Auto-Update: 2023-07-31T23:55:26.158758+00:00

CVE-2023/CVE-2023-34xx/CVE-2023-3462.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-3462",
+  "sourceIdentifier": "security@hashicorp.com",
+  "published": "2023-07-31T23:15:10.360",
+  "lastModified": "2023-07-31T23:15:10.360",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@hashicorp.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@hashicorp.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-203"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://discuss.hashicorp.com/t/hcsec-2023-24-vaults-ldap-auth-method-allows-for-user-enumeration/56714",
+      "source": "security@hashicorp.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-368xx/CVE-2023-36884.json

@@ -2,8 +2,8 @@
   "id": "CVE-2023-36884",
   "sourceIdentifier": "secure@microsoft.com",
   "published": "2023-07-11T19:15:09.623",
-  "lastModified": "2023-07-31T15:33:35.323",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-07-31T23:15:10.167",
+  "vulnStatus": "Modified",
   "cisaExploitAdd": "2023-07-17",
   "cisaActionDue": "2023-08-07",
   "cisaRequiredAction": "Follow \"CVE-2023-36884 Specific Recommendations\" per vendor instructions. [https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/]",
@@ -21,20 +21,20 @@
         "type": "Primary",
         "cvssData": {
           "version": "3.1",
-          "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N",
-          "attackVector": "PHYSICAL",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
           "attackComplexity": "HIGH",
-          "privilegesRequired": "HIGH",
+          "privilegesRequired": "NONE",
           "userInteraction": "REQUIRED",
-          "scope": "UNCHANGED",
-          "confidentialityImpact": "NONE",
-          "integrityImpact": "NONE",
-          "availabilityImpact": "NONE",
-          "baseScore": 0.0,
-          "baseSeverity": "NONE"
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.3,
+          "baseSeverity": "HIGH"
         },
-        "exploitabilityScore": 0.1,
-        "impactScore": 0.0
+        "exploitabilityScore": 1.6,
+        "impactScore": 6.0
       },
       {
         "source": "nvd@nist.gov",

CVE-2023/CVE-2023-38xx/CVE-2023-3825.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-3825",
+  "sourceIdentifier": "ics-cert@hq.dhs.gov",
+  "published": "2023-07-31T23:15:10.437",
+  "lastModified": "2023-07-31T23:15:10.437",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "\nPTC\u2019s KEPServerEX Versions 6.0 to 6.14.263 are vulnerable to being made to read a recursively defined object that leads to uncontrolled resource consumption. KEPServerEX uses OPC UA, a protocol which defines various object types that can be nested to create complex arrays. It does not implement a check to see if such an object is recursively defined, so an attack could send a maliciously created message that the decoder would try to decode until the stack overflowed and the device crashed.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "ics-cert@hq.dhs.gov",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "ics-cert@hq.dhs.gov",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-400"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-02",
+      "source": "ics-cert@hq.dhs.gov"
+    }
+  ]
+}

CVE-2023/CVE-2023-391xx/CVE-2023-39122.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-39122",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-07-31T23:15:10.297",
+  "lastModified": "2023-07-31T23:15:10.297",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "BMC Control-M Software v9.0.20.200 was discovered to contain a SQL injection vulnerability via the report-id parameter at /report/deleteReport."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/DojoSecurity/BMC-Control-M-Unauthenticated-SQL-Injection",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-07-31T22:00:27.795826+00:00
+2023-07-31T23:55:26.158758+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-07-31T21:15:09.980000+00:00
+2023-07-31T23:15:10.437000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,48 +29,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-221344
+221347
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `4`
+Recently added CVEs: `3`
 
-* [CVE-2022-42182](CVE-2022/CVE-2022-421xx/CVE-2022-42182.json) (`2023-07-31T20:15:09.993`)
-* [CVE-2022-42183](CVE-2022/CVE-2022-421xx/CVE-2022-42183.json) (`2023-07-31T20:15:10.050`)
-* [CVE-2023-38989](CVE-2023/CVE-2023-389xx/CVE-2023-38989.json) (`2023-07-31T18:15:10.320`)
-* [CVE-2023-3983](CVE-2023/CVE-2023-39xx/CVE-2023-3983.json) (`2023-07-31T19:15:18.243`)
+* [CVE-2023-39122](CVE-2023/CVE-2023-391xx/CVE-2023-39122.json) (`2023-07-31T23:15:10.297`)
+* [CVE-2023-3462](CVE-2023/CVE-2023-34xx/CVE-2023-3462.json) (`2023-07-31T23:15:10.360`)
+* [CVE-2023-3825](CVE-2023/CVE-2023-38xx/CVE-2023-3825.json) (`2023-07-31T23:15:10.437`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `77`
+Recently modified CVEs: `1`
 
