From 9574bd87c499a5308e291c04b0a9ca49eda09c97 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 16 Jun 2023 02:00:33 +0000 Subject: [PATCH] Auto-Update: 2023-06-16T02:00:29.672292+00:00 --- CVE-2023/CVE-2023-18xx/CVE-2023-1888.json | 64 ++++++++++++++-- CVE-2023/CVE-2023-18xx/CVE-2023-1889.json | 52 ++++++++++++- CVE-2023/CVE-2023-18xx/CVE-2023-1895.json | 52 ++++++++++++- CVE-2023/CVE-2023-19xx/CVE-2023-1910.json | 52 ++++++++++++- CVE-2023/CVE-2023-293xx/CVE-2023-29349.json | 43 +++++++++++ CVE-2023/CVE-2023-293xx/CVE-2023-29356.json | 43 +++++++++++ CVE-2023/CVE-2023-294xx/CVE-2023-29403.json | 85 +++++++++++++++++++-- CVE-2023/CVE-2023-29xx/CVE-2023-2904.json | 66 ++++++++++++++-- CVE-2023/CVE-2023-320xx/CVE-2023-32025.json | 43 +++++++++++ CVE-2023/CVE-2023-320xx/CVE-2023-32026.json | 43 +++++++++++ CVE-2023/CVE-2023-320xx/CVE-2023-32027.json | 43 +++++++++++ CVE-2023/CVE-2023-320xx/CVE-2023-32028.json | 43 +++++++++++ CVE-2023/CVE-2023-335xx/CVE-2023-33510.json | 64 +++++++++++++++- CVE-2023/CVE-2023-341xx/CVE-2023-34112.json | 57 +++++++++++++- README.md | 47 +++++------- 15 files changed, 733 insertions(+), 64 deletions(-) create mode 100644 CVE-2023/CVE-2023-293xx/CVE-2023-29349.json create mode 100644 CVE-2023/CVE-2023-293xx/CVE-2023-29356.json create mode 100644 CVE-2023/CVE-2023-320xx/CVE-2023-32025.json create mode 100644 CVE-2023/CVE-2023-320xx/CVE-2023-32026.json create mode 100644 CVE-2023/CVE-2023-320xx/CVE-2023-32027.json create mode 100644 CVE-2023/CVE-2023-320xx/CVE-2023-32028.json diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1888.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1888.json index 0b65ea9fa85..fe46f04d3dc 100644 --- a/CVE-2023/CVE-2023-18xx/CVE-2023-1888.json +++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1888.json @@ -2,8 +2,8 @@ "id": "CVE-2023-1888", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-09T06:15:58.410", - "lastModified": "2023-06-09T13:03:33.953", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-16T00:49:44.493", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,16 +64,50 @@ "value": "CWE-20" } ] + }, + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpwax:directorist:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "7.5.4", + "matchCriteriaId": "7F7FD8F6-AC71-4EE5-A98B-CB6B61289E93" + } + ] + } + ] } ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/2920100/directorist", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01943559-e05b-4dca-b322-d880b2729ee7?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1889.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1889.json index 11aca31fa14..410514879fa 100644 --- a/CVE-2023/CVE-2023-18xx/CVE-2023-1889.json +++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1889.json @@ -2,8 +2,8 @@ "id": "CVE-2023-1889", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-09T06:15:58.690", - "lastModified": "2023-06-09T13:03:33.953", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-16T00:43:03.977", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,14 +66,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpwax:directorist:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "7.5.4", + "matchCriteriaId": "7F7FD8F6-AC71-4EE5-A98B-CB6B61289E93" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/2920100/directorist", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b47edd57-cac7-463f-88cc-8922f1b34612?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1895.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1895.json index 87c0c1518cd..6db10be4cb1 100644 --- a/CVE-2023/CVE-2023-18xx/CVE-2023-1895.json +++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1895.json @@ -2,8 +2,8 @@ "id": "CVE-2023-1895", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-09T06:15:58.997", - "lastModified": "2023-06-09T13:03:33.953", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-16T00:37:05.560", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 5.8 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,14 +66,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:motopress:getwid_-_gutenberg_blocks:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.8.3", + "matchCriteriaId": "9B36C972-5CBB-4405-B193-C592A3BDCDA1" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/getwid/tags/1.8.3/includes/rest-api.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e9c2a942-c14c-4b59-92a7-6946b2e4731b?