diff --git a/CVE-2022/CVE-2022-336xx/CVE-2022-33646.json b/CVE-2022/CVE-2022-336xx/CVE-2022-33646.json index f802bb9a288..6acfb251d3a 100644 --- a/CVE-2022/CVE-2022-336xx/CVE-2022-33646.json +++ b/CVE-2022/CVE-2022-336xx/CVE-2022-33646.json @@ -2,12 +2,12 @@ "id": "CVE-2022-33646", "sourceIdentifier": "secure@microsoft.com", "published": "2022-08-09T20:15:10.157", - "lastModified": "2022-08-11T21:39:55.880", - "vulnStatus": "Analyzed", + "lastModified": "2023-06-01T02:15:09.343", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Azure Batch Node Agent Elevation of Privilege Vulnerability." + "value": "Azure Batch Node Agent Elevation of Privilege Vulnerability" }, { "lang": "es", @@ -70,12 +70,8 @@ ], "references": [ { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33646", - "source": "secure@microsoft.com", - "tags": [ - "Patch", - "Vendor Advisory" - ] + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33646", + "source": "secure@microsoft.com" } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-357xx/CVE-2022-35742.json b/CVE-2022/CVE-2022-357xx/CVE-2022-35742.json new file mode 100644 index 00000000000..5fd302aca96 --- /dev/null +++ b/CVE-2022/CVE-2022-357xx/CVE-2022-35742.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2022-35742", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-06-01T02:15:09.420", + "lastModified": "2023-06-01T02:15:09.420", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Outlook Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35742", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-422xx/CVE-2022-42225.json b/CVE-2022/CVE-2022-422xx/CVE-2022-42225.json index 4cf208b5214..a4013fb2629 100644 --- a/CVE-2022/CVE-2022-422xx/CVE-2022-42225.json +++ b/CVE-2022/CVE-2022-422xx/CVE-2022-42225.json @@ -2,8 +2,8 @@ "id": "CVE-2022-42225", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-24T20:15:09.763", - "lastModified": "2023-05-25T12:40:12.980", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-01T03:15:20.420", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -27,6 +27,10 @@ { "url": "https://github.com/jumpserver/lina/blob/v2.26.0/src/views/tickets/components/Comments.vue#L16", "source": "cve@mitre.org" + }, + { + "url": "https://github.com/jumpserver/lina/pull/2264", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-226xx/CVE-2023-22693.json b/CVE-2023/CVE-2023-226xx/CVE-2023-22693.json index 4800cf7aa74..9756fdcfb01 100644 --- a/CVE-2023/CVE-2023-226xx/CVE-2023-22693.json +++ b/CVE-2023/CVE-2023-226xx/CVE-2023-22693.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22693", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-26T13:15:09.483", - "lastModified": "2023-05-26T13:51:08.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-01T03:42:54.217", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:conlabz:wp_google_tag_manager:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.1", + "matchCriteriaId": "2DEDC8E4-512E-4319-B82B-00787D390F52" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-google-tag-manager/wordpress-wp-google-tag-manager-plugin-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-237xx/CVE-2023-23714.json b/CVE-2023/CVE-2023-237xx/CVE-2023-23714.json index 71eeb1cb9e9..d82cdb62e5e 100644 --- a/CVE-2023/CVE-2023-237xx/CVE-2023-23714.json +++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23714.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23714", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-26T12:15:13.840", - "lastModified": "2023-05-26T12:43:57.397", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-01T02:20:00.970", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:uncannyowl:uncanny_toolkit_for_learndash:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.6.4.1", + "matchCriteriaId": "2AB47FCF-DD77-4EB3-AA7A-A1A9DEB4DE05" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/uncanny-learndash-toolkit/wordpress-uncanny-toolkit-for-learndash-plugin-3-6-4-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-240xx/CVE-2023-24007.json b/CVE-2023/CVE-2023-240xx/CVE-2023-24007.json index 466cf391e3a..86a020b3d50 100644 --- a/CVE-2023/CVE-2023-240xx/CVE-2023-24007.json +++ b/CVE-2023/CVE-2023-240xx/CVE-2023-24007.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24007", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-26T12:15:15.070", - "lastModified": "2023-05-26T12:43:57.397", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-01T02:19:10.903", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:admin_block_country_project:admin_block_country:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "7.1.4", + "matchCriteriaId": "EE70AA95-D0C1-46AD-90C6-A973D8E60F12" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/admin-block-country/wordpress-admin-block-country-plugin-7-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-240xx/CVE-2023-24008.json b/CVE-2023/CVE-2023-240xx/CVE-2023-24008.json index 061a13babf4..2f2b07acf7d 100644 --- a/CVE-2023/CVE-2023-240xx/CVE-2023-24008.json +++ b/CVE-2023/CVE-2023-240xx/CVE-2023-24008.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24008", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-26T13:15:11.527", - "lastModified": "2023-05-26T13:51:08.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-01T03:43:44.337", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpmaspik:maspik:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "0.7.8", + "matchCriteriaId": "9D9C6B23-8217-4963-BC93-B3456757870D" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/contact-forms-anti-spam/wordpress-maspik-spam-blacklist-plugin-0-7-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-255xx/CVE-2023-25598.json b/CVE-2023/CVE-2023-255xx/CVE-2023-25598.json index dca97c793f3..993c15fd9e1 100644 --- a/CVE-2023/CVE-2023-255xx/CVE-2023-25598.json +++ b/CVE-2023/CVE-2023-255xx/CVE-2023-25598.json @@ -2,23 +2,82 @@ "id": "CVE-2023-25598", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-24T20:15:09.913", - "lastModified": "2023-05-25T12:40:12.980", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-01T02:08:29.597", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the home.php page. A successful exploit could allow an attacker to execute arbitrary scripts." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mitel:mivoice_connect:*:*:*:*:*:*:*:*", + "versionEndIncluding": "22.24.1500.0", + "matchCriteriaId": "07B89289-EB6B-49EA-AC12-0C39A99467DA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.mitel.com/support/security-advisories", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0003", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25781.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25781.json index c3216983732..1d5981538aa 100644 --- a/CVE-2023/CVE-2023-257xx/CVE-2023-25781.json +++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25781.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25781", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-26T12:15:15.637", - "lastModified": "2023-05-26T12:43:57.397", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-01T02:18:46.477", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:upload_file_type_settings_plugin_project:upload_file_type_settings_plugin:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.1", + "matchCriteriaId": "598F56E0-824D-4503-A508-5D3C500E8701" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/upload-file-type-settings-plugin/wordpress-upload-file-type-settings-plugin-plugin-1-1-cross-site-scripting-xss?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-259xx/CVE-2023-25971.json b/CVE-2023/CVE-2023-259xx/CVE-2023-25971.json index 662706ee468..9b6c4b04560 100644 --- a/CVE-2023/CVE-2023-259xx/CVE-2023-25971.json +++ b/CVE-2023/CVE-2023-259xx/CVE-2023-25971.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25971", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-26T12:15:16.273", - "lastModified": "2023-05-26T12:43:57.397", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-01T03:41:31.710", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fixbd:educare:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.4.1", + "matchCriteriaId": "24DD3629-087F-49B8-AFC2-439B2D46C21F" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/educare/wordpress-educare-students-result-management-system-plugin-1-4-1-cross-site-request-forgery-csrf?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-259xx/CVE-2023-25976.json b/CVE-2023/CVE-2023-259xx/CVE-2023-25976.json index e8cdd80566d..b99f5cc4371 100644 --- a/CVE-2023/CVE-2023-259xx/CVE-2023-25976.json +++ b/CVE-2023/CVE-2023-259xx/CVE-2023-25976.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25976", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-26T12:15:16.630", - "lastModified": "2023-05-26T12:43:57.397", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-01T03:42:16.540", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:crmperks:integration_for_contact_form_7_and_zoho_crm\\,_bigin:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2.2", + "matchCriteriaId": "C0BA09D0-36A5-4223-A34C-A7F3C24C9138" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/cf7-zoho/wordpress-integration-for-contact-form-7-and-zoho-crm-bigin-plugin-1-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2732.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2732.json index cf1128bde63..65e1e142871 100644 --- a/CVE-2023/CVE-2023-27xx/CVE-2023-2732.json +++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2732.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2732", "sourceIdentifier": "security@wordfence.com", "published": "2023-05-25T03:15:08.630", - "lastModified": "2023-05-25T12:40:12.980", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-01T02:05:57.587", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,18 +76,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:inspireui:mstore_api:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.9.2", + "matchCriteriaId": "BE0B0530-6BFB-4ADE-9E76-9B25DDEE023B" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/mstore-api/tags/3.9.0/controllers/listing-rest-api/class.api.fields.php#L1079", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2916124%40mstore-api&old=2915729%40mstore-api&sfp_email=&sfph_mail=#file58", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f00761a7-fe24-49a3-b3e3-a471e05815c1?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2733.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2733.json index 7f58ad40b57..1d4f21b6749 100644 --- a/CVE-2023/CVE-2023-27xx/CVE-2023-2733.json +++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2733.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2733", "sourceIdentifier": "security@wordfence.com", "published": "2023-05-25T03:15:08.797", - "lastModified": "2023-05-25T12:40:12.980", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-01T02:05:09.063", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,18 +76,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:inspireui:mstore_api:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.9.0", + "matchCriteriaId": "C956DD34-C518-4A7F-BB89-15BEE99C48B5" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/mstore-api/tags/3.9.0/controllers/flutter-woo.php#L734", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2913397%40mstore-api&old=2910707%40mstore-api&sfp_email=&sfph_mail=#file60", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c726d8f0-7f2a-414b-9d73-a053921074d9?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28399.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28399.json new file mode 100644 index 00000000000..c122d0fb737 --- /dev/null +++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28399.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-28399", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2023-06-01T02:15:09.497", + "lastModified": "2023-06-01T02:15:09.497", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Incorrect permission assignment for critical resource exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. ACL (Access Control List) is not appropriately set to the local folder where the affected product is installed, therefore a wide range of privileges is permitted to a user of the PC where the affected product is installed. As a result, the user may be able to destroy the system and/or execute a malicious program." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://jvn.jp/en/vu/JVNVU93372935/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdf", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdf", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-286xx/CVE-2023-28651.json b/CVE-2023/CVE-2023-286xx/CVE-2023-28651.json new file mode 100644 index 00000000000..227bb2dd51e --- /dev/null +++ b/CVE-2023/CVE-2023-286xx/CVE-2023-28651.