admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 18:52:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-07-25T16:00:26.544144+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-07-25 16:00:30 +00:00
parent 2c9537ece3
commit a2766cca5e
80 changed files with 4595 additions and 261 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2020/CVE-2020-230xx/CVE-2020-23064.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-23064",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-26T19:15:09.450",
"lastModified": "2023-07-04T01:38:31.623",
"vulnStatus": "Analyzed",
"lastModified": "2023-07-25T15:15:10.220",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -73,6 +73,10 @@
"Release Notes"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0003/",
"source": "cve@mitre.org"
},
{
"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-565129",
"source": "cve@mitre.org",

8
CVE-2022/CVE-2022-48xx/CVE-2022-4899.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-4899",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-03-31T20:15:07.213",
"lastModified": "2023-04-07T01:19:54.717",
"vulnStatus": "Analyzed",
"lastModified": "2023-07-25T15:15:10.403",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -81,6 +81,10 @@
"Issue Tracking",
"Patch"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0005/",
"source": "secalert@redhat.com"
}
]
}

8
CVE-2023/CVE-2023-03xx/CVE-2023-0361.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0361",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-02-15T18:15:11.683",
"lastModified": "2023-05-23T17:22:55.810",
"vulnStatus": "Analyzed",
"lastModified": "2023-07-25T15:15:10.560",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -211,6 +211,10 @@
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0005/",
"source": "secalert@redhat.com"
}
]
}

12
CVE-2023/CVE-2023-208xx/CVE-2023-20867.json
View File

@ -2,8 +2,12 @@
"id": "CVE-2023-20867",
"sourceIdentifier": "security@vmware.com",
"published": "2023-06-13T17:15:14.070",
"lastModified": "2023-06-16T14:24:01.567",
"vulnStatus": "Analyzed",
"lastModified": "2023-07-25T15:15:10.690",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-06-23",
"cisaActionDue": "2023-07-14",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "VMware Tools Authentication Bypass Vulnerability",
"descriptions": [
{
"lang": "en",
@ -96,6 +100,10 @@
}
],
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0001/",
"source": "security@vmware.com"
},
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0013.html",
"source": "security@vmware.com",

84
CVE-2023/CVE-2023-212xx/CVE-2023-21251.json
View File

@ -2,23 +2,97 @@
"id": "CVE-2023-21251",
"sourceIdentifier": "security@android.com",
"published": "2023-07-13T00:15:23.963",
"lastModified": "2023-07-13T08:32:09.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T14:48:16.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In onCreate of ConfirmDialog.java, there is a possible way to connect to VNP bypassing user's consent due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54C3907A-DF77-4A94-8537-A2FFA20B90A0"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/57946e2bb73850e817b3c01fa5350d705e178e39",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-07-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-212xx/CVE-2023-21254.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-21254",
"sourceIdentifier": "security@android.com",
"published": "2023-07-13T00:15:24.007",
"lastModified": "2023-07-13T08:32:09.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T15:29:19.453",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In getCurrentState of OneTimePermissionUserManager.java, there is a possible way to hold one-time permissions after the app is being killed due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/fa539c85503dc63bfb53c76b6f12b3549f14a709",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-07-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-212xx/CVE-2023-21255.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-21255",
"sourceIdentifier": "security@android.com",
"published": "2023-07-13T00:15:24.053",
"lastModified": "2023-07-13T08:32:09.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T15:29:53.783",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
},
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/kernel/common/+/1ca1130ec62d",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-07-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-212xx/CVE-2023-21256.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-21256",
"sourceIdentifier": "security@android.com",
"published": "2023-07-13T00:15:24.097",
"lastModified": "2023-07-13T08:32:09.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T15:30:52.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/packages/apps/Settings/+/62fc1d269f5e754fc8f00b6167d79c3933b4c1f4",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-07-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-214xx/CVE-2023-21400.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21400",
"sourceIdentifier": "security@android.com",
"published": "2023-07-13T00:15:24.340",
"lastModified": "2023-07-20T17:44:06.260",
"vulnStatus": "Analyzed",
"lastModified": "2023-07-25T15:15:10.903",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -89,6 +89,10 @@
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/25/7",
"source": "security@android.com"
},
{
"url": "https://source.android.com/security/bulletin/pixel/2023-07-01",
"source": "security@android.com",

8
CVE-2023/CVE-2023-219xx/CVE-2023-21950.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21950",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-07-18T21:15:11.453",
"lastModified": "2023-07-18T22:17:55.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T15:15:11.017",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -35,6 +35,10 @@
]
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0005/",
"source": "secalert_us@oracle.com"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2023.html",
"source": "secalert_us@oracle.com"

8
CVE-2023/CVE-2023-220xx/CVE-2023-22005.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22005",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-07-18T21:15:11.997",
"lastModified": "2023-07-18T22:17:55.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T15:15:11.203",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -35,6 +35,10 @@
]
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0005/",
"source": "secalert_us@oracle.com"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2023.html",
"source": "secalert_us@oracle.com"

6
CVE-2023/CVE-2023-220xx/CVE-2023-22006.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-22006",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-07-18T21:15:12.067",
"lastModified": "2023-07-18T22:17:55.173",
"lastModified": "2023-07-25T15:15:11.363",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -35,6 +35,10 @@
]
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0006/",
"source": "secalert_us@oracle.com"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2023.html",
"source": "secalert_us@oracle.com"

8
CVE-2023/CVE-2023-220xx/CVE-2023-22007.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22007",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-07-18T21:15:12.147",
"lastModified": "2023-07-18T22:17:55.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T15:15:11.477",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -35,6 +35,10 @@
]
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0005/",
"source": "secalert_us@oracle.com"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2023.html",
"source": "secalert_us@oracle.com"

8
CVE-2023/CVE-2023-220xx/CVE-2023-22008.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22008",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-07-18T21:15:12.213",
"lastModified": "2023-07-18T22:17:55.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T15:15:11.587",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -35,6 +35,10 @@
]
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0005/",
"source": "secalert_us@oracle.com"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2023.html",
"source": "secalert_us@oracle.com"

8
CVE-2023/CVE-2023-220xx/CVE-2023-22033.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22033",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-07-18T21:15:13.373",
"lastModified": "2023-07-18T22:17:55.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T15:15:11.683",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -35,6 +35,10 @@
]
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0005/",
"source": "secalert_us@oracle.com"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2023.html",
"source": "secalert_us@oracle.com"

6
CVE-2023/CVE-2023-220xx/CVE-2023-22036.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-22036",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-07-18T21:15:13.587",
"lastModified": "2023-07-18T22:17:55.173",
"lastModified": "2023-07-25T15:15:11.787",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -35,6 +35,10 @@
]
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0006/",
"source": "secalert_us@oracle.com"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2023.html",
"source": "secalert_us@oracle.com"

8
CVE-2023/CVE-2023-220xx/CVE-2023-22038.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22038",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-07-18T21:15:13.737",
"lastModified": "2023-07-18T22:17:55.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T15:15:11.877",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -35,6 +35,10 @@
]
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0005/",
"source": "secalert_us@oracle.com"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2023.html",
"source": "secalert_us@oracle.com"

6
CVE-2023/CVE-2023-220xx/CVE-2023-22041.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-22041",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-07-18T21:15:13.963",
"lastModified": "2023-07-18T22:17:55.173",
"lastModified": "2023-07-25T15:15:11.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -35,6 +35,10 @@
]
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0006/",
"source": "secalert_us@oracle.com"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2023.html",
"source": "secalert_us@oracle.com"

6
CVE-2023/CVE-2023-220xx/CVE-2023-22043.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-22043",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-07-18T21:15:14.113",
"lastModified": "2023-07-18T22:17:55.173",
"lastModified": "2023-07-25T15:15:12.070",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -35,6 +35,10 @@
]
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0006/",
"source": "secalert_us@oracle.com"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2023.html",
"source": "secalert_us@oracle.com"

6
CVE-2023/CVE-2023-220xx/CVE-2023-22044.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-22044",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-07-18T21:15:14.190",
"lastModified": "2023-07-18T22:17:55.173",
"lastModified": "2023-07-25T15:15:12.157",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -35,6 +35,10 @@
]
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0006/",
"source": "secalert_us@oracle.com"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2023.html",
"source": "secalert_us@oracle.com"

6
CVE-2023/CVE-2023-220xx/CVE-2023-22045.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-22045",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-07-18T21:15:14.267",
"lastModified": "2023-07-18T22:17:55.173",
"lastModified": "2023-07-25T15:15:12.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -35,6 +35,10 @@
]
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0006/",
"source": "secalert_us@oracle.com"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2023.html",
"source": "secalert_us@oracle.com"

8
CVE-2023/CVE-2023-220xx/CVE-2023-22046.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22046",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-07-18T21:15:14.343",
"lastModified": "2023-07-18T22:17:55.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T15:15:12.340",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -35,6 +35,10 @@
]
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0005/",
"source": "secalert_us@oracle.com"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2023.html",
"source": "secalert_us@oracle.com"

8
CVE-2023/CVE-2023-220xx/CVE-2023-22048.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22048",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-07-18T21:15:14.493",
"lastModified": "2023-07-18T22:17:55.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T15:15:12.470",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -35,6 +35,10 @@
]
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0005/",
"source": "secalert_us@oracle.com"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2023.html",
"source": "secalert_us@oracle.com"

