From 937cc80b2d8b05cc1218a54ab539be31142a1b11 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 4 Aug 2023 18:00:38 +0000 Subject: [PATCH] Auto-Update: 2023-08-04T18:00:34.940204+00:00 --- CVE-2019/CVE-2019-195xx/CVE-2019-19527.json | 40 +- CVE-2020/CVE-2020-109xx/CVE-2020-10962.json | 69 ++- CVE-2021/CVE-2021-312xx/CVE-2021-31294.json | 12 +- CVE-2021/CVE-2021-316xx/CVE-2021-31680.json | 64 ++- CVE-2021/CVE-2021-34xx/CVE-2021-3450.json | 41 +- CVE-2021/CVE-2021-42xx/CVE-2021-4202.json | 47 +- CVE-2022/CVE-2022-10xx/CVE-2022-1048.json | 51 +- CVE-2022/CVE-2022-16xx/CVE-2022-1651.json | 21 +- CVE-2022/CVE-2022-16xx/CVE-2022-1671.json | 21 +- CVE-2022/CVE-2022-17xx/CVE-2022-1729.json | 109 +++- CVE-2022/CVE-2022-19xx/CVE-2022-1973.json | 21 +- CVE-2022/CVE-2022-32xx/CVE-2022-3202.json | 55 +- CVE-2022/CVE-2022-35xx/CVE-2022-3564.json | 50 +- CVE-2022/CVE-2022-414xx/CVE-2022-41401.json | 28 + CVE-2022/CVE-2022-418xx/CVE-2022-41858.json | 61 +- CVE-2022/CVE-2022-421xx/CVE-2022-42182.json | 71 ++- CVE-2022/CVE-2022-421xx/CVE-2022-42183.json | 71 ++- CVE-2022/CVE-2022-437xx/CVE-2022-43710.json | 70 ++- CVE-2022/CVE-2022-475xx/CVE-2022-47520.json | 19 +- CVE-2022/CVE-2022-48xx/CVE-2022-4888.json | 107 +++- CVE-2023/CVE-2023-205xx/CVE-2023-20583.json | 63 ++- CVE-2023/CVE-2023-225xx/CVE-2023-22595.json | 64 ++- CVE-2023/CVE-2023-235xx/CVE-2023-23548.json | 582 +++++++++++++++++++- CVE-2023/CVE-2023-249xx/CVE-2023-24971.json | 70 ++- CVE-2023/CVE-2023-258xx/CVE-2023-25837.json | 10 +- CVE-2023/CVE-2023-261xx/CVE-2023-26139.json | 64 ++- CVE-2023/CVE-2023-266xx/CVE-2023-26607.json | 92 +++- CVE-2023/CVE-2023-26xx/CVE-2023-2685.json | 49 +- CVE-2023/CVE-2023-314xx/CVE-2023-31425.json | 58 +- CVE-2023/CVE-2023-314xx/CVE-2023-31426.json | 64 ++- CVE-2023/CVE-2023-314xx/CVE-2023-31429.json | 57 +- CVE-2023/CVE-2023-317xx/CVE-2023-31710.json | 80 ++- CVE-2023/CVE-2023-323xx/CVE-2023-32302.json | 82 ++- CVE-2023/CVE-2023-32xx/CVE-2023-3292.json | 53 +- CVE-2023/CVE-2023-334xx/CVE-2023-33493.json | 59 +- CVE-2023/CVE-2023-335xx/CVE-2023-33561.json | 69 ++- CVE-2023/CVE-2023-335xx/CVE-2023-33562.json | 68 ++- CVE-2023/CVE-2023-343xx/CVE-2023-34358.json | 39 +- CVE-2023/CVE-2023-343xx/CVE-2023-34359.json | 39 +- CVE-2023/CVE-2023-343xx/CVE-2023-34360.json | 61 +- CVE-2023/CVE-2023-348xx/CVE-2023-34869.json | 68 ++- CVE-2023/CVE-2023-349xx/CVE-2023-34960.json | 71 ++- CVE-2023/CVE-2023-34xx/CVE-2023-3462.json | 75 ++- CVE-2023/CVE-2023-350xx/CVE-2023-35016.json | 62 ++- CVE-2023/CVE-2023-350xx/CVE-2023-35019.json | 62 ++- CVE-2023/CVE-2023-361xx/CVE-2023-36118.json | 87 ++- CVE-2023/CVE-2023-362xx/CVE-2023-36210.json | 71 ++- CVE-2023/CVE-2023-363xx/CVE-2023-36351.json | 70 ++- CVE-2023/CVE-2023-372xx/CVE-2023-37214.json | 71 ++- CVE-2023/CVE-2023-372xx/CVE-2023-37215.json | 69 ++- CVE-2023/CVE-2023-372xx/CVE-2023-37218.json | 56 +- CVE-2023/CVE-2023-372xx/CVE-2023-37219.json | 56 +- CVE-2023/CVE-2023-374xx/CVE-2023-37470.json | 55 ++ CVE-2023/CVE-2023-374xx/CVE-2023-37478.json | 76 ++- CVE-2023/CVE-2023-374xx/CVE-2023-37496.json | 59 +- CVE-2023/CVE-2023-375xx/CVE-2023-37580.json | 140 ++++- CVE-2023/CVE-2023-377xx/CVE-2023-37771.json | 64 ++- CVE-2023/CVE-2023-377xx/CVE-2023-37772.json | 73 ++- CVE-2023/CVE-2023-378xx/CVE-2023-37896.json | 63 +++ CVE-2023/CVE-2023-384xx/CVE-2023-38487.json | 59 ++ CVE-2023/CVE-2023-384xx/CVE-2023-38494.json | 59 ++ CVE-2023/CVE-2023-384xx/CVE-2023-38497.json | 75 +++ CVE-2023/CVE-2023-385xx/CVE-2023-38559.json | 95 +++- CVE-2023/CVE-2023-385xx/CVE-2023-38560.json | 80 ++- CVE-2023/CVE-2023-386xx/CVE-2023-38686.json | 79 +++ CVE-2023/CVE-2023-386xx/CVE-2023-38688.json | 63 +++ CVE-2023/CVE-2023-386xx/CVE-2023-38689.json | 63 +++ CVE-2023/CVE-2023-386xx/CVE-2023-38690.json | 67 +++ CVE-2023/CVE-2023-386xx/CVE-2023-38691.json | 59 ++ CVE-2023/CVE-2023-387xx/CVE-2023-38750.json | 211 ++++++- CVE-2023/CVE-2023-389xx/CVE-2023-38964.json | 20 + CVE-2023/CVE-2023-38xx/CVE-2023-3825.json | 61 +- CVE-2023/CVE-2023-391xx/CVE-2023-39112.json | 20 + CVE-2023/CVE-2023-391xx/CVE-2023-39122.json | 64 ++- CVE-2023/CVE-2023-391xx/CVE-2023-39143.json | 24 + CVE-2023/CVE-2023-391xx/CVE-2023-39147.json | 70 ++- CVE-2023/CVE-2023-39xx/CVE-2023-3983.json | 65 ++- CVE-2023/CVE-2023-39xx/CVE-2023-3997.json | 65 ++- CVE-2023/CVE-2023-40xx/CVE-2023-4004.json | 127 ++++- CVE-2023/CVE-2023-40xx/CVE-2023-4010.json | 89 ++- CVE-2023/CVE-2023-40xx/CVE-2023-4033.json | 54 +- CVE-2023/CVE-2023-40xx/CVE-2023-4058.json | 69 ++- CVE-2023/CVE-2023-40xx/CVE-2023-4068.json | 70 ++- CVE-2023/CVE-2023-40xx/CVE-2023-4069.json | 70 ++- CVE-2023/CVE-2023-40xx/CVE-2023-4070.json | 70 ++- CVE-2023/CVE-2023-40xx/CVE-2023-4071.json | 70 ++- CVE-2023/CVE-2023-40xx/CVE-2023-4072.json | 74 ++- CVE-2023/CVE-2023-40xx/CVE-2023-4073.json | 82 ++- CVE-2023/CVE-2023-40xx/CVE-2023-4074.json | 70 ++- CVE-2023/CVE-2023-40xx/CVE-2023-4075.json | 70 ++- CVE-2023/CVE-2023-40xx/CVE-2023-4076.json | 70 ++- CVE-2023/CVE-2023-40xx/CVE-2023-4077.json | 70 ++- CVE-2023/CVE-2023-40xx/CVE-2023-4078.json | 70 ++- README.md | 73 ++- 94 files changed, 6165 insertions(+), 431 deletions(-) create mode 100644 CVE-2022/CVE-2022-414xx/CVE-2022-41401.json create mode 100644 CVE-2023/CVE-2023-374xx/CVE-2023-37470.json create mode 100644 CVE-2023/CVE-2023-378xx/CVE-2023-37896.json create mode 100644 CVE-2023/CVE-2023-384xx/CVE-2023-38487.json create mode 100644 CVE-2023/CVE-2023-384xx/CVE-2023-38494.json create mode 100644 CVE-2023/CVE-2023-384xx/CVE-2023-38497.json create mode 100644 CVE-2023/CVE-2023-386xx/CVE-2023-38686.json create mode 100644 CVE-2023/CVE-2023-386xx/CVE-2023-38688.json create mode 100644 CVE-2023/CVE-2023-386xx/CVE-2023-38689.json create mode 100644 CVE-2023/CVE-2023-386xx/CVE-2023-38690.json create mode 100644 CVE-2023/CVE-2023-386xx/CVE-2023-38691.json create mode 100644 CVE-2023/CVE-2023-389xx/CVE-2023-38964.json create mode 100644 CVE-2023/CVE-2023-391xx/CVE-2023-39112.json create mode 100644 CVE-2023/CVE-2023-391xx/CVE-2023-39143.json diff --git a/CVE-2019/CVE-2019-195xx/CVE-2019-19527.json b/CVE-2019/CVE-2019-195xx/CVE-2019-19527.json index 58406533863..53cf0f5fcd1 100644 --- a/CVE-2019/CVE-2019-195xx/CVE-2019-19527.json +++ b/CVE-2019/CVE-2019-195xx/CVE-2019-19527.json @@ -2,7 +2,7 @@ "id": "CVE-2019-19527", "sourceIdentifier": "cve@mitre.org", "published": "2019-12-03T16:15:12.923", - "lastModified": "2022-10-31T14:51:41.357", + "lastModified": "2023-08-04T17:50:59.757", "vulnStatus": "Analyzed", "descriptions": [ { @@ -85,8 +85,44 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.6.30", + "versionEndExcluding": "3.16.79", + "matchCriteriaId": "3AEEAA39-CFA8-423A-B2E2-8AF5682ABD19" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.17", + "versionEndExcluding": "4.4.190", + "matchCriteriaId": "0021134F-70F8-44BA-903B-B5242147A70B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.5", + "versionEndExcluding": "4.9.190", + "matchCriteriaId": "69A6FA7E-FF16-4D80-BE22-56D666A2A9F7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.10", + "versionEndExcluding": "4.14.140", + "matchCriteriaId": "C6031BD8-0018-4615-8330-ACA53AD7E155" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.15", + "versionEndExcluding": "4.19.68", + "matchCriteriaId": "625E6E95-1E04-4F6B-9D81-AA534DE55A66" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", "versionEndExcluding": "5.2.10", - "matchCriteriaId": "B8FA3E85-636B-49C2-A20E-7B2542B4BA1A" + "matchCriteriaId": "EF908210-F393-4715-8E59-F4A2A526C105" } ] } diff --git a/CVE-2020/CVE-2020-109xx/CVE-2020-10962.json b/CVE-2020/CVE-2020-109xx/CVE-2020-10962.json index e9980425df2..c4748b1b145 100644 --- a/CVE-2020/CVE-2020-109xx/CVE-2020-10962.json +++ b/CVE-2020/CVE-2020-109xx/CVE-2020-10962.json @@ -2,23 +2,82 @@ "id": "CVE-2020-10962", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-01T02:15:09.687", - "lastModified": "2023-08-01T12:55:38.437", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T16:05:31.783", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In PowerShell App Deployment Toolkit (aka PSAppDeployToolkit) through 3.8.0, an incorrect access control vulnerability in the default configuration may allow an authenticated user to potentially enable escalation of privilege via local access." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:psappdeploytoolkit:powershell_app_deployment_toolkit:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.8.0", + "matchCriteriaId": "558B3D55-C116-4416-9527-23E0FF25FC7D" + } + ] + } + ] + } + ], "references": [ { "url": "https://discourse.psappdeploytoolkit.com/t/psappdeploytoolkit-3-8-2/2555", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/PSAppDeployToolkit/PSAppDeployToolkit/releases", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-312xx/CVE-2021-31294.json b/CVE-2021/CVE-2021-312xx/CVE-2021-31294.json index 1712000370a..d02fd50d659 100644 --- a/CVE-2021/CVE-2021-312xx/CVE-2021-31294.json +++ b/CVE-2021/CVE-2021-312xx/CVE-2021-31294.json @@ -2,7 +2,7 @@ "id": "CVE-2021-31294", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-15T23:15:09.203", - "lastModified": "2023-07-26T01:12:08.520", + "lastModified": "2023-08-04T17:21:28.650", "vulnStatus": "Analyzed", "descriptions": [ { @@ -17,19 +17,19 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", - "attackComplexity": "LOW", + "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", - "baseScore": 7.5, - "baseSeverity": "HIGH" + "baseScore": 5.9, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 3.9, + "exploitabilityScore": 2.2, "impactScore": 3.6 } ] diff --git a/CVE-2021/CVE-2021-316xx/CVE-2021-31680.json b/CVE-2021/CVE-2021-316xx/CVE-2021-31680.json index 9dc24931387..629180dea7f 100644 --- a/CVE-2021/CVE-2021-316xx/CVE-2021-31680.json +++ b/CVE-2021/CVE-2021-316xx/CVE-2021-31680.json @@ -2,19 +2,75 @@ "id": "CVE-2021-31680", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-31T14:15:10.080", - "lastModified": "2023-07-31T14:45:51.850", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T16:04:06.750", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Deserialization of Untrusted Data vulnerability in yolo 5 allows attackers to execute arbitrary code via crafted yaml file." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ultralytics:yolov5:-:*:*:*:*:*:*:*", + "matchCriteriaId": "372937D6-960B-467C-B8FA-507B850D344F" + } + ] + } + ] + } + ], "references": [ { "url": "https://huntr.dev/bounties/1-other-yolov5/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-34xx/CVE-2021-3450.json b/CVE-2021/CVE-2021-34xx/CVE-2021-3450.json index 120c61498b3..4558cc2a989 100644 --- a/CVE-2021/CVE-2021-34xx/CVE-2021-3450.json +++ b/CVE-2021/CVE-2021-34xx/CVE-2021-3450.json @@ -2,7 +2,7 @@ "id": "CVE-2021-3450", "sourceIdentifier": "openssl-security@openssl.org", "published": "2021-03-25T15:15:13.560", - "lastModified": "2023-02-28T15:19:30.533", + "lastModified": "2023-08-04T17:06:26.407", "vulnStatus": "Analyzed", "descriptions": [ { @@ -504,6 +504,45 @@ ] } ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", + "versionStartIncluding": "10.0.0", + "versionEndExcluding": "10.24.1", + "matchCriteriaId": "5C547B5B-8C6D-49AF-90D4-2F6E2F7E512B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", + "versionStartIncluding": "12.0.0", + "versionEndExcluding": "12.22.1", + "matchCriteriaId": "3469E4CF-1739-4BE4-B513-4DC771CD2805" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", + "versionStartIncluding": "14.0.0", + "versionEndExcluding": "14.16.1", + "matchCriteriaId": "1D2CA9D6-98EE-44B7-9C9D-5A6B55BCA025" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", + "versionStartIncluding": "15.0.0", + "versionEndExcluding": "15.14.0", + "matchCriteriaId": "3ED4D313-F372-4CC1-BE11-6BBA2F0E90E3" + } + ] + } + ] } ], "references": [ diff --git a/CVE-2021/CVE-2021-42xx/CVE-2021-4202.json b/CVE-2021/CVE-2021-42xx/CVE-2021-4202.json index 568fa331e4c..7af00e0465a 100644 --- a/CVE-2021/CVE-2021-42xx/CVE-2021-4202.json +++ b/CVE-2021/CVE-2021-42xx/CVE-2021-4202.json @@ -2,7 +2,7 @@ "id": "CVE-2021-4202", "sourceIdentifier": "secalert@redhat.com", "published": "2022-03-25T19:15:09.770", - "lastModified": "2022-10-06T02:25:36.760", + "lastModified": "2023-08-04T17:23:28.707", "vulnStatus": "Analyzed", "descriptions": [ { @@ -103,18 +103,51 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionEndExcluding": "5.16", - "matchCriteriaId": "D692A2AE-8E9E-46AE-8670-7E1284317A25" + "versionStartIncluding": "3.2", + "versionEndExcluding": "4.4.294", + "matchCriteriaId": "C0203844-754E-40C9-AFB3-678A9A9D2490" }, { "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:5.16:-:*:*:*:*:*:*", - "matchCriteriaId": "FF588A58-013F-4DBF-A3AB-70EC054B1892" + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.5", + "versionEndExcluding": "4.9.292", + "matchCriteriaId": "DB7F6C04-42D3-48A3-892D-2487383B9B6E" }, { "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:*", - "matchCriteriaId": "357AA433-37E8-4323-BFB2-3038D6E4B414" + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.10", + "versionEndExcluding": "4.14.257", + "matchCriteriaId": "7080D941-9847-42F5-BA50-0A03CFB61FD1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.15", + "versionEndExcluding": "4.19.219", + "matchCriteriaId": "B9EF0575-6BF6-4AD9-B9A0-5C8D7D71710C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.163", + "matchCriteriaId": "80E8F086-C9B9-4987-8B2E-B4A16D1DA7BA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5.0", + "versionEndExcluding": "5.10.82", + "matchCriteriaId": "E93DC61F-3F49-4D65-B0DE-4B46B8990120" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.5", + "matchCriteriaId": "2128A085-4C0C-4C1E-9E9C-0DD868E2170F" } ] } diff --git a/CVE-2022/CVE-2022-10xx/CVE-2022-1048.json b/CVE-2022/CVE-2022-10xx/CVE-2022-1048.json index 6ad99100ec7..c92bb3124c1 100644 --- a/CVE-2022/CVE-2022-10xx/CVE-2022-1048.json +++ b/CVE-2022/CVE-2022-10xx/CVE-2022-1048.json @@ -2,7 +2,7 @@ "id": "CVE-2022-1048", "sourceIdentifier": "secalert@redhat.com", "published": "2022-04-29T16:15:08.470", - "lastModified": "2022-12-14T17:11:14.340", + "lastModified": "2023-08-04T17:23:13.260", "vulnStatus": "Analyzed", "descriptions": [ { @@ -100,48 +100,49 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionEndExcluding": "5.17", - "matchCriteriaId": "A37A8EE9-3F14-4C7A-A882-DA8A6AD1897C" + "versionStartIncluding": "2.6.12", + "versionEndExcluding": "4.14.279", + "matchCriteriaId": "5E4D3CC3-B793-47B0-A9CC-76849B61DA2E" }, { "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*", - "matchCriteriaId": "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D" + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.15", + "versionEndExcluding": "4.19.243", + "matchCriteriaId": "8577DA08-190B-481F-B919-ED3DAEA3E339" }, { "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*", - "matchCriteriaId": "E6E34B23-78B4-4516-9BD8-61B33F4AC49A" + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.193", + "matchCriteriaId": "EA77E853-1F30-4942-8B6A-37B168460310" }, { "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*", - "matchCriteriaId": "C030FA3D-03F4-4FB9-9DBF-D08E5CAC51AA" + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.109", + "matchCriteriaId": "F3E1A428-8D87-4CD4-B9CA-C621B32933F8" }, { "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:*", - "matchCriteriaId": "B2D2677C-5389-4AE9-869D-0F881E80D923" + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.32", + "matchCriteriaId": "3191B916-53BD-46E6-AE21-58197D35768E" }, { "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc5:*:*:*:*:*:*", - "matchCriteriaId": "EFA3917C-C322-4D92-912D-ECE45B2E7416" + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "5.16.18", + "matchCriteriaId": "C86410A0-E312-4F41-93E9-929EAFB31757" }, { "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc6:*:*:*:*:*:*", - "matchCriteriaId": "BED18363-5ABC-4639-8BBA-68E771E5BB3F" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc7:*:*:*:*:*:*", - "matchCriteriaId": "7F635F96-FA0A-4769-ADE8-232B3AC9116D" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc8:*:*:*:*:*:*", - "matchCriteriaId": "FD39FE73-2A9D-4C92-AE7A-CA22F84B228D" + "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:-:*:*:*:*:*:*", + "matchCriteriaId": "A59F7FD3-F505-48BD-8875-F07A33F42F6C" } ] } diff --git a/CVE-2022/CVE-2022-16xx/CVE-2022-1651.json b/CVE-2022/CVE-2022-16xx/CVE-2022-1651.json index fc54f580f8c..c4ac8146fa0 100644 --- a/CVE-2022/CVE-2022-16xx/CVE-2022-1651.json +++ b/CVE-2022/CVE-2022-16xx/CVE-2022-1651.json @@ -2,7 +2,7 @@ "id": "CVE-2022-1651", "sourceIdentifier": "secalert@redhat.com", "published": "2022-07-26T17:15:08.543", - "lastModified": "2022-09-04T19:22:00.993", + "lastModified": "2023-08-04T17:52:41.997", "vulnStatus": "Analyzed", "descriptions": [ { @@ -70,8 +70,23 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionEndIncluding": "5.17.14", - "matchCriteriaId": "3D3A8707-E93D-4072-839F-EB77EEC3695E" + "versionStartIncluding": "5.12", + "versionEndExcluding": "5.15.33", + "matchCriteriaId": "02AF1052-DC50-47B3-B1DE-638E4BBDCCD1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "5.16.19", + "matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.17", + "versionEndExcluding": "5.17.2", + "matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF" } ] } diff --git a/CVE-2022/CVE-2022-16xx/CVE-2022-1671.json b/CVE-2022/CVE-2022-16xx/CVE-2022-1671.json index cc65f9533fa..992484dddac 100644 --- a/CVE-2022/CVE-2022-16xx/CVE-2022-1671.json +++ b/CVE-2022/CVE-2022-16xx/CVE-2022-1671.json @@ -2,7 +2,7 @@ "id": "CVE-2022-1671", "sourceIdentifier": "secalert@redhat.com", "published": "2022-07-26T17:15:08.683", - "lastModified": "2022-09-04T19:22:07.313", + "lastModified": "2023-08-04T17:52:35.223", "vulnStatus": "Analyzed", "descriptions": [ { @@ -71,8 +71,23 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionEndIncluding": "5.17.14", - "matchCriteriaId": "3D3A8707-E93D-4072-839F-EB77EEC3695E" + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.33", + "matchCriteriaId": "27C42AE8-B387-43E2-938A-E1C8B40BE6D5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "5.16.19", + "matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.17", + "versionEndExcluding": "5.17.2", + "matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF" } ] } diff --git a/CVE-2022/CVE-2022-17xx/CVE-2022-1729.json b/CVE-2022/CVE-2022-17xx/CVE-2022-1729.json index 11ea18b77f4..c771d9d3e06 100644 --- a/CVE-2022/CVE-2022-17xx/CVE-2022-1729.json +++ b/CVE-2022/CVE-2022-17xx/CVE-2022-1729.json @@ -2,8 +2,8 @@ "id": "CVE-2022-1729", "sourceIdentifier": "secalert@redhat.com", "published": "2022-09-01T21:15:09.057", - "lastModified": "2023-02-14T13:15:10.667", - "vulnStatus": "Modified", + "lastModified": "2023-08-04T17:41:03.083", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -69,8 +69,103 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:5.18:rc9:*:*:*:*:*:*", - "matchCriteriaId": "9C3E5BC9-613C-4362-BF02-153A5BBFFB2F" + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.2.85", + "versionEndExcluding": "3.3", + "matchCriteriaId": "27D80EB8-EA85-4256-A8F6-CDFA2F92AE24" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.16.40", + "versionEndExcluding": "3.17", + "matchCriteriaId": "DF2842FE-71A6-4182-B132-2372CFC813B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.18.54", + "versionEndExcluding": "3.19", + "matchCriteriaId": "B97594C8-AC35-4DF4-82DF-5BF2BCAAA0CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0.0", + "versionEndExcluding": "4.9.316", + "matchCriteriaId": "3E7CEE4C-AE63-4AF4-BE72-1CED351886A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.10", + "versionEndExcluding": "4.14.281", + "matchCriteriaId": "EBB1A3B4-E46A-4454-A428-85CC0AC925F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.15", + "versionEndExcluding": "4.19.245", + "matchCriteriaId": "239757EB-B2DF-4DD4-8EEE-97141186DA12" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.196", + "matchCriteriaId": "87FC1554-2185-4ED6-BF1C-293AA14FFC32" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5.0", + "versionEndExcluding": "5.10.118", + "matchCriteriaId": "0938CFCC-E5F1-4DA3-B727-F2215F6C6BBA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.42", + "matchCriteriaId": "555641B6-5319-4C13-9CC9-50B1CCF9E816" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "5.17.10", + "matchCriteriaId": "6D0772F5-6B38-4D6C-B29E-A04E7CC5CB9F" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:*", + "matchCriteriaId": "27227B35-932A-4035-B39F-6A455753C0D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:*", + "matchCriteriaId": "A4AD592C-222D-4C6F-B176-8145A1A5AFEC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:*", + "matchCriteriaId": "8603654B-A8A9-4DEB-B0DD-C82E1C885749" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:*", + "matchCriteriaId": "C855C933-F271-45E6-8E85-8D7CF2EF1BE6" } ] } @@ -89,7 +184,11 @@ }, { "url": "https://security.netapp.com/advisory/ntap-20230214-0006/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] }, { "url": "https://www.openwall.com/lists/oss-security/2022/05/20/2", diff --git a/CVE-2022/CVE-2022-19xx/CVE-2022-1973.json b/CVE-2022/CVE-2022-19xx/CVE-2022-1973.json index b85b728d9f2..dd26cd791e7 100644 --- a/CVE-2022/CVE-2022-19xx/CVE-2022-1973.json +++ b/CVE-2022/CVE-2022-19xx/CVE-2022-1973.json @@ -2,7 +2,7 @@ "id": "CVE-2022-1973", "sourceIdentifier": "secalert@redhat.com", "published": "2022-08-05T17:15:08.143", - "lastModified": "2023-02-28T15:40:31.843", + "lastModified": "2023-08-04T17:51:55.750", "vulnStatus": "Analyzed", "descriptions": [ { @@ -71,8 +71,23 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionEndExcluding": "5.19", - "matchCriteriaId": "E74E9AF8-BDF5-4917-A9CA-0AAD8E13149B" + "versionStartIncluding": "5.15", + "versionEndExcluding": "5.15.46", + "matchCriteriaId": "FA8369C7-8B08-4709-9CE6-2131C7668313" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "5.17.14", + "matchCriteriaId": "15E2DD33-2255-4B76-9C15-04FF8CBAB252" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.18", + "versionEndExcluding": "5.18.3", + "matchCriteriaId": "8E122216-2E9E-4B3E-B7B8-D575A45BA3C2" } ] } diff --git a/CVE-2022/CVE-2022-32xx/CVE-2022-3202.json b/CVE-2022/CVE-2022-32xx/CVE-2022-3202.json index b487e6c2e8a..794729709f4 100644 --- a/CVE-2022/CVE-2022-32xx/CVE-2022-3202.json +++ b/CVE-2022/CVE-2022-32xx/CVE-2022-3202.json @@ -2,7 +2,7 @@ "id": "CVE-2022-3202", "sourceIdentifier": "secalert@redhat.com", "published": "2022-09-14T15:15:11.453", - "lastModified": "2023-02-28T18:34:00.963", + "lastModified": "2023-08-04T17:51:33.047", "vulnStatus": "Analyzed", "descriptions": [ { @@ -71,8 +71,57 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionEndExcluding": "5.18", - "matchCriteriaId": "FE93544F-B946-47CF-9697-FBF3484FCB92" + "versionStartExcluding": "4.9.311", + "matchCriteriaId": "01AFDDE4-3F69-4F96-B5CA-97FA4554F47A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.10", + "versionEndExcluding": "4.14.276", + "matchCriteriaId": "6D9B028C-6313-47F9-94B7-5F8122345E49" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.15", + "versionEndExcluding": "4.19.238", + "matchCriteriaId": "FA28527A-11D3-41D2-9C4C-ECAC0D6A4A2D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.189", + "matchCriteriaId": "8CB6E8F5-C2B1-46F3-A807-0F6104AC340F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5.0", + "versionEndExcluding": "5.10.111", + "matchCriteriaId": "5E136AD1-4E28-47A9-8929-2CA0706EC73D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.34", + "matchCriteriaId": "D25878D3-7761-4E9F-8919-E92CD53896E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "5.16.20", + "matchCriteriaId": "ABBBA66E-0244-4621-966B-9790AF1EEB00" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.17", + "versionEndExcluding": "5.17.3", + "matchCriteriaId": "AE420AC7-1E59-4398-B84F-71F4B4337762" } ] } diff --git a/CVE-2022/CVE-2022-35xx/CVE-2022-3564.json b/CVE-2022/CVE-2022-35xx/CVE-2022-3564.json index f8d3d1eef64..43dfa79b4ea 100644 --- a/CVE-2022/CVE-2022-35xx/CVE-2022-3564.json +++ b/CVE-2022/CVE-2022-35xx/CVE-2022-3564.json @@ -2,7 +2,7 @@ "id": "CVE-2022-3564", "sourceIdentifier": "cna@vuldb.com", "published": "2022-10-17T19:15:10.187", - "lastModified": "2023-07-21T21:03:17.817", + "lastModified": "2023-08-04T17:50:31.613", "vulnStatus": "Analyzed", "descriptions": [ { @@ -94,8 +94,52 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", - "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.6", + "versionEndExcluding": "4.9.333", + "matchCriteriaId": "CB09C3FF-8088-42BF-A847-8DF13DFB42C0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.10", + "versionEndExcluding": "4.14.299", + "matchCriteriaId": "2FE9A829-20E8-4929-AE9B-02761322A926" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.15", + "versionEndExcluding": "4.19.265", + "matchCriteriaId": "ABED5D97-9B16-4CF6-86E3-D5F5C4358E35" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.224", + "matchCriteriaId": "1D67A077-EB45-4ADE-94CD-F9A76F6C319C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5.0", + "versionEndExcluding": "5.10.154", + "matchCriteriaId": "2F3AD8A5-165D-4137-8B80-A166430D794C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.78", + "matchCriteriaId": "AB8B27B9-B41B-42D5-AE67-0A89A8A8EEB1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.0.8", + "matchCriteriaId": "EC9A754E-625D-42F3-87A7-960D643E2867" } ] } diff --git a/CVE-2022/CVE-2022-414xx/CVE-2022-41401.json b/CVE-2022/CVE-2022-414xx/CVE-2022-41401.json new file mode 100644 index 00000000000..be915097172 --- /dev/null +++ b/CVE-2022/CVE-2022-414xx/CVE-2022-41401.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2022-41401", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-04T17:15:09.583", + "lastModified": "2023-08-04T17:15:09.583", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/OpenRefine/OpenRefine/blob/30d6edb7b6586623bda09456c797c35983fb80ff/main/tests/server/src/com/google/refine/importing/ImportingUtilitiesTests.java#L180", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/OpenRefine/OpenRefine/blob/cb55cdfdf6f9ca916839778dc847cce803688998/main/src/com/google/refine/importing/ImportingUtilities.java#L103", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ixSly/CVE-2022-41401", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-418xx/CVE-2022-41858.json b/CVE-2022/CVE-2022-418xx/CVE-2022-41858.json index 6e779982232..66e9e5744ec 100644 --- a/CVE-2022/CVE-2022-418xx/CVE-2022-41858.json +++ b/CVE-2022/CVE-2022-418xx/CVE-2022-41858.json @@ -2,7 +2,7 @@ "id": "CVE-2022-41858", "sourceIdentifier": "secalert@redhat.com", "published": "2023-01-17T18:15:11.140", - "lastModified": "2023-06-27T15:14:40.373", + "lastModified": "2023-08-04T17:43:44.517", "vulnStatus": "Analyzed", "descriptions": [ { @@ -66,81 +66,50 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionStartIncluding": "2.6.12.1", - "versionEndExcluding": "4.9.311", - "matchCriteriaId": "1B1D4B25-439B-4B58-9DCD-5EFCCA3B3044" + "versionStartExcluding": "4.9.311", + "matchCriteriaId": "01AFDDE4-3F69-4F96-B5CA-97FA4554F47A" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionStartIncluding": "4.14.0", + "versionStartIncluding": "4.10", "versionEndExcluding": "4.14.276", - "matchCriteriaId": "96C58C8B-5A45-438A-9404-355E1BDC721B" + "matchCriteriaId": "6D9B028C-6313-47F9-94B7-5F8122345E49" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionStartIncluding": "4.19.0", + "versionStartIncluding": "4.15", "versionEndExcluding": "4.19.239", - "matchCriteriaId": "54574198-19C7-4027-808B-59EAED63DA16" + "matchCriteriaId": "712D9B45-4B53-4563-94B5-F758AFBBFB0D" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionStartIncluding": "5.4.0", + "versionStartIncluding": "4.20", "versionEndExcluding": "5.4.190", - "matchCriteriaId": "0C6AE903-5265-4FC0-9341-D962BD3821C4" + "matchCriteriaId": "E0ADBA6D-47D8-4518-8D10-9B9196DE680B" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionStartIncluding": "5.10.0", + "versionStartIncluding": "5.5.0", "versionEndExcluding": "5.10.112", - "matchCriteriaId": "195C1389-A37F-4A44-AEA6-3EBBE89D363F" + "matchCriteriaId": "40432B48-1E9D-48AE-9C76-22177FC744F8" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionStartIncluding": "5.15.0", + "versionStartIncluding": "5.11", "versionEndExcluding": "5.15.35", - "matchCriteriaId": "E1379333-FB4C-49F1-AEC6-D395BB10C397" + "matchCriteriaId": "05ABCC3F-88A9-47F9-9D40-8665747B2E43" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionStartIncluding": "5.17.0", + "versionStartIncluding": "5.16", "versionEndExcluding": "5.17.4", - "matchCriteriaId": "F4190EB3-39F4-4DFA-A11A-DE283D1BF94D" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*", - "matchCriteriaId": "6F62EECE-8FB1-4D57-85D8-CB9E23CF313C" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*", - "matchCriteriaId": "0AB349B2-3F78-4197-882B-90ADB3BF645A" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*", - "matchCriteriaId": "6AC88830-A9BC-4607-B572-A4B502FC9FD0" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*", - "matchCriteriaId": "476CB3A5-D022-4F13-AAEF-CB6A5785516A" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc6:*:*:*:*:*:*", - "matchCriteriaId": "8CFD5CDD-1709-44C7-82BD-BAFDC46990D6" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:5.18:rc1:*:*:*:*:*:*", - "matchCriteriaId": "6AD94161-84BB-42E6-9882-4FC0C42E9FC1" + "matchCriteriaId": "E22C86CB-06CD-4D16-AB2A-F21EE8199262" } ] } diff --git a/CVE-2022/CVE-2022-421xx/CVE-2022-42182.json b/CVE-2022/CVE-2022-421xx/CVE-2022-42182.json index 285369b45f7..8d42a0bf8ea 100644 --- a/CVE-2022/CVE-2022-421xx/CVE-2022-42182.json +++ b/CVE-2022/CVE-2022-421xx/CVE-2022-42182.json @@ -2,23 +2,84 @@ "id": "CVE-2022-42182", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-31T20:15:09.993", - "lastModified": "2023-08-01T12:55:38.437", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:00:17.837", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Precisely Spectrum Spatial Analyst 20.01 is vulnerable to Directory Traversal." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:precisely:spectrum_spatial_analyst:20.01:*:*:*:*:*:*:*", + "matchCriteriaId": "72FC3CD5-1AE4-4592-BB97-5F1B76665DFA" + } + ] + } + ] + } + ], "references": [ { "url": "https://docs.precisely.com/docs/sftw/spectrum/release-notes/spectrum-2020-1-S56-release-notes.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://zxsecurity.co.nz/research/advisories/precisely-spectrum-spatial-analyst-20-1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-421xx/CVE-2022-42183.json b/CVE-2022/CVE-2022-421xx/CVE-2022-42183.json index 02357041789..728a71e0ac8 100644 --- a/CVE-2022/CVE-2022-421xx/CVE-2022-42183.json +++ b/CVE-2022/CVE-2022-421xx/CVE-2022-42183.json @@ -2,23 +2,84 @@ "id": "CVE-2022-42183", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-31T20:15:10.050", - "lastModified": "2023-08-01T12:55:38.437", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T16:58:54.250", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Precisely Spectrum Spatial Analyst 20.01 is vulnerable to Server-Side Request Forgery (SSRF)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:precisely:spectrum_spatial_analyst:20.01:*:*:*:*:*:*:*", + "matchCriteriaId": "72FC3CD5-1AE4-4592-BB97-5F1B76665DFA" + } + ] + } + ] + } + ], "references": [ { "url": "https://docs.precisely.com/docs/sftw/spectrum/release-notes/spectrum-2020-1-S56-release-notes.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://zxsecurity.co.nz/research/advisories/precisely-spectrum-spatial-analyst-20-1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-437xx/CVE-2022-43710.json b/CVE-2022/CVE-2022-437xx/CVE-2022-43710.json index fd1d8f9104c..457a67c3b11 100644 --- a/CVE-2022/CVE-2022-437xx/CVE-2022-43710.json +++ b/CVE-2022/CVE-2022-437xx/CVE-2022-43710.json @@ -2,23 +2,83 @@ "id": "CVE-2022-43710", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-26T14:15:09.767", - "lastModified": "2023-07-26T19:28:30.213", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T16:05:41.757", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Interactive Forms (IAF) in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable to cross site request forgery (CSRF) because the unique token could be deduced using the names of all input fields." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gxsoftware:xperiencentral:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.31.0", + "versionEndIncluding": "10.33.0", + "matchCriteriaId": "58F3521E-8CE1-49F8-A78D-BECAAC6D2735" + } + ] + } + ] + } + ], "references": [ { "url": "https://service.gxsoftware.