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-28651", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2023-06-01T02:15:09.550", + "lastModified": "2023-06-01T02:15:09.550", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. If a user who can access the affected product with an administrative privilege configures specially crafted settings, an arbitrary script may be executed on the web browser of the other user who is accessing the affected product with an administrative privilege." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://jvn.jp/en/vu/JVNVU93372935/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdf", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdf", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-286xx/CVE-2023-28657.json b/CVE-2023/CVE-2023-286xx/CVE-2023-28657.json new file mode 100644 index 00000000000..1e4d926b188 --- /dev/null +++ b/CVE-2023/CVE-2023-286xx/CVE-2023-28657.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-28657", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2023-06-01T02:15:09.597", + "lastModified": "2023-06-01T02:15:09.597", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper access control vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user of the PC where the affected product is installed may gain an administrative privilege. As a result, information regarding the product may be obtained and/or altered by the user." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://jvn.jp/en/vu/JVNVU93372935/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdf", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdf", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28713.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28713.json new file mode 100644 index 00000000000..1774b55a471 --- /dev/null +++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28713.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-28713", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2023-06-01T02:15:09.637", + "lastModified": "2023-06-01T02:15:09.637", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Plaintext storage of a password exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. Because account information of the database is saved in a local file in plaintext, a user who can access the PC where the affected product is installed can obtain the information. As a result, information in the database may be obtained and/or altered by the user." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://jvn.jp/en/vu/JVNVU93372935/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdf", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdf", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28785.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28785.json index a4f3a957fa8..5adad13aff4 100644 --- a/CVE-2023/CVE-2023-287xx/CVE-2023-28785.json +++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28785.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28785", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-28T19:15:09.207", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-01T03:53:04.007", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yoast:yoast_seo:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "14.9", + "matchCriteriaId": "D0C5AA3D-4A05-4ED9-8B7D-5ADD3AD4AD5F" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wpseo-local/wordpress-yoast-seo-local-plugin-14-9-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-288xx/CVE-2023-28824.json b/CVE-2023/CVE-2023-288xx/CVE-2023-28824.json new file mode 100644 index 00000000000..4dc1535b59e --- /dev/null +++ b/CVE-2023/CVE-2023-288xx/CVE-2023-28824.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-28824", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2023-06-01T02:15:09.673", + "lastModified": "2023-06-01T02:15:09.673", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Server-side request forgery vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may bypass the database restriction set on the query setting page, and connect to a user unintended database." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://jvn.jp/en/vu/JVNVU93372935/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdf", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdf", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-289xx/CVE-2023-28937.json b/CVE-2023/CVE-2023-289xx/CVE-2023-28937.json new file mode 100644 index 00000000000..0e3089347dc --- /dev/null +++ b/CVE-2023/CVE-2023-289xx/CVE-2023-28937.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-28937", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2023-06-01T02:15:09.717", + "lastModified": "2023-06-01T02:15:09.717", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "DataSpider Servista version 4.4 and earlier uses a hard-coded cryptographic key. DataSpider Servista is data integration software. ScriptRunner and ScriptRunner for Amazon SQS are used to start the configured processes on DataSpider Servista. The cryptographic key is embedded in ScriptRunner and ScriptRunner for Amazon SQS, which is common to all users. If an attacker who can gain access to a target DataSpider Servista instance and obtain a Launch Settings file of ScriptRunner and/or ScriptRunner for Amazon SQS, the attacker may perform operations with the user privilege encrypted in the file." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://jvn.jp/en/jp/JVN38222042/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.hulft.com/download_file/18675", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29098.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29098.json index 0ce7bcc04dd..7db15fbb9e1 100644 --- a/CVE-2023/CVE-2023-290xx/CVE-2023-29098.json +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29098.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29098", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-26T15:15:12.320", - "lastModified": "2023-05-26T15:56:52.630", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-01T02:59:23.130", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:artistscope:copysafe_web_protection:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.14", + "matchCriteriaId": "CDE47D8A-2CD9-427E-8D63-7C901F72FEA4" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-copysafe-web/wordpress-copysafe-web-protection-plugin-3-13-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-291xx/CVE-2023-29154.json b/CVE-2023/CVE-2023-291xx/CVE-2023-29154.json new file mode 100644 index 00000000000..9aab6da82ef --- /dev/null +++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29154.