6
CVE-2023/CVE-2023-220xx/CVE-2023-22049.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-22049",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-07-18T21:15:14.567",
"lastModified": "2023-07-18T22:17:55.173",
"lastModified": "2023-07-25T15:15:12.573",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -35,6 +35,10 @@
]
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0006/",
"source": "secalert_us@oracle.com"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2023.html",
"source": "secalert_us@oracle.com"

8
CVE-2023/CVE-2023-220xx/CVE-2023-22053.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22053",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-07-18T21:15:14.913",
"lastModified": "2023-07-18T22:17:55.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T15:15:12.657",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -35,6 +35,10 @@
]
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0005/",
"source": "secalert_us@oracle.com"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2023.html",
"source": "secalert_us@oracle.com"

8
CVE-2023/CVE-2023-220xx/CVE-2023-22054.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22054",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-07-18T21:15:14.987",
"lastModified": "2023-07-18T22:17:55.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T15:15:12.763",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -35,6 +35,10 @@
]
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0005/",
"source": "secalert_us@oracle.com"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2023.html",
"source": "secalert_us@oracle.com"

8
CVE-2023/CVE-2023-220xx/CVE-2023-22056.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22056",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-07-18T21:15:15.130",
"lastModified": "2023-07-18T22:17:55.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T15:15:12.867",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -35,6 +35,10 @@
]
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0005/",
"source": "secalert_us@oracle.com"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2023.html",
"source": "secalert_us@oracle.com"

8
CVE-2023/CVE-2023-220xx/CVE-2023-22057.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22057",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-07-18T21:15:15.207",
"lastModified": "2023-07-18T22:17:55.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T15:15:12.963",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -35,6 +35,10 @@
]
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0005/",
"source": "secalert_us@oracle.com"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2023.html",
"source": "secalert_us@oracle.com"

8
CVE-2023/CVE-2023-220xx/CVE-2023-22058.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22058",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-07-18T21:15:15.277",
"lastModified": "2023-07-18T22:17:55.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T15:15:13.063",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -35,6 +35,10 @@
]
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0005/",
"source": "secalert_us@oracle.com"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2023.html",
"source": "secalert_us@oracle.com"

193
CVE-2023/CVE-2023-224xx/CVE-2023-22435.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22435",
"sourceIdentifier": "psirt@honeywell.com",
"published": "2023-07-13T11:15:08.770",
"lastModified": "2023-07-13T12:51:14.383",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T15:06:09.600",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "psirt@honeywell.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "psirt@honeywell.com",
"type": "Secondary",
@ -46,10 +76,167 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "501.1",
"versionEndIncluding": "501.6hf8",
"matchCriteriaId": "DED6EB36-056C-422C-9C6E-9EDE45DDB5F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "510.1",
"versionEndIncluding": "510.2hf12",
"matchCriteriaId": "0511367E-4C62-44C9-BFF9-84E969562A9F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "511.1",
"versionEndIncluding": "511.5tcu3",
"matchCriteriaId": "3A2EAD5D-9B56-4F09-A25B-E98671AE52AC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "520.1",
"versionEndIncluding": "520.1tcu4",
"matchCriteriaId": "E9EAE3B9-6173-4568-962A-C472F593FC47"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "520.2",
"versionEndIncluding": "520.2tcu2",
"matchCriteriaId": "29DFE287-6206-46E2-9118-9159EC44748E"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:experion_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "501.1",
"versionEndIncluding": "501.6hf8",
"matchCriteriaId": "A34A2DF5-19BC-4823-8DD3-54C50EA43B65"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:experion_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "510.1",
"versionEndIncluding": "510.2hf12",
"matchCriteriaId": "0FCC07AA-C8CC-4C69-8011-988932D2F0FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:experion_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "511.1",
"versionEndIncluding": "511.5tcu3",
"matchCriteriaId": "90CA038F-5C1A-46FF-9EA3-7606B3FF703C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:experion_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "520.1",
"versionEndIncluding": "520.1tcu4",
"matchCriteriaId": "F9BAC831-F60D-4010-8EE9-8A741244CB9B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:experion_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "520.2",
"versionEndIncluding": "520.2tcu2",
"matchCriteriaId": "D1B32781-B0B3-4C74-882B-1DF622DEC11C"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:engineering_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "510.1",
"versionEndIncluding": "511.5tcu3",
"matchCriteriaId": "6A1CE95F-F952-47BD-8AC1-CFAAC404BBEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:engineering_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "520.1",
"versionEndIncluding": "520.1tcu4",
"matchCriteriaId": "96A06B44-5738-4A77-98EB-DAB61C07A6D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:engineering_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "520.2",
"versionEndIncluding": "520.2tcu2",
"matchCriteriaId": "177013AA-A2F8-4FC4-82AC-79A6A7196767"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:direct_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "510.1",
"versionEndIncluding": "511.5tcu3",
"matchCriteriaId": "1E31143D-60D7-4864-BA16-259BD4045BAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:direct_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "520.1",
"versionEndIncluding": "520.1tcu4",
"matchCriteriaId": "6ABEC6C0-CF74-49E3-88BA-5D06484DFAA8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:direct_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "520.2",
"versionEndIncluding": "520.2tcu2",
"matchCriteriaId": "BD33B3A2-FC18-4BE6-98A7-88D06339EE28"
}
]
}
]
}
],
"references": [
{
"url": "https://process.honeywell.com",
"source": "psirt@honeywell.com"
"source": "psirt@honeywell.com",
"tags": [
"Product"
]
}
]
}

193
CVE-2023/CVE-2023-235xx/CVE-2023-23585.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23585",
"sourceIdentifier": "psirt@honeywell.com",
"published": "2023-07-13T11:15:08.857",
"lastModified": "2023-07-13T12:51:14.383",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T15:06:27.040",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "psirt@honeywell.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "psirt@honeywell.com",
"type": "Secondary",
@ -46,10 +76,167 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "501.1",
"versionEndIncluding": "501.6hf8",
"matchCriteriaId": "DED6EB36-056C-422C-9C6E-9EDE45DDB5F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "510.1",
"versionEndIncluding": "510.2hf12",
"matchCriteriaId": "0511367E-4C62-44C9-BFF9-84E969562A9F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "511.1",
"versionEndIncluding": "511.5tcu3",
"matchCriteriaId": "3A2EAD5D-9B56-4F09-A25B-E98671AE52AC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "520.1",
"versionEndIncluding": "520.1tcu4",
"matchCriteriaId": "E9EAE3B9-6173-4568-962A-C472F593FC47"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "520.2",
"versionEndIncluding": "520.2tcu2",
"matchCriteriaId": "29DFE287-6206-46E2-9118-9159EC44748E"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:experion_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "501.1",
"versionEndIncluding": "501.6hf8",
"matchCriteriaId": "A34A2DF5-19BC-4823-8DD3-54C50EA43B65"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:experion_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "510.1",
"versionEndIncluding": "510.2hf12",
"matchCriteriaId": "0FCC07AA-C8CC-4C69-8011-988932D2F0FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:experion_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "511.1",
"versionEndIncluding": "511.5tcu3",
"matchCriteriaId": "90CA038F-5C1A-46FF-9EA3-7606B3FF703C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:experion_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "520.1",
"versionEndIncluding": "520.1tcu4",
"matchCriteriaId": "F9BAC831-F60D-4010-8EE9-8A741244CB9B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:experion_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "520.2",
"versionEndIncluding": "520.2tcu2",
"matchCriteriaId": "D1B32781-B0B3-4C74-882B-1DF622DEC11C"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:engineering_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "510.1",
"versionEndIncluding": "511.5tcu3",
"matchCriteriaId": "6A1CE95F-F952-47BD-8AC1-CFAAC404BBEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:engineering_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "520.1",
"versionEndIncluding": "520.1tcu4",
"matchCriteriaId": "96A06B44-5738-4A77-98EB-DAB61C07A6D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:engineering_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "520.2",
"versionEndIncluding": "520.2tcu2",
"matchCriteriaId": "177013AA-A2F8-4FC4-82AC-79A6A7196767"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:direct_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "510.1",
"versionEndIncluding": "511.5tcu3",
"matchCriteriaId": "1E31143D-60D7-4864-BA16-259BD4045BAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:direct_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "520.1",
"versionEndIncluding": "520.1tcu4",
"matchCriteriaId": "6ABEC6C0-CF74-49E3-88BA-5D06484DFAA8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:direct_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "520.2",
"versionEndIncluding": "520.2tcu2",
"matchCriteriaId": "BD33B3A2-FC18-4BE6-98A7-88D06339EE28"
}
]
}
]
}
],
"references": [
{
"url": "https://process.honeywell.com",
"source": "psirt@honeywell.com"
"source": "psirt@honeywell.com",
"tags": [
"Product"
]
}
]
}

