diff --git a/CVE-2013/CVE-2013-100xx/CVE-2013-10030.json b/CVE-2013/CVE-2013-100xx/CVE-2013-10030.json index db955b690ab..de6b6441e3b 100644 --- a/CVE-2013/CVE-2013-100xx/CVE-2013-10030.json +++ b/CVE-2013/CVE-2013-100xx/CVE-2013-10030.json @@ -2,8 +2,8 @@ "id": "CVE-2013-10030", "sourceIdentifier": "cna@vuldb.com", "published": "2023-06-05T22:15:09.260", - "lastModified": "2023-06-06T12:50:56.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-14T13:24:55.677", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:angrybyte:wordpress_exit_box_lite:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.06", + "matchCriteriaId": "507831C8-49B6-4792-AEE9-17F1E9E9FC8A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/wp-plugins/wordpress-exit-box-lite/commit/fad26701addb862c51baf85c6e3cc136aa79c309", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Patch" + ] }, { "url": "https://vuldb.com/?ctiid.230672", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.230672", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-271xx/CVE-2021-27131.json b/CVE-2021/CVE-2021-271xx/CVE-2021-27131.json index 5282a49d197..1a74320432d 100644 --- a/CVE-2021/CVE-2021-271xx/CVE-2021-27131.json +++ b/CVE-2021/CVE-2021-271xx/CVE-2021-27131.json @@ -2,12 +2,12 @@ "id": "CVE-2021-27131", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-16T20:15:08.987", - "lastModified": "2023-05-25T15:56:09.600", - "vulnStatus": "Analyzed", + "lastModified": "2023-06-14T12:15:09.377", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the \"Additional HTML Section\" via \"Header and Footer\" parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookies by storing the malicious XSS payload in Header and Footer." + "value": "** DISPUTED ** Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the \"Additional HTML Section\" via \"Header and Footer\" parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookies by storing the malicious XSS payload in Header and Footer. NOTE: this is disputed by the vendor because the \"Additional HTML Section\" for \"Header and Footer\" can only be supplied by an administrator, who is intentionally allowed to enter unsanitized input (e.g., site-specific JavaScript)." } ], "metrics": { @@ -64,6 +64,10 @@ } ], "references": [ + { + "url": "https://docs.moodle.org/402/en/Risks", + "source": "cve@mitre.org" + }, { "url": "https://github.com/moodle/moodle", "source": "cve@mitre.org", diff --git a/CVE-2022/CVE-2022-471xx/CVE-2022-47184.json b/CVE-2022/CVE-2022-471xx/CVE-2022-47184.json index d9a44db6e67..c996427338d 100644 --- a/CVE-2022/CVE-2022-471xx/CVE-2022-47184.json +++ b/CVE-2022/CVE-2022-471xx/CVE-2022-47184.json @@ -2,8 +2,8 @@ "id": "CVE-2022-47184", "sourceIdentifier": "security@apache.org", "published": "2023-06-14T08:15:08.633", - "lastModified": "2023-06-14T08:15:08.633", - "vulnStatus": "Received", + "lastModified": "2023-06-14T12:54:19.587", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0695.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0695.json index 204f82dabf0..55df6fc4552 100644 --- a/CVE-2023/CVE-2023-06xx/CVE-2023-0695.json +++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0695.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0695", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-09T06:15:52.043", - "lastModified": "2023-06-09T13:03:43.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-14T13:44:01.067", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,16 +64,50 @@ "value": "CWE-79" } ] + }, + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpmet:metform_elementor_contact_form_builder:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.3.0", + "matchCriteriaId": "76FAF3C1-7141-4E7C-ACBA-CD47256F31FA" + } + ] + } + ] } ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/metform/trunk/base/shortcode.php?rev=2845078", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1c866d8d-399c-4bda-a3c9-17c7e5d2ffb8?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-07xx/CVE-2023-0708.json b/CVE-2023/CVE-2023-07xx/CVE-2023-0708.json index 4f08da0ce5c..49ea59fde23 100644 --- a/CVE-2023/CVE-2023-07xx/CVE-2023-0708.json +++ b/CVE-2023/CVE-2023-07xx/CVE-2023-0708.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0708", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-09T06:15:52.557", - "lastModified": "2023-06-09T13:03:43.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-14T13:44:22.850", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,18 +66,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpmet:metform_elementor_contact_form_builder:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.3.0", + "matchCriteriaId": "76FAF3C1-7141-4E7C-ACBA-CD47256F31FA" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/metform/trunk/base/shortcode.php?rev=2845078", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2907471/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ae7549db-9a4b-4dee-8023-d7863dc3b4c8?