diff --git a/CVE-2022/CVE-2022-311xx/CVE-2022-31137.json b/CVE-2022/CVE-2022-311xx/CVE-2022-31137.json index c896147b1fc..0e9fc4e6000 100644 --- a/CVE-2022/CVE-2022-311xx/CVE-2022-31137.json +++ b/CVE-2022/CVE-2022-311xx/CVE-2022-31137.json @@ -2,7 +2,7 @@ "id": "CVE-2022-31137", "sourceIdentifier": "security-advisories@github.com", "published": "2022-07-08T20:15:07.980", - "lastModified": "2023-04-03T20:15:08.057", + "lastModified": "2023-05-24T18:15:09.563", "vulnStatus": "Modified", "descriptions": [ { @@ -141,6 +141,10 @@ "url": "http://packetstormsecurity.com/files/171652/Roxy-WI-6.1.1.0-Remote-Code-Execution.html", "source": "security-advisories@github.com" }, + { + "url": "http://packetstormsecurity.com/files/172547/Roxy-WI-6.1.0.0-Remote-Command-Execution.html", + "source": "security-advisories@github.com" + }, { "url": "https://github.com/hap-wi/roxy-wi/commit/82666df1e60c45dd6aa533b01a392f015d32f755", "source": "security-advisories@github.com", diff --git a/CVE-2022/CVE-2022-415xx/CVE-2022-41544.json b/CVE-2022/CVE-2022-415xx/CVE-2022-41544.json index 29e49152474..a2162fbc4f6 100644 --- a/CVE-2022/CVE-2022-415xx/CVE-2022-41544.json +++ b/CVE-2022/CVE-2022-415xx/CVE-2022-41544.json @@ -2,8 +2,8 @@ "id": "CVE-2022-41544", "sourceIdentifier": "cve@mitre.org", "published": "2022-10-18T15:15:10.293", - "lastModified": "2022-10-19T03:49:34.620", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-24T18:15:09.777", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -68,6 +68,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/172553/GetSimple-CMS-3.3.16-Shell-Upload.html", + "source": "cve@mitre.org" + }, { "url": "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1352", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-19xx/CVE-2023-1934.json b/CVE-2023/CVE-2023-19xx/CVE-2023-1934.json index b71997ae11e..82ee48c39af 100644 --- a/CVE-2023/CVE-2023-19xx/CVE-2023-1934.json +++ b/CVE-2023/CVE-2023-19xx/CVE-2023-1934.json @@ -2,8 +2,8 @@ "id": "CVE-2023-1934", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-05-12T14:15:09.653", - "lastModified": "2023-05-24T01:24:00.233", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-24T18:15:09.877", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -84,6 +84,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/172511/PnPSCADA-2.x-SQL-Injection.html", + "source": "ics-cert@hq.dhs.gov" + }, { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-12", "source": "ics-cert@hq.dhs.gov", diff --git a/CVE-2023/CVE-2023-273xx/CVE-2023-27350.json b/CVE-2023/CVE-2023-273xx/CVE-2023-27350.json index d89b994954c..9c410a20d41 100644 --- a/CVE-2023/CVE-2023-273xx/CVE-2023-27350.json +++ b/CVE-2023/CVE-2023-273xx/CVE-2023-27350.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27350", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2023-04-20T16:15:07.653", - "lastModified": "2023-05-02T16:06:04.117", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-24T18:15:09.980", + "vulnStatus": "Modified", "cisaExploitAdd": "2023-04-21", "cisaActionDue": "2023-05-12", "cisaRequiredAction": "Apply updates per vendor instructions.", @@ -154,6 +154,10 @@ "VDB Entry" ] }, + { + "url": "http://packetstormsecurity.com/files/172512/PaperCut-NG-MG-22.0.4-Remote-Code-Execution.html", + "source": "zdi-disclosures@trendmicro.com" + }, { "url": "https://news.sophos.com/en-us/2023/04/27/increased-exploitation-of-papercut-drawing-blood-around-the-internet/", "source": "zdi-disclosures@trendmicro.com", diff --git a/CVE-2023/CVE-2023-275xx/CVE-2023-27524.json b/CVE-2023/CVE-2023-275xx/CVE-2023-27524.json index 7667320096a..c0772f6e3d5 100644 --- a/CVE-2023/CVE-2023-275xx/CVE-2023-27524.json +++ b/CVE-2023/CVE-2023-275xx/CVE-2023-27524.