193
CVE-2023/CVE-2023-244xx/CVE-2023-24474.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-24474",
"sourceIdentifier": "psirt@honeywell.com",
"published": "2023-07-13T11:15:08.930",
"lastModified": "2023-07-13T12:51:14.383",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T15:06:34.040",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "psirt@honeywell.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "psirt@honeywell.com",
"type": "Secondary",
@ -46,10 +76,167 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "501.1",
"versionEndIncluding": "501.6hf8",
"matchCriteriaId": "DED6EB36-056C-422C-9C6E-9EDE45DDB5F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "510.1",
"versionEndIncluding": "510.2hf12",
"matchCriteriaId": "0511367E-4C62-44C9-BFF9-84E969562A9F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "511.1",
"versionEndIncluding": "511.5tcu3",
"matchCriteriaId": "3A2EAD5D-9B56-4F09-A25B-E98671AE52AC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "520.1",
"versionEndIncluding": "520.1tcu4",
"matchCriteriaId": "E9EAE3B9-6173-4568-962A-C472F593FC47"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "520.2",
"versionEndIncluding": "520.2tcu2",
"matchCriteriaId": "29DFE287-6206-46E2-9118-9159EC44748E"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:experion_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "501.1",
"versionEndIncluding": "501.6hf8",
"matchCriteriaId": "A34A2DF5-19BC-4823-8DD3-54C50EA43B65"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:experion_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "510.1",
"versionEndIncluding": "510.2hf12",
"matchCriteriaId": "0FCC07AA-C8CC-4C69-8011-988932D2F0FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:experion_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "511.1",
"versionEndIncluding": "511.5tcu3",
"matchCriteriaId": "90CA038F-5C1A-46FF-9EA3-7606B3FF703C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:experion_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "520.1",
"versionEndIncluding": "520.1tcu4",
"matchCriteriaId": "F9BAC831-F60D-4010-8EE9-8A741244CB9B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:experion_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "520.2",
"versionEndIncluding": "520.2tcu2",
"matchCriteriaId": "D1B32781-B0B3-4C74-882B-1DF622DEC11C"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:engineering_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "510.1",
"versionEndIncluding": "511.5tcu3",
"matchCriteriaId": "6A1CE95F-F952-47BD-8AC1-CFAAC404BBEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:engineering_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "520.1",
"versionEndIncluding": "520.1tcu4",
"matchCriteriaId": "96A06B44-5738-4A77-98EB-DAB61C07A6D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:engineering_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "520.2",
"versionEndIncluding": "520.2tcu2",
"matchCriteriaId": "177013AA-A2F8-4FC4-82AC-79A6A7196767"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:direct_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "510.1",
"versionEndIncluding": "511.5tcu3",
"matchCriteriaId": "1E31143D-60D7-4864-BA16-259BD4045BAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:direct_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "520.1",
"versionEndIncluding": "520.1tcu4",
"matchCriteriaId": "6ABEC6C0-CF74-49E3-88BA-5D06484DFAA8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:honeywell:direct_station:*:*:*:*:*:*:*:*",
"versionStartIncluding": "520.2",
"versionEndIncluding": "520.2tcu2",
"matchCriteriaId": "BD33B3A2-FC18-4BE6-98A7-88D06339EE28"
}
]
}
]
}
],
"references": [
{
"url": "https://process.honeywell.com",
"source": "psirt@honeywell.com"
"source": "psirt@honeywell.com",
"tags": [
"Product"
]
}
]
}

98
CVE-2023/CVE-2023-244xx/CVE-2023-24480.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-24480",
"sourceIdentifier": "psirt@honeywell.com",
"published": "2023-07-13T11:15:08.997",
"lastModified": "2023-07-13T12:51:14.383",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T15:06:50.630",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "psirt@honeywell.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "psirt@honeywell.com",
"type": "Secondary",
@ -46,10 +76,72 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "501.1",
"versionEndIncluding": "501.6hf8",
"matchCriteriaId": "C8B1523A-A717-4BE3-97B1-5634188EAAF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "510.1",
"versionEndIncluding": "510.2hf12",
"matchCriteriaId": "F01D307E-1DD4-4B16-A1EF-81503E5C7CF1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "511.1",
"versionEndIncluding": "511.5tcu3",
"matchCriteriaId": "1AAAF640-4704-4BEA-AB36-911B08227497"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "520.1",
"versionEndIncluding": "520.1tcu4",
"matchCriteriaId": "254FC5F7-6F70-4E38-95B8-E0042AB3321F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "520.2",
"versionEndIncluding": "520.2tcu2",
"matchCriteriaId": "F075CA91-AFC8-4463-9D02-BE45F98E4840"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:honeywell:c300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA14D67-E320-490E-92E6-CC135EBBA245"
}
]
}
]
}
],
"references": [
{
"url": "https://process.honeywell.com",
"source": "psirt@honeywell.com"
"source": "psirt@honeywell.com",
"tags": [
"Product"
]
}
]
}

6
CVE-2023/CVE-2023-251xx/CVE-2023-25193.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25193",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-04T20:15:08.027",
"lastModified": "2023-03-14T05:15:29.457",
"lastModified": "2023-07-25T15:15:13.163",
"vulnStatus": "Modified",
"descriptions": [
{
@ -114,6 +114,10 @@
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZ5M2GSAIHFPLHYJXUPQ2QDJCLWXUGO3/",
"source": "cve@mitre.org"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0006/",
"source": "cve@mitre.org"
}
]
}

121
CVE-2023/CVE-2023-294xx/CVE-2023-29449.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29449",
"sourceIdentifier": "security@zabbix.com",
"published": "2023-07-13T09:15:09.263",
"lastModified": "2023-07-13T12:51:18.107",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T14:54:44.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "security@zabbix.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
},
{
"source": "security@zabbix.com",
"type": "Secondary",
@ -46,10 +76,95 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.0.31",
"matchCriteriaId": "351A035B-69D9-4AB1-A16E-D4EB07EE46BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndIncluding": "6.0.13",
"matchCriteriaId": "B8481638-B840-4ACA-B42F-5DD7D0E3CE90"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.1",
"versionEndIncluding": "6.4.4",
"matchCriteriaId": "B79D5429-153F-4555-8880-940DBA1F661E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:6.4.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "F8EEB422-9B08-4BB9-A1DD-1F391B93031B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:6.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "D2DBFD04-80FA-496C-8A4D-36008777FCE3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:6.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "409DEB61-6951-48FE-8BA8-32AFE432C114"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:6.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E596AE82-54AD-4689-A59C-E4E906439731"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:6.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "AD9D1FC3-9AD5-4281-82DD-46957ECD4EEF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:6.4.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "81B14635-6FD0-4E9D-BCCD-3F88A3337B3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:6.4.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "425BB43B-4557-4D6F-9748-D0E6146A47E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:6.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "495EB7AA-D9AD-43C0-A04E-66013AF2DBC0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:6.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1FCEBEB2-AD19-4259-9BAC-D96E55384193"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:6.4.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "E8290F5B-E1F0-4081-B365-CB1A7F2A5DA3"
}
]
}
]
}
],
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-22589",
"source": "security@zabbix.com"
"source": "security@zabbix.com",
"tags": [
"Vendor Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-294xx/CVE-2023-29450.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29450",
"sourceIdentifier": "security@zabbix.com",
"published": "2023-07-13T09:15:09.660",
"lastModified": "2023-07-13T12:51:18.107",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T14:55:15.027",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security@zabbix.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-552"
}
]
},
{
"source": "security@zabbix.com",
"type": "Secondary",
@ -50,10 +80,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.0.33",
"matchCriteriaId": "F04570DF-A096-42C3-B16D-1B134B009F3D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndIncluding": "6.0.15",
"matchCriteriaId": "221530A4-AB8C-434C-BB41-F5A5E98317B4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndIncluding": "6.4.1",
"matchCriteriaId": "9FB7A41B-6B72-4A37-8A30-AA23BADAE942"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.3",
"versionEndIncluding": "6.4.4",
"matchCriteriaId": "D5B6F1C5-A8C8-4F4B-848C-5585523280E0"
}
]
}
]
}
],
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-22588",
"source": "security@zabbix.com"
"source": "security@zabbix.com",
"tags": [
"Vendor Advisory"
]
}
]
}

114
CVE-2023/CVE-2023-294xx/CVE-2023-29451.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29451",
"sourceIdentifier": "security@zabbix.com",
"published": "2023-07-13T10:15:09.137",
"lastModified": "2023-07-13T12:51:18.107",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T14:55:32.543",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security@zabbix.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "security@zabbix.com",
"type": "Secondary",
@ -46,10 +76,88 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.0.14",
"matchCriteriaId": "01F553B6-48B5-4415-BF02-FBD83B16D577"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.2",
"versionEndIncluding": "6.4.4",
"matchCriteriaId": "2DE4CDDA-721E-4B2D-ACCE-718B98C85059"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:6.4.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "F8EEB422-9B08-4BB9-A1DD-1F391B93031B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:6.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "D2DBFD04-80FA-496C-8A4D-36008777FCE3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:6.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "409DEB61-6951-48FE-8BA8-32AFE432C114"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:6.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E596AE82-54AD-4689-A59C-E4E906439731"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:6.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "AD9D1FC3-9AD5-4281-82DD-46957ECD4EEF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:6.4.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "81B14635-6FD0-4E9D-BCCD-3F88A3337B3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:6.4.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "425BB43B-4557-4D6F-9748-D0E6146A47E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:6.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "495EB7AA-D9AD-43C0-A04E-66013AF2DBC0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:6.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1FCEBEB2-AD19-4259-9BAC-D96E55384193"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:6.4.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "E8290F5B-E1F0-4081-B365-CB1A7F2A5DA3"
}
]
}
]
}
],
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-22587",
"source": "security@zabbix.com"
"source": "security@zabbix.com",
"tags": [
"Vendor Advisory"
]
}
]
}