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://service.gxsoftware.com/hc/nl/articles/12208173122461", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-475xx/CVE-2022-47520.json b/CVE-2022/CVE-2022-475xx/CVE-2022-47520.json index e529959fc24..8cbdcfae03c 100644 --- a/CVE-2022/CVE-2022-475xx/CVE-2022-47520.json +++ b/CVE-2022/CVE-2022-475xx/CVE-2022-47520.json @@ -2,7 +2,7 @@ "id": "CVE-2022-47520", "sourceIdentifier": "cve@mitre.org", "published": "2022-12-18T06:15:09.473", - "lastModified": "2023-01-30T15:23:18.743", + "lastModified": "2023-08-04T17:27:24.977", "vulnStatus": "Analyzed", "descriptions": [ { @@ -57,8 +57,23 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.2.0", + "versionEndExcluding": "5.10.157", + "matchCriteriaId": "42A18971-026A-4C71-89F4-9489512D2682" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.81", + "matchCriteriaId": "899FBA32-27B2-4660-BC94-C43ED4349EB5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", "versionEndExcluding": "6.0.11", - "matchCriteriaId": "250F7A1B-7491-4CCA-BD47-B4E4FD26603E" + "matchCriteriaId": "BA01D181-8E71-42E1-ACF4-7A5B65006EC8" } ] } diff --git a/CVE-2022/CVE-2022-48xx/CVE-2022-4888.json b/CVE-2022/CVE-2022-48xx/CVE-2022-4888.json index 08202086dbd..fd6521ddec6 100644 --- a/CVE-2022/CVE-2022-48xx/CVE-2022-4888.json +++ b/CVE-2022/CVE-2022-48xx/CVE-2022-4888.json @@ -2,15 +2,38 @@ "id": "CVE-2022-4888", "sourceIdentifier": "contact@wpscan.com", "published": "2023-07-31T10:15:09.987", - "lastModified": "2023-07-31T12:54:46.757", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:26:22.617", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Checkout Fields Manager WordPress plugin before 1.0.2, Abandoned Cart Recovery WordPress plugin before 1.2.5, Custom Fields for WooCommerce WordPress plugin before 1.0.4, Custom Order Number WordPress plugin through 1.0.1, Custom Registration Forms Builder WordPress plugin before 1.0.2, Advanced Free Gifts WordPress plugin before 1.0.2, Gift Registry for WooCommerce WordPress plugin through 1.0.1, Image Watermark for WooCommerce WordPress plugin before 1.0.1, Order Approval for WooCommerce WordPress plugin before 1.1.0, Order Tracking for WooCommerce WordPress plugin before 1.0.2, Price Calculator for WooCommerce WordPress plugin through 1.0.3, Product Dynamic Pricing and Discounts WordPress plugin through 1.0.6, Product Labels and Stickers WordPress plugin through 1.0.1 have flawed CSRF checks in various places, which could allow attackers to make logged in users perform unwanted actions" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,86 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:addify:abandoned_cart_recovery:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.2.5", + "matchCriteriaId": "67EDBBB5-51FF-4F40-9355-D7EBE78BBF9B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:addify:advanced_free_gifts:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.0.2", + "matchCriteriaId": "F3763A9B-1C66-49D3-979F-A3A16DE10C63" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:addify:checkout_fields_manager:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.0.2", + "matchCriteriaId": "ACA5B16E-AAE2-42E2-93FC-647F7E4A98D3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:addify:custom_fields_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.0.4", + "matchCriteriaId": "43B53B59-1DDA-4EFB-9CCF-BC21FE907DF2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:addify:custom_order_number:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.1", + "matchCriteriaId": "05B7C68B-39B8-4B9F-817E-FE3AEB9E0C9F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:addify:custom_registration_forms_builder:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.0.2", + "matchCriteriaId": "4AC1EF7A-BA8B-41B7-A3BE-A9F2CF97CCF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:addify:gift_registry_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.1", + "matchCriteriaId": "657F4DD3-05CD-4719-8C5E-9A2DA1A19205" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:addify:image_watermark_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.1", + "matchCriteriaId": "1FCB2222-3AFF-4CCB-BD7D-5625BDA50F8C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:addify:order_approval_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.1.0", + "matchCriteriaId": "2EE10F28-AEA0-40EA-B284-98C47EFFDADA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:addify:order_tracking_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.0.2", + "matchCriteriaId": "E40E2FCD-E650-4614-91FB-77AB395FC263" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/2c2379d0-e373-4587-a747-429d7ee8f6cc", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-205xx/CVE-2023-20583.json b/CVE-2023/CVE-2023-205xx/CVE-2023-20583.json index f5a4858ba1e..a27bb5ece13 100644 --- a/CVE-2023/CVE-2023-205xx/CVE-2023-20583.json +++ b/CVE-2023/CVE-2023-205xx/CVE-2023-20583.json @@ -2,19 +2,74 @@ "id": "CVE-2023-20583", "sourceIdentifier": "psirt@amd.com", "published": "2023-08-01T19:15:09.827", - "lastModified": "2023-08-02T13:30:45.017", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:31:53.953", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A potential power side-channel vulnerability in\nAMD processors may allow an authenticated attacker to monitor the CPU power\nconsumption as the data in a cache line changes over time potentially resulting\nin a leak of sensitive information.\n\n\n\n\n\n\n\n\n\n\n\n\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.0, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:h:amd:*:*:*:*:*:*:*:*:*", + "matchCriteriaId": "03EF4360-8E24-4018-A0F2-9E39F7590670" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7006", - "source": "psirt@amd.com" + "source": "psirt@amd.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-225xx/CVE-2023-22595.json b/CVE-2023/CVE-2023-225xx/CVE-2023-22595.json index fb0524173b6..055db26b17c 100644 --- a/CVE-2023/CVE-2023-225xx/CVE-2023-22595.json +++ b/CVE-2023/CVE-2023-225xx/CVE-2023-22595.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22595", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-07-31T02:15:09.803", - "lastModified": "2023-07-31T12:54:46.757", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:25:00.243", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -46,10 +76,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:b2b_advanced_communications:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.0", + "versionEndExcluding": "1.0.0.8", + "matchCriteriaId": "037F2AED-4261-45B0-99A0-E8E93AC7349D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:multi-enterprise_integration_gateway:1.0.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "6D93A0F0-E1F8-41C8-9757-3313011C0E5D" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.ibm.com/support/pages/node/7014929", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-235xx/CVE-2023-23548.json b/CVE-2023/CVE-2023-235xx/CVE-2023-23548.json index 6865b0f083e..71c5ced8dff 100644 --- a/CVE-2023/CVE-2023-235xx/CVE-2023-23548.json +++ b/CVE-2023/CVE-2023-235xx/CVE-2023-23548.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23548", "sourceIdentifier": "security@checkmk.com", "published": "2023-08-01T10:15:09.740", - "lastModified": "2023-08-01T12:55:38.437", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:12:16.787", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security@checkmk.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security@checkmk.com", "type": "Secondary", @@ -46,10 +76,556 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.6.0", + "matchCriteriaId": "8BD074DB-F207-487C-BC9A-B6E40BE2621B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:-:*:*:*:*:*:*", + "matchCriteriaId": "E5138E25-A5AF-495D-A713-B8BDACC133D8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b1:*:*:*:*:*:*", + "matchCriteriaId": "7AE78B5E-2D00-462B-AC0E-5E68BC36ED1B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b2:*:*:*:*:*:*", + "matchCriteriaId": "9D69AA9A-C6FF-4A9F-8B02-2F207C4150FD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b3:*:*:*:*:*:*", + "matchCriteriaId": "452F359B-BCB5-46E0-A77A-383C3C2E2D60" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b4:*:*:*:*:*:*", + "matchCriteriaId": "D9A66C28-A2BA-4091-AB4C-05CDB1D3777F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b5:*:*:*:*:*:*", + "matchCriteriaId": "463A4A68-810B-4C20-A696-4F94DB20224B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b6:*:*:*:*:*:*", + "matchCriteriaId": "F4459581-214F-423B-A29D-31C789FD7F1C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b7:*:*:*:*:*:*", + "matchCriteriaId": "CC0CFABC-A53C-4FD3-A57A-CB72C87A034B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b8:*:*:*:*:*:*", + "matchCriteriaId": "F96B08FA-8129-4880-86FE-47B08C2B6964" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:i1:*:*:*:*:*:*", + "matchCriteriaId": "CAEB960C-5A5E-4F7C-8588-3F6737AE5DCA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p1:*:*:*:*:*:*", + "matchCriteriaId": "3CB134CD-0746-47C8-BAB8-2AE9C083C4D2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p10:*:*:*:*:*:*", + "matchCriteriaId": "E4B5DDAA-F7B5-4BFD-836E-F7DA0FC7B0C3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p11:*:*:*:*:*:*", + "matchCriteriaId": "A4DA5440-F376-4952-ABCB-AC557C5944A9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p12:*:*:*:*:*:*", + "matchCriteriaId": "DB7DB93B-CDD2-4662-893B-6E36F9EDA7FF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p13:*:*:*:*:*:*", + "matchCriteriaId": "81DFD64A-FEFD-4EBA-B6EC-28D3F0EEC33B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p14:*:*:*:*:*:*", + "matchCriteriaId": "918ACC6A-2EE8-401F-B18A-94B8757B202E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p15:*:*:*:*:*:*", + "matchCriteriaId": "1B6AE143-5A29-4EE8-AF7D-5D495A2248D0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p16:*:*:*:*:*:*", + "matchCriteriaId": "9B678D96-5987-4423-A713-57812B896380" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p17:*:*:*:*:*:*", + "matchCriteriaId": "A16EA6BD-003D-416E-B6C7-EBE5AA4AC2B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p18:*:*:*:*:*:*", + "matchCriteriaId": "7A016627-9BF2-4D25-AB97-172EAEC4C187" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p19:*:*:*:*:*:*", + "matchCriteriaId": "333FBE01-E5C1-4668-B50F-B64A34E799A8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p2:*:*:*:*:*:*", + "matchCriteriaId": "FE7C4821-74F2-442C-B51F-A52788FC61F4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p20:*:*:*:*:*:*", + "matchCriteriaId": "168E2F68-E3EA-407F-8DCE-BDB1F557FFFA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p21:*:*:*:*:*:*", + "matchCriteriaId": "D7A74CB5-CC6E-4166-B884-498F2CF1A33E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p22:*:*:*:*:*:*", + "matchCriteriaId": "42DCB139-5BBE-45F3-80F5-3A43D95A58BB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p23:*:*:*:*:*:*", + "matchCriteriaId": "1A3E3E6C-DCC0-466D-A505-5F80379CF0AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p24:*:*:*:*:*:*", + "matchCriteriaId": "1542CDC8-9697-44DE-8F6A-3EB25D07EEE9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p25:*:*:*:*:*:*", + "matchCriteriaId": "1A5B33FF-EA21-4AEB-8D9A-21DA9DB5892A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p26:*:*:*:*:*:*", + "matchCriteriaId": "78616E5A-E1FF-40AA-8E13-0B2E84CE6F8F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p27:*:*:*:*:*:*", + "matchCriteriaId": "5D956394-C3F3-4C88-A791-364AE555D522" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p28:*:*:*:*:*:*", + "matchCriteriaId": "25E96088-0FA2-49FD-B93D-5AFC9605289E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p29:*:*:*:*:*:*", + "matchCriteriaId": "EDB60B12-F724-40C7-8EB2-1270484E88F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p3:*:*:*:*:*:*", + "matchCriteriaId": "1982ED3B-A0FA-476A-BFB2-5B7B53289496" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p30:*:*:*:*:*:*", + "matchCriteriaId": "F646D243-433E-46F9-9E8E-E4F734F9E648" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p31:*:*:*:*:*:*", + "matchCriteriaId": "D1C14080-79C9-4620-AD1F-6CB46F0F74D0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p32:*:*:*:*:*:*", + "matchCriteriaId": "4AECE1FE-F3D1-4FF0-BDF9-F39FFCBF52E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p33:*:*:*:*:*:*", + "matchCriteriaId": "C2F79F99-5F46-48A7-BEE7-1551CD56C2F7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p34:*:*:*:*:*:*", + "matchCriteriaId": "2EB6F9D4-13D2-4218-96EF-64C2126369DC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p35:*:*:*:*:*:*", + "matchCriteriaId": "62841559-BDA0-4B67-932A-007D91BFBD14" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p36:*:*:*:*:*:*", + "matchCriteriaId": "F6F22F4E-4A8A-4A7B-A01A-50E9BEA019DA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p37:*:*:*:*:*:*", + "matchCriteriaId": "C1467012-F4CD-4547-A761-50B5F478A055" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p4:*:*:*:*:*:*", + "matchCriteriaId": "AA60BF44-AF52-458A-BD3F-9FD5D8408575" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p5:*:*:*:*:*:*", + "matchCriteriaId": "9BFE55DC-89EA-404F-8DDF-93E351366789" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p6:*:*:*:*:*:*", + "matchCriteriaId": "C62D8997-DD3B-4B83-B6A5-DFC2408A9164" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p7:*:*:*:*:*:*", + "matchCriteriaId": "80B4A77F-F636-49BB-8CB6-60064984463F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p8:*:*:*:*:*:*", + "matchCriteriaId": "356E5744-AB8E-4FBA-992F-74ED8F9086CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p9:*:*:*:*:*:*", + "matchCriteriaId": "41FB6FFA-F38F-4754-A1E6-35073D84069E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:-:*:*:*:*:*:*", + "matchCriteriaId": "BC0AC5A2-3724-4942-ABE2-CA9F3B9B4BDA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b1:*:*:*:*:*:*", + "matchCriteriaId": "E3AAC1AD-C2F5-4171-BD92-95A8BA09E79A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b2:*:*:*:*:*:*", + "matchCriteriaId": "8CB8C4BB-4AE6-4EA2-8F38-780B627721ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b3:*:*:*:*:*:*", + "matchCriteriaId": "D0F14106-2A3D-4FC7-A0C7-6EDA75D1A8F7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b4:*:*:*:*:*:*", + "matchCriteriaId": "F8C2DA36-8419-4846-BFA0-A729BE7D72C5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b5:*:*:*:*:*:*", + "matchCriteriaId": "8AA4FA3D-7A59-4597-9D79-B6B020D86BD1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b6:*:*:*:*:*:*", + "matchCriteriaId": "79F0CF88-FF11-4741-AFF6-9F88F57C2140" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b7:*:*:*:*:*:*", + "matchCriteriaId": "8E93629E-C0CB-4636-B343-1C0646D8228E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b8:*:*:*:*:*:*", + "matchCriteriaId": "58102464-E66F-49CD-8952-3F3F9A6A45CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b9:*:*:*:*:*:*", + "matchCriteriaId": "9C98E509-8466-4F95-ABE7-7ECC91640E04" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p1:*:*:*:*:*:*", + "matchCriteriaId": "A7B89F71-ABD2-4B2D-AE6B-C0F243E89443" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p10:*:*:*:*:*:*", + "matchCriteriaId": "002EF417-C702-42E2-9C8F-C9593B43AB03" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p11:*:*:*:*:*:*", + "matchCriteriaId": "B8E358A9-0430-4EF1-8557-7F1C088FFF48" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p12:*:*:*:*:*:*", + "matchCriteriaId": "4B0AF395-FDC7-4321-9E00-C935641C138B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p13:*:*:*:*:*:*", + "matchCriteriaId": "59B9CCED-806F-47EF-B5B6-441AADCB4B81" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p14:*:*:*:*:*:*", + "matchCriteriaId": "FAED2CD5-A2CE-438C-8ED7-338D9D61FBD9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p15:*:*:*:*:*:*", + "matchCriteriaId": "F08A96EF-FD2E-4D45-884B-349869649C3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p16:*:*:*:*:*:*", + "matchCriteriaId": "E80D718E-66B6-4FC6-911D-C264F2C891C9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p17:*:*:*:*:*:*", + "matchCriteriaId": "174BF76A-00C5-4ECD-937D-FE66851D3979" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p18:*:*:*:*:*:*", + "matchCriteriaId": "F43DBAE4-FEF9-431E-AE82-31C7944CA830" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p19:*:*:*:*:*:*", + "matchCriteriaId": "7AF612FF-7441-41C4-96C2-36A15E45FF93" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p2:*:*:*:*:*:*", + "matchCriteriaId": "960DF373-EDE6-4318-B6E9-07573ED5907A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p20:*:*:*:*:*:*", + "matchCriteriaId": "5FFBF793-48E0-48DB-9C12-1C4A5805009E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p21:*:*:*:*:*:*", + "matchCriteriaId": "B6A2F0DB-CA73-4F14-8099-7A29BADC1F4E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p22:*:*:*:*:*:*", + "matchCriteriaId": "5D23ECB8-9C2C-4BA5-ADD6-248FD2CFF37A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p23:*:*:*:*:*:*", + "matchCriteriaId": "9958D126-EF50-4ED7-85A3-6E5120EFB931" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p24:*:*:*:*:*:*", + "matchCriteriaId": "5D9B3F5F-158A-4C43-A894-1A55D1D758FC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p25:*:*:*:*:*:*", + "matchCriteriaId": "17729C6D-3DD1-4082-B3AF-B53770304F7B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p26:*:*:*:*:*:*", + "matchCriteriaId": "2E34014C-90A0-4ABB-A15F-73E83F312246" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p27:*:*:*:*:*:*", + "matchCriteriaId": "C0DCB95E-CC14-40BF-A7E4-1CD9075E2785" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p28:*:*:*:*:*:*", + "matchCriteriaId": "E1AA25FE-FA1B-4525-99B8-1098E75BDC5C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p29:*:*:*:*:*:*", + "matchCriteriaId": "073ED1BF-B3FE-4CC4-A279-15981DBC0BE8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p3:*:*:*:*:*:*", + "matchCriteriaId": "3144AABF-74CB-44EE-A618-8529A8ACFCF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p30:*:*:*:*:*:*", + "matchCriteriaId": "BA067A60-3B6A-4C3B-8934-E2725199EE39" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p31:*:*:*:*:*:*", + "matchCriteriaId": "DD42912A-092C-4FD9-9874-5B04989164C0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p4:*:*:*:*:*:*", + "matchCriteriaId": "88AC7AB0-40DF-44D1-83EA-FDD4D5346BBD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p5:*:*:*:*:*:*", + "matchCriteriaId": "4285A4A3-3DED-456D-93D4-1B9FDB42C1EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p6:*:*:*:*:*:*", + "matchCriteriaId": "098FD286-B6CB-4428-9A62-A5F24B4D9E92" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p7:*:*:*:*:*:*", + "matchCriteriaId": "8400088B-E56E-4D0B-86D5-76D884C8031A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p8:*:*:*:*:*:*", + "matchCriteriaId": "29554684-FEFF-42B2-B62E-6523782F537C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p9:*:*:*:*:*:*", + "matchCriteriaId": "91AE66E4-AE6B-4F25-9312-6418FC3E221F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:-:*:*:*:*:*:*", + "matchCriteriaId": "8EC2C076-C4C6-4C9A-84FE-B47E835AA0E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b1:*:*:*:*:*:*", + "matchCriteriaId": "A954DDB4-ACF5-4D74-B735-0BB14762457C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b2:*:*:*:*:*:*", + "matchCriteriaId": "F4E9D8E0-ECFF-4987-8189-F6A5917D39B6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b3:*:*:*:*:*:*", + "matchCriteriaId": "7CDF16A7-E9BC-488B-A0DF-91B7F79C2D7A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b4:*:*:*:*:*:*", + "matchCriteriaId": "EF3C4AB5-966A-46CD-8774-7BD4115FC80B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b5:*:*:*:*:*:*", + "matchCriteriaId": "580C70A7-387E-4650-9DBA-D7AA0BFDB1BE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b6:*:*:*:*:*:*", + "matchCriteriaId": "343C5CD6-48ED-4693-BC2A-549A43F02931" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b7:*:*:*:*:*:*", + "matchCriteriaId": "18F1E6EC-5866-4338-9772-92EB01E0A184" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b8:*:*:*:*:*:*", + "matchCriteriaId": "57C08697-674F-4924-A5A2-40F1E2BF2059" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:i1:*:*:*:*:*:*", + "matchCriteriaId": "AB444D23-88E8-4AFE-9F1E-56AE4ADF7644" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p1:*:*:*:*:*:*", + "matchCriteriaId": "050E9020-9E83-4198-B550-F554686DCC36" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p2:*:*:*:*:*:*", + "matchCriteriaId": "E9F4C18C-D62E-47F5-A309-D0BC9CFB990C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p3:*:*:*:*:*:*", + "matchCriteriaId": "DAFBA752-75C7-4514-AC75-CE7D78AE9F96" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p4:*:*:*:*:*:*", + "matchCriteriaId": "57BA8394-7755-45E0-8B4D-B37A8A5B5DB8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p5:*:*:*:*:*:*", + "matchCriteriaId": "D6A02DB9-71F6-429F-A084-D811AD016CBA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p6:*:*:*:*:*:*", + "matchCriteriaId": "AC520584-54C8-445C-8898-CEFE1E1CC59F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p7:*:*:*:*:*:*", + "matchCriteriaId": "DA73CA36-D5F7-4C8D-B574-7DBF29220C82" + } + ] + } + ] + } + ], "references": [ { "url": "https://checkmk.com/werk/15691", - "source": "security@checkmk.com" + "source": "security@checkmk.