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-19xx/CVE-2023-1910.json b/CVE-2023/CVE-2023-19xx/CVE-2023-1910.json index c25c429460b..63cad85f928 100644 --- a/CVE-2023/CVE-2023-19xx/CVE-2023-1910.json +++ b/CVE-2023/CVE-2023-19xx/CVE-2023-1910.json @@ -2,8 +2,8 @@ "id": "CVE-2023-1910", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-09T06:15:59.433", - "lastModified": "2023-06-09T13:03:33.953", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-16T00:29:44.490", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,14 +66,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:motopress:getwid_-_gutenberg_blocks:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.8.3", + "matchCriteriaId": "9B36C972-5CBB-4405-B193-C592A3BDCDA1" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/getwid/tags/1.8.3/includes/rest-api.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6cd64ab0-007b-4778-9d92-06e530638fad?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-293xx/CVE-2023-29349.json b/CVE-2023/CVE-2023-293xx/CVE-2023-29349.json new file mode 100644 index 00000000000..2ba7dc3e5ae --- /dev/null +++ b/CVE-2023/CVE-2023-293xx/CVE-2023-29349.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-29349", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-06-16T01:15:27.847", + "lastModified": "2023-06-16T01:15:27.847", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-293xx/CVE-2023-29356.json b/CVE-2023/CVE-2023-293xx/CVE-2023-29356.json new file mode 100644 index 00000000000..a0726672bd6 --- /dev/null +++ b/CVE-2023/CVE-2023-293xx/CVE-2023-29356.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-29356", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-06-16T01:15:27.910", + "lastModified": "2023-06-16T01:15:27.910", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29356", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29403.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29403.json index 518e3914bf9..d1a3e233a11 100644 --- a/CVE-2023/CVE-2023-294xx/CVE-2023-29403.json +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29403.json @@ -2,16 +2,49 @@ "id": "CVE-2023-29403", "sourceIdentifier": "security@golang.org", "published": "2023-06-08T21:15:16.927", - "lastModified": "2023-06-09T13:03:48.703", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-16T00:23:39.893", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-668" + } + ] + }, { "source": "security@golang.org", "type": "Secondary", @@ -23,22 +56,60 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.19.10", + "matchCriteriaId": "E17A25CE-A8C9-4F89-916A-BB0327A509C9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.20.0", + "versionEndExcluding": "1.20.5", + "matchCriteriaId": "53EC811C-49DE-4470-908C-CDC9282EC7FA" + } + ] + } + ] + } + ], "references": [ { "url": "https://go.dev/cl/501223", - "source": "security@golang.org" + "source": "security@golang.org", + "tags": [ + "Patch" + ] }, { "url": "https://go.dev/issue/60272", - "source": "security@golang.org" + "source": "security@golang.org", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ", - "source": "security@golang.org" + "source": "security@golang.org", + "tags": [ + "Mailing List", + "Release Notes" + ] }, { "url": "https://pkg.go.dev/vuln/GO-2023-1840", - "source": "security@golang.org" + "source": "security@golang.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2904.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2904.json index e6ee4b8f1f4..976edbfbaa0 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2904.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2904.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2904", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-06-07T22:15:09.963", - "lastModified": "2023-06-08T02:44:28.663", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-16T00:13:57.597", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.2 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "ics-cert@hq.dhs.gov", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,14 +76,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hidglobal:safe:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.8.0", + "versionEndIncluding": "5.11.3", + "matchCriteriaId": "5120A071-CC9A-4F1A-A032-8357557C3272" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-02", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] }, { "url": "https://www.hidglobal.com/security-center", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32025.