99
CVE-2023/CVE-2023-294xx/CVE-2023-29452.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29452",
"sourceIdentifier": "security@zabbix.com",
"published": "2023-07-13T10:15:09.247",
"lastModified": "2023-07-13T12:51:18.107",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T14:57:46.747",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@zabbix.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@zabbix.com",
"type": "Secondary",
@ -46,10 +76,73 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndIncluding": "6.0.17",
"matchCriteriaId": "699CBC86-9B31-4201-84CC-3B52025A8C6E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:6.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "FD685FA5-4339-4AEA-9BA0-A5ADBA5B0893"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:6.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E5435CF6-B28B-454F-8738-572CE7BD5F3C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:6.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "495EB7AA-D9AD-43C0-A04E-66013AF2DBC0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:6.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1FCEBEB2-AD19-4259-9BAC-D96E55384193"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:6.4.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "E8290F5B-E1F0-4081-B365-CB1A7F2A5DA3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:6.4.1:-:*:*:*:*:*:*",
"matchCriteriaId": "7226BF8C-B38B-4A9B-8360-354528E1B0B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:6.4.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "75FFFD36-61D4-48E3-8AA2-1A6F255E3131"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:6.4.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ADD7BFE-1606-44E5-BE89-91893B886F91"
}
]
}
]
}
],
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-22981",
"source": "security@zabbix.com"
"source": "security@zabbix.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-294xx/CVE-2023-29456.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29456",
"sourceIdentifier": "security@zabbix.com",
"published": "2023-07-13T10:15:09.440",
"lastModified": "2023-07-13T12:51:14.383",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T15:03:10.453",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@zabbix.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@zabbix.com",
"type": "Secondary",
@ -46,10 +76,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:frontend:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndIncluding": "4.0.46",
"matchCriteriaId": "6850E611-6981-4A52-AF5A-1B37595BFE82"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:frontend:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.0.35",
"matchCriteriaId": "F6FBAB1C-88DC-443A-AFEC-BC4DED4069AC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:frontend:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndIncluding": "6.0.18",
"matchCriteriaId": "1334B225-8F22-4552-BD7B-7C544D77EE5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:frontend:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndIncluding": "6.4.3",
"matchCriteriaId": "107D58B9-A350-40F5-BA6D-2F55DA81A11E"
}
]
}
]
}
],
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-22987",
"source": "security@zabbix.com"
"source": "security@zabbix.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-294xx/CVE-2023-29458.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29458",
"sourceIdentifier": "security@zabbix.com",
"published": "2023-07-13T10:15:09.573",
"lastModified": "2023-07-13T12:51:14.383",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T15:05:05.530",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security@zabbix.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-129"
}
]
},
{
"source": "security@zabbix.com",
"type": "Secondary",
@ -46,10 +76,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:5.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "21E9CA91-6BA2-4046-A81B-56203307F325"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:6.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F6C005FB-B627-4C3B-8873-4ECF4A3696CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zabbix:zabbix:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2FECE71F-56F9-4E90-99EC-DBDCFE5AC605"
}
]
}
]
}
],
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-22989",
"source": "security@zabbix.com"
"source": "security@zabbix.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-29xx/CVE-2023-2975.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2975",
"sourceIdentifier": "openssl-security@openssl.org",
"published": "2023-07-14T12:15:09.023",
"lastModified": "2023-07-19T15:15:10.407",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T15:15:13.277",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -28,6 +28,10 @@
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc",
"source": "openssl-security@openssl.org"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0004/",
"source": "openssl-security@openssl.org"
},
{
"url": "https://www.openssl.org/news/secadv/20230714.txt",
"source": "openssl-security@openssl.org"

49
CVE-2023/CVE-2023-33xx/CVE-2023-3342.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3342",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-13T03:15:10.063",
"lastModified": "2023-07-13T23:15:12.490",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T14:47:43.850",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,26 +50,61 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpeverest:user_registration:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.0.2.1",
"matchCriteriaId": "43B8E05C-039C-438F-8E54-430BAC20DF56"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/173434/WordPress-User-Registration-3.0.2-Arbitrary-File-Upload.html",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://lana.codes/lanavdb/c0a58dff-7a5b-4cc0-82d6-2255e61d801c/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/user-registration/tags/3.0.1/includes/functions-ur-core.php#L3156",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2933689/user-registration/trunk/includes/functions-ur-core.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a979e885-f7dd-4616-a881-64f3d97c309d?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

41
CVE-2023/CVE-2023-33xx/CVE-2023-3343.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-3343",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-13T03:15:10.143",
"lastModified": "2023-07-13T08:32:09.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T14:48:03.900",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The User Registration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.0.1 via deserialization of untrusted input from the 'profile-pic-url' parameter. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code."
},
{
"lang": "es",
"value": "El plugin User Registration para WordPress es vulnerable a la inyecci\u00f3n de objetos PHP en versiones hasta la 3.0.1 inclusive a trav\u00e9s de la deserializaci\u00f3n de la entrada no fiable del par\u00e1metro \"profile-pic-url\". Esto permite a atacantes autenticados, con permisos de nivel de suscriptor y superiores, inyectar un objeto PHP. Ninguna cadena POP est\u00e1 presente en el plugin vulnerable. Si una cadena POP est\u00e1 presente a trav\u00e9s de un plugin adicional o tema instalado en el sistema objetivo, podr\u00eda permitir al atacante eliminar archivos arbitrarios, recuperar datos sensibles o ejecutar c\u00f3digo. "
}
],
"metrics": {
@ -46,18 +50,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpeverest:user_registration:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.0.1",
"matchCriteriaId": "2D450782-9C36-4694-9C41-503B702D1F56"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/user-registration/tags/3.0.1/includes/functions-ur-core.php#L3156",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2932199/user-registration/trunk/includes/functions-ur-core.php#file0",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3590277a-3319-4707-b728-d75ea59e8ad9?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-340xx/CVE-2023-34017.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34017",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-25T14:15:10.527",
"lastModified": "2023-07-25T14:15:10.527",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FiveStarPlugins Five Star Restaurant Reservations plugin <=\u00a02.6.7 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/restaurant-reservations/wordpress-five-star-restaurant-reservations-plugin-2-6-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

63
CVE-2023/CVE-2023-340xx/CVE-2023-34093.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-34093",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-25T15:15:13.377",
"lastModified": "2023-07-25T15:15:13.377",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Strapi is an open-source headless content management system. Prior to version 4.10.8, anyone (Strapi developers, users, plugins) can make every attribute of a Content-Type public without knowing it. The vulnerability only affects the handling of content types by Strapi, not the actual content types themselves. Users can use plugins or modify their own content types without realizing that the `privateAttributes` getter is being removed, which can result in any attribute becoming public. This can lead to sensitive information being exposed or the entire system being taken control of by an attacker(having access to password hashes). Anyone can be impacted, depending on how people are using/extending content-types. If the users are mutating the content-type, they will not be affected. Version 4.10.8 contains a patch for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/strapi/strapi/commit/2fa8f30371bfd1db44c15e5747860ee5789096de",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/strapi/strapi/releases/tag/v4.10.8",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/strapi/strapi/security/advisories/GHSA-chmr-rg2f-9jmf",
"source": "security-advisories@github.com"
}
]
}