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-249xx/CVE-2023-24971.json b/CVE-2023/CVE-2023-249xx/CVE-2023-24971.json index e31726729bf..cf043e3d7ba 100644 --- a/CVE-2023/CVE-2023-249xx/CVE-2023-24971.json +++ b/CVE-2023/CVE-2023-249xx/CVE-2023-24971.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24971", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-07-31T02:15:09.893", - "lastModified": "2023-07-31T12:54:46.757", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:25:17.853", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -46,14 +76,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:b2b_advanced_communications:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.0", + "versionEndExcluding": "1.0.0.8", + "matchCriteriaId": "037F2AED-4261-45B0-99A0-E8E93AC7349D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:multi-enterprise_integration_gateway:1.0.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "6D93A0F0-E1F8-41C8-9757-3313011C0E5D" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/246976", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7014933", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-258xx/CVE-2023-25837.json b/CVE-2023/CVE-2023-258xx/CVE-2023-25837.json index 9f22a0c7a9d..c26b7ced38a 100644 --- a/CVE-2023/CVE-2023-258xx/CVE-2023-25837.json +++ b/CVE-2023/CVE-2023-258xx/CVE-2023-25837.json @@ -2,7 +2,7 @@ "id": "CVE-2023-25837", "sourceIdentifier": "psirt@esri.com", "published": "2023-07-21T04:15:12.377", - "lastModified": "2023-07-31T15:10:15.310", + "lastModified": "2023-08-04T17:21:43.527", "vulnStatus": "Analyzed", "descriptions": [ { @@ -17,19 +17,19 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", - "privilegesRequired": "LOW", + "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", - "baseScore": 5.4, + "baseScore": 4.8, "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.3, + "exploitabilityScore": 1.7, "impactScore": 2.7 }, { diff --git a/CVE-2023/CVE-2023-261xx/CVE-2023-26139.json b/CVE-2023/CVE-2023-261xx/CVE-2023-26139.json index bbb655a0ff8..e8f5d6b6ade 100644 --- a/CVE-2023/CVE-2023-261xx/CVE-2023-26139.json +++ b/CVE-2023/CVE-2023-261xx/CVE-2023-26139.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26139", "sourceIdentifier": "report@snyk.io", "published": "2023-08-01T05:15:34.843", - "lastModified": "2023-08-01T12:55:38.437", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:01:54.710", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "report@snyk.io", "type": "Secondary", @@ -34,14 +54,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1321" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:underscore-keypath_project:underscore-keypath:*:*:*:*:*:node.js:*:*", + "versionStartIncluding": "0.0.11", + "matchCriteriaId": "B17E46B6-092D-4BEA-A68C-820C63230F25" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/lelecolacola123/cc0d1e73780127aea9482c05f2ff3252", - "source": "report@snyk.io" + "source": "report@snyk.io", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://security.snyk.io/vuln/SNYK-JS-UNDERSCOREKEYPATH-5416714", - "source": "report@snyk.io" + "source": "report@snyk.io", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-266xx/CVE-2023-26607.json b/CVE-2023/CVE-2023-266xx/CVE-2023-26607.json index 7ca18d351f9..c603b1acc97 100644 --- a/CVE-2023/CVE-2023-266xx/CVE-2023-26607.json +++ b/CVE-2023/CVE-2023-266xx/CVE-2023-26607.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26607", "sourceIdentifier": "cve@mitre.org", "published": "2023-02-26T23:15:10.947", - "lastModified": "2023-03-16T16:15:12.407", - "vulnStatus": "Modified", + "lastModified": "2023-08-04T17:42:56.953", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -55,8 +55,87 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:6.0.8:*:*:*:*:*:*:*", - "matchCriteriaId": "C41207B8-D94A-4714-B1E0-66CEFF00FEE0" + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.6.12", + "versionEndExcluding": "4.9.334", + "matchCriteriaId": "031BD5BC-9E38-498A-95A0-B6CA8ED82039" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.10", + "versionEndExcluding": "4.14.300", + "matchCriteriaId": "424802D2-E9E7-48A9-AD6F-DF2227B3D83A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.15", + "versionEndExcluding": "4.19.267", + "matchCriteriaId": "A5C69A12-68E2-400E-9A5A-375A673C8402" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.225", + "matchCriteriaId": "94D21814-3051-4860-AB06-C7880A3D4933" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5.0", + "versionEndExcluding": "5.10.156", + "matchCriteriaId": "24FDE7A3-F8EF-4339-A725-9F238448BCFD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.80", + "matchCriteriaId": "51BBEF3B-79F5-4D4C-ADBA-F34DA0E2465C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.0.10", + "matchCriteriaId": "64F9ADD1-3ADB-4D66-A00F-4A83010B05F0" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:*", + "matchCriteriaId": "27227B35-932A-4035-B39F-6A455753C0D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410c:*:*:*:*:*:*:*", + "matchCriteriaId": "489D20B9-166F-423D-8C48-A23D3026E33B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:*", + "matchCriteriaId": "A4AD592C-222D-4C6F-B176-8145A1A5AFEC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:*", + "matchCriteriaId": "8603654B-A8A9-4DEB-B0DD-C82E1C885749" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:*", + "matchCriteriaId": "C855C933-F271-45E6-8E85-8D7CF2EF1BE6" } ] } @@ -74,7 +153,10 @@ }, { "url": "https://security.netapp.com/advisory/ntap-20230316-0010/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-26xx/CVE-2023-2685.json b/CVE-2023/CVE-2023-26xx/CVE-2023-2685.json index 3c9d3f5a0a0..5bf9990ddcc 100644 --- a/CVE-2023/CVE-2023-26xx/CVE-2023-2685.json +++ b/CVE-2023/CVE-2023-26xx/CVE-2023-2685.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2685", "sourceIdentifier": "cybersecurity@ch.abb.com", "published": "2023-07-28T12:15:09.750", - "lastModified": "2023-07-28T13:44:31.450", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:02:05.163", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.3, + "impactScore": 5.9 + }, { "source": "cybersecurity@ch.abb.com", "type": "Secondary", @@ -46,10 +66,33 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:abb:ao-opc:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.0.0", + "versionEndIncluding": "3.2.1", + "matchCriteriaId": "FF6678CD-5BA0-40A6-B7B8-2290F1827E95" + } + ] + } + ] + } + ], "references": [ { "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108468A4093&LanguageCode=en&DocumentPartId=&Action=Launch", - "source": "cybersecurity@ch.abb.com" + "source": "cybersecurity@ch.abb.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31425.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31425.json index c6edb0c7bc2..cbdd68bda30 100644 --- a/CVE-2023/CVE-2023-314xx/CVE-2023-31425.json +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31425.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31425", "sourceIdentifier": "sirt@brocade.com", "published": "2023-08-01T21:15:10.597", - "lastModified": "2023-08-02T13:30:45.017", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:29:10.477", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "sirt@brocade.com", "type": "Secondary", @@ -34,10 +54,42 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:broadcom:fabric_operating_system:9.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "379DA47D-6B21-4524-B0E7-2A41A4C8D446" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/22407", - "source": "sirt@brocade.com" + "source": "sirt@brocade.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31426.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31426.json index 7a7bfb5807b..8b9369d16a4 100644 --- a/CVE-2023/CVE-2023-314xx/CVE-2023-31426.json +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31426.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31426", "sourceIdentifier": "sirt@brocade.com", "published": "2023-08-01T22:15:13.597", - "lastModified": "2023-08-02T13:30:45.017", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:20:18.903", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "sirt@brocade.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + }, { "source": "sirt@brocade.com", "type": "Secondary", @@ -46,10 +76,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.2.3d", + "matchCriteriaId": "F75FABE1-3E2C-43CE-8C5A-0F313F09E2C4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.0.0", + "versionEndExcluding": "9.1.1c", + "matchCriteriaId": "91FB969C-FA9A-4007-849A-7120543BC5E1" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/22407", - "source": "sirt@brocade.com" + "source": "sirt@brocade.com", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31429.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31429.json index ba7d5ea71ad..77e08d5f0c9 100644 --- a/CVE-2023/CVE-2023-314xx/CVE-2023-31429.json +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31429.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31429", "sourceIdentifier": "sirt@brocade.com", "published": "2023-08-01T21:15:10.670", - "lastModified": "2023-08-02T13:30:45.017", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:29:03.630", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "sirt@brocade.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + }, { "source": "sirt@brocade.com", "type": "Secondary", @@ -46,10 +76,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.1.1c", + "matchCriteriaId": "063BAB50-FB8B-4DA4-9DBD-430F3827185F" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22408", - "source": "sirt@brocade.com" + "source": "sirt@brocade.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-317xx/CVE-2023-31710.json b/CVE-2023/CVE-2023-317xx/CVE-2023-31710.json index 96645899164..83e79d4288e 100644 --- a/CVE-2023/CVE-2023-317xx/CVE-2023-31710.json +++ b/CVE-2023/CVE-2023-317xx/CVE-2023-31710.json @@ -2,19 +2,91 @@ "id": "CVE-2023-31710", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-01T14:15:10.013", - "lastModified": "2023-08-01T15:25:40.337", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:31:52.350", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:archer_ax21_firmware:3.6_1.1.4:*:*:*:*:*:*:*", + "matchCriteriaId": "97B896B5-D11E-46A9-98D8-8716D89F7E68" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:archer_ax21_firmware:3_1.1.4:*:*:*:*:*:*:*", + "matchCriteriaId": "0D60C7D5-A25D-4C43-BB7F-2CB57801186A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:archer_ax21:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2DF5A235-4531-4F03-882C-C2A6B6D07A5D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/xiaobye-ctf/My-CVE/tree/main/TP-Link/CVE-2023-31710", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32302.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32302.json index 450d8b5b224..953636ce349 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32302.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32302.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32302", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-01T11:15:09.667", - "lastModified": "2023-08-01T12:55:38.437", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:28:35.773", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,22 +76,60 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:silverstripe:framework:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.3.14", + "matchCriteriaId": "E1ED7CE3-73E1-4393-B38A-910AACC175D9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:silverstripe:framework:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.0.0", + "versionEndExcluding": "5.0.13", + "matchCriteriaId": "12C01A66-E63D-4FA4-992C-3E4D2913D6E1" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3292.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3292.json index 3ead1fd87b4..380b4fe6675 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3292.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3292.json @@ -2,15 +2,38 @@ "id": "CVE-2023-3292", "sourceIdentifier": "contact@wpscan.com", "published": "2023-07-31T10:15:10.577", - "lastModified": "2023-07-31T12:54:46.757", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:25:42.997", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The grid-kit-premium WordPress plugin before 2.2.0 does not escape some parameters as well as generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpsofts:portfolio_gallery\\,_product_catalog_-_grid_kit_portfolio:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.2.0", + "matchCriteriaId": "CB7BC627-3AB0-41F1-A3FC-37D0CF71455C" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/d993c385-c3ad-49a6-b079-3a1b090864c8", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-334xx/CVE-2023-33493.json b/CVE-2023/CVE-2023-334xx/CVE-2023-33493.json index ae91bb9c529..cb29c21878b 100644 --- a/CVE-2023/CVE-2023-334xx/CVE-2023-33493.json +++ b/CVE-2023/CVE-2023-334xx/CVE-2023-33493.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33493", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-01T17:15:09.690", - "lastModified": "2023-08-01T18:51:22.487", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:48:37.147", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -34,10 +54,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ajaxmanager_project:ajaxmanager:*:*:*:*:*:prestashop:*:*", + "versionEndIncluding": "2.3.0", + "matchCriteriaId": "D347FC1B-CF85-4EB7-9810-A45D30D32916" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.friendsofpresta.org/module/2023/07/28/ajaxmanager.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33561.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33561.json index 004004caa63..996a67fafbd 100644 --- a/CVE-2023/CVE-2023-335xx/CVE-2023-33561.json +++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33561.json @@ -2,23 +2,82 @@ "id": "CVE-2023-33561", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-01T23:15:29.140", - "lastModified": "2023-08-02T13:30:45.017", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:58:18.727", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper input validation of password parameter in PHP Jabbers Time Slots Booking Calendar v 3.3 results in insecure passwords." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpjabbers:time_slots_booking_calendar:3.3:*:*:*:*:*:*:*", + "matchCriteriaId": "5452B658-8D34-4311-B7CD-FD485D8B945F" + } + ] + } + ] + } + ], "references": [ { "url": "https://medium.com/@bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.phpjabbers.com/time-slots-booking-calendar/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33562.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33562.json index 01e6d0313e6..113e2954cd6 100644 --- a/CVE-2023/CVE-2023-335xx/CVE-2023-33562.json +++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33562.json @@ -2,23 +2,81 @@ "id": "CVE-2023-33562", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-01T23:15:29.293", - "lastModified": "2023-08-02T13:30:45.017", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:55:48.260", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "User enumeration is found in in PHP Jabbers Time Slots Booking Calendar v3.3. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpjabbers:time_slots_booking_calendar:3.3:*:*:*:*:*:*:*", + "matchCriteriaId": "5452B658-8D34-4311-B7CD-FD485D8B945F" + } + ] + } + ] + } + ], "references": [ { "url": "https://medium.com/@bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.phpjabbers.com/time-slots-booking-calendar/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34358.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34358.json index 2ba7a2f6657..f73763dd1bc 100644 --- a/CVE-2023/CVE-2023-343xx/CVE-2023-34358.json +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34358.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34358", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-07-31T05:15:09.600", - "lastModified": "2023-07-31T12:54:46.757", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:27:21.567", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,10 +46,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:asus:rt-ax88u_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.0.0.4.388.23748", + "matchCriteriaId": "478237D3-96B5-45FA-8953-006AA06B5AE8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:asus:rt-ax88u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BB91E047-5AE1-4CA0-9E67-84170D79770C" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.twcert.org.tw/tw/cp-132-7279-05760-1.html", - "source": "twcert@cert.org.tw" + "source": "twcert@cert.org.tw", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34359.