-* [CVE-2023-30367](CVE-2023/CVE-2023-303xx/CVE-2023-30367.json) (`2023-07-31T19:15:16.233`)
-* [CVE-2023-30431](CVE-2023/CVE-2023-304xx/CVE-2023-30431.json) (`2023-07-31T19:15:16.290`)
-* [CVE-2023-30442](CVE-2023/CVE-2023-304xx/CVE-2023-30442.json) (`2023-07-31T19:15:16.383`)
-* [CVE-2023-30445](CVE-2023/CVE-2023-304xx/CVE-2023-30445.json) (`2023-07-31T19:15:16.477`)
-* [CVE-2023-30446](CVE-2023/CVE-2023-304xx/CVE-2023-30446.json) (`2023-07-31T19:15:16.573`)
-* [CVE-2023-30447](CVE-2023/CVE-2023-304xx/CVE-2023-30447.json) (`2023-07-31T19:15:16.663`)
-* [CVE-2023-30448](CVE-2023/CVE-2023-304xx/CVE-2023-30448.json) (`2023-07-31T19:15:16.760`)
-* [CVE-2023-30449](CVE-2023/CVE-2023-304xx/CVE-2023-30449.json) (`2023-07-31T19:15:16.850`)
-* [CVE-2023-30625](CVE-2023/CVE-2023-306xx/CVE-2023-30625.json) (`2023-07-31T19:15:16.943`)
-* [CVE-2023-34966](CVE-2023/CVE-2023-349xx/CVE-2023-34966.json) (`2023-07-31T19:15:17.053`)
-* [CVE-2023-34967](CVE-2023/CVE-2023-349xx/CVE-2023-34967.json) (`2023-07-31T19:15:17.150`)
-* [CVE-2023-34968](CVE-2023/CVE-2023-349xx/CVE-2023-34968.json) (`2023-07-31T19:15:17.263`)
-* [CVE-2023-35946](CVE-2023/CVE-2023-359xx/CVE-2023-35946.json) (`2023-07-31T19:15:17.370`)
-* [CVE-2023-36266](CVE-2023/CVE-2023-362xx/CVE-2023-36266.json) (`2023-07-31T19:15:17.497`)
-* [CVE-2023-37474](CVE-2023/CVE-2023-374xx/CVE-2023-37474.json) (`2023-07-31T19:15:17.570`)
-* [CVE-2023-38501](CVE-2023/CVE-2023-385xx/CVE-2023-38501.json) (`2023-07-31T19:15:17.657`)
-* [CVE-2023-3090](CVE-2023/CVE-2023-30xx/CVE-2023-3090.json) (`2023-07-31T19:15:17.743`)
-* [CVE-2023-3312](CVE-2023/CVE-2023-33xx/CVE-2023-3312.json) (`2023-07-31T19:15:17.837`)
-* [CVE-2023-3347](CVE-2023/CVE-2023-33xx/CVE-2023-3347.json) (`2023-07-31T19:15:18.053`)
-* [CVE-2023-3389](CVE-2023/CVE-2023-33xx/CVE-2023-3389.json) (`2023-07-31T19:15:18.150`)
-* [CVE-2023-28728](CVE-2023/CVE-2023-287xx/CVE-2023-28728.json) (`2023-07-31T20:58:56.437`)
-* [CVE-2023-28730](CVE-2023/CVE-2023-287xx/CVE-2023-28730.json) (`2023-07-31T21:00:41.197`)
-* [CVE-2023-28729](CVE-2023/CVE-2023-287xx/CVE-2023-28729.json) (`2023-07-31T21:02:02.200`)
-* [CVE-2023-0009](CVE-2023/CVE-2023-00xx/CVE-2023-0009.json) (`2023-07-31T21:15:09.850`)
-* [CVE-2023-20593](CVE-2023/CVE-2023-205xx/CVE-2023-20593.json) (`2023-07-31T21:15:09.980`)
+* [CVE-2023-36884](CVE-2023/CVE-2023-368xx/CVE-2023-36884.json) (`2023-07-31T23:15:10.167`)
 
 
 ## Download and Usage