114
CVE-2023/CVE-2023-341xx/CVE-2023-34123.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-34123",
"sourceIdentifier": "PSIRT@sonicwall.com",
"published": "2023-07-13T00:15:24.387",
"lastModified": "2023-07-13T08:32:09.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T14:12:34.320",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
},
{
"source": "PSIRT@sonicwall.com",
"type": "Secondary",
@ -23,14 +56,85 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:virtual_appliance:*:*:*",
"versionEndExcluding": "9.3.2",
"matchCriteriaId": "12CB3495-2949-4D79-98F9-2156B0296C94"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:windows:*:*:*",
"versionEndExcluding": "9.3.2",
"matchCriteriaId": "6215D18A-7254-453B-93BF-4FFD8417D0AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:-:*:*:virtual_appliance:*:*:*",
"matchCriteriaId": "9F193D8D-EC75-49E4-9510-74534518A276"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:-:*:*:windows:*:*:*",
"matchCriteriaId": "7D33D05B-F776-44C7-BE77-B0656C9449A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:sp1:*:*:virtual_appliance:*:*:*",
"matchCriteriaId": "C00FB351-6120-4C1B-B621-2D7C1ED13966"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:sp1:*:*:windows:*:*:*",
"matchCriteriaId": "654B1441-A169-499C-B061-8E49535FC60D"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:analytics:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.5.0.4",
"matchCriteriaId": "3141B9EA-D34E-4F30-B4D8-413505FBEC53"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:analytics:2.5.0.4-r7:*:*:*:*:*:*:*",
"matchCriteriaId": "8C05380F-06DD-40DE-B5F3-E6E2E188D229"
}
]
}
]
}
],
"references": [
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010",
"source": "PSIRT@sonicwall.com"
"source": "PSIRT@sonicwall.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.sonicwall.com/support/notices/230710150218060",
"source": "PSIRT@sonicwall.com"
"source": "PSIRT@sonicwall.com",
"tags": [
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-341xx/CVE-2023-34131.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-34131",
"sourceIdentifier": "PSIRT@sonicwall.com",
"published": "2023-07-13T03:15:09.470",
"lastModified": "2023-07-13T08:32:09.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T14:09:26.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics enables an unauthenticated attacker to access restricted web pages. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "PSIRT@sonicwall.com",
"type": "Secondary",
@ -23,14 +56,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:analytics:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.5.0.4-r7",
"matchCriteriaId": "A5BFA6B7-2070-4FCA-B27C-5ED1047B1101"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.3.2",
"matchCriteriaId": "02CDB54F-B795-42B3-A406-22D7E4A03ACB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:-:*:*:*:*:*:*",
"matchCriteriaId": "2E8493ED-1A01-4FAA-9608-4481DDD0D69B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "89A96771-621F-4D0D-B667-0A99F5F76789"
}
]
}
]
}
],
"references": [
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010",
"source": "PSIRT@sonicwall.com"
"source": "PSIRT@sonicwall.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.sonicwall.com/support/notices/230710150218060",
"source": "PSIRT@sonicwall.com"
"source": "PSIRT@sonicwall.com",
"tags": [
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-341xx/CVE-2023-34132.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-34132",
"sourceIdentifier": "PSIRT@sonicwall.com",
"published": "2023-07-13T03:15:09.533",
"lastModified": "2023-07-13T08:32:09.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T14:09:15.400",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "PSIRT@sonicwall.com",
"type": "Secondary",
@ -23,14 +56,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:analytics:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.5.0.4-r7",
"matchCriteriaId": "A5BFA6B7-2070-4FCA-B27C-5ED1047B1101"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.3.2",
"matchCriteriaId": "02CDB54F-B795-42B3-A406-22D7E4A03ACB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:-:*:*:*:*:*:*",
"matchCriteriaId": "2E8493ED-1A01-4FAA-9608-4481DDD0D69B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "89A96771-621F-4D0D-B667-0A99F5F76789"
}
]
}
]
}
],
"references": [
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010",
"source": "PSIRT@sonicwall.com"
"source": "PSIRT@sonicwall.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.sonicwall.com/support/notices/230710150218060",
"source": "PSIRT@sonicwall.com"
"source": "PSIRT@sonicwall.com",
"tags": [
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-341xx/CVE-2023-34133.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-34133",
"sourceIdentifier": "PSIRT@sonicwall.com",
"published": "2023-07-13T03:15:09.590",
"lastModified": "2023-07-13T08:32:09.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T14:08:15.580",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "PSIRT@sonicwall.com",
"type": "Secondary",
@ -23,14 +56,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:analytics:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.5.0.4-r7",
"matchCriteriaId": "A5BFA6B7-2070-4FCA-B27C-5ED1047B1101"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.3.2",
"matchCriteriaId": "02CDB54F-B795-42B3-A406-22D7E4A03ACB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:-:*:*:*:*:*:*",
"matchCriteriaId": "2E8493ED-1A01-4FAA-9608-4481DDD0D69B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "89A96771-621F-4D0D-B667-0A99F5F76789"
}
]
}
]
}
],
"references": [
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010",
"source": "PSIRT@sonicwall.com"
"source": "PSIRT@sonicwall.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.sonicwall.com/support/notices/230710150218060",
"source": "PSIRT@sonicwall.com"
"source": "PSIRT@sonicwall.com",
"tags": [
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-341xx/CVE-2023-34134.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-34134",
"sourceIdentifier": "PSIRT@sonicwall.com",
"published": "2023-07-13T03:15:09.647",
"lastModified": "2023-07-13T08:32:09.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T14:07:37.530",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to read administrator password hash via a web service call. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "PSIRT@sonicwall.com",
"type": "Secondary",
@ -23,14 +56,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:analytics:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.5.0.4-r7",
"matchCriteriaId": "A5BFA6B7-2070-4FCA-B27C-5ED1047B1101"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.3.2",
"matchCriteriaId": "02CDB54F-B795-42B3-A406-22D7E4A03ACB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:-:*:*:*:*:*:*",
"matchCriteriaId": "2E8493ED-1A01-4FAA-9608-4481DDD0D69B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "89A96771-621F-4D0D-B667-0A99F5F76789"
}
]
}
]
}
],
"references": [
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010",
"source": "PSIRT@sonicwall.com"
"source": "PSIRT@sonicwall.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.sonicwall.com/support/notices/230710150218060",
"source": "PSIRT@sonicwall.com"
"source": "PSIRT@sonicwall.com",
"tags": [
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-341xx/CVE-2023-34136.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-34136",
"sourceIdentifier": "PSIRT@sonicwall.com",
"published": "2023-07-13T03:15:09.770",
"lastModified": "2023-07-13T08:32:09.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T14:04:42.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by the attacker. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "PSIRT@sonicwall.com",
"type": "Secondary",
@ -23,14 +56,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:analytics:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.5.0.4-r7",
"matchCriteriaId": "A5BFA6B7-2070-4FCA-B27C-5ED1047B1101"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.3.2",
"matchCriteriaId": "02CDB54F-B795-42B3-A406-22D7E4A03ACB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:-:*:*:*:*:*:*",
"matchCriteriaId": "2E8493ED-1A01-4FAA-9608-4481DDD0D69B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "89A96771-621F-4D0D-B667-0A99F5F76789"
}
]
}
]
}
],
"references": [
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010",
"source": "PSIRT@sonicwall.com"
"source": "PSIRT@sonicwall.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.sonicwall.com/support/notices/230710150218060",
"source": "PSIRT@sonicwall.com"
"source": "PSIRT@sonicwall.com",
"tags": [
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-341xx/CVE-2023-34137.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-34137",
"sourceIdentifier": "PSIRT@sonicwall.com",
"published": "2023-07-13T03:15:09.827",
"lastModified": "2023-07-13T08:32:09.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T14:04:30.290",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "PSIRT@sonicwall.com",
"type": "Secondary",
@ -23,14 +56,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:analytics:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.5.0.4-r7",
"matchCriteriaId": "A5BFA6B7-2070-4FCA-B27C-5ED1047B1101"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.3.2",
"matchCriteriaId": "02CDB54F-B795-42B3-A406-22D7E4A03ACB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:-:*:*:*:*:*:*",
"matchCriteriaId": "2E8493ED-1A01-4FAA-9608-4481DDD0D69B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "89A96771-621F-4D0D-B667-0A99F5F76789"
}
]
}
]
}
],
"references": [
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010",
"source": "PSIRT@sonicwall.com"
"source": "PSIRT@sonicwall.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.sonicwall.com/support/notices/230710150218060",
"source": "PSIRT@sonicwall.com"
"source": "PSIRT@sonicwall.com",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-343xx/CVE-2023-34369.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34369",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-25T14:15:10.633",
"lastModified": "2023-07-25T14:15:10.633",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GrandSlambert Login Configurator plugin <=\u00a02.1 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/login-configurator/wordpress-login-configurator-plugin-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2023/CVE-2023-35xx/CVE-2023-3548.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-3548",
"sourceIdentifier": "productsecurity@jci.com",
"published": "2023-07-25T14:15:11.123",
"lastModified": "2023-07-25T14:15:11.123",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An unauthorized user could gain account access to IQ Wifi 6 versions prior to 2.0.2 by conducting a brute force authentication attack.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "productsecurity@jci.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "productsecurity@jci.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-206-04",
"source": "productsecurity@jci.com"
},
{
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories",
"source": "productsecurity@jci.com"
}
]
}

55
CVE-2023/CVE-2023-363xx/CVE-2023-36385.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-36385",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-25T14:15:10.720",
"lastModified": "2023-07-25T14:15:10.720",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpxpo PostX \u2013 Gutenberg Post Grid Blocks plugin <=\u00a02.9.9 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ultimate-post/wordpress-postx-gutenberg-post-grid-blocks-plugin-2-9-9-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-365xx/CVE-2023-36501.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-36501",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-25T14:15:10.807",
"lastModified": "2023-07-25T14:15:10.807",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael Winkler teachPress plugin <=\u00a09.0.2 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/teachpress/wordpress-teachpress-plugin-9-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-365xx/CVE-2023-36502.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-36502",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-25T14:15:10.893",
"lastModified": "2023-07-25T14:15:10.893",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cththemes Balkon plugin <=\u00a01.3.2 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/balkon/wordpress-balkon-theme-1-3-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-365xx/CVE-2023-36503.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-36503",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-25T14:15:10.980",
"lastModified": "2023-07-25T14:15:10.980",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Max Foundry WordPress Button Plugin MaxButtons plugin <=\u00a09.5.3 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/maxbuttons/wordpress-wordpress-button-plugin-maxbuttons-plugin-9-5-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

8
CVE-2023/CVE-2023-366xx/CVE-2023-36617.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36617",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-29T13:15:09.583",
"lastModified": "2023-07-06T18:34:41.793",
"vulnStatus": "Analyzed",
"lastModified": "2023-07-25T15:15:13.497",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -72,6 +72,10 @@
}
],
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0002/",
"source": "cve@mitre.org"
},
{
"url": "https://www.ruby-lang.org/en/news/2023/06/29/redos-in-uri-CVE-2023-36617/",
"source": "cve@mitre.org",