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32025.json new file mode 100644 index 00000000000..41d934c5ec0 --- /dev/null +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32025.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-32025", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-06-16T01:15:27.967", + "lastModified": "2023-06-16T01:15:27.967", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32025", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32026.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32026.json new file mode 100644 index 00000000000..79d1a5683a7 --- /dev/null +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32026.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-32026", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-06-16T01:15:28.017", + "lastModified": "2023-06-16T01:15:28.017", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32026", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32027.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32027.json new file mode 100644 index 00000000000..7d9d26d9118 --- /dev/null +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32027.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-32027", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-06-16T01:15:28.067", + "lastModified": "2023-06-16T01:15:28.067", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32027", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32028.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32028.json new file mode 100644 index 00000000000..af992ca2a94 --- /dev/null +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32028.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-32028", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-06-16T01:15:28.120", + "lastModified": "2023-06-16T01:15:28.120", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft OLE DB Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32028", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33510.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33510.json index de7c644cd54..c51fd77809f 100644 --- a/CVE-2023/CVE-2023-335xx/CVE-2023-33510.json +++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33510.json @@ -2,19 +2,75 @@ "id": "CVE-2023-33510", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-07T20:15:09.877", - "lastModified": "2023-06-07T20:24:12.193", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-16T00:16:17.040", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-668" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jeecg_p3_biz_chat_project:jeecg_p3_biz_chat:1.0.5:*:*:*:*:wordpress:*:*", + "matchCriteriaId": "9D207CB3-857D-47D3-A982-98135331F657" + } + ] + } + ] + } + ], "references": [ { "url": "https://carl1l.github.io/2023/05/08/jeecg-p3-biz-chat-1-0-5-jar-has-arbitrary-file-read-vulnerability/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34112.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34112.json index 4f7c8c1e39a..ac62652531b 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34112.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34112.json @@ -2,16 +2,40 @@ "id": "CVE-2023-34112", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-09T00:15:10.447", - "lastModified": "2023-06-09T13:03:48.703", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-16T01:02:38.677", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "JavaCPP Presets is a project providing Java distributions of native C++ libraries. All the actions in the `bytedeco/javacpp-presets` use the `github.event.head_commit.message?` parameter in an insecure way. For example, the commit message is used in a run statement - resulting in a command injection vulnerability due to string interpolation. No exploitation has been reported. This issue has been addressed in version 1.5.9. Users of JavaCPP Presets are advised to upgrade as a precaution." + }, + { + "lang": "es", + "value": "JavaCPP Presets es un proyecto que proporciona distribuciones Java de librer\u00edas C++ nativas. Todas las acciones en el \"bytedeco/javacpp-presets\" utilizan el par\u00e1metro \"github.event.head_commit.message?