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27524", "sourceIdentifier": "security@apache.org", "published": "2023-04-24T16:15:07.843", - "lastModified": "2023-05-02T20:43:06.460", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-24T18:15:10.103", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -85,6 +85,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/172522/Apache-Superset-2.0.0-Authentication-Bypass.html", + "source": "security@apache.org" + }, { "url": "http://www.openwall.com/lists/oss-security/2023/04/24/2", "source": "security@apache.org", diff --git a/CVE-2023/CVE-2023-279xx/CVE-2023-27979.json b/CVE-2023/CVE-2023-279xx/CVE-2023-27979.json index 30a1e4082ef..62d4ca9808c 100644 --- a/CVE-2023/CVE-2023-279xx/CVE-2023-27979.json +++ b/CVE-2023/CVE-2023-279xx/CVE-2023-27979.json @@ -2,7 +2,7 @@ "id": "CVE-2023-27979", "sourceIdentifier": "cybersecurity@se.com", "published": "2023-03-21T13:15:12.140", - "lastModified": "2023-03-28T14:58:23.433", + "lastModified": "2023-05-24T19:28:04.420", "vulnStatus": "Analyzed", "descriptions": [ { @@ -17,20 +17,20 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "availabilityImpact": "HIGH", - "baseScore": 7.5, - "baseSeverity": "HIGH" + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" }, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 2.5 }, { "source": "cybersecurity@se.com", diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2868.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2868.json new file mode 100644 index 00000000000..d2aafac3b0d --- /dev/null +++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2868.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-2868", + "sourceIdentifier": "cve-coordination@google.com", + "published": "2023-05-24T19:15:09.363", + "lastModified": "2023-05-24T19:15:09.363", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives).\u00a0The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product.\u00a0This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 9.4, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://status.barracuda.com/incidents/34kx82j5n4q9", + "source": "cve-coordination@google.com" + }, + { + "url": "https://www.barracuda.com/company/legal/esg-vulnerability", + "source": "cve-coordination@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2870.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2870.json new file mode 100644 index 00000000000..dda2c213a29 --- /dev/null +++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2870.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2023-2870", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-05-24T18:15:10.217", + "lastModified": "2023-05-24T18:15:10.217", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in EnTech Monitor Asset Manager 2.9. It has been declared as problematic. Affected by this vulnerability is the function 0x80002014 of the component IoControlCode Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier VDB-229849 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "PARTIAL", + "baseScore": 1.7 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 3.1, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-404" + } + ] + } + ], + "references": [ + { + "url": "https://drive.google.com/file/d/1ehTYhcdeTiB4rQ38n5FqhQZgVqcvvPE_/view?usp=sharing", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned47", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.229849", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.229849", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2871.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2871.json new file mode 100644 index 00000000000..1c979b5e388 --- /dev/null +++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2871.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2023-2871", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-05-24T18:15:10.337", + "lastModified": "2023-05-24T18:15:10.337", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in FabulaTech USB for Remote Desktop 6.1.0.0. It has been rated as problematic. Affected by this issue is the function 0x220448/0x220420/0x22040c/0x220408 of the component IoControlCode Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. VDB-229850 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "PARTIAL", + "baseScore": 1.7 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 3.1, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://drive.google.com/file/d/1Y8e5f0AjddrozLv155r9cNhkXwwwZbYE/view?usp=sharing", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned46", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.229850", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.229850", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2872.