57
CVE-2023/CVE-2023-36xx/CVE-2023-3657.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3657",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-13T10:15:09.643",
"lastModified": "2023-07-13T12:51:14.383",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T15:05:56.500",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,14 +93,41 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ac_repair_and_services_system_project:ac_repair_and_services_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93360BEF-F4C8-4AA0-9F50-1BA8EFAFC705"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.234011",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.234011",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

55
CVE-2023/CVE-2023-36xx/CVE-2023-3678.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3678",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-15T08:15:42.537",
"lastModified": "2023-07-17T13:02:42.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T14:11:55.420",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,14 +93,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ac_repair_and_services_system_project:ac_repair_and_services_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93360BEF-F4C8-4AA0-9F50-1BA8EFAFC705"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.234223",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.234223",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-36xx/CVE-2023-3679.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3679",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-15T09:15:09.403",
"lastModified": "2023-07-17T13:02:42.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T14:14:42.570",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,14 +93,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lost_and_found_information_system_project:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B84257-5F4C-48D4-8097-A6FA541667BE"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.234224",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.234224",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-36xx/CVE-2023-3680.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3680",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-15T09:15:09.803",
"lastModified": "2023-07-17T13:02:42.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T14:15:03.503",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,14 +93,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lost_and_found_information_system_project:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B84257-5F4C-48D4-8097-A6FA541667BE"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.234225",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.234225",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-374xx/CVE-2023-37415.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-37415",
"sourceIdentifier": "security@apache.org",
"published": "2023-07-13T08:15:10.767",
"lastModified": "2023-07-13T23:15:11.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T14:51:35.160",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider.\n\nPatching on top of CVE-2023-35797\nBefore\u00a06.1.2\u00a0the proxy_user option can also inject semicolon.\n\nThis issue affects Apache Airflow Apache Hive Provider: before 6.1.2.\n\nIt is recommended updating provider version to 6.1.2 in order to avoid this vulnerability.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
@ -23,14 +46,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:apache-airflow-providers-apache-hive:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.2",
"matchCriteriaId": "974BAAB3-CD8A-42E8-83A1-122E8A5DB3C4"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/12/3",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread/9wx0jlckbnycjh8nj5qfwxo423zvm41k",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

165
CVE-2023/CVE-2023-375xx/CVE-2023-37561.json
View File

@ -2,23 +2,178 @@
"id": "CVE-2023-37561",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-07-13T02:15:09.467",
"lastModified": "2023-07-13T08:32:09.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T14:11:24.400",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. Affected products and versions are as follows: WRH-300WH-H v2.12 and earlier, WTC-300HWH v1.09 and earlier, WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier.\r\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wrh-300wh-h_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.12",
"matchCriteriaId": "218EB4DC-76CF-4940-AB33-EE1CF9D224DF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wrh-300wh-h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "079F2DC5-840A-4201-B46C-F9339968D256"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wtc-300hwh_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.09",
"matchCriteriaId": "EA8A3899-88B3-49C3-8383-06BADB7789AF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wtc-300hwh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A647D35F-778D-418E-9B7A-332EEA313EAC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wtc-c1167gc-b_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.17",
"matchCriteriaId": "F0E26C65-3BC9-444D-A6D4-EDC76105A388"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wtc-c1167gc-b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B6FB5F1-64E0-4289-9445-79832CEEE039"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wtc-c1167gc-w_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.17",
"matchCriteriaId": "8024FCCD-77ED-48FE-8821-474F3A80D40A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wtc-c1167gc-w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C416DBF4-851E-4058-A66E-31D711454370"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN05223215/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

109
CVE-2023/CVE-2023-375xx/CVE-2023-37562.json
View File

@ -2,23 +2,122 @@
"id": "CVE-2023-37562",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-07-13T03:15:09.880",
"lastModified": "2023-07-13T08:32:09.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T14:03:42.807",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in exists in WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. If a user views a malicious page while logged in, unintended operations may be performed."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wtc-c1167gc-b_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.17",
"matchCriteriaId": "F0E26C65-3BC9-444D-A6D4-EDC76105A388"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wtc-c1167gc-b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B6FB5F1-64E0-4289-9445-79832CEEE039"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wtc-c1167gc-w_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.17",
"matchCriteriaId": "8024FCCD-77ED-48FE-8821-474F3A80D40A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wtc-c1167gc-w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C416DBF4-851E-4058-A66E-31D711454370"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN05223215/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

193
CVE-2023/CVE-2023-375xx/CVE-2023-37563.json
View File

@ -2,23 +2,206 @@
"id": "CVE-2023-37563",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-07-13T03:15:09.927",
"lastModified": "2023-07-13T08:32:09.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T14:02:59.173",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Exposure of sensitive information to an unauthorized actor issue exists in ELECOM wireless LAN routers, which allows a network-adjacent attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wrc-1167ghbk-s_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.03",
"matchCriteriaId": "73FE02E7-2700-4C34-8DA7-F04040ABD427"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA23990-CAE0-4EDE-8355-530CB0D72288"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wrc-1167gebk-s_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.03",
"matchCriteriaId": "D15FBA3F-C309-4B24-B4B0-FF271DC24681"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1840F3EA-A2F1-4E0D-A179-A0141BDA1760"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wrc-1167febk-s_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.04",
"matchCriteriaId": "B7200E9A-0713-461F-AD6D-03151D62F0B0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7EF5A7C-3EEA-4592-A25C-E254DF703FFF"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wrc-1167ghbk3-a_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.24",
"matchCriteriaId": "CDA47F4E-73D6-4F96-8EF4-8896701F6990"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6248727-0D48-44DA-A44A-87FD71ECEDA6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wrc-1167febk-a_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.18",
"matchCriteriaId": "2FA6AB13-9CBF-46A1-89E8-1D341E6FBE03"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F6BA0C4-7C5C-4BF3-A268-4978590041E6"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN05223215/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

193
CVE-2023/CVE-2023-375xx/CVE-2023-37564.json
View File

@ -2,23 +2,206 @@
"id": "CVE-2023-37564",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-07-13T04:15:10.213",
"lastModified": "2023-07-13T08:32:09.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T14:49:22.723",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wrc-1167ghbk-s_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.03",
"matchCriteriaId": "73FE02E7-2700-4C34-8DA7-F04040ABD427"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA23990-CAE0-4EDE-8355-530CB0D72288"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wrc-1167gebk-s_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.03",
"matchCriteriaId": "D15FBA3F-C309-4B24-B4B0-FF271DC24681"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1840F3EA-A2F1-4E0D-A179-A0141BDA1760"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wrc-1167febk-s_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.04",
"matchCriteriaId": "B7200E9A-0713-461F-AD6D-03151D62F0B0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7EF5A7C-3EEA-4592-A25C-E254DF703FFF"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wrc-1167ghbk3-a_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.24",
"matchCriteriaId": "CDA47F4E-73D6-4F96-8EF4-8896701F6990"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6248727-0D48-44DA-A44A-87FD71ECEDA6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wrc-1167febk-a_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.18",
"matchCriteriaId": "2FA6AB13-9CBF-46A1-89E8-1D341E6FBE03"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F6BA0C4-7C5C-4BF3-A268-4978590041E6"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN05223215/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

193
CVE-2023/CVE-2023-375xx/CVE-2023-37565.json
View File

@ -2,23 +2,206 @@
"id": "CVE-2023-37565",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-07-13T04:15:10.303",
"lastModified": "2023-07-13T08:32:09.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T14:50:48.460",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wrc-1167ghbk-s_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.03",
"matchCriteriaId": "73FE02E7-2700-4C34-8DA7-F04040ABD427"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA23990-CAE0-4EDE-8355-530CB0D72288"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wrc-1167gebk-s_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.03",
"matchCriteriaId": "D15FBA3F-C309-4B24-B4B0-FF271DC24681"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1840F3EA-A2F1-4E0D-A179-A0141BDA1760"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wrc-1167febk-s_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.04",
"matchCriteriaId": "B7200E9A-0713-461F-AD6D-03151D62F0B0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7EF5A7C-3EEA-4592-A25C-E254DF703FFF"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wrc-1167ghbk3-a_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.24",
"matchCriteriaId": "CDA47F4E-73D6-4F96-8EF4-8896701F6990"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6248727-0D48-44DA-A44A-87FD71ECEDA6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wrc-1167febk-a_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.18",
"matchCriteriaId": "2FA6AB13-9CBF-46A1-89E8-1D341E6FBE03"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F6BA0C4-7C5C-4BF3-A268-4978590041E6"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN05223215/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

109
CVE-2023/CVE-2023-375xx/CVE-2023-37566.json
View File

@ -2,23 +2,122 @@
"id": "CVE-2023-37566",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-07-13T02:15:09.517",
"lastModified": "2023-07-13T08:32:09.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T14:11:02.723",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "ELECOM wireless LAN routers WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier allow a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wrc-1167ghbk3-a_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.24",
"matchCriteriaId": "CDA47F4E-73D6-4F96-8EF4-8896701F6990"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6248727-0D48-44DA-A44A-87FD71ECEDA6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wrc-1167febk-a_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.18",
"matchCriteriaId": "2FA6AB13-9CBF-46A1-89E8-1D341E6FBE03"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F6BA0C4-7C5C-4BF3-A268-4978590041E6"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU91850798/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-375xx/CVE-2023-37567.json
View File