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-29154", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2023-06-01T02:15:09.760", + "lastModified": "2023-06-01T02:15:09.760", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SQL injection vulnerability exists in the CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may execute an arbitrary SQL command via specially crafted input to the query setting page." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://jvn.jp/en/vu/JVNVU93372935/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdf", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdf", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-291xx/CVE-2023-29159.json b/CVE-2023/CVE-2023-291xx/CVE-2023-29159.json new file mode 100644 index 00000000000..d8108a42f88 --- /dev/null +++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29159.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-29159", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2023-06-01T02:15:09.803", + "lastModified": "2023-06-01T02:15:09.803", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/encode/starlette/releases/tag/0.27.0", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://github.com/encode/starlette/security/advisories/GHSA-v5gw-mw7f-84px", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://jvn.jp/en/jp/JVN95981715/", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-297xx/CVE-2023-29721.json b/CVE-2023/CVE-2023-297xx/CVE-2023-29721.json index 722c54e2be6..cc7a4056ac1 100644 --- a/CVE-2023/CVE-2023-297xx/CVE-2023-29721.json +++ b/CVE-2023/CVE-2023-297xx/CVE-2023-29721.json @@ -2,23 +2,86 @@ "id": "CVE-2023-29721", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-24T21:15:11.470", - "lastModified": "2023-05-25T12:40:12.980", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-01T02:27:07.810", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "SofaWiki <= 3.8.9 has a file upload vulnerability that leads to command execution." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sofawiki_project:sofawiki:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.8.9", + "matchCriteriaId": "7860B5D2-9810-4846-89E3-1CE46CA3194A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/bellenuit/sofawiki/issues/27", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://github.com/xul18/Showcase/issues/2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-297xx/CVE-2023-29748.json b/CVE-2023/CVE-2023-297xx/CVE-2023-29748.json new file mode 100644 index 00000000000..c63a0c980be --- /dev/null +++ b/CVE-2023/CVE-2023-297xx/CVE-2023-29748.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-29748", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-01T03:15:20.500", + "lastModified": "2023-06-01T03:15:20.500", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Story Saver for Instragram - Video Downloader 1.0.6 for Android has an exposed component that provides a method to modify the SharedPreference file. An attacker can leverage this method to inject a large amount of data into any SharedPreference file, which will be loaded into memory when the application is opened. When an attacker injects too much data, the application will trigger an OOM error and crash at startup, resulting in a persistent denial of service." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://apksos.com/app/story.saver.downloader.photo.video.repost.byrk", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29748/CVE%20detail.md", + "source": "cve@mitre.org" + }, + { + "url": "https://play.google.com/store/apps/details?id=ru.yandex.yandexnavi", + "source": "cve@mitre.org" + }, + { + "url": "https://www.instagram.com/nihans_macrame/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2922.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2922.json index bd43364adf6..027d697af19 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2922.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2922.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2922", "sourceIdentifier": "cna@vuldb.com", "published": "2023-05-27T08:15:09.577", - "lastModified": "2023-05-28T02:28:04.970", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-01T03:44:39.733", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:comment_system_project:comment_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "8DE177D4-4EAB-4A47-BE98-FC6F4E151DA0" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/kanyl6/CVERequest/blob/main/XSS.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.230076", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.230076", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2942.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2942.json index 8d22df5104d..81f34438af0 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2942.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2942.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2942", "sourceIdentifier": "security@huntr.dev", "published": "2023-05-27T22:15:09.483", - "lastModified": "2023-05-28T02:28:04.970", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-01T03:55:35.047", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.0.1", + "matchCriteriaId": "30B2EE3F-FA55-46FB-BC32-B041753826A4" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/openemr/openemr/commit/c1c0805696ca68577c37bf30e29f90e5f3e0f1a9", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/dd56e7a0-9dff-48fc-bc59-9a22d91869eb", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2943.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2943.json index fc2198459f1..5f753ef8667 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2943.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2943.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2943", "sourceIdentifier": "security@huntr.dev", "published": "2023-05-27T22:15:10.007", - "lastModified": "2023-05-28T02:28:04.970", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-01T03:45:56.243", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.0.1", + "matchCriteriaId": "30B2EE3F-FA55-46FB-BC32-B041753826A4" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/openemr/openemr/commit/c1c0805696ca68577c37bf30e29f90e5f3e0f1a9", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/4190f944-dc2c-4624-9abf-31479456faa9", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2944.