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-07xx/CVE-2023-0709.json b/CVE-2023/CVE-2023-07xx/CVE-2023-0709.json index f9db2cc58dd..18e75486c58 100644 --- a/CVE-2023/CVE-2023-07xx/CVE-2023-0709.json +++ b/CVE-2023/CVE-2023-07xx/CVE-2023-0709.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0709", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-09T06:15:52.820", - "lastModified": "2023-06-09T13:03:43.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-14T13:45:52.187", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -46,18 +66,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpmet:metform_elementor_contact_form_builder:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.3.0", + "matchCriteriaId": "76FAF3C1-7141-4E7C-ACBA-CD47256F31FA" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/metform/trunk/base/shortcode.php?rev=2845078", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2907471/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/25200656-a6a2-42f2-a607-26d4ff502cbf?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-08xx/CVE-2023-0837.json b/CVE-2023/CVE-2023-08xx/CVE-2023-0837.json index b1233fb9943..bbec31308cd 100644 --- a/CVE-2023/CVE-2023-08xx/CVE-2023-0837.json +++ b/CVE-2023/CVE-2023-08xx/CVE-2023-0837.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0837", "sourceIdentifier": "psirt@teamviewer.com", "published": "2023-06-14T08:15:08.703", - "lastModified": "2023-06-14T08:15:08.703", - "vulnStatus": "Received", + "lastModified": "2023-06-14T12:54:19.587", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-10xx/CVE-2023-1049.json b/CVE-2023/CVE-2023-10xx/CVE-2023-1049.json index b1cb53e860f..a0eaa5f1fe5 100644 --- a/CVE-2023/CVE-2023-10xx/CVE-2023-1049.json +++ b/CVE-2023/CVE-2023-10xx/CVE-2023-1049.json @@ -2,8 +2,8 @@ "id": "CVE-2023-1049", "sourceIdentifier": "cybersecurity@se.com", "published": "2023-06-14T08:15:08.773", - "lastModified": "2023-06-14T08:15:08.773", - "vulnStatus": "Received", + "lastModified": "2023-06-14T12:54:19.587", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-240xx/CVE-2023-24014.json b/CVE-2023/CVE-2023-240xx/CVE-2023-24014.json index a80564f736f..8c10c85ccf7 100644 --- a/CVE-2023/CVE-2023-240xx/CVE-2023-24014.json +++ b/CVE-2023/CVE-2023-240xx/CVE-2023-24014.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24014", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-06-07T21:15:13.120", - "lastModified": "2023-06-07T21:36:36.773", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-14T12:56:34.443", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "ics-cert@hq.dhs.gov", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +76,33 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:deltaww:cncsoft-b:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.0.0.4", + "matchCriteriaId": "1FDB1A38-9200-4286-B14C-7C06CF2A3DFF" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-157-01", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Patch", + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2569.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2569.json index d82f4e5c864..8b5d4a70ba6 100644 --- a/CVE-2023/CVE-2023-25xx/CVE-2023-2569.json +++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2569.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2569", "sourceIdentifier": "cybersecurity@se.com", "published": "2023-06-14T08:15:09.113", - "lastModified": "2023-06-14T08:15:09.113", - "vulnStatus": "Received", + "lastModified": "2023-06-14T12:54:19.587", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2570.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2570.json index f8cbcf9e049..1291ea6d7d9 100644 --- a/CVE-2023/CVE-2023-25xx/CVE-2023-2570.json +++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2570.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2570", "sourceIdentifier": "cybersecurity@se.com", "published": "2023-06-14T08:15:09.187", - "lastModified": "2023-06-14T08:15:09.187", - "vulnStatus": "Received", + "lastModified": "2023-06-14T12:54:19.587", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30631.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30631.json index 3697f532ab1..334c5029fba 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30631.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30631.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30631", "sourceIdentifier": "security@apache.org", "published": "2023-06-14T08:15:09.257", - "lastModified": "2023-06-14T08:15:09.257", - "vulnStatus": "Received", + "lastModified": "2023-06-14T12:54:19.587", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3001.