diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1890.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1890.json index 2cd03522cd4..1e4db4365f1 100644 --- a/CVE-2023/CVE-2023-18xx/CVE-2023-1890.json +++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1890.json @@ -2,8 +2,8 @@ "id": "CVE-2023-1890", "sourceIdentifier": "contact@wpscan.com", "published": "2023-05-15T13:15:10.593", - "lastModified": "2023-05-23T18:42:50.847", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-25T17:15:10.657", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -65,6 +65,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/173727/WordPress-Tablesome-Cross-Site-Scripting.html", + "source": "contact@wpscan.com" + }, { "url": "https://wpscan.com/vulnerability/8ef64490-30cd-4e07-9b7c-64f551944f3d", "source": "contact@wpscan.com", diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1893.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1893.json index 10ddaa136a2..a72a648d65a 100644 --- a/CVE-2023/CVE-2023-18xx/CVE-2023-1893.json +++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1893.json @@ -2,8 +2,8 @@ "id": "CVE-2023-1893", "sourceIdentifier": "contact@wpscan.com", "published": "2023-07-17T14:15:09.617", - "lastModified": "2023-07-17T14:22:59.283", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-25T17:15:10.827", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -24,6 +24,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/173723/WordPress-Login-Configurator-2.1-Cross-Site-Scripting.html", + "source": "contact@wpscan.com" + }, { "url": "https://wpscan.com/vulnerability/dbe6cf09-971f-42e9-b744-9339454168c7", "source": "contact@wpscan.com" diff --git a/CVE-2023/CVE-2023-209xx/CVE-2023-20942.json b/CVE-2023/CVE-2023-209xx/CVE-2023-20942.json index 5e5607b35a5..308aaf3fa70 100644 --- a/CVE-2023/CVE-2023-209xx/CVE-2023-20942.json +++ b/CVE-2023/CVE-2023-209xx/CVE-2023-20942.json @@ -2,31 +2,106 @@ "id": "CVE-2023-20942", "sourceIdentifier": "security@android.com", "published": "2023-07-13T00:15:23.363", - "lastModified": "2023-07-13T08:32:09.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-25T17:42:56.930", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In openMmapStream of AudioFlinger.cpp, there is a possible way to record audio without displaying the microphone privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + } + ] + } + ], "references": [ { "url": "https://android.googlesource.com/platform/frameworks/av/+/770b45c3c1619cf4008b89e7a0f4392bf2224bbc", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch" + ] }, { "url": "https://android.googlesource.com/platform/frameworks/av/+/b072419650958c41c87d2baa572dc2fe6da9ea6b", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch" + ] }, { "url": "https://android.googlesource.com/platform/frameworks/av/+/bae3b00a5873d1562679a1289fd8490178cfe064", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch" + ] }, { "url": "https://source.android.com/security/bulletin/2023-07-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2029.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2029.json index a31146770b8..561d4a8b290 100644 --- a/CVE-2023/CVE-2023-20xx/CVE-2023-2029.json +++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2029.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2029", "sourceIdentifier": "contact@wpscan.com", "published": "2023-07-10T16:15:50.930", - "lastModified": "2023-07-14T18:50:07.637", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-25T17:15:10.997", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -65,6 +65,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/173729/WordPress-PrePost-SEO-3.0-Cross-Site-Scripting.html", + "source": "contact@wpscan.com" + }, { "url": "https://wpscan.com/vulnerability/4889ad5a-c8c4-4958-b176-64560490497b", "source": "contact@wpscan.com", diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2068.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2068.json index 307e3a49794..53134258630 100644 --- a/CVE-2023/CVE-2023-20xx/CVE-2023-2068.json +++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2068.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2068", "sourceIdentifier": "contact@wpscan.com", "published": "2023-06-27T14:15:10.477", - "lastModified": "2023-07-03T14:51:27.457", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-25T17:15:11.137", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -65,6 +65,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/173735/WordPress-File-Manager-Advanced-Shortcode-2.3.2-Remote-Code-Execution.html", + "source": "contact@wpscan.com" + }, { "url": "https://wpscan.com/vulnerability/58f72953-56d2-4d86-a49b-311b5fc58056", "source": "contact@wpscan.com", diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21240.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21240.json index 709a8c4e460..6d4197e2c93 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21240.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21240.json @@ -2,23 +2,97 @@ "id": "CVE-2023-21240", "sourceIdentifier": "security@android.com", "published": "2023-07-13T00:15:23.547", - "lastModified": "2023-07-13T08:32:09.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-25T16:35:18.047", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Policy of Policy.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + } + ] + } + ], "references": [ { "url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/69119d1d3102e27b6473c785125696881bce9563", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch" + ] }, { "url": "https://source.android.com/security/bulletin/2023-07-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21241.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21241.json index b2f53e23f7e..f52fd68732f 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21241.