@ -2,23 +2,94 @@
"id": "CVE-2023-37567",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-07-13T02:15:09.563",
"lastModified": "2023-07-13T08:32:09.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T14:10:47.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "ELECOM wireless LAN router WRC-1167GHBK3-A v1.24 and earlier allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wrc-1167ghbk3-a_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.24",
"matchCriteriaId": "CDA47F4E-73D6-4F96-8EF4-8896701F6990"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6248727-0D48-44DA-A44A-87FD71ECEDA6"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU91850798/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

109
CVE-2023/CVE-2023-375xx/CVE-2023-37568.json
View File

@ -2,23 +2,122 @@
"id": "CVE-2023-37568",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-07-13T02:15:09.607",
"lastModified": "2023-07-13T08:32:09.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T14:10:00.403",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "ELECOM wireless LAN routers WRC-1167GHBK-S v1.03 and earlier, and WRC-1167GEBK-S v1.03 and earlier allow a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wrc-1167ghbk-s_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.03",
"matchCriteriaId": "73FE02E7-2700-4C34-8DA7-F04040ABD427"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA23990-CAE0-4EDE-8355-530CB0D72288"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wrc-1167gebk-s_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.03",
"matchCriteriaId": "D15FBA3F-C309-4B24-B4B0-FF271DC24681"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1840F3EA-A2F1-4E0D-A179-A0141BDA1760"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU91850798/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

40
CVE-2023/CVE-2023-378xx/CVE-2023-37895.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-37895",
"sourceIdentifier": "security@apache.org",
"published": "2023-07-25T15:15:13.587",
"lastModified": "2023-07-25T15:15:13.587",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to (including) 2.20.10 (stable branch) and 2.21.17 (unstable branch) use the component \"commons-beanutils\", which contains a class that can be used for remote code execution over RMI.\n\nUsers are advised to immediately update to versions 2.20.11 or 2.21.18. Note that earlier stable branches (1.0.x .. 2.18.x) have been EOLd already and do not receive updates anymore.\n\nIn general, RMI support can expose vulnerabilities by the mere presence of an exploitable class on the classpath. Even if Jackrabbit itself does not contain any code known to be exploitable anymore, adding other components to your server can expose the same type of problem. We therefore recommend to disable RMI access altogether (see further below), and will discuss deprecating RMI support in future Jackrabbit releases.\n\nHow to check whether RMI support is enabledRMI support can be over an RMI-specific TCP port, and over an HTTP binding. Both are by default enabled in Jackrabbit webapp/standalone.\n\nThe native RMI protocol by default uses port 1099. To check whether it is enabled, tools like \"netstat\" can be used to check.\n\nRMI-over-HTTP in Jackrabbit by default uses the path \"/rmi\". So when running standalone on port 8080, check whether an HTTP GET request on localhost:8080/rmi returns 404 (not enabled) or 200 (enabled). Note that the HTTP path may be different when the webapp is deployed in a container as non-root context, in which case the prefix is under the user's control.\n\nTurning off RMIFind web.xml (either in JAR/WAR file or in unpacked web application folder), and remove the declaration and the mapping definition for the RemoteBindingServlet:\n\n\u00a0 \u00a0 \u00a0 \u00a0 <servlet>\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <servlet-name>RMI</servlet-name>\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <servlet-class>org.apache.jackrabbit.servlet.remote.RemoteBindingServlet</servlet-class>\n\u00a0 \u00a0 \u00a0 \u00a0 </servlet>\n\n\u00a0 \u00a0 \u00a0 \u00a0 <servlet-mapping>\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <servlet-name>RMI</servlet-name>\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <url-pattern>/rmi</url-pattern>\n\u00a0 \u00a0 \u00a0 \u00a0 </servlet-mapping>\n\nFind the bootstrap.properties file (in $REPOSITORY_HOME), and set\n\n\u00a0 \u00a0 \u00a0 \u00a0 rmi.enabled=false\n\n\u00a0 \u00a0 and also remove\n\n\u00a0 \u00a0 \u00a0 \u00a0 rmi.host\n\u00a0 \u00a0 \u00a0 \u00a0 rmi.port\n\u00a0 \u00a0 \u00a0 \u00a0 rmi.url-pattern\n\n\u00a0If there is no file named bootstrap.properties in $REPOSITORY_HOME, it is located somewhere in the classpath. In this case, place a copy in $REPOSITORY_HOME and modify it as explained.\n\n\u00a0\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/25/8",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/list.html?users@jackrabbit.apache.org",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/j03b3qdhborc2jrhdc4d765d3jkh8bfw",
"source": "security@apache.org"
}
]
}

78
CVE-2023/CVE-2023-381xx/CVE-2023-38197.json
View File

@ -2,19 +2,89 @@
"id": "CVE-2023-38197",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-13T02:15:09.677",
"lastModified": "2023-07-13T08:32:09.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T14:10:05.513",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-835"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.15",
"matchCriteriaId": "19F5F946-5DD7-4F8D-8171-83BB0D9C5048"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.2.10",
"matchCriteriaId": "54D034EA-7845-4FE1-BA22-0C12D61054B4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.3.0",
"versionEndExcluding": "6.5.3",
"matchCriteriaId": "87A37030-7537-4CA1-878E-5AFE90FCF259"
}
]
}
]
}
],
"references": [
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/488960",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

96
CVE-2023/CVE-2023-381xx/CVE-2023-38198.json
View File

@ -2,43 +2,119 @@
"id": "CVE-2023-38198",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-13T03:15:09.977",
"lastModified": "2023-07-13T23:15:12.443",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T14:30:35.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acme.sh_project:acme.sh:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.6",
"matchCriteriaId": "8105203B-D744-4DDF-8819-0869485DDB79"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/13/1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://github.com/acmesh-official/acme.sh/issues/4659",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://github.com/acmesh-official/acme.sh/releases/tag/3.0.6",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/heXVr8o83Ys",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://news.ycombinator.com/item?id=36252310",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://news.ycombinator.com/item?id=36254093",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.reddit.com/r/netsec/comments/144ygg7/acmesh_runs_arbitrary_commands_from_a_remote/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-381xx/CVE-2023-38199.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-38199",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-13T03:15:10.023",
"lastModified": "2023-07-13T08:32:09.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-25T14:44:20.033",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not block multiple Content-Type headers, which might allow attackers to bypass a WAF with a crafted payload, aka \"Content-Type confusion.\" This occurs when the web application relies on only the last Content-Type header."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owasp:coreruleset:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.3.4",
"matchCriteriaId": "75A37947-A996-4E67-AE96-BC3EB6F1F2DF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/coreruleset/coreruleset/issues/3191",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/coreruleset/coreruleset/pull/3237",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
}
]
}

55
CVE-2023/CVE-2023-391xx/CVE-2023-39173.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-39173",
"sourceIdentifier": "security@jetbrains.com",
"published": "2023-07-25T15:15:13.693",
"lastModified": "2023-07-25T15:15:13.693",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@jetbrains.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@jetbrains.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-266"
}
]
}
],
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "security@jetbrains.com"
}
]
}

55
CVE-2023/CVE-2023-391xx/CVE-2023-39174.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-39174",
"sourceIdentifier": "security@jetbrains.com",
"published": "2023-07-25T15:15:13.830",
"lastModified": "2023-07-25T15:15:13.830",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@jetbrains.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@jetbrains.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
]
}
],
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "security@jetbrains.com"
}
]
}

55
CVE-2023/CVE-2023-391xx/CVE-2023-39175.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-39175",
"sourceIdentifier": "security@jetbrains.com",
"published": "2023-07-25T15:15:13.917",
"lastModified": "2023-07-25T15:15:13.917",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@jetbrains.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@jetbrains.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "security@jetbrains.com"
}
]
}