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3001.json index e34359ae784..a4ae456729e 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3001.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3001.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3001", "sourceIdentifier": "cybersecurity@se.com", "published": "2023-06-14T08:15:09.577", - "lastModified": "2023-06-14T08:15:09.577", - "vulnStatus": "Received", + "lastModified": "2023-06-14T12:54:19.587", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3036.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3036.json new file mode 100644 index 00000000000..e288413e870 --- /dev/null +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3036.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3036", + "sourceIdentifier": "cna@cloudflare.com", + "published": "2023-06-14T12:15:09.647", + "lastModified": "2023-06-14T12:54:19.587", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/commit/783490b913f05e508a492cd7b02e3c4ec2297b71 \u00a0enabled a remote attacker to trigger a panic by sending an NTSAuthenticator packet with extension length longer than the packet contents.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@cloudflare.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "cna@cloudflare.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/cloudflare/cfnts/security/advisories/GHSA-pwx6-gw47-96cp", + "source": "cna@cloudflare.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3040.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3040.json new file mode 100644 index 00000000000..bddb97840ab --- /dev/null +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3040.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3040", + "sourceIdentifier": "cna@cloudflare.com", + "published": "2023-06-14T12:15:09.730", + "lastModified": "2023-06-14T12:54:19.587", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A debug function in the lua-resty-json package, up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a (merged in PR #14) contained an out of bounds access bug that could have allowed an attacker to launch a DoS if the function was used to parse untrusted input data. It is important to note that because this debug function was only used in tests and demos, it was not exploitable in a normal environment.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@cloudflare.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 3.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cna@cloudflare.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/cloudflare/lua-resty-json/pull/14", + "source": "cna@cloudflare.com" + }, + { + "url": "https://github.com/cloudflare/lua-resty-json/security/advisories/GHSA-h8rp-9622-83pg", + "source": "cna@cloudflare.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31114.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31114.json index e1232a8e6c0..f274c22a4d6 100644 --- a/CVE-2023/CVE-2023-311xx/CVE-2023-31114.json +++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31114.json @@ -2,19 +2,113 @@ "id": "CVE-2023-31114", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-07T21:15:13.350", - "lastModified": "2023-06-07T21:36:36.773", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-14T13:43:45.193", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer between spheres can cause unintended querying of the SIM status via a crafted application." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-669" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_5123_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EFFB4DF2-B55C-45BD-9073-56299E19B6DE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_5123:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A5954D95-E12B-487D-9744-361566788A2D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_5300_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6E2E6EE0-4271-43A3-9439-49F332D1FE1C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_5300:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F9B26D9-AA50-4652-AFC0-A6AC966B4770" + } + ] + } + ] + } + ], "references": [ { "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31437.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31437.json index 570ea4d9acd..f0fcc228305 100644 --- a/CVE-2023/CVE-2023-314xx/CVE-2023-31437.json +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31437.json @@ -2,12 +2,12 @@ "id": "CVE-2023-31437", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-13T17:15:14.657", - "lastModified": "2023-06-13T18:27:48.060", + "lastModified": "2023-06-14T12:15:09.497", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed." + "value": "** DISPUTED ** An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"" } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31438.