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21241.json @@ -2,23 +2,97 @@ "id": "CVE-2023-21241", "sourceIdentifier": "security@android.com", "published": "2023-07-13T00:15:23.590", - "lastModified": "2023-07-13T08:32:09.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-25T16:35:58.603", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In rw_i93_send_to_upper of rw_i93.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + } + ] + } + ], "references": [ { "url": "https://android.googlesource.com/platform/system/nfc/+/907d17eeefec6f672ea824e126406e6d8f6b56d8", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch" + ] }, { "url": "https://source.android.com/security/bulletin/2023-07-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21243.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21243.json index b3a1c845789..b5a5a70d721 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21243.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21243.json @@ -2,23 +2,97 @@ "id": "CVE-2023-21243", "sourceIdentifier": "security@android.com", "published": "2023-07-13T00:15:23.637", - "lastModified": "2023-07-13T08:32:09.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-25T16:36:21.863", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In validateForCommonR1andR2 of PasspointConfiguration.java, there is a possible way to inflate the size of a config file with no limits due to a buffer overflow. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + } + ] + } + ], "references": [ { "url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/5b49b8711efaadadf5052ba85288860c2d7ca7a6", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch" + ] }, { "url": "https://source.android.com/security/bulletin/2023-07-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21245.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21245.json index d7b6eb55f8a..d50112d9307 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21245.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21245.json @@ -2,23 +2,97 @@ "id": "CVE-2023-21245", "sourceIdentifier": "security@android.com", "published": "2023-07-13T00:15:23.683", - "lastModified": "2023-07-13T08:32:09.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-25T16:12:10.183", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In showNextSecurityScreenOrFinish of KeyguardSecurityContainerController.java, there is a possible way to access the lock screen during device setup due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.1:*:*:*:*:*:*:*", + "matchCriteriaId": "54C3907A-DF77-4A94-8537-A2FFA20B90A0" + } + ] + } + ] + } + ], "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/a33159e8cb297b9eee6fa5c63c0e343d05fad622", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch" + ] }, { "url": "https://source.android.com/security/bulletin/2023-07-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21246.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21246.json index d72d605ab4e..a81e87e675b 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21246.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21246.json @@ -2,23 +2,97 @@ "id": "CVE-2023-21246", "sourceIdentifier": "security@android.com", "published": "2023-07-13T00:15:23.727", - "lastModified": "2023-07-13T08:32:09.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-25T16:16:17.067", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In ShortcutInfo of ShortcutInfo.java, there is a possible way for an app to retain notification listening access due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-754" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + } + ] + } + ], "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/fc1b9998ca8a9fceba47d67fd9ea9b45705b53e0", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch" + ] }, { "url": "https://source.android.com/security/bulletin/2023-07-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21247.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21247.json index aac660270a1..025f9dc4687 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21247.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21247.json @@ -2,23 +2,92 @@ "id": "CVE-2023-21247", "sourceIdentifier": "security@android.com", "published": "2023-07-13T00:15:23.777", - "lastModified": "2023-07-13T08:32:09.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-25T16:18:21.930", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In getAvailabilityStatus of BluetoothScanningMainSwitchPreferenceController.java, there is a possible way to bypass a device policy restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + } + ] + } + ], "references": [ { "url": "https://android.googlesource.com/platform/packages/apps/Settings/+/edd4023805bc7fa54ae31de222cde02b9012bbc4", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch" + ] }, { "url": "https://source.android.com/security/bulletin/2023-07-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21248.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21248.json index 54a17bfd94e..aa744785409 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21248.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21248.json @@ -2,23 +2,92 @@ "id": "CVE-2023-21248", "sourceIdentifier": "security@android.com", "published": "2023-07-13T00:15:23.820", - "lastModified": "2023-07-13T08:32:09.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-25T16:05:34.197", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In getAvailabilityStatus of WifiScanningMainSwitchPreferenceController.java, there is a possible way to bypass a device policy restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + } + ] + } + ], "references": [ { "url": "https://android.googlesource.com/platform/packages/apps/Settings/+/edd4023805bc7fa54ae31de222cde02b9012bbc4", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch" + ] }, { "url": "https://source.android.com/security/bulletin/2023-07-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21249.