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2944.json index 1cf99b38f18..e422fcdc1b9 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2944.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2944.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2944", "sourceIdentifier": "security@huntr.dev", "published": "2023-05-27T22:15:10.083", - "lastModified": "2023-05-28T02:28:04.970", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-01T03:54:29.820", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.0.1", + "matchCriteriaId": "30B2EE3F-FA55-46FB-BC32-B041753826A4" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/openemr/openemr/commit/723ac5d78080d1b8542f47673988cd63e0389d25", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/0d67dcb1-acc0-4d5d-bb69-a09d1bc9fa1d", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2945.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2945.json index 24b58fb55f6..18e63c7392c 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2945.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2945.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2945", "sourceIdentifier": "security@huntr.dev", "published": "2023-05-27T22:15:10.167", - "lastModified": "2023-05-28T02:28:04.970", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-01T03:46:34.900", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.0.1", + "matchCriteriaId": "30B2EE3F-FA55-46FB-BC32-B041753826A4" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/openemr/openemr/commit/3656bc88288957d68ba040cad2e5f9dbd1b607b1", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/62de71bd-333d-4593-91a5-534ef7f0c435", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2946.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2946.json index 8be5d8fb6ac..8f1536a1736 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2946.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2946.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2946", "sourceIdentifier": "security@huntr.dev", "published": "2023-05-27T23:15:09.217", - "lastModified": "2023-05-28T02:28:04.970", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-01T03:46:57.990", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.0.1", + "matchCriteriaId": "30B2EE3F-FA55-46FB-BC32-B041753826A4" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/openemr/openemr/commit/81832acc14207e577e76c4175967c99ae7e3d3f4", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/e550f4b0-945c-4886-af7f-ee0dc30b2a08", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2947.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2947.json index f0022c24119..18b3f5af5cd 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2947.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2947.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2947", "sourceIdentifier": "security@huntr.dev", "published": "2023-05-27T23:15:09.283", - "lastModified": "2023-05-28T02:28:04.970", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-01T03:47:19.823", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.0.1", + "matchCriteriaId": "30B2EE3F-FA55-46FB-BC32-B041753826A4" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/openemr/openemr/commit/8d2d601ac40aca75bcd2c3cf193f59c8e56d8425", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/52534def-acab-4200-a79a-89ef4ce6a0b0", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2948.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2948.json index ce82c8f10fb..b4f61a50e4a 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2948.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2948.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2948", "sourceIdentifier": "security@huntr.dev", "published": "2023-05-28T04:15:12.117", - "lastModified": "2023-05-28T18:32:54.977", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-01T03:51:17.350", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -36,7 +58,7 @@ }, "weaknesses": [ { - "source": "security@huntr.dev", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,16 +66,52 @@ "value": "CWE-79" } ] + }, + { + "source": "security@huntr.dev", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.0.1", + "matchCriteriaId": "30B2EE3F-FA55-46FB-BC32-B041753826A4" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/openemr/openemr/commit/af1ecf78d1342519791bda9d3079e88f7d859015", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/2393e4d9-9e9f-455f-bf50-f20f77b0a64d", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2949.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2949.json index deddd4b1e7c..5d9e9f61765 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2949.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2949.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2949", "sourceIdentifier": "security@huntr.dev", "published": "2023-05-28T04:15:13.143", - "lastModified": "2023-05-28T18:32:54.977", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-01T03:51:11.007", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.0.1", + "matchCriteriaId": "30B2EE3F-FA55-46FB-BC32-B041753826A4" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/openemr/openemr/commit/af1ecf78d1342519791bda9d3079e88f7d859015", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/3842486f-38b1-4150-9f78-b81d0ae580c4", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2950.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2950.json index e3e2ce6561c..8b75594354c 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2950.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2950.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2950", "sourceIdentifier": "security@huntr.dev", "published": "2023-05-28T04:15:14.513", - "lastModified": "2023-05-28T18:32:54.977", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-01T03:51:57.090", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.0.1", + "matchCriteriaId": "30B2EE3F-FA55-46FB-BC32-B041753826A4" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/openemr/openemr/commit/abee8d2606c706176818de25eb88a2d08b8f7fa4", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/612d13cf-2ef9-44ea-b8fb-e797948a9a86", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2951.