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31438.json index 36b4c552a37..d3b6346a2ca 100644 --- a/CVE-2023/CVE-2023-314xx/CVE-2023-31438.json +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31438.json @@ -2,12 +2,12 @@ "id": "CVE-2023-31438", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-13T17:15:14.707", - "lastModified": "2023-06-13T18:27:41.330", + "lastModified": "2023-06-14T12:15:09.553", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications." + "value": "** DISPUTED ** An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"" } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31439.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31439.json index 27f022bc871..1ae7b0cc93b 100644 --- a/CVE-2023/CVE-2023-314xx/CVE-2023-31439.json +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31439.json @@ -2,12 +2,12 @@ "id": "CVE-2023-31439", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-13T17:15:14.753", - "lastModified": "2023-06-13T18:27:41.330", + "lastModified": "2023-06-14T12:15:09.597", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications." + "value": "** DISPUTED ** An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"" } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3142.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3142.json index 9f23eed7a17..559c25dbc54 100644 --- a/CVE-2023/CVE-2023-31xx/CVE-2023-3142.json +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3142.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3142", "sourceIdentifier": "security@huntr.dev", "published": "2023-06-07T15:15:09.533", - "lastModified": "2023-06-07T16:18:07.597", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-14T13:37:31.593", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.0", + "matchCriteriaId": "A3C150C1-4763-474B-91B5-B571C53BEC4D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/microweber/microweber/commit/42efa981a2239d042d910069952d6276497bdcf1", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/d00686b0-f89a-4e14-98d7-b8dd3f92a6e5", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3189.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3189.json index 3e2ccad30e2..73c1f8023d9 100644 --- a/CVE-2023/CVE-2023-31xx/CVE-2023-3189.json +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3189.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3189", "sourceIdentifier": "cna@vuldb.com", "published": "2023-06-14T06:15:08.507", - "lastModified": "2023-06-14T06:15:08.507", - "vulnStatus": "Received", + "lastModified": "2023-06-14T12:54:19.587", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3227.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3227.json index b4713509b01..292d696b9ba 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3227.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3227.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3227", "sourceIdentifier": "security@huntr.dev", "published": "2023-06-14T06:15:08.720", - "lastModified": "2023-06-14T06:15:08.720", - "vulnStatus": "Received", + "lastModified": "2023-06-14T12:54:19.587", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3228.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3228.json index 0ace214c964..f0751619df6 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3228.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3228.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3228", "sourceIdentifier": "security@huntr.dev", "published": "2023-06-14T06:15:08.800", - "lastModified": "2023-06-14T06:15:08.800", - "vulnStatus": "Received", + "lastModified": "2023-06-14T12:54:19.587", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3229.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3229.json index 8db30ec7cb1..27f99ec52d0 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3229.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3229.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3229", "sourceIdentifier": "security@huntr.dev", "published": "2023-06-14T06:15:08.877", - "lastModified": "2023-06-14T06:15:08.877", - "vulnStatus": "Received", + "lastModified": "2023-06-14T12:54:19.587", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3230.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3230.json index 9bfabddf1bc..3cc556f0737 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3230.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3230.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3230", "sourceIdentifier": "security@huntr.dev", "published": "2023-06-14T06:15:08.937", - "lastModified": "2023-06-14T06:15:08.937", - "vulnStatus": "Received", + "lastModified": "2023-06-14T12:54:19.587", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3231.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3231.json index 2df45c5dee2..8cd7b5aa24d 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3231.