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21249.json index 810871c5510..73fc771e47c 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21249.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21249.json @@ -2,23 +2,82 @@ "id": "CVE-2023-21249", "sourceIdentifier": "security@android.com", "published": "2023-07-13T00:15:23.867", - "lastModified": "2023-07-13T08:32:09.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-25T16:06:54.813", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In multiple functions of OneTimePermissionUserManager.java, there is a possible one-time permission retention due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-281" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + } + ] + } + ], "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/c00b7e7dbc1fa30339adef693d02a51254755d7f", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch" + ] }, { "url": "https://source.android.com/security/bulletin/2023-07-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21250.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21250.json index 2b1f00b0073..b5161a59237 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21250.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21250.json @@ -2,23 +2,97 @@ "id": "CVE-2023-21250", "sourceIdentifier": "security@android.com", "published": "2023-07-13T00:15:23.917", - "lastModified": "2023-07-13T08:32:09.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-25T16:07:24.000", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In gatt_end_operation of gatt_utils.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + } + ] + } + ], "references": [ { "url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/ec573bc83f1ed6722f7cb29431dcb2db7f10bf28", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch" + ] }, { "url": "https://source.android.com/security/bulletin/2023-07-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2223.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2223.json index 655c29c792d..ca7368f56ef 100644 --- a/CVE-2023/CVE-2023-22xx/CVE-2023-2223.json +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2223.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2223", "sourceIdentifier": "contact@wpscan.com", "published": "2023-05-30T08:15:10.030", - "lastModified": "2023-06-05T14:53:35.137", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-25T17:15:11.277", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -65,6 +65,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/173726/WordPress-Login-Rebuilder-Cross-Site-Scripting.html", + "source": "contact@wpscan.com" + }, { "url": "https://wpscan.com/vulnerability/7b356b82-5d03-4f70-b4ce-f1405304bb52", "source": "contact@wpscan.com", diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2224.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2224.json index c4066e330b2..1dd87ee362d 100644 --- a/CVE-2023/CVE-2023-22xx/CVE-2023-2224.json +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2224.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2224", "sourceIdentifier": "contact@wpscan.com", "published": "2023-06-05T14:15:09.977", - "lastModified": "2023-06-09T19:31:37.800", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-25T17:15:11.420", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -36,7 +36,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "contact@wpscan.com", "type": "Primary", "description": [ { @@ -46,7 +46,7 @@ ] }, { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { @@ -75,6 +75,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/173725/WordPress-Seo-By-10Web-Cross-Site-Scripting.html", + "source": "contact@wpscan.com" + }, { "url": "https://wpscan.com/vulnerability/a76b6d22-1e00-428a-8a04-12162bd0d992", "source": "contact@wpscan.com", diff --git a/CVE-2023/CVE-2023-235xx/CVE-2023-23540.json b/CVE-2023/CVE-2023-235xx/CVE-2023-23540.json index 9383c241824..05eec63ba06 100644 --- a/CVE-2023/CVE-2023-235xx/CVE-2023-23540.json +++ b/CVE-2023/CVE-2023-235xx/CVE-2023-23540.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23540", "sourceIdentifier": "product-security@apple.com", "published": "2023-05-08T20:15:16.797", - "lastModified": "2023-07-24T19:15:10.050", - "vulnStatus": "Modified", + "lastModified": "2023-07-25T16:15:10.427", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -84,6 +84,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/Jul/46", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213675", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-238xx/CVE-2023-23833.json b/CVE-2023/CVE-2023-238xx/CVE-2023-23833.json index a3a589892c1..d67df997476 100644 --- a/CVE-2023/CVE-2023-238xx/CVE-2023-23833.json +++ b/CVE-2023/CVE-2023-238xx/CVE-2023-23833.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23833", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-25T13:15:10.037", - "lastModified": "2023-07-25T13:15:10.037", - "vulnStatus": "Received", + "lastModified": "2023-07-25T17:22:14.780", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-250xx/CVE-2023-25078.json b/CVE-2023/CVE-2023-250xx/CVE-2023-25078.json index 24897c37af6..bc3abba238b 100644 --- a/CVE-2023/CVE-2023-250xx/CVE-2023-25078.json +++ b/CVE-2023/CVE-2023-250xx/CVE-2023-25078.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25078", "sourceIdentifier": "psirt@honeywell.com", "published": "2023-07-13T11:15:09.060", - "lastModified": "2023-07-13T12:51:14.383", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-25T17:24:34.817", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "psirt@honeywell.