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34359.json index a211358f7b6..aa27e6d4362 100644 --- a/CVE-2023/CVE-2023-343xx/CVE-2023-34359.json +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34359.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34359", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-07-31T05:15:09.813", - "lastModified": "2023-07-31T12:54:46.757", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:27:09.303", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,10 +46,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:asus:rt-ax88u_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.0.0.4.388.23748", + "matchCriteriaId": "478237D3-96B5-45FA-8953-006AA06B5AE8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:asus:rt-ax88u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BB91E047-5AE1-4CA0-9E67-84170D79770C" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.twcert.org.tw/tw/cp-132-7280-bea85-1.html", - "source": "twcert@cert.org.tw" + "source": "twcert@cert.org.tw", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34360.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34360.json index c86b2dae824..b72cc723f24 100644 --- a/CVE-2023/CVE-2023-343xx/CVE-2023-34360.json +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34360.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34360", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-07-31T06:15:09.873", - "lastModified": "2023-07-31T12:54:46.757", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:27:01.823", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,8 +13,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "twcert@cert.org.tw", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, + { + "source": "twcert@cert.org.tw", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L", @@ -46,10 +66,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:asus:rt-ax88u_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.0.0.4.388.23110", + "matchCriteriaId": "8470D45C-FB08-4483-8825-665B6A3DD341" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:asus:rt-ax88u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BB91E047-5AE1-4CA0-9E67-84170D79770C" + } + ] + } + ] + } + ], "references": [ { "url": "https://https://www.twcert.org.tw/tw/cp-132-7281-dc87d-1.html", - "source": "twcert@cert.org.tw" + "source": "twcert@cert.org.tw", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-348xx/CVE-2023-34869.json b/CVE-2023/CVE-2023-348xx/CVE-2023-34869.json index a2f8c2bfd41..a57ede09cf3 100644 --- a/CVE-2023/CVE-2023-348xx/CVE-2023-34869.json +++ b/CVE-2023/CVE-2023-348xx/CVE-2023-34869.json @@ -2,23 +2,81 @@ "id": "CVE-2023-34869", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-01T23:15:30.017", - "lastModified": "2023-08-02T13:30:39.550", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:28:50.493", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "PHPJabbers Catering System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /index.php?controller=pjAdmin&action=pjActionForgot." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpjabbers:catering_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "858054F1-CF2C-4808-8581-BBF33D7C1AE8" + } + ] + } + ] + } + ], "references": [ { "url": "https://medium.com/@bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.phpjabbers.com/catering-system/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34960.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34960.json index a582d498624..5b9ac855f79 100644 --- a/CVE-2023/CVE-2023-349xx/CVE-2023-34960.json +++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34960.json @@ -2,23 +2,84 @@ "id": "CVE-2023-34960", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-01T02:15:10.307", - "lastModified": "2023-08-01T12:55:38.437", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T16:05:09.947", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:chamilo:chamilo:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.11.0", + "versionEndIncluding": "1.11.18", + "matchCriteriaId": "51098DB7-26D2-41C5-A69A-AECC6406F4C5" + } + ] + } + ] + } + ], "references": [ { "url": "http://chamilo.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-112-2023-04-20-Critical-impact-High-risk-Remote-Code-Execution", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3462.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3462.json index c1b7d41e906..83cafa843e2 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3462.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3462.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3462", "sourceIdentifier": "security@hashicorp.com", "published": "2023-07-31T23:15:10.360", - "lastModified": "2023-08-01T12:55:38.437", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T16:50:04.120", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "security@hashicorp.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + }, { "source": "security@hashicorp.com", "type": "Secondary", @@ -46,10 +76,49 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", + "versionStartIncluding": "1.13.0", + "versionEndExcluding": "1.13.5", + "matchCriteriaId": "DF8B4175-8E60-4169-9D10-FE924EB1516C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "1.13.0", + "versionEndExcluding": "1.13.5", + "matchCriteriaId": "EBC19EB3-A5B0-4165-BB49-763953AC2369" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hashicorp:vault:1.14.0:*:*:*:-:*:*:*", + "matchCriteriaId": "3DFB14EC-487C-454C-A712-10085D897748" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hashicorp:vault:1.14.0:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "DB12634A-9B34-44C0-AC11-11120295E3F2" + } + ] + } + ] + } + ], "references": [ { "url": "https://discuss.hashicorp.com/t/hcsec-2023-24-vaults-ldap-auth-method-allows-for-user-enumeration/56714", - "source": "security@hashicorp.com" + "source": "security@hashicorp.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35016.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35016.json index 6c03fea5aba..4f071fc3e56 100644 --- a/CVE-2023/CVE-2023-350xx/CVE-2023-35016.json +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35016.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35016", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-07-31T01:15:09.667", - "lastModified": "2023-07-31T12:54:46.757", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:23:18.223", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -46,14 +76,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:security_verify_governance:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A8497FD1-40B6-4BA1-B536-E2138D0AFA80" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25772", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Not Applicable", + "VDB Entry" + ] }, { "url": "https://www.ibm.com/support/pages/node/7014397", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35019.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35019.json index b574793c75e..22479a29cca 100644 --- a/CVE-2023/CVE-2023-350xx/CVE-2023-35019.json +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35019.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35019", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-07-31T01:15:09.757", - "lastModified": "2023-07-31T12:54:46.757", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:23:56.413", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -46,14 +76,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:security_verify_governance:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A8497FD1-40B6-4BA1-B536-E2138D0AFA80" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257873", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7014397", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-361xx/CVE-2023-36118.json b/CVE-2023/CVE-2023-361xx/CVE-2023-36118.json index 1e7a0239334..cf819f0db8f 100644 --- a/CVE-2023/CVE-2023-361xx/CVE-2023-36118.json +++ b/CVE-2023/CVE-2023-361xx/CVE-2023-36118.json @@ -2,35 +2,106 @@ "id": "CVE-2023-36118", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-01T23:15:30.217", - "lastModified": "2023-08-02T15:15:10.183", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:28:37.420", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting vulnerability in Faculty Evaulation System using PHP/MySQLi v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the page parameter." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:faculty_evaulation_system_project:faculty_evaulation_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "6B643718-99F1-4294-92FF-6BD77BE0CE22" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/172672/Faculty-Evaluation-System-1.0-Shell-Upload.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/Faculty%20Evaluation%20System%20v1.0.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://hackmd.io/@SY-T/Hy6HvwxPn", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.chtsecurity.com/news/4ffbe017-70e1-4789-bfe6-4d6fb0d1a0b7", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mitigation", + "Third Party Advisory" + ] }, { "url": "https://www.chtsecurity.com/news/5282e0af-7c45-43b0-9869-9becee7d6d70", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-362xx/CVE-2023-36210.json b/CVE-2023/CVE-2023-362xx/CVE-2023-36210.json index 29219f80c1e..a40b73843c4 100644 --- a/CVE-2023/CVE-2023-362xx/CVE-2023-36210.json +++ b/CVE-2023/CVE-2023-362xx/CVE-2023-36210.json @@ -2,23 +2,84 @@ "id": "CVE-2023-36210", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-01T17:15:09.773", - "lastModified": "2023-08-01T18:51:22.487", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:41:31.310", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "MotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the keyword parameter." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:motocms:motocms:3.4.3:*:*:*:*:*:*:*", + "matchCriteriaId": "2AB7A4D6-633C-40C5-87FF-C0006F41C7D2" + } + ] + } + ] + } + ], "references": [ { "url": "https://vulners.com/zdt/1337DAY-ID-38750", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.exploit-db.com/exploits/51499", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-363xx/CVE-2023-36351.json b/CVE-2023/CVE-2023-363xx/CVE-2023-36351.json index c6fc86e2694..e37e929c7d1 100644 --- a/CVE-2023/CVE-2023-363xx/CVE-2023-36351.json +++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36351.json @@ -2,23 +2,83 @@ "id": "CVE-2023-36351", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-01T23:15:30.370", - "lastModified": "2023-08-02T13:30:39.550", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:28:04.757", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue in Viatom Health ViHealth for Android v.2.74.58 and before allows a remote attacker to execute arbitrary code via the com.viatom.baselib.mvvm.webWebViewActivity component." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:viatomtech:vihealth:*:*:*:*:*:android:*:*", + "versionEndIncluding": "2.74.58", + "matchCriteriaId": "444D67C8-DB49-487F-AEB7-92205639983A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/actuator/cve/blob/main/CVE-2023-36351", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/actuator/cve/blob/main/vihealth.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37214.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37214.json index 8fa06c025b4..62e92ea2c27 100644 --- a/CVE-2023/CVE-2023-372xx/CVE-2023-37214.json +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37214.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37214", "sourceIdentifier": "cna@cyber.gov.il", "published": "2023-07-30T09:15:10.220", - "lastModified": "2023-07-31T12:54:52.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T16:39:59.080", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@cyber.gov.il", "type": "Secondary", @@ -34,10 +54,55 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:heights-t:ero1xs-pro_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "bz_ero1xp.027", + "matchCriteriaId": "E410A105-9C6C-470D-BCB4-69414DB2AEB3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:heights-t:ero1xs-pro:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7C1140A1-EFE6-45BE-84D9-3B824087337A" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.gov.il/en/Departments/faq/cve_advisories", - "source": "cna@cyber.gov.il" + "source": "cna@cyber.gov.il", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37215.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37215.json index d00612a77d6..78d2d8e3e08 100644 --- a/CVE-2023/CVE-2023-372xx/CVE-2023-37215.json +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37215.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37215", "sourceIdentifier": "cna@cyber.gov.il", "published": "2023-07-30T09:15:10.300", - "lastModified": "2023-07-31T12:54:52.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T16:33:19.700", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@cyber.gov.il", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + }, { "source": "cna@cyber.gov.il", "type": "Secondary", @@ -46,10 +76,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:jbl:jbl_bar_5.1_surround_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "23.23.51.00", + "matchCriteriaId": "91E637FF-51F5-4E7E-8AF1-163C07586FD8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:jbl:jbl_bar_5.1_surround:-:*:*:*:*:*:*:*", + "matchCriteriaId": "077125D6-D142-47E6-9FC4-4CFDD340D327" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.gov.il/en/Departments/faq/cve_advisories", - "source": "cna@cyber.gov.il" + "source": "cna@cyber.gov.il", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37218.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37218.json index 1a5ec018eed..405619aaf17 100644 --- a/CVE-2023/CVE-2023-372xx/CVE-2023-37218.json +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37218.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37218", "sourceIdentifier": "cna@cyber.gov.il", "published": "2023-07-30T11:15:09.870", - "lastModified": "2023-07-31T12:54:52.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T16:55:07.707", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "cna@cyber.gov.il", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "cna@cyber.gov.il", "type": "Secondary", @@ -46,10 +76,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tadirantele:aeonix:-:*:*:*:*:*:*:*", + "matchCriteriaId": "03E1036A-77E1-40C5-8F75-A3676F9A6F82" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.gov.il/en/Departments/faq/cve_advisories", - "source": "cna@cyber.gov.il" + "source": "cna@cyber.gov.il", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37219.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37219.json index 51f1b41a77e..ff3cd1d0d12 100644 --- a/CVE-2023/CVE-2023-372xx/CVE-2023-37219.json +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37219.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37219", "sourceIdentifier": "cna@cyber.gov.il", "published": "2023-07-30T11:15:09.947", - "lastModified": "2023-07-31T12:54:52.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T16:30:43.220", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "cna@cyber.gov.il", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1236" + } + ] + }, { "source": "cna@cyber.gov.il", "type": "Secondary", @@ -46,10 +76,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tadirantele:aeonix:-:*:*:*:*:*:*:*", + "matchCriteriaId": "03E1036A-77E1-40C5-8F75-A3676F9A6F82" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.gov.il/en/Departments/faq/cve_advisories", - "source": "cna@cyber.gov.il" + "source": "cna@cyber.gov.il", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-374xx/CVE-2023-37470.json b/CVE-2023/CVE-2023-374xx/CVE-2023-37470.json new file mode 100644 index 00000000000..cfe8989c66a --- /dev/null +++ b/CVE-2023/CVE-2023-374xx/CVE-2023-37470.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-37470", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-08-04T16:15:09.610", + "lastModified": "2023-08-04T17:10:50.263", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4, a vulnerability could potentially allow remote code execution on one's Metabase server. The core issue is that one of the supported data warehouses (an embedded in-memory database H2), exposes a number of ways for a connection string to include code that is then executed by the process running the embedded database. Because Metabase allows users to connect to databases, this means that a user supplied string can be used to inject executable code. Metabase allows users to validate their connection string before adding a database (including on setup), and this validation API was the primary vector used as it can be called without validation. Versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4 fix this issue by removing the ability of users to add H2 databases entirely. As a workaround, it is possible to block these vulnerabilities at the network level by blocking the endpoints `POST /api/database`, `PUT /api/database/:id`, and `POST /api/setup/validateuntil`. Those who use H2 as a file-based database should migrate to SQLite." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/metabase/metabase/security/advisories/GHSA-p7w3-9m58-rq83", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-374xx/CVE-2023-37478.json b/CVE-2023/CVE-2023-374xx/CVE-2023-37478.json index 99f5da3b288..c7adb98ebea 100644 --- a/CVE-2023/CVE-2023-374xx/CVE-2023-37478.json +++ b/CVE-2023/CVE-2023-374xx/CVE-2023-37478.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37478", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-01T12:15:09.937", - "lastModified": "2023-08-01T12:55:38.437", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:44:08.830", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,18 +76,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pnpm:pnpm:*:*:*:*:*:node.js:*:*", + "versionEndExcluding": "7.33.4", + "matchCriteriaId": "4C67386C-0391-4053-9D82-71845070FB73" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pnpm:pnpm:*:*:*:*:*:node.js:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "8.6.8", + "matchCriteriaId": "DC21BAC1-FCF8-4DC7-89D6-BAA2CF6F411D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/pnpm/pnpm/releases/tag/v7.33.4", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/pnpm/pnpm/releases/tag/v8.6.8", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/pnpm/pnpm/security/advisories/GHSA-5r98-f33j-g8h7", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-374xx/CVE-2023-37496.json b/CVE-2023/CVE-2023-374xx/CVE-2023-37496.json index a44f6b51ff2..676446db7d9 100644 --- a/CVE-2023/CVE-2023-374xx/CVE-2023-37496.json +++ b/CVE-2023/CVE-2023-374xx/CVE-2023-37496.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37496", "sourceIdentifier": "psirt@hcl.com", "published": "2023-08-01T01:15:10.770", - "lastModified": "2023-08-01T12:55:38.437", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T16:25:04.313", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "psirt@hcl.com", "type": "Secondary", @@ -34,10 +54,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hcltech:verse:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.1", + "matchCriteriaId": "B278190B-9E4D-43FE-9691-5CBDC93688B3" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105904", - "source": "psirt@hcl.com" + "source": "psirt@hcl.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-375xx/CVE-2023-37580.json b/CVE-2023/CVE-2023-375xx/CVE-2023-37580.json index 239ae2d318a..e9405b60d07 100644 --- a/CVE-2023/CVE-2023-375xx/CVE-2023-37580.json +++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37580.json @@ -2,23 +2,153 @@ "id": "CVE-2023-37580", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-31T16:15:10.327", - "lastModified": "2023-07-31T17:30:17.057", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:10:21.003", + "vulnStatus": "Analyzed", + "cisaExploitAdd": "2023-07-27", + "cisaActionDue": "2023-08-17", + "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "cisaVulnerabilityName": "Zimbra Collaboration (ZCS) Cross-Site Scripting (XSS) Vulnerability", "descriptions": [ { "lang": "en", "value": "Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.8.0", + "versionEndExcluding": "8.8.15", + "matchCriteriaId": "38ECDB77-75C2-4F1F-94A8-D0F7CAC58427" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p11:*:*:*:*:*:*", + "matchCriteriaId": "D94082EB-9245-421E-A195-659ED7E97FBD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p26:*:*:*:*:*:*", + "matchCriteriaId": "F10A5925-168E-45E8-888E-E4042A1406A4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p3:*:*:*:*:*:*", + "matchCriteriaId": "074B9DC0-1700-4C29-B332-093FEA785D39" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p30:*:*:*:*:*:*", + "matchCriteriaId": "85C96088-3631-4CAE-BA6C-9E7A12EC455F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p31:*:*:*:*:*:*", + "matchCriteriaId": "BCB801E7-C9C5-42FC-A4C3-CECD9F21887B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p32:*:*:*:*:*:*", + "matchCriteriaId": "A22C14E7-34AE-438C-9E2A-DA4BF07889D5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p33:*:*:*:*:*:*", + "matchCriteriaId": "B5251B9B-87EF-4300-A791-8C2BB2B58FA8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p34:*:*:*:*:*:*", + "matchCriteriaId": "C9795188-0A57-48A6-B876-0A2477888D6F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p35:*:*:*:*:*:*", + "matchCriteriaId": "4288C356-C993-486F-B3CF-D8E44A7A53C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p37:*:*:*:*:*:*", + "matchCriteriaId": "7A98258E-91BA-45F0-8417-6FFB3CF02FB5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p38:*:*:*:*:*:*", + "matchCriteriaId": "3EFD7BC4-0284-4551-972C-81DD7F225DA9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p40:*:*:*:*:*:*", + "matchCriteriaId": "ACA5EA7B-95A3-49E9-A407-A034279173FB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p5:*:*:*:*:*:*", + "matchCriteriaId": "9F670A63-D8E9-4360-83CF-5C5D3D8B569E" + } + ] + } + ] + } + ], "references": [ { "url": "https://wiki.zimbra.com/wiki/Security_Center", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-377xx/CVE-2023-37771.json b/CVE-2023/CVE-2023-377xx/CVE-2023-37771.json index 42ccd6baf58..09150819d77 100644 --- a/CVE-2023/CVE-2023-377xx/CVE-2023-37771.json +++ b/CVE-2023/CVE-2023-377xx/CVE-2023-37771.json @@ -2,19 +2,75 @@ "id": "CVE-2023-37771", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-31T16:15:10.380", - "lastModified": "2023-07-31T17:30:17.057", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:10:00.960", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpgurukul:art_gallery_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CE7F7EC5-D077-4052-9013-D37C2F794796" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/anky-123/CVE-2023-37771/blob/main/CVE", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-377xx/CVE-2023-37772.json b/CVE-2023/CVE-2023-377xx/CVE-2023-37772.json index 038b1d6d028..f611f9b426c 100644 --- a/CVE-2023/CVE-2023-377xx/CVE-2023-37772.json +++ b/CVE-2023/CVE-2023-377xx/CVE-2023-37772.json @@ -2,27 +2,88 @@ "id": "CVE-2023-37772", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-01T01:15:10.850", - "lastModified": "2023-08-01T12:55:38.437", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T16:23:46.130", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability via the Email parameter at /shopping/login.php." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:online_shopping_portal_project:online_shopping_portal:3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "FB1E6D97-0FC4-4C44-B15C-B75096D2D52A" + } + ] + } + ] + } + ], "references": [ { "url": "http://phpgurukul.com/shopping-portal-free-download/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/anky-123/CVE-2023-37772/blob/main/CVE-2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://phpgurukul.com/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-378xx/CVE-2023-37896.json b/CVE-2023/CVE-2023-378xx/CVE-2023-37896.json new file mode 100644 index 00000000000..ec963cf4865 --- /dev/null +++ b/CVE-2023/CVE-2023-378xx/CVE-2023-37896.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-37896", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-08-04T16:15:09.847", + "lastModified": "2023-08-04T17:10:50.263", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Nuclei is a vulnerability scanner. Prior to version 2.9.9, a security issue in the Nuclei project affected users utilizing Nuclei as Go code (SDK) running custom templates. This issue did not affect CLI users. The problem was related to sanitization issues with payload loading in sandbox mode. There was a potential risk with payloads loading in sandbox mode. The issue occurred due to relative paths not being converted to absolute paths before doing the check for `sandbox` flag allowing arbitrary files to be read on the filesystem in certain cases when using Nuclei from `Go` SDK implementation. \n\nThis issue has been fixed in version 2.9.9. The maintainers have also enabled sandbox by default for filesystem loading. This can be optionally disabled if required. The `-sandbox` option has been deprecated and is now divided into two new options: `-lfa` (allow local file access) which is enabled by default and `-lna` (restrict local network access) which can be enabled by users optionally. The `-lfa` allows file (payload) access anywhere on the system (disabling sandbox effectively), and `-lna` blocks connections to the local/private network." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/projectdiscovery/nuclei/pull/3927", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/projectdiscovery/nuclei/releases/tag/v2.9.9", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/projectdiscovery/nuclei/security/advisories/GHSA-2xx4-jj5v-6mff", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-384xx/CVE-2023-38487.json b/CVE-2023/CVE-2023-384xx/CVE-2023-38487.json new file mode 100644 index 00000000000..08a67e9d32e --- /dev/null +++ b/CVE-2023/CVE-2023-384xx/CVE-2023-38487.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-38487", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-08-04T16:15:10.030", + "lastModified": "2023-08-04T17:10:50.263", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "HedgeDoc is software for creating real-time collaborative markdown notes. Prior to version 1.9.9, the API of HedgeDoc 1 can be used to create notes with an alias matching the ID of existing notes. The affected existing note can then not be accessed anymore and is effectively hidden by the new one.\n\nWhen the freeURL feature is enabled (by setting the `allowFreeURL` config option or the `CMD_ALLOW_FREEURL` environment variable to `true`), any user with the appropriate permissions can create a note by making a POST request to the `/new/` API endpoint. The `` parameter can be set to the ID of an existing note. HedgeDoc did not verify whether the provided `` value corresponds to a valid ID of an existing note and always allowed creation of the new note. When a visitor tried to access the existing note, HedgeDoc will first search for a note with a matching alias before it searches using the ID, therefore only the new note can be accessed.\n\nDepending on the permission settings of the HedgeDoc instance, the issue can be exploited only by logged-in users or by all (including non-logged-in) users. The exploit requires knowledge of the ID of the target note. Attackers could use this issue to present a manipulated copy of the original note to the user, e.g. by replacing the links with malicious ones. Attackers can also use this issue to prevent access to the original note, causing a denial of service. No data is lost, as the original content of the affected notes is still present in the database.\n\nThis issue was fixed in version 1.9.9. As a workaround, disabling freeURL mode prevents the exploitation of this issue. The impact can be limited by restricting freeURL note creation to trusted, logged-in users by enabling `requireFreeURLAuthentication`/`CMD_REQUIRE_FREEURL_AUTHENTICATION`." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-289" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/hedgedoc/hedgedoc/pull/4476/commits/781263ab84255885e1fe60c7e92e2f8d611664d2", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-7494-7hcf-vxpg", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-384xx/CVE-2023-38494.json b/CVE-2023/CVE-2023-384xx/CVE-2023-38494.json new file mode 100644 index 00000000000..fc64a184c63 --- /dev/null +++ b/CVE-2023/CVE-2023-384xx/CVE-2023-38494.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-38494", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-08-04T16:15:10.177", + "lastModified": "2023-08-04T17:10:50.263", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a patch for this issue." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/metersphere/metersphere/commit/a23f75d93b666901fd148d834df9384f6f24cf28", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-fjp5-95pv-5253", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-384xx/CVE-2023-38497.json b/CVE-2023/CVE-2023-384xx/CVE-2023-38497.json new file mode 100644 index 00000000000..c4b6e129df1 --- /dev/null +++ b/CVE-2023/CVE-2023-384xx/CVE-2023-38497.json @@ -0,0 +1,75 @@ +{ + "id": "CVE-2023-38497", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-08-04T16:15:10.370", + "lastModified": "2023-08-04T17:10:50.263", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cargo downloads the Rust project\u2019s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user. To prevent existing cached extractions from being exploitable, the Cargo binary version 0.72.2 included in Rust 1.71.1 or later will purge caches generated by older Cargo versions automatically. As a workaround, configure one's system to prevent other local users from accessing the Cargo directory, usually located in `~/.cargo`." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.9, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-278" + } + ] + } + ], + "references": [ + { + "url": "https://en.wikipedia.org/wiki/Umask", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/rust-lang/cargo/commit/d78bbf4bde3c6b95caca7512f537c6f9721426ff", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/rust-lang/cargo/pull/12443", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/rust-lang/cargo/security/advisories/GHSA-j3xp-wfr4-hx87", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2023-38497", + "source": "security-advisories@github.com" + }, + { + "url": "https://www.rust-lang.org/policies/security", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-385xx/CVE-2023-38559.json b/CVE-2023/CVE-2023-385xx/CVE-2023-38559.json index c32c2c6defb..56168f09af9 100644 --- a/CVE-2023/CVE-2023-385xx/CVE-2023-38559.json +++ b/CVE-2023/CVE-2023-385xx/CVE-2023-38559.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38559", "sourceIdentifier": "secalert@redhat.com", "published": "2023-08-01T17:15:09.890", - "lastModified": "2023-08-01T18:51:22.487", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:21:05.113", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -34,22 +54,85 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:artifex:ghostscript:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E4876A23-725C-450E-B988-32FFF4DF53C1" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-38559", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugs.ghostscript.com/show_bug.cgi?id=706897", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224367", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-385xx/CVE-2023-38560.json b/CVE-2023/CVE-2023-385xx/CVE-2023-38560.json index 550cda86556..2cfec33aa52 100644 --- a/CVE-2023/CVE-2023-385xx/CVE-2023-38560.json +++ b/CVE-2023/CVE-2023-385xx/CVE-2023-38560.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38560", "sourceIdentifier": "secalert@redhat.com", "published": "2023-08-01T17:15:09.967", - "lastModified": "2023-08-04T05:15:10.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:30:26.457", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -34,26 +54,72 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:artifex:ghostscript:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E4876A23-725C-450E-B988-32FFF4DF53C1" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-38560", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugs.ghostscript.com/show_bug.cgi?id=706897", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://bugs.ghostscript.com/show_bug.cgi?id=706898", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224368", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-386xx/CVE-2023-38686.json b/CVE-2023/CVE-2023-386xx/CVE-2023-38686.json new file mode 100644 index 00000000000..814a9cf74d6 --- /dev/null +++ b/CVE-2023/CVE-2023-386xx/CVE-2023-38686.json @@ -0,0 +1,79 @@ +{ + "id": "CVE-2023-38686", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-08-04T16:15:10.550", + "lastModified": "2023-08-04T17:10:50.263", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle (MITM) attack. Attackers with privileged access to the network can intercept room invitations and address confirmation emails. This is patched in Sydent 2.5.6. When patching, make sure that Sydent trusts the certificate of the server it is connecting to. This should happen automatically when using properly issued certificates. Those who use self-signed certificates should make sure to copy their Certification Authority certificate, or their self signed certificate if using only one, to the trust store of your operating system. As a workaround, one can ensure Sydent's emails fail to send by setting the configured SMTP server to a loopback or non-routable address under one's control which does not have a listening SMTP server." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.3, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-295" + } + ] + } + ], + "references": [ + { + "url": "https://docs.python.org/3/library/ssl.html?highlight=ssl#security-considerations", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/matrix-org/sydent/commit/1cd748307c6b168b66154e6c4db715d4b9551261", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/matrix-org/sydent/pull/574", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/matrix-org/sydent/releases/tag/v2.5.6", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/matrix-org/sydent/security/advisories/GHSA-p6hw-wm59-3g5g", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/python/cpython/issues/91826", + "source": "security-advisories@github.com" + }, + { + "url": "https://peps.python.org/pep-0476/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-386xx/CVE-2023-38688.json b/CVE-2023/CVE-2023-386xx/CVE-2023-38688.json new file mode 100644 index 00000000000..b5f8fb23a31 --- /dev/null +++ b/CVE-2023/CVE-2023-386xx/CVE-2023-38688.