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3231.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3231", "sourceIdentifier": "cna@vuldb.com", "published": "2023-06-14T06:15:09.007", - "lastModified": "2023-06-14T06:15:09.007", - "vulnStatus": "Received", + "lastModified": "2023-06-14T12:54:19.587", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3232.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3232.json index 85ca97b7f99..1aed9779721 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3232.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3232.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3232", "sourceIdentifier": "cna@vuldb.com", "published": "2023-06-14T06:15:09.080", - "lastModified": "2023-06-14T06:15:09.080", - "vulnStatus": "Received", + "lastModified": "2023-06-14T12:54:19.587", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3233.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3233.json index 00ef0c1990d..aa3cfb85a04 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3233.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3233.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3233", "sourceIdentifier": "cna@vuldb.com", "published": "2023-06-14T07:15:09.337", - "lastModified": "2023-06-14T07:15:09.337", - "vulnStatus": "Received", + "lastModified": "2023-06-14T12:54:19.587", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3234.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3234.json index c83667dffbe..6ee8fda4315 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3234.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3234.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3234", "sourceIdentifier": "cna@vuldb.com", "published": "2023-06-14T07:15:09.437", - "lastModified": "2023-06-14T07:15:09.437", - "vulnStatus": "Received", + "lastModified": "2023-06-14T12:54:19.587", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3235.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3235.json index 0c3f49887fa..364c525ae74 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3235.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3235.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3235", "sourceIdentifier": "cna@vuldb.com", "published": "2023-06-14T07:15:09.510", - "lastModified": "2023-06-14T07:15:09.510", - "vulnStatus": "Received", + "lastModified": "2023-06-14T12:54:19.587", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3236.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3236.json index a677d8dd9bb..311e6875ef4 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3236.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3236.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3236", "sourceIdentifier": "cna@vuldb.com", "published": "2023-06-14T07:15:09.580", - "lastModified": "2023-06-14T07:15:09.580", - "vulnStatus": "Received", + "lastModified": "2023-06-14T12:54:19.587", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3237.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3237.json index 03a5ca629ff..b8bbe202d1f 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3237.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3237.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3237", "sourceIdentifier": "cna@vuldb.com", "published": "2023-06-14T08:15:09.640", - "lastModified": "2023-06-14T08:15:09.640", - "vulnStatus": "Received", + "lastModified": "2023-06-14T12:54:19.587", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3238.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3238.json index b6bc0aeb368..a40f357967c 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3238.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3238.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3238", "sourceIdentifier": "cna@vuldb.com", "published": "2023-06-14T08:15:09.713", - "lastModified": "2023-06-14T08:15:09.713", - "vulnStatus": "Received", + "lastModified": "2023-06-14T12:54:19.587", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3239.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3239.json index d66dfee49b9..3ed4f4723b7 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3239.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3239.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3239", "sourceIdentifier": "cna@vuldb.com", "published": "2023-06-14T09:15:09.333", - "lastModified": "2023-06-14T09:15:09.333", - "vulnStatus": "Received", + "lastModified": "2023-06-14T12:54:19.587", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3240.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3240.json index fce97481b94..bbf304fec80 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3240.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3240.