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2872.json new file mode 100644 index 00000000000..5511a88e6ed --- /dev/null +++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2872.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2023-2872", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-05-24T18:15:10.413", + "lastModified": "2023-05-24T18:15:10.413", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic has been found in FlexiHub 5.5.14691.0. This affects the function 0x220088 in the library fusbhub.sys of the component IoControlCode Handler. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229851. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C", + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "COMPLETE", + "baseScore": 4.6 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 3.1, + "impactScore": 6.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://drive.google.com/file/d/1h-7fnmb31bkEW4FoLNDlneftDqS4TQHT/view?usp=sharing", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned45", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.229851", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.229851", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2873.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2873.json new file mode 100644 index 00000000000..cd594230e65 --- /dev/null +++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2873.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2023-2873", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-05-24T18:15:10.493", + "lastModified": "2023-05-24T18:15:10.493", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in Twister Antivirus 8. This vulnerability affects the function 0x804f2143/0x804f217f/0x804f214b/0x80800043 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229852. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 4.3 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 3.1, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + } + ], + "references": [ + { + "url": "https://drive.google.com/file/d/1ABRMxr6Ek02P_WAXjyYLGQ4sHYMVQTka/view?usp=sharing", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned44", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.229852", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.229852", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2874.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2874.json new file mode 100644 index 00000000000..8c8d519bce2 --- /dev/null +++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2874.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2023-2874", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-05-24T19:15:09.443", + "lastModified": "2023-05-24T19:15:09.443", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, has been found in Twister Antivirus 8. This issue affects the function 0x804f2158/0x804f2154/0x804f2150/0x804f215c/0x804f2160/0x80800040/0x804f214c/0x804f2148/0x804f2144/0x801120e4/0x804f213c/0x804f2140 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-229853 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C", + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "COMPLETE", + "baseScore": 4.6 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 3.1, + "impactScore": 6.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-404" + } + ] + } + ], + "references": [ + { + "url": "https://drive.google.com/file/d/1hcj4tdRveydUv84J5IEQFmjF1XxUvxGy/view?usp=sharing", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned43", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.229853", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.229853", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2875.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2875.json new file mode 100644 index 00000000000..130ed964949 --- /dev/null +++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2875.