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "psirt@honeywell.com", "type": "Secondary", @@ -46,10 +76,167 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "501.1", + "versionEndIncluding": "501.6hf8", + "matchCriteriaId": "DED6EB36-056C-422C-9C6E-9EDE45DDB5F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "510.1", + "versionEndIncluding": "510.2hf12", + "matchCriteriaId": "0511367E-4C62-44C9-BFF9-84E969562A9F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "511.1", + "versionEndIncluding": "511.5tcu3", + "matchCriteriaId": "3A2EAD5D-9B56-4F09-A25B-E98671AE52AC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "520.1", + "versionEndIncluding": "520.1tcu4", + "matchCriteriaId": "E9EAE3B9-6173-4568-962A-C472F593FC47" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "520.2", + "versionEndIncluding": "520.2tcu2", + "matchCriteriaId": "29DFE287-6206-46E2-9118-9159EC44748E" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:honeywell:experion_station:*:*:*:*:*:*:*:*", + "versionStartIncluding": "501.1", + "versionEndIncluding": "501.6hf8", + "matchCriteriaId": "A34A2DF5-19BC-4823-8DD3-54C50EA43B65" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:honeywell:experion_station:*:*:*:*:*:*:*:*", + "versionStartIncluding": "510.1", + "versionEndIncluding": "510.2hf12", + "matchCriteriaId": "0FCC07AA-C8CC-4C69-8011-988932D2F0FB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:honeywell:experion_station:*:*:*:*:*:*:*:*", + "versionStartIncluding": "511.1", + "versionEndIncluding": "511.5tcu3", + "matchCriteriaId": "90CA038F-5C1A-46FF-9EA3-7606B3FF703C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:honeywell:experion_station:*:*:*:*:*:*:*:*", + "versionStartIncluding": "520.1", + "versionEndIncluding": "520.1tcu4", + "matchCriteriaId": "F9BAC831-F60D-4010-8EE9-8A741244CB9B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:honeywell:experion_station:*:*:*:*:*:*:*:*", + "versionStartIncluding": "520.2", + "versionEndIncluding": "520.2tcu2", + "matchCriteriaId": "D1B32781-B0B3-4C74-882B-1DF622DEC11C" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:honeywell:engineering_station:*:*:*:*:*:*:*:*", + "versionStartIncluding": "510.1", + "versionEndIncluding": "511.tcu3", + "matchCriteriaId": "3147FD0E-091B-4096-87D1-C006E3667F6B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:honeywell:engineering_station:*:*:*:*:*:*:*:*", + "versionStartIncluding": "520.1", + "versionEndIncluding": "520.1tcu4", + "matchCriteriaId": "96A06B44-5738-4A77-98EB-DAB61C07A6D5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:honeywell:engineering_station:*:*:*:*:*:*:*:*", + "versionStartIncluding": "520.2", + "versionEndIncluding": "520.2tcu2", + "matchCriteriaId": "177013AA-A2F8-4FC4-82AC-79A6A7196767" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:honeywell:direct_station:*:*:*:*:*:*:*:*", + "versionStartIncluding": "510.1", + "versionEndIncluding": "511.tcu3", + "matchCriteriaId": "F5F7E4E9-50A2-427F-9945-2A83F4D8C62D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:honeywell:direct_station:*:*:*:*:*:*:*:*", + "versionStartIncluding": "520.1", + "versionEndIncluding": "520.1tcu4", + "matchCriteriaId": "6ABEC6C0-CF74-49E3-88BA-5D06484DFAA8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:honeywell:direct_station:*:*:*:*:*:*:*:*", + "versionStartIncluding": "520.2", + "versionEndIncluding": "520.2tcu2", + "matchCriteriaId": "BD33B3A2-FC18-4BE6-98A7-88D06339EE28" + } + ] + } + ] + } + ], "references": [ { "url": "https://process.honeywell.com", - "source": "psirt@honeywell.com" + "source": "psirt@honeywell.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-251xx/CVE-2023-25178.json b/CVE-2023/CVE-2023-251xx/CVE-2023-25178.json index c760f9f8185..1c763d1f6b1 100644 --- a/CVE-2023/CVE-2023-251xx/CVE-2023-25178.json +++ b/CVE-2023/CVE-2023-251xx/CVE-2023-25178.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25178", "sourceIdentifier": "psirt@honeywell.com", "published": "2023-07-13T11:15:09.123", - "lastModified": "2023-07-13T12:51:14.383", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-25T17:24:39.447", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "psirt@honeywell.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-345" + } + ] + }, { "source": "psirt@honeywell.com", "type": "Secondary", @@ -46,10 +76,72 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "501.1", + "versionEndIncluding": "501.6hf8", + "matchCriteriaId": "C8B1523A-A717-4BE3-97B1-5634188EAAF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "510.1", + "versionEndIncluding": "510.2hf12", + "matchCriteriaId": "F01D307E-1DD4-4B16-A1EF-81503E5C7CF1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "511.1", + "versionEndIncluding": "511.5tcu3", + "matchCriteriaId": "1AAAF640-4704-4BEA-AB36-911B08227497" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "520.1", + "versionEndIncluding": "520.1tcu4", + "matchCriteriaId": "254FC5F7-6F70-4E38-95B8-E0042AB3321F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "520.2", + "versionEndIncluding": "520.2tcu2", + "matchCriteriaId": "F075CA91-AFC8-4463-9D02-BE45F98E4840" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:honeywell:c300:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CEA14D67-E320-490E-92E6-CC135EBBA245" + } + ] + } + ] + } + ], "references": [ { "url": "https://process.honeywell.com", - "source": "psirt@honeywell.com" + "source": "psirt@honeywell.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-26xx/CVE-2023-2601.json b/CVE-2023/CVE-2023-26xx/CVE-2023-2601.json index fea6ff87094..4b45e6139b5 100644 --- a/CVE-2023/CVE-2023-26xx/CVE-2023-2601.json +++ b/CVE-2023/CVE-2023-26xx/CVE-2023-2601.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2601", "sourceIdentifier": "contact@wpscan.com", "published": "2023-06-27T14:15:10.847", - "lastModified": "2023-06-30T18:16:48.237", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-25T17:15:11.547", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -69,6 +69,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/173732/WordPress-WP-Brutal-AI-Cross-Site-Request-Forgery-SQL-Injection.html", + "source": "contact@wpscan.com" + }, { "url": "https://wpscan.com/vulnerability/57769468-3802-4985-bf5e-44ec1d59f5fd", "source": "contact@wpscan.com", diff --git a/CVE-2023/CVE-2023-26xx/CVE-2023-2605.json b/CVE-2023/CVE-2023-26xx/CVE-2023-2605.json index bcdd4df7633..329c80ca521 100644 --- a/CVE-2023/CVE-2023-26xx/CVE-2023-2605.json +++ b/CVE-2023/CVE-2023-26xx/CVE-2023-2605.