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3240", "sourceIdentifier": "cna@vuldb.com", "published": "2023-06-14T09:15:09.717", - "lastModified": "2023-06-14T09:15:09.717", - "vulnStatus": "Received", + "lastModified": "2023-06-14T12:54:19.587", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3241.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3241.json index 9c714265f48..5c4555e0df1 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3241.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3241.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3241", "sourceIdentifier": "cna@vuldb.com", "published": "2023-06-14T09:15:09.783", - "lastModified": "2023-06-14T09:15:09.783", - "vulnStatus": "Received", + "lastModified": "2023-06-14T12:54:19.587", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33865.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33865.json index 634dedfd8eb..4ad57dcac72 100644 --- a/CVE-2023/CVE-2023-338xx/CVE-2023-33865.json +++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33865.json @@ -2,31 +2,101 @@ "id": "CVE-2023-33865", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-07T20:15:10.053", - "lastModified": "2023-06-08T17:15:09.930", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-14T12:50:05.190", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "RenderDoc through 1.26 allows local privilege escalation via a symlink attack." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-59" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:renderdoc:renderdoc:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.26", + "matchCriteriaId": "2A659FB0-27D6-48C3-94FB-0442989375B5" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/172804/RenderDoc-1.26-Local-Privilege-Escalation-Remote-Code-Execution.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://seclists.org/fulldisclosure/2023/Jun/2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://renderdoc.org/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://www.qualys.com/2023/06/06/renderdoc/renderdoc.txt", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33933.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33933.json index 835f2b5a81d..538ed104ac0 100644 --- a/CVE-2023/CVE-2023-339xx/CVE-2023-33933.json +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33933.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33933", "sourceIdentifier": "security@apache.org", "published": "2023-06-14T08:15:09.323", - "lastModified": "2023-06-14T08:15:09.323", - "vulnStatus": "Received", + "lastModified": "2023-06-14T12:54:19.587", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34000.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34000.json index 7cd5682d3ad..60aa5ad8cdc 100644 --- a/CVE-2023/CVE-2023-340xx/CVE-2023-34000.json +++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34000.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34000", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-14T08:15:09.377", - "lastModified": "2023-06-14T08:15:09.377", - "vulnStatus": "Received", + "lastModified": "2023-06-14T12:54:19.587", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34149.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34149.json index 2d57d6d94d4..e0fea9385a1 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34149.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34149.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34149", "sourceIdentifier": "security@apache.org", "published": "2023-06-14T08:15:09.450", - "lastModified": "2023-06-14T08:15:09.450", - "vulnStatus": "Received", + "lastModified": "2023-06-14T12:54:19.587", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34396.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34396.json index 32cb4e7e02c..5f972e958d3 100644 --- a/CVE-2023/CVE-2023-343xx/CVE-2023-34396.json +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34396.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34396", "sourceIdentifier": "security@apache.org", "published": "2023-06-14T08:15:09.520", - "lastModified": "2023-06-14T08:15:09.520", - "vulnStatus": "Received", + "lastModified": "2023-06-14T12:54:19.587", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35141.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35141.json new file mode 100644 index 00000000000..c6b60482322 --- /dev/null +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35141.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-35141", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-06-14T13:15:11.823", + "lastModified": "2023-06-14T13:15:11.823", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3135", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35142.