48:49.047`) -* [CVE-2023-34364](CVE-2023/CVE-2023-343xx/CVE-2023-34364.json) (`2023-06-21T01:55:59.977`) +* [CVE-2019-6502](CVE-2019/CVE-2019-65xx/CVE-2019-6502.json) (`2023-06-21T02:15:09.040`) +* [CVE-2021-42779](CVE-2021/CVE-2021-427xx/CVE-2021-42779.json) (`2023-06-21T02:15:09.177`) +* [CVE-2021-42780](CVE-2021/CVE-2021-427xx/CVE-2021-42780.json) (`2023-06-21T02:15:09.270`) +* [CVE-2021-42781](CVE-2021/CVE-2021-427xx/CVE-2021-42781.json) (`2023-06-21T02:15:09.360`) +* [CVE-2021-42782](CVE-2021/CVE-2021-427xx/CVE-2021-42782.json) (`2023-06-21T02:15:09.443`) +* [CVE-2023-0342](CVE-2023/CVE-2023-03xx/CVE-2023-0342.json) (`2023-06-21T02:00:33.950`) +* [CVE-2023-34855](CVE-2023/CVE-2023-348xx/CVE-2023-34855.json) (`2023-06-21T02:11:43.127`) +* [CVE-2023-2977](CVE-2023/CVE-2023-29xx/CVE-2023-2977.json) (`2023-06-21T02:15:09.563`) +* [CVE-2023-34212](CVE-2023/CVE-2023-342xx/CVE-2023-34212.json) (`2023-06-21T02:15:20.727`) +* [CVE-2023-34468](CVE-2023/CVE-2023-344xx/CVE-2023-34468.json) (`2023-06-21T02:20:04.797`) +* [CVE-2023-3214](CVE-2023/CVE-2023-32xx/CVE-2023-3214.json) (`2023-06-21T02:24:53.437`) +* [CVE-2023-3215](CVE-2023/CVE-2023-32xx/CVE-2023-3215.json) (`2023-06-21T02:29:33.547`) +* [CVE-2023-3216](CVE-2023/CVE-2023-32xx/CVE-2023-3216.json) (`2023-06-21T02:34:10.360`) +* [CVE-2023-31975](CVE-2023/CVE-2023-319xx/CVE-2023-31975.json) (`2023-06-21T03:15:09.253`) ## Download and Usage