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-38688", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-08-04T17:15:10.097", + "lastModified": "2023-08-04T17:15:10.097", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, the connection is not using TLS for communication. In the configuration of the irc connection, the software disables TLS, which makes all communication to Twitch IRC servers unencrypted. As a result, communication, including auth tokens, can be sniffed. Version 2.4.1 has a patch for this issue." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-311" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Xithrius/twitch-tui/blob/340afc3c8c07a83289fe6ef614aa7563c8b70756/src/twitch/connection.rs#L23", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/Xithrius/twitch-tui/commit/74d13ddca35f8f0816f4933c229da1fd95c0350a", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/Xithrius/twitch-tui/security/advisories/GHSA-779w-xvpm-78jx", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-386xx/CVE-2023-38689.json b/CVE-2023/CVE-2023-386xx/CVE-2023-38689.json new file mode 100644 index 00000000000..2e47f6f804e --- /dev/null +++ b/CVE-2023/CVE-2023-386xx/CVE-2023-38689.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-38689", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-08-04T17:15:10.563", + "lastModified": "2023-08-04T17:15:10.563", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Logistics Pipes is a modification (a.k.a. mod) for the computer game Minecraft Java Edition. The mod used Java's `ObjectInputStream#readObject` on untrusted data coming from clients or servers over the network resulting in possible remote code execution when sending specifically crafted network packets after connecting. The affected versions were released between 2013 and 2016 and the issue (back then unknown) was fixed in 2016 by a refactoring of the network IO code. \nThe issue is present in all Logistics Pipes versions ranged from 0.7.0.91 prior to 0.10.0.71, which were downloaded from different platforms summing up to multi-million downloads. For Minecraft version 1.7.10 the issue was fixed in build 0.10.0.71. Everybody on Minecraft 1.7.10 should check their version number of Logistics Pipes in their modlist and update, if the version number is smaller than 0.10.0.71. Any newer supported Minecraft version (like 1.12.2) never had a Logistics Pipes version with vulnerable code. The best available workaround for vulnerable versions is to play in singleplayer only or update to newer Minecraft versions and modpacks." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/RS485/LogisticsPipes/commit/39a90b8f2d1a2bcc512ec68c3e139f1dac07aa56", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/RS485/LogisticsPipes/commit/527c4f4fb028e9afab29d4e639935010ad7be9e7", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/RS485/LogisticsPipes/security/advisories/GHSA-mcp7-xf3v-25x3", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-386xx/CVE-2023-38690.json b/CVE-2023/CVE-2023-386xx/CVE-2023-38690.json new file mode 100644 index 00000000000..f442abbb8dc --- /dev/null +++ b/CVE-2023/CVE-2023-386xx/CVE-2023-38690.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-38690", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-08-04T17:15:10.783", + "lastModified": "2023-08-04T17:15:10.783", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it is possible to craft a command with newlines which would not be properly parsed. This would mean you could pass a string of commands as a channel name, which would then be run by the IRC bridge bot. Versions 1.0.1 and above are patched. There are no robust workarounds to the bug. One may disable dynamic channels in the config to disable the most common execution method but others may exist." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + }, + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/matrix-org/matrix-appservice-irc/commit/0afb064635d37e039067b5b3d6423448b93026d3", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/matrix-org/matrix-appservice-irc/releases/tag/1.0.1", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/matrix-org/matrix-appservice-irc/security/advisories/GHSA-3pmj-jqqp-2mj3", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-386xx/CVE-2023-38691.json b/CVE-2023/CVE-2023-386xx/CVE-2023-38691.json new file mode 100644 index 00000000000..399814eb77a --- /dev/null +++ b/CVE-2023/CVE-2023-386xx/CVE-2023-38691.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-38691", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-08-04T17:15:11.063", + "lastModified": "2023-08-04T17:15:11.063", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "matrix-appservice-bridge provides an API for setting up bridges. Starting in version 4.0.0 and prior to versions 8.1.2 and 9.0.1, a malicious Matrix server can use a foreign user's MXID in an OpenID exchange, allowing a bad actor to impersonate users when using the provisioning API. The library does not check that the servername part of the `sub` parameter (containing the user's *claimed* MXID) is the the same as the servername we are talking to. A malicious actor could spin up a server on any given domain, respond with a `sub` parameter according to the user they want to act as and use the resulting token to perform provisioning requests. Versions 8.1.2 and 9.0.1 contain a patch. As a workaround, disable the provisioning API." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/matrix-org/matrix-appservice-bridge/commit/4c6723a5e7beda65cdf1ae5dbb882e8beaac8552", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/matrix-org/matrix-appservice-bridge/security/advisories/GHSA-vc7j-h8xg-fv5x", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-387xx/CVE-2023-38750.json b/CVE-2023/CVE-2023-387xx/CVE-2023-38750.json index 3d18a2dad48..6ece34e4e30 100644 --- a/CVE-2023/CVE-2023-387xx/CVE-2023-38750.json +++ b/CVE-2023/CVE-2023-387xx/CVE-2023-38750.json @@ -2,23 +2,224 @@ "id": "CVE-2023-38750", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-31T16:15:10.437", - "lastModified": "2023-07-31T17:30:17.057", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:09:45.547", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.8.0", + "versionEndExcluding": "8.8.15", + "matchCriteriaId": "38ECDB77-75C2-4F1F-94A8-D0F7CAC58427" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p11:*:*:*:*:*:*", + "matchCriteriaId": "D94082EB-9245-421E-A195-659ED7E97FBD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p26:*:*:*:*:*:*", + "matchCriteriaId": "F10A5925-168E-45E8-888E-E4042A1406A4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p3:*:*:*:*:*:*", + "matchCriteriaId": "074B9DC0-1700-4C29-B332-093FEA785D39" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p30:*:*:*:*:*:*", + "matchCriteriaId": "85C96088-3631-4CAE-BA6C-9E7A12EC455F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p31:*:*:*:*:*:*", + "matchCriteriaId": "BCB801E7-C9C5-42FC-A4C3-CECD9F21887B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p32:*:*:*:*:*:*", + "matchCriteriaId": "A22C14E7-34AE-438C-9E2A-DA4BF07889D5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p33:*:*:*:*:*:*", + "matchCriteriaId": "B5251B9B-87EF-4300-A791-8C2BB2B58FA8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p34:*:*:*:*:*:*", + "matchCriteriaId": "C9795188-0A57-48A6-B876-0A2477888D6F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p35:*:*:*:*:*:*", + "matchCriteriaId": "4288C356-C993-486F-B3CF-D8E44A7A53C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p37:*:*:*:*:*:*", + "matchCriteriaId": "7A98258E-91BA-45F0-8417-6FFB3CF02FB5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p38:*:*:*:*:*:*", + "matchCriteriaId": "3EFD7BC4-0284-4551-972C-81DD7F225DA9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p40:*:*:*:*:*:*", + "matchCriteriaId": "ACA5EA7B-95A3-49E9-A407-A034279173FB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p5:*:*:*:*:*:*", + "matchCriteriaId": "9F670A63-D8E9-4360-83CF-5C5D3D8B569E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:9.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B671A427-BC20-43CB-A7F1-DD2124B2B901" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:9.0.0:p0:*:*:*:*:*:*", + "matchCriteriaId": "631ADC21-06BA-476D-B134-E25D06740019" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:9.0.0:p19:*:*:*:*:*:*", + "matchCriteriaId": "92C99D34-300D-4AC6-9D75-538621978E38" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:9.0.0:p23:*:*:*:*:*:*", + "matchCriteriaId": "D949B9A3-4E4F-45FC-93AB-478B77C6F7AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:9.0.0:p25:*:*:*:*:*:*", + "matchCriteriaId": "0BDA3621-F2AA-4E55-8641-A30B9A3DCF8E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:9.0.0:p26:*:*:*:*:*:*", + "matchCriteriaId": "3A29151F-9083-45B7-8C1E-A844372C01C0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:9.0.0:p27:*:*:*:*:*:*", + "matchCriteriaId": "E35B7C01-F288-47D6-8C43-50FC6F6FEA7A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:9.0.0:p28:*:*:*:*:*:*", + "matchCriteriaId": "40687633-0902-4D3E-8C7B-AE9318EB9DAD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:9.0.0:p30:*:*:*:*:*:*", + "matchCriteriaId": "8091130D-23B8-4271-9164-2279C14CBE7B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:9.0.0:p31:*:*:*:*:*:*", + "matchCriteriaId": "B40F5F01-E7DC-4399-8F9E-2341069FD555" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:9.0.0:p33:*:*:*:*:*:*", + "matchCriteriaId": "C8B3E761-6A2D-4AC1-8B46-B04196135A51" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:9.0.0:p4:*:*:*:*:*:*", + "matchCriteriaId": "8A3B019E-A357-4F7E-8DB5-336B3209D130" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:9.0.0:p7:*:*:*:*:*:*", + "matchCriteriaId": "E88525DC-A672-40E8-A756-43DD3E9685CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:9.0.0:p7.1:*:*:*:*:*:*", + "matchCriteriaId": "482EC153-BE0F-4B8B-8AC0-0D2CC3A94752" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:zimbra:10.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "0A092529-4EF6-45CC-A56B-BC9255E97F6D" + } + ] + } + ] + } + ], "references": [ { "url": "https://wiki.zimbra.com/wiki/Security_Center", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38964.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38964.json new file mode 100644 index 00000000000..7b5ff33f652 --- /dev/null +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38964.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-38964", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-04T16:15:10.697", + "lastModified": "2023-08-04T17:10:50.263", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://vida03.gitbook.io/redteam/web/cve-2023-38964", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-38xx/CVE-2023-3825.json b/CVE-2023/CVE-2023-38xx/CVE-2023-3825.json index 14f628a2a32..af23bd4fced 100644 --- a/CVE-2023/CVE-2023-38xx/CVE-2023-3825.json +++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3825.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3825", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-07-31T23:15:10.437", - "lastModified": "2023-08-01T12:55:38.437", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T16:48:20.227", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "ics-cert@hq.dhs.gov", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +76,33 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kepware:kepserverex:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0.0", + "versionEndIncluding": "6.14.263", + "matchCriteriaId": "4BCC4117-EFB3-4627-941D-B105A539D986" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-02", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-391xx/CVE-2023-39112.json b/CVE-2023/CVE-2023-391xx/CVE-2023-39112.json new file mode 100644 index 00000000000..f539e174342 --- /dev/null +++ b/CVE-2023/CVE-2023-391xx/CVE-2023-39112.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-39112", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-04T17:15:11.300", + "lastModified": "2023-08-04T17:15:11.300", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "ECShop v4.1.16 contains an arbitrary file deletion vulnerability in the Admin Panel." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Luci4n555/vul_report/blob/master/vul_1.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-391xx/CVE-2023-39122.json b/CVE-2023/CVE-2023-391xx/CVE-2023-39122.json index 35d311aa92e..0674742d9e1 100644 --- a/CVE-2023/CVE-2023-391xx/CVE-2023-39122.json +++ b/CVE-2023/CVE-2023-391xx/CVE-2023-39122.json @@ -2,19 +2,75 @@ "id": "CVE-2023-39122", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-31T23:15:10.297", - "lastModified": "2023-08-03T18:15:11.547", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T16:51:07.287", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. This is fixed in 9.0.21 (and is also fixed by a patch for 9.0.20.200)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bmc:control-m:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.0.21", + "matchCriteriaId": "FC6D0D4E-8FE6-4F43-9D2C-593DDA20A5C9" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/DojoSecurity/BMC-Control-M-Unauthenticated-SQL-Injection", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-391xx/CVE-2023-39143.json b/CVE-2023/CVE-2023-391xx/CVE-2023-39143.json new file mode 100644 index 00000000000..550d0a0b57c --- /dev/null +++ b/CVE-2023/CVE-2023-391xx/CVE-2023-39143.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-39143", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-04T17:15:11.510", + "lastModified": "2023-08-04T17:15:11.510", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to path traversal which enables attackers to read, delete, and upload arbitrary files." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.papercut.com/kb/Main/securitybulletinjuly2023/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-391xx/CVE-2023-39147.json b/CVE-2023/CVE-2023-391xx/CVE-2023-39147.json index 79e7390d83c..3a697ad03ca 100644 --- a/CVE-2023/CVE-2023-391xx/CVE-2023-39147.json +++ b/CVE-2023/CVE-2023-391xx/CVE-2023-39147.json @@ -2,23 +2,83 @@ "id": "CVE-2023-39147", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-01T18:15:10.203", - "lastModified": "2023-08-01T20:15:09.903", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:30:04.907", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafted image file." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:webkul:uvdesk:1.1.3:*:*:*:*:*:*:*", + "matchCriteriaId": "64CC4DC3-7C0F-46A4-8DB7-169C50E4B7CE" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/173878/Uvdesk-1.1.3-Shell-Upload.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://docs.google.com/document/d/1uv9DjHmKuDxZIjNhWX05EsxHEp8fGalXB7XK-QSyr_0/edit?usp=sharing", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3983.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3983.json index e6a69f1198a..596a85d08ba 100644 --- a/CVE-2023/CVE-2023-39xx/CVE-2023-3983.json +++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3983.json @@ -2,19 +2,76 @@ "id": "CVE-2023-3983", "sourceIdentifier": "vulnreport@tenable.com", "published": "2023-07-31T19:15:18.243", - "lastModified": "2023-08-01T12:55:38.437", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:03:02.897", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.7.4.6752", + "matchCriteriaId": "1856B3E0-0296-471D-828E-220B55F1E98D" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.tenable.com/security/research/tra-2023-24", - "source": "vulnreport@tenable.com" + "source": "vulnreport@tenable.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3997.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3997.json index 27430deb3d1..3d130f71375 100644 --- a/CVE-2023/CVE-2023-39xx/CVE-2023-3997.json +++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3997.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3997", "sourceIdentifier": "prodsec@splunk.com", "published": "2023-07-31T17:15:10.110", - "lastModified": "2023-07-31T17:30:17.057", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:09:13.420", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "prodsec@splunk.com", "type": "Secondary", @@ -34,10 +54,49 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:splunk:soar:*:*:*:*:on-premises:*:*:*", + "versionEndExcluding": "6.1.0", + "matchCriteriaId": "B6409239-52FB-4299-8AA1-869223F44504" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:splunk:soar:*:*:*:*:cloud:*:*:*", + "versionEndExcluding": "6.1.0.131", + "matchCriteriaId": "E71AB766-6388-44FB-8F0B-6ED443A20895" + } + ] + } + ] + } + ], "references": [ { "url": "https://advisory.splunk.com/advisories/SVD-2023-0702", - "source": "prodsec@splunk.com" + "source": "prodsec@splunk.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4004.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4004.json index d4eb408a74b..70fa01261d8 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4004.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4004.