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2605", "sourceIdentifier": "contact@wpscan.com", "published": "2023-06-27T14:15:10.910", - "lastModified": "2023-06-30T18:07:21.857", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-25T17:15:11.710", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -65,6 +65,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/173734/WordPress-WP-Brutal-AI-Cross-Site-Scripting.html", + "source": "contact@wpscan.com" + }, { "url": "https://wpscan.com/vulnerability/372cb940-71ba-4d19-b35a-ab15f8c2fdeb", "source": "contact@wpscan.com", diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28319.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28319.json index e86bbeeae63..f2d8c7bfbdf 100644 --- a/CVE-2023/CVE-2023-283xx/CVE-2023-28319.json +++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28319.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28319", "sourceIdentifier": "support@hackerone.com", "published": "2023-05-26T21:15:10.020", - "lastModified": "2023-07-24T19:15:10.150", - "vulnStatus": "Modified", + "lastModified": "2023-07-25T16:15:10.550", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -75,6 +75,18 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/Jul/47", + "source": "support@hackerone.com" + }, + { + "url": "http://seclists.org/fulldisclosure/2023/Jul/48", + "source": "support@hackerone.com" + }, + { + "url": "http://seclists.org/fulldisclosure/2023/Jul/52", + "source": "support@hackerone.com" + }, { "url": "https://hackerone.com/reports/1913733", "source": "support@hackerone.com", diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28320.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28320.json index 4e496b843ab..42b33a4461a 100644 --- a/CVE-2023/CVE-2023-283xx/CVE-2023-28320.json +++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28320.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28320", "sourceIdentifier": "support@hackerone.com", "published": "2023-05-26T21:15:15.937", - "lastModified": "2023-07-24T19:15:10.253", - "vulnStatus": "Modified", + "lastModified": "2023-07-25T16:15:10.707", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -79,6 +79,18 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/Jul/47", + "source": "support@hackerone.com" + }, + { + "url": "http://seclists.org/fulldisclosure/2023/Jul/48", + "source": "support@hackerone.com" + }, + { + "url": "http://seclists.org/fulldisclosure/2023/Jul/52", + "source": "support@hackerone.com" + }, { "url": "https://hackerone.com/reports/1929597", "source": "support@hackerone.com", diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28321.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28321.json index a3596d67c8c..74a2d6033b7 100644 --- a/CVE-2023/CVE-2023-283xx/CVE-2023-28321.json +++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28321.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28321", "sourceIdentifier": "support@hackerone.com", "published": "2023-05-26T21:15:16.020", - "lastModified": "2023-07-24T19:15:10.337", - "vulnStatus": "Modified", + "lastModified": "2023-07-25T16:15:10.863", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -95,6 +95,18 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/Jul/47", + "source": "support@hackerone.com" + }, + { + "url": "http://seclists.org/fulldisclosure/2023/Jul/48", + "source": "support@hackerone.com" + }, + { + "url": "http://seclists.org/fulldisclosure/2023/Jul/52", + "source": "support@hackerone.com" + }, { "url": "https://hackerone.com/reports/1950627", "source": "support@hackerone.com", diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28322.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28322.json index 8ae11616015..ecf879dc885 100644 --- a/CVE-2023/CVE-2023-283xx/CVE-2023-28322.json +++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28322.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28322", "sourceIdentifier": "support@hackerone.com", "published": "2023-05-26T21:15:16.153", - "lastModified": "2023-07-24T19:15:10.433", - "vulnStatus": "Modified", + "lastModified": "2023-07-25T16:15:11.037", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -95,6 +95,18 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/Jul/47", + "source": "support@hackerone.com" + }, + { + "url": "http://seclists.org/fulldisclosure/2023/Jul/48", + "source": "support@hackerone.com" + }, + { + "url": "http://seclists.org/fulldisclosure/2023/Jul/52", + "source": "support@hackerone.com" + }, { "url": "https://hackerone.com/reports/1954658", "source": "support@hackerone.com", diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2953.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2953.json index 58f21b23548..060a2d0ebf4 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2953.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2953.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2953", "sourceIdentifier": "secalert@redhat.com", "published": "2023-05-30T22:15:10.613", - "lastModified": "2023-07-24T19:15:10.527", - "vulnStatus": "Modified", + "lastModified": "2023-07-25T16:15:11.207", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -94,6 +94,18 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/Jul/47", + "source": "secalert@redhat.com" + }, + { + "url": "http://seclists.org/fulldisclosure/2023/Jul/48", + "source": "secalert@redhat.com" + }, + { + "url": "http://seclists.org/fulldisclosure/2023/Jul/52", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-2953", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32409.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32409.json index ce31747921c..db0fde1bf24 100644 --- a/CVE-2023/CVE-2023-324xx/CVE-2023-32409.json +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32409.