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2951.json index 2dbaacff0f2..267eb5d3d0b 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2951.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2951.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2951", "sourceIdentifier": "cna@vuldb.com", "published": "2023-05-28T06:15:13.013", - "lastModified": "2023-05-28T18:32:54.977", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-01T03:52:51.403", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bus_dispatch_and_information_system_project:bus_dispatch_and_information_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7617077D-5306-4794-B118-A6CB5E7ECB02" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/F1owerSugarzzz/Commit-Vulnerability-Cve/blob/main/Bus%20Dispatch%20and%20Information%20System%20in%20delete_bus%20has%20Sql%20injection%20vulnerabilities.pdf", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.230112", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.230112", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-301xx/CVE-2023-30145.json b/CVE-2023/CVE-2023-301xx/CVE-2023-30145.json index 6d63378bf01..54a0195ab12 100644 --- a/CVE-2023/CVE-2023-301xx/CVE-2023-30145.json +++ b/CVE-2023/CVE-2023-301xx/CVE-2023-30145.json @@ -2,35 +2,109 @@ "id": "CVE-2023-30145", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-26T15:15:12.880", - "lastModified": "2023-05-29T17:15:10.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-01T03:44:11.957", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tuzitio:camaleon_cms:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.7.0", + "matchCriteriaId": "DB124BA6-64B8-4E03-8F6D-E06F976D3832" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/172593/Camaleon-CMS-2.7.0-Server-Side-Template-Injection.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Technical Description", + "Third Party Advisory" + ] }, { "url": "https://drive.google.com/file/d/11MsSYqUnDRFjcwbQKJeL9Q8nWpgVYf2r/view?usp=share_link", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/paragbagul111/CVE-2023-30145", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://portswigger.net/research/server-side-template-injection", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Technical Description" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30758.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30758.json new file mode 100644 index 00000000000..8c76e75a653 --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30758.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-30758", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2023-06-01T02:15:09.847", + "lastModified": "2023-06-01T02:15:09.847", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-site scripting vulnerability in Pleasanter 1.3.38.1 and earlier allows a remote authenticated attacker to inject an arbitrary script." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Implem/Implem.Pleasanter/issues/474", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://jvn.jp/en/jp/JVN62111727/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://pleasanter.org/archives/vulnerability-update-202305", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31457.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31457.json index b15ad1a0ca9..e066efb018a 100644 --- a/CVE-2023/CVE-2023-314xx/CVE-2023-31457.json +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31457.json @@ -2,23 +2,82 @@ "id": "CVE-2023-31457", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-24T20:15:09.977", - "lastModified": "2023-05-25T12:40:12.980", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-01T02:15:21.670", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mitel:mivoice_connect:*:*:*:*:*:*:*:*", + "versionEndIncluding": "22.24.1500.0", + "matchCriteriaId": "07B89289-EB6B-49EA-AC12-0C39A99467DA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.mitel.com/support/security-advisories", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0004", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32800.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32800.json index 41333402391..b8dfdb6c6e6 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32800.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32800.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32800", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-28T19:15:09.290", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-01T03:53:13.993", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +64,43 @@ "value": "CWE-79" } ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rankmath:seo_pro:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.0.35", + "matchCriteriaId": "114C20EB-9188-477F-AA08-2255D3D0346E" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/seo-by-rank-math-pro/wordpress-rank-math-seo-pro-plugin-3-0-35-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32964.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32964.json index 3449b0bb7a0..0fb2ed86d8c 100644 --- a/CVE-2023/CVE-2023-329xx/CVE-2023-32964.json +++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32964.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32964", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-26T15:15:13.853", - "lastModified": "2023-05-26T15:56:52.630", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-01T03:44:21.340", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:madewithfuel:better_notifications_for_wp:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.9.3", + "matchCriteriaId": "4C325658-0644-4CD3-AA8B-859E0605EFF5" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/bnfw/wordpress-better-notifications-for-wp-plugin-1-9-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33211.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33211.json index 8b54a185bd7..39b7af4223f 100644 --- a/CVE-2023/CVE-2023-332xx/CVE-2023-33211.json +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33211.