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2023-2875", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-05-24T19:15:09.517", + "lastModified": "2023-05-24T19:15:09.517", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, was found in eScan Antivirus 22.0.1400.2443. Affected is the function 0x22E008u in the library PROCOBSRVESX.SYS of the component IoControlCode Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-229854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C", + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "COMPLETE", + "baseScore": 4.6 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 3.1, + "impactScore": 6.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://drive.google.com/file/d/1fvlP0d9HmApjWhYDjgsdco7g7FPsbn0V/view?usp=sharing", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned48", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.229854", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.229854", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-302xx/CVE-2023-30256.json b/CVE-2023/CVE-2023-302xx/CVE-2023-30256.json index f9485a0e419..a37da674579 100644 --- a/CVE-2023/CVE-2023-302xx/CVE-2023-30256.json +++ b/CVE-2023/CVE-2023-302xx/CVE-2023-30256.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30256", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-11T11:15:09.047", - "lastModified": "2023-05-18T18:16:55.270", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-24T18:15:10.593", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -64,6 +64,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/172542/Webkul-Qloapps-1.5.2-Cross-Site-Scripting.html", + "source": "cve@mitre.org" + }, { "url": "https://github.com/ahrixia/CVE-2023-30256", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-317xx/CVE-2023-31702.json b/CVE-2023/CVE-2023-317xx/CVE-2023-31702.json index 7c45f44d9b6..31baa627ebc 100644 --- a/CVE-2023/CVE-2023-317xx/CVE-2023-31702.json +++ b/CVE-2023/CVE-2023-317xx/CVE-2023-31702.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31702", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-17T13:15:09.567", - "lastModified": "2023-05-17T17:00:54.967", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-24T18:15:10.673", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -12,6 +12,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://packetstormsecurity.com/files/172545/eScan-Management-Console-14.0.1400.2281-SQL-Injection.html", + "source": "cve@mitre.org" + }, { "url": "https://github.com/sahiloj/CVE-2023-31702/blob/main/README.md", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-317xx/CVE-2023-31703.json b/CVE-2023/CVE-2023-317xx/CVE-2023-31703.json index 84e7e23ba60..c4ef7281f52 100644 --- a/CVE-2023/CVE-2023-317xx/CVE-2023-31703.json +++ b/CVE-2023/CVE-2023-317xx/CVE-2023-31703.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31703", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-17T13:15:09.617", - "lastModified": "2023-05-17T17:00:54.967", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-24T18:15:10.753", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -12,6 +12,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://packetstormsecurity.com/files/172540/eScan-Management-Console-14.0.1400.2281-Cross-Site-Scripting.html", + "source": "cve@mitre.org" + }, { "url": "https://github.com/sahiloj/CVE-2023-31703/blob/main/README.md", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33980.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33980.json new file mode 100644 index 00000000000..7266d24ca9b --- /dev/null +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33980.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-33980", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-24T18:15:10.827", + "lastModified": "2023-05-24T18:15:10.827", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Bramble Synchronisation Protocol (BSP) in Briar before 1.4.22 allows attackers to cause a denial of service (repeated application crashes) via a series of long messages to a contact." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://briarproject.org/news/2023-three-security-issues-found-and-fixed/", + "source": "cve@mitre.org" + }, + { + "url": "https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_YuanmingSong.pdf", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33981.