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35142.json new file mode 100644 index 00000000000..28e9beb4704 --- /dev/null +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35142.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-35142", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-06-14T13:15:11.897", + "lastModified": "2023-06-14T13:15:11.897", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-2870", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35143.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35143.json new file mode 100644 index 00000000000..24aeb496cd7 --- /dev/null +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35143.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-35143", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-06-14T13:15:11.957", + "lastModified": "2023-06-14T13:15:11.957", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control maven project versions in `pom.xml`." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3156", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35144.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35144.json new file mode 100644 index 00000000000..15a8d63d959 --- /dev/null +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35144.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-35144", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-06-14T13:15:12.013", + "lastModified": "2023-06-14T13:15:12.013", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-2951", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35145.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35145.json new file mode 100644 index 00000000000..0581100e181 --- /dev/null +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35145.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-35145", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-06-14T13:15:12.067", + "lastModified": "2023-06-14T13:15:12.067", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3155", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35146.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35146.json new file mode 100644 index 00000000000..73bcf84be86 --- /dev/null +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35146.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-35146", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-06-14T13:15:12.117", + "lastModified": "2023-06-14T13:15:12.117", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Jenkins Template Workflows Plugin 41.v32d86a_313b_4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create jobs." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3166", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35147.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35147.json new file mode 100644 index 00000000000..d0c3b130c22 --- /dev/null +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35147.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-35147", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-06-14T13:15:12.167", + "lastModified": "2023-06-14T13:15:12.167", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3099", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35148.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35148.json new file mode 100644 index 00000000000..7d7e70f7545 --- /dev/null +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35148.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-35148", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-06-14T13:15:12.220", + "lastModified": "2023-06-14T13:15:12.220", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-2911", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35149.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35149.json new file mode 100644 index 00000000000..ac2d90b504c --- /dev/null +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35149.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-35149", + "sourceIdentifier": "jenkinsci-cert@googlegroups.com", + "published": "2023-06-14T13:15:12.277", + "lastModified": "2023-06-14T13:15:12.277", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-2911", + "source": "jenkinsci-cert@googlegroups.