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4004", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-31T17:15:10.203", - "lastModified": "2023-07-31T17:30:17.057", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:08:39.573", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -34,18 +54,115 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.5", + "matchCriteriaId": "98C491C7-598A-4D36-BA4F-3505A5727ED1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:*", + "matchCriteriaId": "0B3E6E4D-E24E-4630-B00C-8C9901C597B0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc2:*:*:*:*:*:*", + "matchCriteriaId": "E4A01A71-0F09-4DB2-A02F-7EFFBE27C98D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc3:*:*:*:*:*:*", + "matchCriteriaId": "F5608371-157A-4318-8A2E-4104C3467EA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc4:*:*:*:*:*:*", + "matchCriteriaId": "2226A776-DF8C-49E0-A030-0A7853BB018A" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-4004", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225275", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230719190824.21196-1-fw@strlen.de/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4010.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4010.json index 70ae708f375..36f59f6d08d 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4010.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4010.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4010", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-31T17:15:10.277", - "lastModified": "2023-07-31T17:30:17.057", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:06:50.927", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.6 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -34,18 +54,77 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-835" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-4010", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2227726", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://github.com/wanrenmi/a-usb-kernel-bug", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4033.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4033.json index 946c23a6408..03fbcaff943 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4033.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4033.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4033", "sourceIdentifier": "security@huntr.dev", "published": "2023-08-01T01:15:10.913", - "lastModified": "2023-08-01T12:55:38.437", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T16:06:35.453", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.6.0", + "matchCriteriaId": "43FFD65D-BF64-47AF-AA18-BBF973A94116" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/mlflow/mlflow/commit/6dde93758d42455cb90ef324407919ed67668b9b", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/5312d6f8-67a5-4607-bd47-5e19966fa321", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4058.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4058.json index 276a51c7036..4f426fabafc 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4058.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4058.json @@ -2,23 +2,82 @@ "id": "CVE-2023-4058", "sourceIdentifier": "security@mozilla.org", "published": "2023-08-01T16:15:10.133", - "lastModified": "2023-08-01T16:43:18.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:50:09.910", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Memory safety bugs present in Firefox 115. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "116.0", + "matchCriteriaId": "C6C6420C-0883-4585-A655-4C470029CB85" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1819160%2C1828024", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-29/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4068.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4068.json index 9937765fd63..c8a6612cd08 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4068.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4068.json @@ -2,23 +2,83 @@ "id": "CVE-2023-4068", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-03T01:15:11.513", - "lastModified": "2023-08-03T12:40:03.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:14:17.057", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-843" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.0.5790.170", + "matchCriteriaId": "A285F0A7-9E48-4D13-8CD8-E31E85C9AC44" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1466183", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4069.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4069.json index 973ab9dd1ce..094176e2585 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4069.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4069.json @@ -2,23 +2,83 @@ "id": "CVE-2023-4069", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-03T01:15:11.583", - "lastModified": "2023-08-03T12:40:03.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:14:25.747", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-843" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.0.5790.170", + "matchCriteriaId": "A285F0A7-9E48-4D13-8CD8-E31E85C9AC44" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1465326", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4070.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4070.json index 769d5872065..69217673f9e 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4070.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4070.json @@ -2,23 +2,83 @@ "id": "CVE-2023-4070", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-03T01:15:11.647", - "lastModified": "2023-08-03T12:40:03.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:14:33.170", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-843" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.0.5790.170", + "matchCriteriaId": "A285F0A7-9E48-4D13-8CD8-E31E85C9AC44" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1462951", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4071.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4071.json index 38a4f358502..1f8b10b883e 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4071.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4071.json @@ -2,23 +2,83 @@ "id": "CVE-2023-4071", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-03T01:15:11.710", - "lastModified": "2023-08-03T12:40:03.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:14:57.810", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.0.5790.170", + "matchCriteriaId": "A285F0A7-9E48-4D13-8CD8-E31E85C9AC44" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1458819", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4072.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4072.json index 6369a6da428..5db4d3dc805 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4072.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4072.json @@ -2,23 +2,87 @@ "id": "CVE-2023-4072", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-03T01:15:11.773", - "lastModified": "2023-08-03T12:40:03.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:15:14.420", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + }, + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.0.5790.170", + "matchCriteriaId": "A285F0A7-9E48-4D13-8CD8-E31E85C9AC44" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1464038", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4073.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4073.json index a13c9023eb9..ef15ae8df89 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4073.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4073.json @@ -2,23 +2,95 @@ "id": "CVE-2023-4073", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-03T01:15:11.840", - "lastModified": "2023-08-03T12:40:03.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:15:51.823", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.0.5790.170", + "matchCriteriaId": "A285F0A7-9E48-4D13-8CD8-E31E85C9AC44" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1456243", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4074.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4074.json index 99c18fb6469..c715e528704 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4074.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4074.json @@ -2,23 +2,83 @@ "id": "CVE-2023-4074", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-03T01:15:11.903", - "lastModified": "2023-08-03T12:40:03.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:16:08.977", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.0.5790.170", + "matchCriteriaId": "A285F0A7-9E48-4D13-8CD8-E31E85C9AC44" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1464113", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4075.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4075.json index cc80804972e..58880c253b3 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4075.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4075.json @@ -2,23 +2,83 @@ "id": "CVE-2023-4075", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-03T01:15:11.973", - "lastModified": "2023-08-03T12:40:03.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:16:23.620", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.0.5790.170", + "matchCriteriaId": "A285F0A7-9E48-4D13-8CD8-E31E85C9AC44" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1457757", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4076.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4076.json index 89d3fb66051..9baadbd3826 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4076.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4076.json @@ -2,23 +2,83 @@ "id": "CVE-2023-4076", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-03T01:15:12.037", - "lastModified": "2023-08-03T12:40:03.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:16:32.750", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.0.5790.170", + "matchCriteriaId": "A285F0A7-9E48-4D13-8CD8-E31E85C9AC44" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1459124", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4077.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4077.json index 7ed2535436b..de93ade5b96 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4077.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4077.json @@ -2,23 +2,83 @@ "id": "CVE-2023-4077", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-03T01:15:12.100", - "lastModified": "2023-08-03T12:40:03.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:18:01.517", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.0.5790.170", + "matchCriteriaId": "A285F0A7-9E48-4D13-8CD8-E31E85C9AC44" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1451146", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4078.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4078.json index 4f6b1116914..2235fa690bc 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4078.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4078.json @@ -2,23 +2,83 @@ "id": "CVE-2023-4078", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-03T01:15:12.167", - "lastModified": "2023-08-03T12:40:03.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-04T17:18:54.880", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.0.5790.170", + "matchCriteriaId": "A285F0A7-9E48-4D13-8CD8-E31E85C9AC44" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1461895", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 7074b734f28..77e94c237b0 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-04T16:00:27.597760+00:00 +2023-08-04T18:00:34.940204+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-04T15:53:44.720000+00:00 +2023-08-04T17:58:18.727000+00:00 ``` ### Last Data Feed Release @@ -29,43 +29,58 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -221651 +221665 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `14` -* [CVE-2023-4135](CVE-2023/CVE-2023-41xx/CVE-2023-4135.json) (`2023-08-04T14:15:12.173`) -* [CVE-2023-29505](CVE-2023/CVE-2023-295xx/CVE-2023-29505.json) (`2023-08-04T15:15:09.987`) -* [CVE-2023-29689](CVE-2023/CVE-2023-296xx/CVE-2023-29689.json) (`2023-08-04T15:15:10.137`) -* [CVE-2023-36480](CVE-2023/CVE-2023-364xx/CVE-2023-36480.json) (`2023-08-04T15:15:10.210`) +* [CVE-2022-41401](CVE-2022/CVE-2022-414xx/CVE-2022-41401.json) (`2023-08-04T17:15:09.583`) +* [CVE-2023-37470](CVE-2023/CVE-2023-374xx/CVE-2023-37470.json) (`2023-08-04T16:15:09.610`) +* [CVE-2023-37896](CVE-2023/CVE-2023-378xx/CVE-2023-37896.json) (`2023-08-04T16:15:09.847`) +* [CVE-2023-38487](CVE-2023/CVE-2023-384xx/CVE-2023-38487.json) (`2023-08-04T16:15:10.030`) +* [CVE-2023-38494](CVE-2023/CVE-2023-384xx/CVE-2023-38494.json) (`2023-08-04T16:15:10.177`) +* [CVE-2023-38497](CVE-2023/CVE-2023-384xx/CVE-2023-38497.json) (`2023-08-04T16:15:10.370`) +* [CVE-2023-38686](CVE-2023/CVE-2023-386xx/CVE-2023-38686.json) (`2023-08-04T16:15:10.550`) +* [CVE-2023-38964](CVE-2023/CVE-2023-389xx/CVE-2023-38964.json) (`2023-08-04T16:15:10.697`) +* [CVE-2023-38688](CVE-2023/CVE-2023-386xx/CVE-2023-38688.json) (`2023-08-04T17:15:10.097`) +* [CVE-2023-38689](CVE-2023/CVE-2023-386xx/CVE-2023-38689.json) (`2023-08-04T17:15:10.563`) +* [CVE-2023-38690](CVE-2023/CVE-2023-386xx/CVE-2023-38690.json) (`2023-08-04T17:15:10.783`) +* [CVE-2023-38691](CVE-2023/CVE-2023-386xx/CVE-2023-38691.json) (`2023-08-04T17:15:11.063`) +* [CVE-2023-39112](CVE-2023/CVE-2023-391xx/CVE-2023-39112.json) (`2023-08-04T17:15:11.300`) +* [CVE-2023-39143](CVE-2023/CVE-2023-391xx/CVE-2023-39143.json) (`2023-08-04T17:15:11.510`) ### CVEs modified in the last Commit -Recently modified CVEs: `20` +Recently modified CVEs: `79` -* [CVE-2020-36763](CVE-2020/CVE-2020-367xx/CVE-2020-36763.json) (`2023-08-04T14:01:30.770`) -* [CVE-2022-43711](CVE-2022/CVE-2022-437xx/CVE-2022-43711.json) (`2023-08-04T15:37:18.857`) -* [CVE-2022-43713](CVE-2022/CVE-2022-437xx/CVE-2022-43713.json) (`2023-08-04T15:49:03.637`) -* [CVE-2023-36092](CVE-2023/CVE-2023-360xx/CVE-2023-36092.json) (`2023-08-04T14:51:20.827`) -* [CVE-2023-36091](CVE-2023/CVE-2023-360xx/CVE-2023-36091.json) (`2023-08-04T14:51:35.410`) -* [CVE-2023-36090](CVE-2023/CVE-2023-360xx/CVE-2023-36090.json) (`2023-08-04T14:52:44.703`) -* [CVE-2023-36089](CVE-2023/CVE-2023-360xx/CVE-2023-36089.json) (`2023-08-04T14:52:51.697`) -* [CVE-2023-30367](CVE-2023/CVE-2023-303xx/CVE-2023-30367.json) (`2023-08-04T14:53:08.263`) -* [CVE-2023-30949](CVE-2023/CVE-2023-309xx/CVE-2023-30949.json) (`2023-08-04T15:03:22.487`) -* [CVE-2023-3242](CVE-2023/CVE-2023-32xx/CVE-2023-3242.json) (`2023-08-04T15:03:53.600`) -* [CVE-2023-30577](CVE-2023/CVE-2023-305xx/CVE-2023-30577.json) (`2023-08-04T15:21:45.547`) -* [CVE-2023-4139](CVE-2023/CVE-2023-41xx/CVE-2023-4139.json) (`2023-08-04T15:27:24.817`) -* [CVE-2023-4140](CVE-2023/CVE-2023-41xx/CVE-2023-4140.json) (`2023-08-04T15:27:24.817`) -* [CVE-2023-4141](CVE-2023/CVE-2023-41xx/CVE-2023-4141.json) (`2023-08-04T15:27:24.817`) -* [CVE-2023-4142](CVE-2023/CVE-2023-41xx/CVE-2023-4142.json) (`2023-08-04T15:27:24.817`) -* [CVE-2023-39379](CVE-2023/CVE-2023-393xx/CVE-2023-39379.json) (`2023-08-04T15:27:24.817`) -* [CVE-2023-34037](CVE-2023/CVE-2023-340xx/CVE-2023-34037.json) (`2023-08-04T15:27:24.817`) -* [CVE-2023-34038](CVE-2023/CVE-2023-340xx/CVE-2023-34038.json) (`2023-08-04T15:27:24.817`) -* [CVE-2023-33534](CVE-2023/CVE-2023-335xx/CVE-2023-33534.json) (`2023-08-04T15:42:55.730`) -* [CVE-2023-37647](CVE-2023/CVE-2023-376xx/CVE-2023-37647.json) (`2023-08-04T15:53:44.720`) +* [CVE-2023-35016](CVE-2023/CVE-2023-350xx/CVE-2023-35016.json) (`2023-08-04T17:23:18.223`) +* [CVE-2023-35019](CVE-2023/CVE-2023-350xx/CVE-2023-35019.json) (`2023-08-04T17:23:56.413`) +* [CVE-2023-22595](CVE-2023/CVE-2023-225xx/CVE-2023-22595.json) (`2023-08-04T17:25:00.243`) +* [CVE-2023-24971](CVE-2023/CVE-2023-249xx/CVE-2023-24971.json) (`2023-08-04T17:25:17.853`) +* [CVE-2023-3292](CVE-2023/CVE-2023-32xx/CVE-2023-3292.json) (`2023-08-04T17:25:42.997`) +* [CVE-2023-34360](CVE-2023/CVE-2023-343xx/CVE-2023-34360.json) (`2023-08-04T17:27:01.823`) +* [CVE-2023-34359](CVE-2023/CVE-2023-343xx/CVE-2023-34359.json) (`2023-08-04T17:27:09.303`) +* [CVE-2023-34358](CVE-2023/CVE-2023-343xx/CVE-2023-34358.json) (`2023-08-04T17:27:21.567`) +* [CVE-2023-36351](CVE-2023/CVE-2023-363xx/CVE-2023-36351.json) (`2023-08-04T17:28:04.757`) +* [CVE-2023-32302](CVE-2023/CVE-2023-323xx/CVE-2023-32302.json) (`2023-08-04T17:28:35.773`) +* [CVE-2023-36118](CVE-2023/CVE-2023-361xx/CVE-2023-36118.json) (`2023-08-04T17:28:37.420`) +* [CVE-2023-34869](CVE-2023/CVE-2023-348xx/CVE-2023-34869.json) (`2023-08-04T17:28:50.493`) +* [CVE-2023-31429](CVE-2023/CVE-2023-314xx/CVE-2023-31429.json) (`2023-08-04T17:29:03.630`) +* [CVE-2023-31425](CVE-2023/CVE-2023-314xx/CVE-2023-31425.json) (`2023-08-04T17:29:10.477`) +* [CVE-2023-39147](CVE-2023/CVE-2023-391xx/CVE-2023-39147.json) (`2023-08-04T17:30:04.907`) +* [CVE-2023-38560](CVE-2023/CVE-2023-385xx/CVE-2023-38560.json) (`2023-08-04T17:30:26.457`) +* [CVE-2023-31710](CVE-2023/CVE-2023-317xx/CVE-2023-31710.json) (`2023-08-04T17:31:52.350`) +* [CVE-2023-20583](CVE-2023/CVE-2023-205xx/CVE-2023-20583.json) (`2023-08-04T17:31:53.953`) +* [CVE-2023-36210](CVE-2023/CVE-2023-362xx/CVE-2023-36210.json) (`2023-08-04T17:41:31.310`) +* [CVE-2023-26607](CVE-2023/CVE-2023-266xx/CVE-2023-26607.json) (`2023-08-04T17:42:56.953`) +* [CVE-2023-37478](CVE-2023/CVE-2023-374xx/CVE-2023-37478.json) (`2023-08-04T17:44:08.830`) +* [CVE-2023-33493](CVE-2023/CVE-2023-334xx/CVE-2023-33493.json) (`2023-08-04T17:48:37.147`) +* [CVE-2023-4058](CVE-2023/CVE-2023-40xx/CVE-2023-4058.json) (`2023-08-04T17:50:09.910`) +* [CVE-2023-33562](CVE-2023/CVE-2023-335xx/CVE-2023-33562.json) (`2023-08-04T17:55:48.260`) +* [CVE-2023-33561](CVE-2023/CVE-2023-335xx/CVE-2023-33561.json) (`2023-08-04T17:58:18.727`) ## Download and Usage