\" de forma insegura. Por ejemplo, el mensaje de confirmaci\u00f3n se utiliza en una sentencia de ejecuci\u00f3n, lo que resulta en una vulnerabilidad de inyecci\u00f3n de comandos debido a la interpolaci\u00f3n de cadenas. No se ha informado de ninguna explotaci\u00f3n. Este problema se ha solucionado en la versi\u00f3n 1.5.9. Se recomienda a los usuarios de JavaCPP Presets que actualicen como medida de precauci\u00f3n. " } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +70,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bytedeco:javacpp_presets:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.5.9", + "matchCriteriaId": "4B96479B-4F8E-4DE4-A178-377F9D303318" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/bytedeco/javacpp-presets/security/advisories/GHSA-36rx-hq22-jm5x", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://securitylab.github.com/research/github-actions-untrusted-input/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 2146e2ef860..77aa9fd96be 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-06-15T23:55:34.375547+00:00 +2023-06-16T02:00:29.672292+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-06-15T23:15:09.020000+00:00 +2023-06-16T01:15:28.120000+00:00 ``` ### Last Data Feed Release @@ -23,46 +23,39 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-06-15T00:00:13.541780+00:00 +2023-06-16T00:00:13.573516+00:00 ``` ### Total Number of included CVEs ```plain -217889 +217895 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `6` -* [CVE-2023-23841](CVE-2023/CVE-2023-238xx/CVE-2023-23841.json) (`2023-06-15T22:15:09.227`) -* [CVE-2023-28810](CVE-2023/CVE-2023-288xx/CVE-2023-28810.json) (`2023-06-15T22:15:09.307`) -* [CVE-2023-2080](CVE-2023/CVE-2023-20xx/CVE-2023-2080.json) (`2023-06-15T23:15:09.020`) +* [CVE-2023-29349](CVE-2023/CVE-2023-293xx/CVE-2023-29349.json) (`2023-06-16T01:15:27.847`) +* [CVE-2023-29356](CVE-2023/CVE-2023-293xx/CVE-2023-29356.json) (`2023-06-16T01:15:27.910`) +* [CVE-2023-32025](CVE-2023/CVE-2023-320xx/CVE-2023-32025.json) (`2023-06-16T01:15:27.967`) +* [CVE-2023-32026](CVE-2023/CVE-2023-320xx/CVE-2023-32026.json) (`2023-06-16T01:15:28.017`) +* [CVE-2023-32027](CVE-2023/CVE-2023-320xx/CVE-2023-32027.json) (`2023-06-16T01:15:28.067`) +* [CVE-2023-32028](CVE-2023/CVE-2023-320xx/CVE-2023-32028.json) (`2023-06-16T01:15:28.120`) ### CVEs modified in the last Commit -Recently modified CVEs: `18` +Recently modified CVEs: `8` -* [CVE-2023-1917](CVE-2023/CVE-2023-19xx/CVE-2023-1917.json) (`2023-06-15T22:11:37.083`) -* [CVE-2023-2159](CVE-2023/CVE-2023-21xx/CVE-2023-2159.json) (`2023-06-15T22:12:20.457`) -* [CVE-2023-2184](CVE-2023/CVE-2023-21xx/CVE-2023-2184.json) (`2023-06-15T22:12:32.913`) -* [CVE-2023-2189](CVE-2023/CVE-2023-21xx/CVE-2023-2189.json) (`2023-06-15T22:12:53.960`) -* [CVE-2023-2556](CVE-2023/CVE-2023-25xx/CVE-2023-2556.json) (`2023-06-15T22:13:12.523`) -* [CVE-2023-32732](CVE-2023/CVE-2023-327xx/CVE-2023-32732.json) (`2023-06-15T22:14:04.903`) -* [CVE-2023-2584](CVE-2023/CVE-2023-25xx/CVE-2023-2584.json) (`2023-06-15T22:14:29.190`) -* [CVE-2023-2599](CVE-2023/CVE-2023-25xx/CVE-2023-2599.json) (`2023-06-15T22:15:07.667`) -* [CVE-2023-2604](CVE-2023/CVE-2023-26xx/CVE-2023-2604.json) (`2023-06-15T22:15:19.723`) -* [CVE-2023-2607](CVE-2023/CVE-2023-26xx/CVE-2023-2607.json) (`2023-06-15T22:15:33.480`) -* [CVE-2023-2688](CVE-2023/CVE-2023-26xx/CVE-2023-2688.json) (`2023-06-15T22:15:47.297`) -* [CVE-2023-2764](CVE-2023/CVE-2023-27xx/CVE-2023-2764.json) (`2023-06-15T22:16:07.900`) -* [CVE-2023-2767](CVE-2023/CVE-2023-27xx/CVE-2023-2767.json) (`2023-06-15T22:16:25.907`) -* [CVE-2023-3176](CVE-2023/CVE-2023-31xx/CVE-2023-3176.json) (`2023-06-15T22:16:40.580`) -* [CVE-2023-2897](CVE-2023/CVE-2023-28xx/CVE-2023-2897.json) (`2023-06-15T22:17:19.443`) -* [CVE-2023-3177](CVE-2023/CVE-2023-31xx/CVE-2023-3177.json) (`2023-06-15T22:17:35.467`) -* [CVE-2023-1428](CVE-2023/CVE-2023-14xx/CVE-2023-1428.json) (`2023-06-15T22:17:53.033`) -* [CVE-2023-32731](CVE-2023/CVE-2023-327xx/CVE-2023-32731.json) (`2023-06-15T22:18:49.193`) +* [CVE-2023-2904](CVE-2023/CVE-2023-29xx/CVE-2023-2904.json) (`2023-06-16T00:13:57.597`) +* [CVE-2023-33510](CVE-2023/CVE-2023-335xx/CVE-2023-33510.json) (`2023-06-16T00:16:17.040`) +* [CVE-2023-29403](CVE-2023/CVE-2023-294xx/CVE-2023-29403.json) (`2023-06-16T00:23:39.893`) +* [CVE-2023-1910](CVE-2023/CVE-2023-19xx/CVE-2023-1910.json) (`2023-06-16T00:29:44.490`) +* [CVE-2023-1895](CVE-2023/CVE-2023-18xx/CVE-2023-1895.json) (`2023-06-16T00:37:05.560`) +* [CVE-2023-1889](CVE-2023/CVE-2023-18xx/CVE-2023-1889.json) (`2023-06-16T00:43:03.977`) +* [CVE-2023-1888](CVE-2023/CVE-2023-18xx/CVE-2023-1888.json) (`2023-06-16T00:49:44.493`) +* [CVE-2023-34112](CVE-2023/CVE-2023-341xx/CVE-2023-34112.json) (`2023-06-16T01:02:38.677`) ## Download and Usage