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 29741dd2a3f..4aa02b937e4 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-06-14T10:00:30.376135+00:00 +2023-06-14T14:00:25.944686+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-06-14T09:15:09.783000+00:00 +2023-06-14T13:45:52.187000+00:00 ``` ### Last Data Feed Release @@ -29,37 +29,55 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -217707 +217718 ``` ### CVEs added in the last Commit -Recently added CVEs: `16` +Recently added CVEs: `11` -* [CVE-2022-47184](CVE-2022/CVE-2022-471xx/CVE-2022-47184.json) (`2023-06-14T08:15:08.633`) -* [CVE-2023-0837](CVE-2023/CVE-2023-08xx/CVE-2023-0837.json) (`2023-06-14T08:15:08.703`) -* [CVE-2023-1049](CVE-2023/CVE-2023-10xx/CVE-2023-1049.json) (`2023-06-14T08:15:08.773`) -* [CVE-2023-2569](CVE-2023/CVE-2023-25xx/CVE-2023-2569.json) (`2023-06-14T08:15:09.113`) -* [CVE-2023-2570](CVE-2023/CVE-2023-25xx/CVE-2023-2570.json) (`2023-06-14T08:15:09.187`) -* [CVE-2023-30631](CVE-2023/CVE-2023-306xx/CVE-2023-30631.json) (`2023-06-14T08:15:09.257`) -* [CVE-2023-33933](CVE-2023/CVE-2023-339xx/CVE-2023-33933.json) (`2023-06-14T08:15:09.323`) -* [CVE-2023-34000](CVE-2023/CVE-2023-340xx/CVE-2023-34000.json) (`2023-06-14T08:15:09.377`) -* [CVE-2023-34149](CVE-2023/CVE-2023-341xx/CVE-2023-34149.json) (`2023-06-14T08:15:09.450`) -* [CVE-2023-34396](CVE-2023/CVE-2023-343xx/CVE-2023-34396.json) (`2023-06-14T08:15:09.520`) -* [CVE-2023-3001](CVE-2023/CVE-2023-30xx/CVE-2023-3001.json) (`2023-06-14T08:15:09.577`) -* [CVE-2023-3237](CVE-2023/CVE-2023-32xx/CVE-2023-3237.json) (`2023-06-14T08:15:09.640`) -* [CVE-2023-3238](CVE-2023/CVE-2023-32xx/CVE-2023-3238.json) (`2023-06-14T08:15:09.713`) -* [CVE-2023-3239](CVE-2023/CVE-2023-32xx/CVE-2023-3239.json) (`2023-06-14T09:15:09.333`) -* [CVE-2023-3240](CVE-2023/CVE-2023-32xx/CVE-2023-3240.json) (`2023-06-14T09:15:09.717`) -* [CVE-2023-3241](CVE-2023/CVE-2023-32xx/CVE-2023-3241.json) (`2023-06-14T09:15:09.783`) +* [CVE-2023-3036](CVE-2023/CVE-2023-30xx/CVE-2023-3036.json) (`2023-06-14T12:15:09.647`) +* [CVE-2023-3040](CVE-2023/CVE-2023-30xx/CVE-2023-3040.json) (`2023-06-14T12:15:09.730`) +* [CVE-2023-35141](CVE-2023/CVE-2023-351xx/CVE-2023-35141.json) (`2023-06-14T13:15:11.823`) +* [CVE-2023-35142](CVE-2023/CVE-2023-351xx/CVE-2023-35142.json) (`2023-06-14T13:15:11.897`) +* [CVE-2023-35143](CVE-2023/CVE-2023-351xx/CVE-2023-35143.json) (`2023-06-14T13:15:11.957`) +* [CVE-2023-35144](CVE-2023/CVE-2023-351xx/CVE-2023-35144.json) (`2023-06-14T13:15:12.013`) +* [CVE-2023-35145](CVE-2023/CVE-2023-351xx/CVE-2023-35145.json) (`2023-06-14T13:15:12.067`) +* [CVE-2023-35146](CVE-2023/CVE-2023-351xx/CVE-2023-35146.json) (`2023-06-14T13:15:12.117`) +* [CVE-2023-35147](CVE-2023/CVE-2023-351xx/CVE-2023-35147.json) (`2023-06-14T13:15:12.167`) +* [CVE-2023-35148](CVE-2023/CVE-2023-351xx/CVE-2023-35148.json) (`2023-06-14T13:15:12.220`) +* [CVE-2023-35149](CVE-2023/CVE-2023-351xx/CVE-2023-35149.json) (`2023-06-14T13:15:12.277`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `39` -* [CVE-2023-22610](CVE-2023/CVE-2023-226xx/CVE-2023-22610.json) (`2023-06-14T08:15:08.860`) -* [CVE-2023-28069](CVE-2023/CVE-2023-280xx/CVE-2023-28069.json) (`2023-06-14T08:15:08.997`) +* [CVE-2023-3233](CVE-2023/CVE-2023-32xx/CVE-2023-3233.json) (`2023-06-14T12:54:19.587`) +* [CVE-2023-3234](CVE-2023/CVE-2023-32xx/CVE-2023-3234.json) (`2023-06-14T12:54:19.587`) +* [CVE-2023-3235](CVE-2023/CVE-2023-32xx/CVE-2023-3235.json) (`2023-06-14T12:54:19.587`) +* [CVE-2023-3236](CVE-2023/CVE-2023-32xx/CVE-2023-3236.json) (`2023-06-14T12:54:19.587`) +* [CVE-2023-0837](CVE-2023/CVE-2023-08xx/CVE-2023-0837.json) (`2023-06-14T12:54:19.587`) +* [CVE-2023-1049](CVE-2023/CVE-2023-10xx/CVE-2023-1049.json) (`2023-06-14T12:54:19.587`) +* [CVE-2023-2569](CVE-2023/CVE-2023-25xx/CVE-2023-2569.json) (`2023-06-14T12:54:19.587`) +* [CVE-2023-2570](CVE-2023/CVE-2023-25xx/CVE-2023-2570.json) (`2023-06-14T12:54:19.587`) +* [CVE-2023-30631](CVE-2023/CVE-2023-306xx/CVE-2023-30631.json) (`2023-06-14T12:54:19.587`) +* [CVE-2023-33933](CVE-2023/CVE-2023-339xx/CVE-2023-33933.json) (`2023-06-14T12:54:19.587`) +* [CVE-2023-34000](CVE-2023/CVE-2023-340xx/CVE-2023-34000.json) (`2023-06-14T12:54:19.587`) +* [CVE-2023-34149](CVE-2023/CVE-2023-341xx/CVE-2023-34149.json) (`2023-06-14T12:54:19.587`) +* [CVE-2023-34396](CVE-2023/CVE-2023-343xx/CVE-2023-34396.json) (`2023-06-14T12:54:19.587`) +* [CVE-2023-3001](CVE-2023/CVE-2023-30xx/CVE-2023-3001.json) (`2023-06-14T12:54:19.587`) +* [CVE-2023-3237](CVE-2023/CVE-2023-32xx/CVE-2023-3237.json) (`2023-06-14T12:54:19.587`) +* [CVE-2023-3238](CVE-2023/CVE-2023-32xx/CVE-2023-3238.json) (`2023-06-14T12:54:19.587`) +* [CVE-2023-3239](CVE-2023/CVE-2023-32xx/CVE-2023-3239.json) (`2023-06-14T12:54:19.587`) +* [CVE-2023-3240](CVE-2023/CVE-2023-32xx/CVE-2023-3240.json) (`2023-06-14T12:54:19.587`) +* [CVE-2023-3241](CVE-2023/CVE-2023-32xx/CVE-2023-3241.json) (`2023-06-14T12:54:19.587`) +* [CVE-2023-24014](CVE-2023/CVE-2023-240xx/CVE-2023-24014.json) (`2023-06-14T12:56:34.443`) +* [CVE-2023-3142](CVE-2023/CVE-2023-31xx/CVE-2023-3142.json) (`2023-06-14T13:37:31.593`) +* [CVE-2023-31114](CVE-2023/CVE-2023-311xx/CVE-2023-31114.json) (`2023-06-14T13:43:45.193`) +* [CVE-2023-0695](CVE-2023/CVE-2023-06xx/CVE-2023-0695.json) (`2023-06-14T13:44:01.067`) +* [CVE-2023-0708](CVE-2023/CVE-2023-07xx/CVE-2023-0708.json) (`2023-06-14T13:44:22.850`) +* [CVE-2023-0709](CVE-2023/CVE-2023-07xx/CVE-2023-0709.json) (`2023-06-14T13:45:52.187`) ## Download and Usage