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32409", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:13.183", - "lastModified": "2023-06-30T07:06:51.937", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-25T16:15:11.410", + "vulnStatus": "Modified", "cisaExploitAdd": "2023-05-22", "cisaActionDue": "2023-06-12", "cisaRequiredAction": "Apply updates per vendor instructions.", @@ -102,6 +102,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/Jul/46", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213757", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33925.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33925.json index e71805b0b7a..6bf40ed9f5f 100644 --- a/CVE-2023/CVE-2023-339xx/CVE-2023-33925.json +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33925.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33925", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-25T13:15:10.157", - "lastModified": "2023-07-25T13:15:10.157", - "vulnStatus": "Received", + "lastModified": "2023-07-25T17:22:14.780", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34017.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34017.json index 8bef641154f..229940d7d5a 100644 --- a/CVE-2023/CVE-2023-340xx/CVE-2023-34017.json +++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34017.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34017", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-25T14:15:10.527", - "lastModified": "2023-07-25T14:15:10.527", - "vulnStatus": "Received", + "lastModified": "2023-07-25T17:22:14.780", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34093.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34093.json index 8b0fda15cf4..b166efef94e 100644 --- a/CVE-2023/CVE-2023-340xx/CVE-2023-34093.json +++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34093.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34093", "sourceIdentifier": "security-advisories@github.com", "published": "2023-07-25T15:15:13.377", - "lastModified": "2023-07-25T15:15:13.377", - "vulnStatus": "Received", + "lastModified": "2023-07-25T17:22:14.780", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34369.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34369.json index b316ff3679a..d0ce176c441 100644 --- a/CVE-2023/CVE-2023-343xx/CVE-2023-34369.json +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34369.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34369", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-25T14:15:10.633", - "lastModified": "2023-07-25T14:15:10.633", - "vulnStatus": "Received", + "lastModified": "2023-07-25T17:22:14.780", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3486.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3486.json index 8cc51ad6770..51ac315f70d 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3486.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3486.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3486", "sourceIdentifier": "vulnreport@tenable.com", "published": "2023-07-25T13:15:10.330", - "lastModified": "2023-07-25T13:15:10.330", - "vulnStatus": "Received", + "lastModified": "2023-07-25T17:22:14.780", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35043.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35043.json index 0ba25cf3abe..2290ff39b30 100644 --- a/CVE-2023/CVE-2023-350xx/CVE-2023-35043.json +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35043.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35043", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-25T13:15:10.243", - "lastModified": "2023-07-25T13:15:10.243", - "vulnStatus": "Received", + "lastModified": "2023-07-25T17:22:14.780", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3548.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3548.json index 7a368147709..2c451e791b8 100644 --- a/CVE-2023/CVE-2023-35xx/CVE-2023-3548.json +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3548.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3548", "sourceIdentifier": "productsecurity@jci.com", "published": "2023-07-25T14:15:11.123", - "lastModified": "2023-07-25T14:15:11.123", - "vulnStatus": "Received", + "lastModified": "2023-07-25T17:22:14.780", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-363xx/CVE-2023-36385.json b/CVE-2023/CVE-2023-363xx/CVE-2023-36385.json index 3da5c1140ae..3daa5a46e0a 100644 --- a/CVE-2023/CVE-2023-363xx/CVE-2023-36385.json +++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36385.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36385", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-25T14:15:10.720", - "lastModified": "2023-07-25T14:15:10.720", - "vulnStatus": "Received", + "lastModified": "2023-07-25T17:22:14.780", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36501.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36501.json index 6450b936f14..f597ca9be05 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36501.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36501.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36501", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-25T14:15:10.807", - "lastModified": "2023-07-25T14:15:10.807", - "vulnStatus": "Received", + "lastModified": "2023-07-25T17:22:14.780", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36502.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36502.json index d7eaa8cefd0..5664d600ce0 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36502.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36502.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36502", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-25T14:15:10.893", - "lastModified": "2023-07-25T14:15:10.893", - "vulnStatus": "Received", + "lastModified": "2023-07-25T17:22:14.780", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36503.