78
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-07-25T14:00:29.564290+00:00
2023-07-25T16:00:26.544144+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-07-25T13:59:49.107000+00:00
2023-07-25T15:30:52.077000+00:00
```
### Last Data Feed Release
@ -29,50 +29,56 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
220978
220990
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `12`
* [CVE-2023-2850](CVE-2023/CVE-2023-28xx/CVE-2023-2850.json) (`2023-07-25T12:15:10.837`)
* [CVE-2023-23833](CVE-2023/CVE-2023-238xx/CVE-2023-23833.json) (`2023-07-25T13:15:10.037`)
* [CVE-2023-33925](CVE-2023/CVE-2023-339xx/CVE-2023-33925.json) (`2023-07-25T13:15:10.157`)
* [CVE-2023-35043](CVE-2023/CVE-2023-350xx/CVE-2023-35043.json) (`2023-07-25T13:15:10.243`)
* [CVE-2023-3486](CVE-2023/CVE-2023-34xx/CVE-2023-3486.json) (`2023-07-25T13:15:10.330`)
* [CVE-2023-3637](CVE-2023/CVE-2023-36xx/CVE-2023-3637.json) (`2023-07-25T13:15:10.407`)
* [CVE-2023-34017](CVE-2023/CVE-2023-340xx/CVE-2023-34017.json) (`2023-07-25T14:15:10.527`)
* [CVE-2023-34369](CVE-2023/CVE-2023-343xx/CVE-2023-34369.json) (`2023-07-25T14:15:10.633`)
* [CVE-2023-36385](CVE-2023/CVE-2023-363xx/CVE-2023-36385.json) (`2023-07-25T14:15:10.720`)
* [CVE-2023-36501](CVE-2023/CVE-2023-365xx/CVE-2023-36501.json) (`2023-07-25T14:15:10.807`)
* [CVE-2023-36502](CVE-2023/CVE-2023-365xx/CVE-2023-36502.json) (`2023-07-25T14:15:10.893`)
* [CVE-2023-36503](CVE-2023/CVE-2023-365xx/CVE-2023-36503.json) (`2023-07-25T14:15:10.980`)
* [CVE-2023-3548](CVE-2023/CVE-2023-35xx/CVE-2023-3548.json) (`2023-07-25T14:15:11.123`)
* [CVE-2023-34093](CVE-2023/CVE-2023-340xx/CVE-2023-34093.json) (`2023-07-25T15:15:13.377`)
* [CVE-2023-37895](CVE-2023/CVE-2023-378xx/CVE-2023-37895.json) (`2023-07-25T15:15:13.587`)
* [CVE-2023-39173](CVE-2023/CVE-2023-391xx/CVE-2023-39173.json) (`2023-07-25T15:15:13.693`)
* [CVE-2023-39174](CVE-2023/CVE-2023-391xx/CVE-2023-39174.json) (`2023-07-25T15:15:13.830`)
* [CVE-2023-39175](CVE-2023/CVE-2023-391xx/CVE-2023-39175.json) (`2023-07-25T15:15:13.917`)
### CVEs modified in the last Commit
Recently modified CVEs: `77`
Recently modified CVEs: `67`
* [CVE-2023-3748](CVE-2023/CVE-2023-37xx/CVE-2023-3748.json) (`2023-07-25T13:01:09.337`)
* [CVE-2023-3750](CVE-2023/CVE-2023-37xx/CVE-2023-3750.json) (`2023-07-25T13:01:09.337`)
* [CVE-2023-3812](CVE-2023/CVE-2023-38xx/CVE-2023-3812.json) (`2023-07-25T13:01:09.337`)
* [CVE-2023-26077](CVE-2023/CVE-2023-260xx/CVE-2023-26077.json) (`2023-07-25T13:01:09.337`)
* [CVE-2023-3321](CVE-2023/CVE-2023-33xx/CVE-2023-3321.json) (`2023-07-25T13:01:09.337`)
* [CVE-2023-3322](CVE-2023/CVE-2023-33xx/CVE-2023-3322.json) (`2023-07-25T13:01:09.337`)
* [CVE-2023-3323](CVE-2023/CVE-2023-33xx/CVE-2023-3323.json) (`2023-07-25T13:01:09.337`)
* [CVE-2023-3324](CVE-2023/CVE-2023-33xx/CVE-2023-3324.json) (`2023-07-25T13:01:09.337`)
* [CVE-2023-34478](CVE-2023/CVE-2023-344xx/CVE-2023-34478.json) (`2023-07-25T13:01:09.337`)
* [CVE-2023-37613](CVE-2023/CVE-2023-376xx/CVE-2023-37613.json) (`2023-07-25T13:01:09.337`)
* [CVE-2023-20593](CVE-2023/CVE-2023-205xx/CVE-2023-20593.json) (`2023-07-25T13:01:09.337`)
* [CVE-2023-26045](CVE-2023/CVE-2023-260xx/CVE-2023-26045.json) (`2023-07-25T13:01:09.337`)
* [CVE-2023-3871](CVE-2023/CVE-2023-38xx/CVE-2023-3871.json) (`2023-07-25T13:01:09.337`)
* [CVE-2023-3863](CVE-2023/CVE-2023-38xx/CVE-2023-3863.json) (`2023-07-25T13:01:13.730`)
* [CVE-2023-1386](CVE-2023/CVE-2023-13xx/CVE-2023-1386.json) (`2023-07-25T13:01:13.730`)
* [CVE-2023-26078](CVE-2023/CVE-2023-260xx/CVE-2023-26078.json) (`2023-07-25T13:01:13.730`)
* [CVE-2023-2860](CVE-2023/CVE-2023-28xx/CVE-2023-2860.json) (`2023-07-25T13:01:13.730`)
* [CVE-2023-32247](CVE-2023/CVE-2023-322xx/CVE-2023-32247.json) (`2023-07-25T13:01:13.730`)
* [CVE-2023-32248](CVE-2023/CVE-2023-322xx/CVE-2023-32248.json) (`2023-07-25T13:01:13.730`)
* [CVE-2023-32252](CVE-2023/CVE-2023-322xx/CVE-2023-32252.json) (`2023-07-25T13:01:13.730`)
* [CVE-2023-32257](CVE-2023/CVE-2023-322xx/CVE-2023-32257.json) (`2023-07-25T13:01:13.730`)
* [CVE-2023-32258](CVE-2023/CVE-2023-322xx/CVE-2023-32258.json) (`2023-07-25T13:01:13.730`)
* [CVE-2023-33951](CVE-2023/CVE-2023-339xx/CVE-2023-33951.json) (`2023-07-25T13:01:13.730`)
* [CVE-2023-33952](CVE-2023/CVE-2023-339xx/CVE-2023-33952.json) (`2023-07-25T13:01:13.730`)
* [CVE-2023-3681](CVE-2023/CVE-2023-36xx/CVE-2023-3681.json) (`2023-07-25T13:59:49.107`)
* [CVE-2023-22005](CVE-2023/CVE-2023-220xx/CVE-2023-22005.json) (`2023-07-25T15:15:11.203`)
* [CVE-2023-22006](CVE-2023/CVE-2023-220xx/CVE-2023-22006.json) (`2023-07-25T15:15:11.363`)
* [CVE-2023-22007](CVE-2023/CVE-2023-220xx/CVE-2023-22007.json) (`2023-07-25T15:15:11.477`)
* [CVE-2023-22008](CVE-2023/CVE-2023-220xx/CVE-2023-22008.json) (`2023-07-25T15:15:11.587`)
* [CVE-2023-22033](CVE-2023/CVE-2023-220xx/CVE-2023-22033.json) (`2023-07-25T15:15:11.683`)
* [CVE-2023-22036](CVE-2023/CVE-2023-220xx/CVE-2023-22036.json) (`2023-07-25T15:15:11.787`)
* [CVE-2023-22038](CVE-2023/CVE-2023-220xx/CVE-2023-22038.json) (`2023-07-25T15:15:11.877`)
* [CVE-2023-22041](CVE-2023/CVE-2023-220xx/CVE-2023-22041.json) (`2023-07-25T15:15:11.987`)
* [CVE-2023-22043](CVE-2023/CVE-2023-220xx/CVE-2023-22043.json) (`2023-07-25T15:15:12.070`)
* [CVE-2023-22044](CVE-2023/CVE-2023-220xx/CVE-2023-22044.json) (`2023-07-25T15:15:12.157`)
* [CVE-2023-22045](CVE-2023/CVE-2023-220xx/CVE-2023-22045.json) (`2023-07-25T15:15:12.250`)
* [CVE-2023-22046](CVE-2023/CVE-2023-220xx/CVE-2023-22046.json) (`2023-07-25T15:15:12.340`)
* [CVE-2023-22048](CVE-2023/CVE-2023-220xx/CVE-2023-22048.json) (`2023-07-25T15:15:12.470`)
* [CVE-2023-22049](CVE-2023/CVE-2023-220xx/CVE-2023-22049.json) (`2023-07-25T15:15:12.573`)
* [CVE-2023-22053](CVE-2023/CVE-2023-220xx/CVE-2023-22053.json) (`2023-07-25T15:15:12.657`)
* [CVE-2023-22054](CVE-2023/CVE-2023-220xx/CVE-2023-22054.json) (`2023-07-25T15:15:12.763`)
* [CVE-2023-22056](CVE-2023/CVE-2023-220xx/CVE-2023-22056.json) (`2023-07-25T15:15:12.867`)
* [CVE-2023-22057](CVE-2023/CVE-2023-220xx/CVE-2023-22057.json) (`2023-07-25T15:15:12.963`)
* [CVE-2023-22058](CVE-2023/CVE-2023-220xx/CVE-2023-22058.json) (`2023-07-25T15:15:13.063`)
* [CVE-2023-25193](CVE-2023/CVE-2023-251xx/CVE-2023-25193.json) (`2023-07-25T15:15:13.163`)
* [CVE-2023-2975](CVE-2023/CVE-2023-29xx/CVE-2023-2975.json) (`2023-07-25T15:15:13.277`)
* [CVE-2023-36617](CVE-2023/CVE-2023-366xx/CVE-2023-36617.json) (`2023-07-25T15:15:13.497`)
* [CVE-2023-21254](CVE-2023/CVE-2023-212xx/CVE-2023-21254.json) (`2023-07-25T15:29:19.453`)
* [CVE-2023-21255](CVE-2023/CVE-2023-212xx/CVE-2023-21255.json) (`2023-07-25T15:29:53.783`)
* [CVE-2023-21256](CVE-2023/CVE-2023-212xx/CVE-2023-21256.json) (`2023-07-25T15:30:52.077`)
## Download and Usage