diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2270.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2270.json new file mode 100644 index 00000000000..92f34a9fe43 --- /dev/null +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2270.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-2270", + "sourceIdentifier": "psirt@netskope.com", + "published": "2023-06-15T05:15:09.773", + "lastModified": "2023-06-15T05:15:09.773", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Netskope client service running with NT\\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. The connection handling function of Netskope client before R100 in this service utilized a relative path to download and unzip configuration files on the machine. This relative path provided a way for local users to write arbitrary files at a location which is accessible to only higher privileged users. This can be exploited by local users to execute code with NT\\SYSTEM privileges on the end machine.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@netskope.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@netskope.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-001", + "source": "psirt@netskope.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3193.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3193.json new file mode 100644 index 00000000000..082f83a9f98 --- /dev/null +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3193.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-3193", + "sourceIdentifier": "security@liferay.com", + "published": "2023-06-15T04:15:34.727", + "lastModified": "2023-06-15T04:15:34.727", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-site scripting (XSS) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@liferay.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@liferay.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-3193", + "source": "security@liferay.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35029.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35029.json new file mode 100644 index 00000000000..e715da09f66 --- /dev/null +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35029.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-35029", + "sourceIdentifier": "security@liferay.com", + "published": "2023-06-15T04:15:34.513", + "lastModified": "2023-06-15T04:15:34.513", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@liferay.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@liferay.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "references": [ + { + "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-35029", + "source": "security@liferay.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35030.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35030.json new file mode 100644 index 00000000000..db1093c6027 --- /dev/null +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35030.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-35030", + "sourceIdentifier": "security@liferay.com", + "published": "2023-06-15T05:15:09.857", + "lastModified": "2023-06-15T05:15:09.857", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-site request forgery (CSRF) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute arbitrary code in the scripting console via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@liferay.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@liferay.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-35030", + "source": "security@liferay.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 1530a883b90..6d213103a67 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-06-15T04:00:35.376240+00:00 +2023-06-15T06:00:29.917237+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-06-15T03:15:10.253000+00:00 +2023-06-15T05:15:09.857000+00:00 ``` ### Last Data Feed Release @@ -29,28 +29,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -217803 +217807 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` +Recently added CVEs: `4` -* [CVE-2022-33159](CVE-2022/CVE-2022-331xx/CVE-2022-33159.json) (`2023-06-15T02:15:09.240`) -* [CVE-2022-33163](CVE-2022/CVE-2022-331xx/CVE-2022-33163.json) (`2023-06-15T02:15:09.313`) -* [CVE-2022-33168](CVE-2022/CVE-2022-331xx/CVE-2022-33168.json) (`2023-06-15T02:15:09.377`) -* [CVE-2022-32752](CVE-2022/CVE-2022-327xx/CVE-2022-32752.json) (`2023-06-15T03:15:09.873`) -* [CVE-2022-32757](CVE-2022/CVE-2022-327xx/CVE-2022-32757.json) (`2023-06-15T03:15:09.950`) -* [CVE-2022-33166](CVE-2022/CVE-2022-331xx/CVE-2022-33166.json) (`2023-06-15T03:15:10.020`) +* [CVE-2023-35029](CVE-2023/CVE-2023-350xx/CVE-2023-35029.json) (`2023-06-15T04:15:34.513`) +* [CVE-2023-3193](CVE-2023/CVE-2023-31xx/CVE-2023-3193.json) (`2023-06-15T04:15:34.727`) +* [CVE-2023-2270](CVE-2023/CVE-2023-22xx/CVE-2023-2270.json) (`2023-06-15T05:15:09.773`) +* [CVE-2023-35030](CVE-2023/CVE-2023-350xx/CVE-2023-35030.json) (`2023-06-15T05:15:09.857`) ### CVEs modified in the last Commit -Recently modified CVEs: `3` +Recently modified CVEs: `0` -* [CVE-2020-15225](CVE-2020/CVE-2020-152xx/CVE-2020-15225.json) (`2023-06-15T03:15:09.710`) -* [CVE-2023-32573](CVE-2023/CVE-2023-325xx/CVE-2023-32573.json) (`2023-06-15T03:15:10.127`) -* [CVE-2023-34410](CVE-2023/CVE-2023-344xx/CVE-2023-34410.json) (`2023-06-15T03:15:10.253`) ## Download and Usage