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33981.json new file mode 100644 index 00000000000..43ba247fdd4 --- /dev/null +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33981.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-33981", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-24T18:15:10.877", + "lastModified": "2023-05-24T18:15:10.877", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Briar before 1.4.22 allows attackers to spoof other users' messages in a blog, forum, or private group, but each spoofed message would need to be an exact duplicate of a legitimate message displayed alongside the spoofed one." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://briarproject.org/news/2023-three-security-issues-found-and-fixed/", + "source": "cve@mitre.org" + }, + { + "url": "https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_YuanmingSong.pdf", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33982.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33982.json new file mode 100644 index 00000000000..41aefaf0cb2 --- /dev/null +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33982.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-33982", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-24T18:15:10.927", + "lastModified": "2023-05-24T18:15:10.927", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward secure: eavesdroppers can decrypt network traffic between two accounts if they later compromise both accounts. NOTE: the eavesdropping is typically impractical because BHP runs over an encrypted session that uses the Tor hidden service protocol." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://briarproject.org/news/2023-three-security-issues-found-and-fixed/", + "source": "cve@mitre.org" + }, + { + "url": "https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_YuanmingSong.pdf", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33983.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33983.json new file mode 100644 index 00000000000..9ba6a6bd527 --- /dev/null +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33983.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33983", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-24T18:15:10.983", + "lastModified": "2023-05-24T18:15:10.983", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the public keys of introducees. An introducer can launch man-in-the-middle attacks against later private communication between two introduced parties." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_YuanmingSong.pdf", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index c6b92f98b86..287a6e46ae8 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-05-24T18:00:50.307933+00:00 +2023-05-24T20:00:34.588212+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-05-24T17:50:05.210000+00:00 +2023-05-24T19:28:04.420000+00:00 ``` ### Last Data Feed Release @@ -29,53 +29,39 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -215930 +215941 ``` ### CVEs added in the last Commit -Recently added CVEs: `20` +Recently added CVEs: `11` -* [CVE-2021-25748](CVE-2021/CVE-2021-257xx/CVE-2021-25748.json) (`2023-05-24T17:15:09.253`) -* [CVE-2021-25749](CVE-2021/CVE-2021-257xx/CVE-2021-25749.json) (`2023-05-24T17:15:09.413`) -* [CVE-2022-45364](CVE-2022/CVE-2022-453xx/CVE-2022-45364.json) (`2023-05-24T16:15:09.307`) -* [CVE-2022-46794](CVE-2022/CVE-2022-467xx/CVE-2022-46794.json) (`2023-05-24T16:15:09.380`) -* [CVE-2022-46816](CVE-2022/CVE-2022-468xx/CVE-2022-46816.json) (`2023-05-24T16:15:09.457`) -* [CVE-2022-47152](CVE-2022/CVE-2022-471xx/CVE-2022-47152.json) (`2023-05-24T16:15:09.530`) -* [CVE-2022-47180](CVE-2022/CVE-2022-471xx/CVE-2022-47180.json) (`2023-05-24T16:15:09.607`) -* [CVE-2022-47446](CVE-2022/CVE-2022-474xx/CVE-2022-47446.json) (`2023-05-24T17:15:09.507`) -* [CVE-2022-47447](CVE-2022/CVE-2022-474xx/CVE-2022-47447.json) (`2023-05-24T17:15:09.580`) -* [CVE-2022-47448](CVE-2022/CVE-2022-474xx/CVE-2022-47448.json) (`2023-05-24T17:15:09.657`) -* [CVE-2023-