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33211", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-28T19:15:09.357", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-01T03:53:38.500", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wp-matomo_integration_project:wp-matomo_integration:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.27", + "matchCriteriaId": "7DFF6CD5-8810-4584-8558-4B163279BDFC" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-piwik/wordpress-wp-matomo-integration-wp-piwik-plugin-1-0-27-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33311.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33311.json index 3a03228c398..94644ab5ddc 100644 --- a/CVE-2023/CVE-2023-333xx/CVE-2023-33311.json +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33311.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33311", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-28T19:15:09.427", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-01T03:53:43.727", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:crmperks:contact_form_entries_-_contact_form_7_wpforms_and_more:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.3.0", + "matchCriteriaId": "DFDC4761-726F-415A-96B2-178E2378373B" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/contact-form-entries/wordpress-contact-form-entries-plugin-1-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33319.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33319.json index bb8c12dff53..c5cad22cebc 100644 --- a/CVE-2023/CVE-2023-333xx/CVE-2023-33319.json +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33319.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33319", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-28T19:15:09.643", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-01T03:53:32.010", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:woocommerce:automatewoo:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.9.40", + "matchCriteriaId": "05155BDD-70A6-4927-A937-4D9BBC42961B" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/woocommerce-follow-up-emails/wordpress-woocommerce-follow-up-emails-plugin-4-9-40-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33332.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33332.json index 1c52a956ce9..5adc4a1a6bc 100644 --- a/CVE-2023/CVE-2023-333xx/CVE-2023-33332.json +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33332.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33332", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-28T19:15:09.717", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-01T03:53:26.527", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:woocommerce_product_vendors_project:woocommerce_product_vendors:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.1.76", + "matchCriteriaId": "928DC921-F688-44F9-AE34-4E9BCE3C1EE6" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/woocommerce-product-vendors/wordpress-woocommerce-product-vendors-plugin-2-1-76-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-334xx/CVE-2023-33461.json b/CVE-2023/CVE-2023-334xx/CVE-2023-33461.json new file mode 100644 index 00000000000..e30c4959f6b --- /dev/null +++ b/CVE-2023/CVE-2023-334xx/CVE-2023-33461.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33461", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-01T03:15:20.547", + "lastModified": "2023-06-01T03:15:20.547", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "iniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparser_getlongint which misses check NULL for function iniparser_getstring's return." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/ndevilla/iniparser/issues/144", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33716.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33716.json new file mode 100644 index 00000000000..f87e1d0f762 --- /dev/null +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33716.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33716", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-01T03:15:20.590", + "lastModified": "2023-06-01T03:15:20.590", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "mp4v2 v2.1.3 was discovered to contain a memory leak via the class MP4StringProperty at mp4property.cpp." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/enzo1982/mp4v2/issues/36", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33719.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33719.json new file mode 100644 index 00000000000..9d873548856 --- /dev/null +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33719.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-33719", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-01T03:15:20.630", + "lastModified": "2023-06-01T03:15:20.630", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "mp4v2 v2.1.3 was discovered to contain a memory leak via MP4SdpAtom::Read() at atom_sdp.cpp" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/enzo1982/mp4v2/", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/enzo1982/mp4v2/issues/37", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34312.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34312.json new file mode 100644 index 00000000000..3ab551d2366 --- /dev/null +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34312.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-34312", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-01T03:15:20.673", + "lastModified": "2023-06-01T03:15:20.673", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/vi3t1/qq-tim-elevation", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 00a70f69f11..dbc0194bca4 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-06-01T02:00:25.544683+00:00 +2023-06-01T04:00:25.080359+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-06-01T01:49:02.500000+00:00 +2023-06-01T03:55:35.047000+00:00 ``` ### Last Data Feed Release @@ -29,52 +29,59 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -216587 +216602 ``` ### CVEs added in the last Commit -Recently added CVEs: `8` +Recently added CVEs: `15` -* [CVE-2023-23952](CVE-2023/CVE-2023-239xx/CVE-2023-23952.json) (`2023-06-01T01:15:17.687`) -* [CVE-2023-23953](CVE-2023/CVE-2023-239xx/CVE-2023-23953.json) (`2023-06-01T01:15:17.747`) -* [CVE-2023-23954](CVE-2023/CVE-2023-239xx/CVE-2023-23954.json) (`2023-06-01T01:15:17.783`) -* [CVE-2023-23955](CVE-2023/CVE-2023-239xx/CVE-2023-23955.json) (`2023-06-01T01:15:17.820`) -* [CVE-2023-2598](CVE-2023/CVE-2023-25xx/CVE-2023-2598.json) (`2023-06-01T01:15:17.867`) -* [CVE-2023-2977](CVE-2023/CVE-2023-29xx/CVE-2023-2977.json) (`2023-06-01T01:15:17.917`) -* [CVE-2023-2985](CVE-2023/CVE-2023-29xx/CVE-2023-2985.json) (`2023-06-01T01:15:17.970`) -* [CVE-2023-3026](CVE-2023/CVE-2023-30xx/CVE-2023-3026.json) (`2023-06-01T01:15:18.213`) +* [CVE-2022-35742](CVE-2022/CVE-2022-357xx/CVE-2022-35742.json) (`2023-06-01T02:15:09.420`) +* [CVE-2023-28399](CVE-2023/CVE-2023-283xx/CVE-2023-28399.json) (`2023-06-01T02:15:09.497`) +* [CVE-2023-28651](CVE-2023/CVE-2023-286xx/CVE-2023-28651.json) (`2023-06-01T02:15:09.550`) +* [CVE-2023-28657](CVE-2023/CVE-2023-286xx/CVE-2023-28657.json) (`2023-06-01T02:15:09.597`) +* [CVE-2023-28713](CVE-2023/CVE-2023-287xx/CVE-2023-28713.json) (`2023-06-01T02:15:09.637`) +* [CVE-2023-28824](CVE-2023/CVE-2023-288xx/CVE-2023-28824.json) (`2023-06-01T02:15:09.673`) +* [CVE-2023-28937](CVE-2023/CVE-2023-289xx/CVE-2023-28937.json) (`2023-06-01T02:15:09.717`) +* [CVE-2023-29154](CVE-2023/CVE-2023-291xx/CVE-2023-29154.json) (`2023-06-01T02:15:09.760`) +* [CVE-2023-29159](CVE-2023/CVE-2023-291xx/CVE-2023-29159.json) (`2023-06-01T02:15:09.803`) +* [CVE-2023-30758](CVE-2023/CVE-2023-307xx/CVE-2023-30758.json) (`2023-06-01T02:15:09.847`) +* [CVE-2023-29748](CVE-2023/CVE-2023-297xx/CVE-2023-29748.json) (`2023-06-01T03:15:20.500`) +* [CVE-2023-33461](CVE-2023/CVE-2023-334xx/CVE-2023-33461.json) (`2023-06-01T03:15:20.547`) +* [CVE-2023-33716](CVE-2023/CVE-2023-337xx/CVE-2023-33716.json) (`2023-06-01T03:15:20.590`) +* [CVE-2023-33719](CVE-2023/CVE-2023-337xx/CVE-2023-33719.json) (`2023-06-01T03:15:20.630`) +* [CVE-2023-34312](CVE-2023/CVE-2023-343xx/CVE-2023-34312.json) (`2023-06-01T03:15:20.673`) ### CVEs modified in the last Commit -Recently modified CVEs: `73` +Recently modified CVEs: `34` -* [CVE-2023-34256](CVE-2023/CVE-2023-342xx/CVE-2023-34256.json) (`2023-06-01T01:17:03.663`) -* [CVE-2023-34257](CVE-2023/CVE-2023-342xx/CVE-2023-34257.json) (`2023-06-01T01:17:03.663`) -* [CVE-2023-34258](CVE-2023/CVE-2023-342xx/CVE-2023-34258.json) (`2023-06-01T01:17:03.663`) -* [CVE-2023-3006](CVE-2023/CVE-2023-30xx/CVE-2023-3006.json) (`2023-06-01T01:17:03.663`) -* [CVE-2023-33627](CVE-2023/CVE-2023-336xx/CVE-2023-33627.json) (`2023-06-01T01:17:03.663`) -* [CVE-2023-33628](CVE-2023/CVE-2023-336xx/CVE-2023-33628.json) (`2023-06-01T01:17:03.663`) -* [CVE-2023-33629](CVE-2023/CVE-2023-336xx/CVE-2023-33629.json) (`2023-06-01T01:17:03.663`) -* [CVE-2023-33630](CVE-2023/CVE-2023-336xx/CVE-2023-33630.json) (`2023-06-01T01:17:03.663`) -* [CVE-2023-33631](CVE-2023/CVE-2023-336xx/CVE-2023-33631.json) (`2023-06-01T01:17:03.663`) -* [CVE-2023-33632](CVE-2023/CVE-2023-336xx/CVE-2023-33632.json) (`2023-06-01T01:17:03.663`) -* [CVE-2023-33633](CVE-2023/CVE-2023-336xx/CVE-2023-33633.json) (`2023-06-01T01:17:03.663`) -* [CVE-2023-33634](CVE-2023/CVE-2023-336xx/CVE-2023-33634.json) (`2023-06-01T01:17:03.663`) -* [CVE-2023-33635](CVE-2023/CVE-2023-336xx/CVE-2023-33635.json) (`2023-06-01T01:17:03.663`) -* [CVE-2023-33636](CVE-2023/CVE-2023-336xx/CVE-2023-33636.json) (`2023-06-01T01:17:03.663`) -* [CVE-2023-33637](CVE-2023/CVE-2023-336xx/CVE-2023-33637.json) (`2023-06-01T01:17:03.663`) -* [CVE-2023-33638](CVE-2023/CVE-2023-336xx/CVE-2023-33638.json) (`2023-06-01T01:17:03.663`) -* [CVE-2023-33639](CVE-2023/CVE-2023-336xx/CVE-2023-33639.json) (`2023-06-01T01:17:03.663`) -* [CVE-2023-33640](CVE-2023/CVE-2023-336xx/CVE-2023-33640.json) (`2023-06-01T01:17:03.663`) -* [CVE-2023-33641](CVE-2023/CVE-2023-336xx/CVE-2023-33641.json) (`2023-06-01T01:17:03.663`) -* [CVE-2023-33642](CVE-2023/CVE-2023-336xx/CVE-2023-33642.json) (`2023-06-01T01:17:03.663`) -* [CVE-2023-33643](CVE-2023/CVE-2023-336xx/CVE-2023-33643.json) (`2023-06-01T01:17:03.663`) -* [CVE-2023-33280](CVE-2023/CVE-2023-332xx/CVE-2023-33280.json) (`2023-06-01T01:25:23.597`) -* [CVE-2023-33278](CVE-2023/CVE-2023-332xx/CVE-2023-33278.json) (`2023-06-01T01:26:12.767`) -* [CVE-2023-25439](CVE-2023/CVE-2023-254xx/CVE-2023-25439.json) (`2023-06-01T01:26:38.750`) -* [CVE-2023-31460](CVE-2023/CVE-2023-314xx/CVE-2023-31460.json) (`2023-06-01T01:49:02.500`) +* [CVE-2023-29721](CVE-2023/CVE-2023-297xx/CVE-2023-29721.json) (`2023-06-01T02:27:07.810`) +* [CVE-2023-29098](CVE-2023/CVE-2023-290xx/CVE-2023-29098.json) (`2023-06-01T02:59:23.130`) +* [CVE-2023-25971](CVE-2023/CVE-2023-259xx/CVE-2023-25971.json) (`2023-06-01T03:41:31.710`) +* [CVE-2023-25976](CVE-2023/CVE-2023-259xx/CVE-2023-25976.json) (`2023-06-01T03:42:16.540`) +* [CVE-2023-22693](CVE-2023/CVE-2023-226xx/CVE-2023-22693.json) (`2023-06-01T03:42:54.217`) +* [CVE-2023-24008](CVE-2023/CVE-2023-240xx/CVE-2023-24008.json) (`2023-06-01T03:43:44.337`) +* [CVE-2023-30145](CVE-2023/CVE-2023-301xx/CVE-2023-30145.json) (`2023-06-01T03:44:11.957`) +* [CVE-2023-32964](CVE-2023/CVE-2023-329xx/CVE-2023-32964.json) (`2023-06-01T03:44:21.340`) +* [CVE-2023-2922](CVE-2023/CVE-2023-29xx/CVE-2023-2922.json) (`2023-06-01T03:44:39.733`) +* [CVE-2023-2943](CVE-2023/CVE-2023-29xx/CVE-2023-2943.json) (`2023-06-01T03:45:56.243`) +* [CVE-2023-2945](CVE-2023/CVE-2023-29xx/CVE-2023-2945.json) (`2023-06-01T03:46:34.900`) +* [CVE-2023-2946](CVE-2023/CVE-2023-29xx/CVE-2023-2946.json) (`2023-06-01T03:46:57.990`) +* [CVE-2023-2947](CVE-2023/CVE-2023-29xx/CVE-2023-2947.json) (`2023-06-01T03:47:19.823`) +* [CVE-2023-2949](CVE-2023/CVE-2023-29xx/CVE-2023-2949.json) (`2023-06-01T03:51:11.007`) +* [CVE-2023-2948](CVE-2023/CVE-2023-29xx/CVE-2023-2948.json) (`2023-06-01T03:51:17.350`) +* [CVE-2023-2950](CVE-2023/CVE-2023-29xx/CVE-2023-2950.json) (`2023-06-01T03:51:57.090`) +* [CVE-2023-2951](CVE-2023/CVE-2023-29xx/CVE-2023-2951.json) (`2023-06-01T03:52:51.403`) +* [CVE-2023-28785](CVE-2023/CVE-2023-287xx/CVE-2023-28785.json) (`2023-06-01T03:53:04.007`) +* [CVE-2023-32800](CVE-2023/CVE-2023-328xx/CVE-2023-32800.json) (`2023-06-01T03:53:13.993`) +* [CVE-2023-33332](CVE-2023/CVE-2023-333xx/CVE-2023-33332.json) (`2023-06-01T03:53:26.527`) +* [CVE-2023-33319](CVE-2023/CVE-2023-333xx/CVE-2023-33319.json) (`2023-06-01T03:53:32.010`) +* [CVE-2023-33211](CVE-2023/CVE-2023-332xx/CVE-2023-33211.json) (`2023-06-01T03:53:38.500`) +* [CVE-2023-33311](CVE-2023/CVE-2023-333xx/CVE-2023-33311.json) (`2023-06-01T03:53:43.727`) +* [CVE-2023-2944](CVE-2023/CVE-2023-29xx/CVE-2023-2944.json) (`2023-06-01T03:54:29.820`) +* [CVE-2023-2942](CVE-2023/CVE-2023-29xx/CVE-2023-2942.json) (`2023-06-01T03:55:35.047`) ## Download and Usage