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36503.json index b6e1361cd2b..c4544c70589 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36503.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36503.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36503", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-25T14:15:10.980", - "lastModified": "2023-07-25T14:15:10.980", - "vulnStatus": "Received", + "lastModified": "2023-07-25T17:22:14.780", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3637.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3637.json index 5188c8f6f57..f406fcfc092 100644 --- a/CVE-2023/CVE-2023-36xx/CVE-2023-3637.json +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3637.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3637", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-25T13:15:10.407", - "lastModified": "2023-07-25T13:15:10.407", - "vulnStatus": "Received", + "lastModified": "2023-07-25T17:22:14.780", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-378xx/CVE-2023-37895.json b/CVE-2023/CVE-2023-378xx/CVE-2023-37895.json index c1dafc01d8c..08d773d31c9 100644 --- a/CVE-2023/CVE-2023-378xx/CVE-2023-37895.json +++ b/CVE-2023/CVE-2023-378xx/CVE-2023-37895.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37895", "sourceIdentifier": "security@apache.org", "published": "2023-07-25T15:15:13.587", - "lastModified": "2023-07-25T15:15:13.587", - "vulnStatus": "Received", + "lastModified": "2023-07-25T17:22:14.780", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3772.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3772.json new file mode 100644 index 00000000000..d855188aeab --- /dev/null +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3772.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-3772", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-07-25T16:15:11.660", + "lastModified": "2023-07-25T17:22:14.780", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in the Linux kernel\u2019s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-3772", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218943", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3773.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3773.json new file mode 100644 index 00000000000..7836839be7d --- /dev/null +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3773.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-3773", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-07-25T16:15:11.733", + "lastModified": "2023-07-25T17:22:14.780", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in the Linux kernel\u2019s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-3773", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218944", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-384xx/CVE-2023-38435.json b/CVE-2023/CVE-2023-384xx/CVE-2023-38435.json new file mode 100644 index 00000000000..e626a83d68d --- /dev/null +++ b/CVE-2023/CVE-2023-384xx/CVE-2023-38435.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-38435", + "sourceIdentifier": "security@apache.org", + "published": "2023-07-25T16:15:11.500", + "lastModified": "2023-07-25T17:22:14.780", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "\nAn improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Apache Felix Healthcheck Webconsole Plugin version 2.0.2 and prior may allow an attacker to perform a reflected cross-site scripting (XSS) attack.\n\nUpgrade to Apache Felix Healthcheck Webconsole Plugin 2.1.0 or higher." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://lists.apache.org/thread/r3blhp3onr4rdbkgdyglqnccg0v79pfv", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-391xx/CVE-2023-39173.json b/CVE-2023/CVE-2023-391xx/CVE-2023-39173.json index c2902d0023c..63e243efd3e 100644 --- a/CVE-2023/CVE-2023-391xx/CVE-2023-39173.json +++ b/CVE-2023/CVE-2023-391xx/CVE-2023-39173.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39173", "sourceIdentifier": "security@jetbrains.com", "published": "2023-07-25T15:15:13.693", - "lastModified": "2023-07-25T15:15:13.693", - "vulnStatus": "Received", + "lastModified": "2023-07-25T17:22:14.780", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-391xx/CVE-2023-39174.json b/CVE-2023/CVE-2023-391xx/CVE-2023-39174.json index e99340a0c3d..83f165ac452 100644 --- a/CVE-2023/CVE-2023-391xx/CVE-2023-39174.json +++ b/CVE-2023/CVE-2023-391xx/CVE-2023-39174.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39174", "sourceIdentifier": "security@jetbrains.com", "published": "2023-07-25T15:15:13.830", - "lastModified": "2023-07-25T15:15:13.830", - "vulnStatus": "Received", + "lastModified": "2023-07-25T17:22:14.780", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-391xx/CVE-2023-39175.json b/CVE-2023/CVE-2023-391xx/CVE-2023-39175.json index f103f761348..ee7abb10ba3 100644 --- a/CVE-2023/CVE-2023-391xx/CVE-2023-39175.json +++ b/CVE-2023/CVE-2023-391xx/CVE-2023-39175.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39175", "sourceIdentifier": "security@jetbrains.com", "published": "2023-07-25T15:15:13.917", - "lastModified": "2023-07-25T15:15:13.917", - "vulnStatus": "Received", + "lastModified": "2023-07-25T17:22:14.780", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/README.md b/README.md index e0dc3f6c724..b61ccc1cea6 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-07-25T16:00:26.544144+00:00 +2023-07-25T18:00:31.419140+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-07-25T15:30:52.077000+00:00 +2023-07-25T17:42:56.930000+00:00 ``` ### Last Data Feed Release @@ -29,56 +29,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -220990 +220993 ``` ### CVEs added in the last Commit -Recently added CVEs: `12` +Recently added CVEs: `3` -* [CVE-2023-34017](CVE-2023/CVE-2023-340xx/CVE-2023-34017.json) (`2023-07-25T14:15:10.527`) -* [CVE-2023-34369](CVE-2023/CVE-2023-343xx/CVE-2023-34369.json) (`2023-07-25T14:15:10.633`) -* [CVE-2023-36385](CVE-2023/CVE-2023-363xx/CVE-2023-36385.json) (`2023-07-25T14:15:10.720`) -* [CVE-2023-36501](CVE-2023/CVE-2023-365xx/CVE-2023-36501.json) (`2023-07-25T14:15:10.807`) -* [CVE-2023-36502](CVE-2023/CVE-2023-365xx/CVE-2023-36502.json) (`2023-07-25T14:15:10.893`) -* [CVE-2023-36503](CVE-2023/CVE-2023-365xx/CVE-2023-36503.json) (`2023-07-25T14:15:10.980`) -* [CVE-2023-3548](CVE-2023/CVE-2023-35xx/CVE-2023-3548.json) (`2023-07-25T14:15:11.123`) -* [CVE-2023-34093](CVE-2023/CVE-2023-340xx/CVE-2023-34093.json) (`2023-07-25T15:15:13.377`) -* [CVE-2023-37895](CVE-2023/CVE-2023-378xx/CVE-2023-37895.json) (`2023-07-25T15:15:13.587`) -* [CVE-2023-39173](CVE-2023/CVE-2023-391xx/CVE-2023-39173.json) (`2023-07-25T15:15:13.693`) -* [CVE-2023-39174](CVE-2023/CVE-2023-391xx/CVE-2023-39174.json) (`2023-07-25T15:15:13.830`) -* [CVE-2023-39175](CVE-2023/CVE-2023-391xx/CVE-2023-39175.json) (`2023-07-25T15:15:13.917`) +* [CVE-2023-38435](CVE-2023/CVE-2023-384xx/CVE-2023-38435.json) (`2023-07-25T16:15:11.500`) +* [CVE-2023-3772](CVE-2023/CVE-2023-37xx/CVE-2023-3772.json) (`2023-07-25T16:15:11.660`) +* [CVE-2023-3773](CVE-2023/CVE-2023-37xx/CVE-2023-3773.json) (`2023-07-25T16:15:11.733`) ### CVEs modified in the last Commit -Recently modified CVEs: `67` +Recently modified CVEs: `44` -* [CVE-2023-22005](CVE-2023/CVE-2023-220xx/CVE-2023-22005.json) (`2023-07-25T15:15:11.203`) -* [CVE-2023-22006](CVE-2023/CVE-2023-220xx/CVE-2023-22006.json) (`2023-07-25T15:15:11.363`) -* [CVE-2023-22007](CVE-2023/CVE-2023-220xx/CVE-2023-22007.json) (`2023-07-25T15:15:11.477`) -* [CVE-2023-22008](CVE-2023/CVE-2023-220xx/CVE-2023-22008.json) (`2023-07-25T15:15:11.587`) -* [CVE-2023-22033](CVE-2023/CVE-2023-220xx/CVE-2023-22033.json) (`2023-07-25T15:15:11.683`) -* [CVE-2023-22036](CVE-2023/CVE-2023-220xx/CVE-2023-22036.json) (`2023-07-25T15:15:11.787`) -* [CVE-2023-22038](CVE-2023/CVE-2023-220xx/CVE-2023-22038.json) (`2023-07-25T15:15:11.877`) -* [CVE-2023-22041](CVE-2023/CVE-2023-220xx/CVE-2023-22041.json) (`2023-07-25T15:15:11.987`) -* [CVE-2023-22043](CVE-2023/CVE-2023-220xx/CVE-2023-22043.json) (`2023-07-25T15:15:12.070`) -* [CVE-2023-22044](CVE-2023/CVE-2023-220xx/CVE-2023-22044.json) (`2023-07-25T15:15:12.157`) -* [CVE-2023-22045](CVE-2023/CVE-2023-220xx/CVE-2023-22045.json) (`2023-07-25T15:15:12.250`) -* [CVE-2023-22046](CVE-2023/CVE-2023-220xx/CVE-2023-22046.json) (`2023-07-25T15:15:12.340`) -* [CVE-2023-22048](CVE-2023/CVE-2023-220xx/CVE-2023-22048.json) (`2023-07-25T15:15:12.470`) -* [CVE-2023-22049](CVE-2023/CVE-2023-220xx/CVE-2023-22049.json) (`2023-07-25T15:15:12.573`) -* [CVE-2023-22053](CVE-2023/CVE-2023-220xx/CVE-2023-22053.json) (`2023-07-25T15:15:12.657`) -* [CVE-2023-22054](CVE-2023/CVE-2023-220xx/CVE-2023-22054.json) (`2023-07-25T15:15:12.763`) -* [CVE-2023-22056](CVE-2023/CVE-2023-220xx/CVE-2023-22056.json) (`2023-07-25T15:15:12.867`) -* [CVE-2023-22057](CVE-2023/CVE-2023-220xx/CVE-2023-22057.json) (`2023-07-25T15:15:12.963`) -* [CVE-2023-22058](CVE-2023/CVE-2023-220xx/CVE-2023-22058.json) (`2023-07-25T15:15:13.063`) -* [CVE-2023-25193](CVE-2023/CVE-2023-251xx/CVE-2023-25193.json) (`2023-07-25T15:15:13.163`) -* [CVE-2023-2975](CVE-2023/CVE-2023-29xx/CVE-2023-2975.json) (`2023-07-25T15:15:13.277`) -* [CVE-2023-36617](CVE-2023/CVE-2023-366xx/CVE-2023-36617.json) (`2023-07-25T15:15:13.497`) -* [CVE-2023-21254](CVE-2023/CVE-2023-212xx/CVE-2023-21254.json) (`2023-07-25T15:29:19.453`) -* [CVE-2023-21255](CVE-2023/CVE-2023-212xx/CVE-2023-21255.json) (`2023-07-25T15:29:53.783`) -* [CVE-2023-21256](CVE-2023/CVE-2023-212xx/CVE-2023-21256.json) (`2023-07-25T15:30:52.077`) +* [CVE-2023-2068](CVE-2023/CVE-2023-20xx/CVE-2023-2068.json) (`2023-07-25T17:15:11.137`) +* [CVE-2023-2223](CVE-2023/CVE-2023-22xx/CVE-2023-2223.json) (`2023-07-25T17:15:11.277`) +* [CVE-2023-2224](CVE-2023/CVE-2023-22xx/CVE-2023-2224.json) (`2023-07-25T17:15:11.420`) +* [CVE-2023-2601](CVE-2023/CVE-2023-26xx/CVE-2023-2601.json) (`2023-07-25T17:15:11.547`) +* [CVE-2023-2605](CVE-2023/CVE-2023-26xx/CVE-2023-2605.json) (`2023-07-25T17:15:11.710`) +* [CVE-2023-23833](CVE-2023/CVE-2023-238xx/CVE-2023-23833.json) (`2023-07-25T17:22:14.780`) +* [CVE-2023-33925](CVE-2023/CVE-2023-339xx/CVE-2023-33925.json) (`2023-07-25T17:22:14.780`) +* [CVE-2023-35043](CVE-2023/CVE-2023-350xx/CVE-2023-35043.json) (`2023-07-25T17:22:14.780`) +* [CVE-2023-3486](CVE-2023/CVE-2023-34xx/CVE-2023-3486.json) (`2023-07-25T17:22:14.780`) +* [CVE-2023-3637](CVE-2023/CVE-2023-36xx/CVE-2023-3637.json) (`2023-07-25T17:22:14.780`) +* [CVE-2023-34017](CVE-2023/CVE-2023-340xx/CVE-2023-34017.json) (`2023-07-25T17:22:14.780`) +* [CVE-2023-34369](CVE-2023/CVE-2023-343xx/CVE-2023-34369.json) (`2023-07-25T17:22:14.780`) +* [CVE-2023-36385](CVE-2023/CVE-2023-363xx/CVE-2023-36385.json) (`2023-07-25T17:22:14.780`) +* [CVE-2023-36501](CVE-2023/CVE-2023-365xx/CVE-2023-36501.json) (`2023-07-25T17:22:14.780`) +* [CVE-2023-36502](CVE-2023/CVE-2023-365xx/CVE-2023-36502.json) (`2023-07-25T17:22:14.780`) +* [CVE-2023-36503](CVE-2023/CVE-2023-365xx/CVE-2023-36503.json) (`2023-07-25T17:22:14.780`) +* [CVE-2023-3548](CVE-2023/CVE-2023-35xx/CVE-2023-3548.json) (`2023-07-25T17:22:14.780`) +* [CVE-2023-34093](CVE-2023/CVE-2023-340xx/CVE-2023-34093.json) (`2023-07-25T17:22:14.780`) +* [CVE-2023-37895](CVE-2023/CVE-2023-378xx/CVE-2023-37895.json) (`2023-07-25T17:22:14.780`) +* [CVE-2023-39173](CVE-2023/CVE-2023-391xx/CVE-2023-39173.json) (`2023-07-25T17:22:14.780`) +* [CVE-2023-39174](CVE-2023/CVE-2023-391xx/CVE-2023-39174.json) (`2023-07-25T17:22:14.780`) +* [CVE-2023-39175](CVE-2023/CVE-2023-391xx/CVE-2023-39175.json) (`2023-07-25T17:22:14.780`) +* [CVE-2023-25078](CVE-2023/CVE-2023-250xx/CVE-2023-25078.json) (`2023-07-25T17:24:34.817`) +* [CVE-2023-25178](CVE-2023/CVE-2023-251xx/CVE-2023-25178.json) (`2023-07-25T17:24:39.447`) +* [CVE-2023-20942](CVE-2023/CVE-2023-209xx/CVE-2023-20942.json) (`2023-07-25T17:42:56.930`) ## Download and Usage