33944](CVE-2023/CVE-2023-339xx/CVE-2023-33944.json) (`2023-05-24T16:15:09.693`) -* [CVE-2023-33945](CVE-2023/CVE-2023-339xx/CVE-2023-33945.json) (`2023-05-24T16:15:09.760`) -* [CVE-2023-33946](CVE-2023/CVE-2023-339xx/CVE-2023-33946.json) (`2023-05-24T16:15:09.837`) -* [CVE-2023-33947](CVE-2023/CVE-2023-339xx/CVE-2023-33947.json) (`2023-05-24T16:15:09.927`) -* [CVE-2023-33948](CVE-2023/CVE-2023-339xx/CVE-2023-33948.json) (`2023-05-24T16:15:10.007`) -* [CVE-2023-1174](CVE-2023/CVE-2023-11xx/CVE-2023-1174.json) (`2023-05-24T17:15:09.733`) -* [CVE-2023-1944](CVE-2023/CVE-2023-19xx/CVE-2023-1944.json) (`2023-05-24T17:15:09.797`) -* [CVE-2023-25028](CVE-2023/CVE-2023-250xx/CVE-2023-25028.json) (`2023-05-24T17:15:09.857`) -* [CVE-2023-33949](CVE-2023/CVE-2023-339xx/CVE-2023-33949.json) (`2023-05-24T17:15:09.933`) -* [CVE-2023-33950](CVE-2023/CVE-2023-339xx/CVE-2023-33950.json) (`2023-05-24T17:15:10.007`) +* [CVE-2023-2870](CVE-2023/CVE-2023-28xx/CVE-2023-2870.json) (`2023-05-24T18:15:10.217`) +* [CVE-2023-2871](CVE-2023/CVE-2023-28xx/CVE-2023-2871.json) (`2023-05-24T18:15:10.337`) +* [CVE-2023-2872](CVE-2023/CVE-2023-28xx/CVE-2023-2872.json) (`2023-05-24T18:15:10.413`) +* [CVE-2023-2873](CVE-2023/CVE-2023-28xx/CVE-2023-2873.json) (`2023-05-24T18:15:10.493`) +* [CVE-2023-33980](CVE-2023/CVE-2023-339xx/CVE-2023-33980.json) (`2023-05-24T18:15:10.827`) +* [CVE-2023-33981](CVE-2023/CVE-2023-339xx/CVE-2023-33981.json) (`2023-05-24T18:15:10.877`) +* [CVE-2023-33982](CVE-2023/CVE-2023-339xx/CVE-2023-33982.json) (`2023-05-24T18:15:10.927`) +* [CVE-2023-33983](CVE-2023/CVE-2023-339xx/CVE-2023-33983.json) (`2023-05-24T18:15:10.983`) +* [CVE-2023-2868](CVE-2023/CVE-2023-28xx/CVE-2023-2868.json) (`2023-05-24T19:15:09.363`) +* [CVE-2023-2874](CVE-2023/CVE-2023-28xx/CVE-2023-2874.json) (`2023-05-24T19:15:09.443`) +* [CVE-2023-2875](CVE-2023/CVE-2023-28xx/CVE-2023-2875.json) (`2023-05-24T19:15:09.517`) ### CVEs modified in the last Commit -Recently modified CVEs: `14` +Recently modified CVEs: `9` -* [CVE-2021-0877](CVE-2021/CVE-2021-08xx/CVE-2021-0877.json) (`2023-05-24T17:09:58.747`) -* [CVE-2022-36357](CVE-2022/CVE-2022-363xx/CVE-2022-36357.json) (`2023-05-24T16:15:09.193`) -* [CVE-2022-47392](CVE-2022/CVE-2022-473xx/CVE-2022-47392.json) (`2023-05-24T17:07:35.733`) -* [CVE-2022-4048](CVE-2022/CVE-2022-40xx/CVE-2022-4048.json) (`2023-05-24T17:50:05.210`) -* [CVE-2023-25428](CVE-2023/CVE-2023-254xx/CVE-2023-25428.json) (`2023-05-24T16:27:49.700`) -* [CVE-2023-31983](CVE-2023/CVE-2023-319xx/CVE-2023-31983.json) (`2023-05-24T16:29:22.113`) -* [CVE-2023-25927](CVE-2023/CVE-2023-259xx/CVE-2023-25927.json) (`2023-05-24T16:35:46.443`) -* [CVE-2023-32305](CVE-2023/CVE-2023-323xx/CVE-2023-32305.json) (`2023-05-24T16:45:51.600`) -* [CVE-2023-32306](CVE-2023/CVE-2023-323xx/CVE-2023-32306.json) (`2023-05-24T16:48:49.693`) -* [CVE-2023-1096](CVE-2023/CVE-2023-10xx/CVE-2023-1096.json) (`2023-05-24T16:53:38.400`) -* [CVE-2023-20673](CVE-2023/CVE-2023-206xx/CVE-2023-20673.json) (`2023-05-24T17:07:09.800`) -* [CVE-2023-30245](CVE-2023/CVE-2023-302xx/CVE-2023-30245.json) (`2023-05-24T17:09:02.543`) -* [CVE-2023-27905](CVE-2023/CVE-2023-279xx/CVE-2023-27905.json) (`2023-05-24T17:43:49.830`) -* [CVE-2023-27898](CVE-2023/CVE-2023-278xx/CVE-2023-27898.json) (`2023-05-24T17:43:59.883`) +* [CVE-2022-31137](CVE-2022/CVE-2022-311xx/CVE-2022-31137.json) (`2023-05-24T18:15:09.563`) +* [CVE-2022-41544](CVE-2022/CVE-2022-415xx/CVE-2022-41544.json) (`2023-05-24T18:15:09.777`) +* [CVE-2023-1934](CVE-2023/CVE-2023-19xx/CVE-2023-1934.json) (`2023-05-24T18:15:09.877`) +* [CVE-2023-27350](CVE-2023/CVE-2023-273xx/CVE-2023-27350.json) (`2023-05-24T18:15:09.980`) +* [CVE-2023-27524](CVE-2023/CVE-2023-275xx/CVE-2023-27524.json) (`2023-05-24T18:15:10.103`) +* [CVE-2023-30256](CVE-2023/CVE-2023-302xx/CVE-2023-30256.json) (`2023-05-24T18:15:10.593`) +* [CVE-2023-31702](CVE-2023/CVE-2023-317xx/CVE-2023-31702.json) (`2023-05-24T18:15:10.673`) +* [CVE-2023-31703](CVE-2023/CVE-2023-317xx/CVE-2023-31703.json) (`2023-05-24T18:15:10.753`) +* [CVE-2023-27979](CVE-2023/CVE-2023-279xx/CVE-2023-27979.json) (`2023-05-24T19:28:04.420`) ## Download and Usage