Auto-Update: 2023-07-14T14:00:36.960023+00:00

2025-07-09 16:05:11 +00:00 · 2023-07-14 14:00:40 +00:00 · 2023-07-14 14:00:40 +00:00 · ac506ea64b
commit ac506ea64b
parent 73f5c4e2b6
49 changed files with 480 additions and 97 deletions
--- a/CVE-2022/CVE-2022-420xx/CVE-2022-42045.json
+++ b/CVE-2022/CVE-2022-420xx/CVE-2022-42045.json
@ -2,8 +2,8 @@
  "id": "CVE-2022-42045",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-07-13T19:15:09.057",
-  "lastModified": "2023-07-13T19:15:09.057",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:32.250",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-208xx/CVE-2023-20899.json
+++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20899.json
@ -2,19 +2,88 @@
  "id": "CVE-2023-20899",
  "sourceIdentifier": "security@vmware.com",
  "published": "2023-07-06T23:15:09.280",
-  "lastModified": "2023-07-07T12:50:22.490",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2023-07-14T12:48:30.153",
+  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "VMware SD-WAN (Edge) contains a bypass authentication vulnerability. An unauthenticated attacker can download the Diagnostic bundle of the application under VMware SD-WAN Management."
    }
  ],
-  "metrics": {},
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "nvd@nist.gov",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "nvd@nist.gov",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "operator": "AND",
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:vmware:sd-wan_edge_firmware:*:*:*:*:*:*:*:*",
+              "versionStartIncluding": "4.5.0",
+              "versionEndExcluding": "4.5.2",
+              "matchCriteriaId": "5B68548E-1EE5-4911-A72B-F9D3EF5D0269"
+            }
+          ]
+        },
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": false,
+              "criteria": "cpe:2.3:h:vmware:sd-wan_edge:-:*:*:*:*:*:*:*",
+              "matchCriteriaId": "E05C6C9F-077E-4861-822E-CB65467FECA5"
+            }
+          ]
+        }
+      ]
+    }
+  ],
  "references": [
    {
      "url": "https://www.vmware.com/security/advisories/VMSA-2023-0015.html",
-      "source": "security@vmware.com"
+      "source": "security@vmware.com",
+      "tags": [
+        "Vendor Advisory"
+      ]
    }
  ]
 }
--- a/CVE-2023/CVE-2023-20xx/CVE-2023-2082.json
+++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2082.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-2082",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2023-07-14T05:15:09.397",
-  "lastModified": "2023-07-14T05:15:09.397",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:21.903",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-288xx/CVE-2023-28862.json
+++ b/CVE-2023/CVE-2023-288xx/CVE-2023-28862.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-28862",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-03-31T17:15:06.620",
-  "lastModified": "2023-04-11T06:05:49.243",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-07-14T13:15:09.167",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
@ -80,6 +80,10 @@
      "tags": [
        "Release Notes"
      ]
+    },
+    {
+      "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00018.html",
+      "source": "cve@mitre.org"
    }
  ]
 }
--- a/CVE-2023/CVE-2023-29xx/CVE-2023-2975.json
+++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2975.json
@ -0,0 +1,28 @@
+{
+  "id": "CVE-2023-2975",
+  "sourceIdentifier": "openssl-security@openssl.org",
+  "published": "2023-07-14T12:15:09.023",
+  "lastModified": "2023-07-14T12:47:21.903",
+  "vulnStatus": "Awaiting Analysis",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Issue summary: The AES-SIV cipher implementation contains a bug that causes\nit to ignore empty associated data entries which are unauthenticated as\na consequence.\n\nImpact summary: Applications that use the AES-SIV algorithm and want to\nauthenticate empty data entries as associated data can be mislead by removing\nadding or reordering such empty entries as these are ignored by the OpenSSL\nimplementation. We are currently unaware of any such applications.\n\nThe AES-SIV algorithm allows for authentication of multiple associated\ndata entries along with the encryption. To authenticate empty data the\napplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with\nNULL pointer as the output buffer and 0 as the input buffer length.\nThe AES-SIV implementation in OpenSSL just returns success for such a call\ninstead of performing the associated data authentication operation.\nThe empty data thus will not be authenticated.\n\nAs this issue does not affect non-empty associated data authentication and\nwe expect it to be rare for an application to use empty associated data\nentries this is qualified as Low severity issue."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598",
+      "source": "openssl-security@openssl.org"
+    },
+    {
+      "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc",
+      "source": "openssl-security@openssl.org"
+    },
+    {
+      "url": "https://www.openssl.org/news/secadv/20230714.txt",
+      "source": "openssl-security@openssl.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-305xx/CVE-2023-30560.json
+++ b/CVE-2023/CVE-2023-305xx/CVE-2023-30560.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-30560",
  "sourceIdentifier": "cybersecurity@bd.com",
  "published": "2023-07-13T19:15:09.197",
-  "lastModified": "2023-07-13T19:15:09.197",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:32.250",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-305xx/CVE-2023-30561.json
+++ b/CVE-2023/CVE-2023-305xx/CVE-2023-30561.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-30561",
  "sourceIdentifier": "cybersecurity@bd.com",
  "published": "2023-07-13T20:15:09.013",
-  "lastModified": "2023-07-13T20:15:09.013",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:26.623",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-305xx/CVE-2023-30562.json
+++ b/CVE-2023/CVE-2023-305xx/CVE-2023-30562.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-30562",
  "sourceIdentifier": "cybersecurity@bd.com",
  "published": "2023-07-13T20:15:09.080",
-  "lastModified": "2023-07-13T20:15:09.080",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:26.623",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-305xx/CVE-2023-30563.json
+++ b/CVE-2023/CVE-2023-305xx/CVE-2023-30563.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-30563",
  "sourceIdentifier": "cybersecurity@bd.com",
  "published": "2023-07-13T20:15:09.143",
-  "lastModified": "2023-07-13T20:15:09.143",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:26.623",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-305xx/CVE-2023-30564.json
+++ b/CVE-2023/CVE-2023-305xx/CVE-2023-30564.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-30564",
  "sourceIdentifier": "cybersecurity@bd.com",
  "published": "2023-07-13T20:15:09.200",
-  "lastModified": "2023-07-13T20:15:09.200",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:26.623",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-305xx/CVE-2023-30565.json
+++ b/CVE-2023/CVE-2023-305xx/CVE-2023-30565.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-30565",
  "sourceIdentifier": "cybersecurity@bd.com",
  "published": "2023-07-13T20:15:09.260",
-  "lastModified": "2023-07-13T20:15:09.260",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:26.623",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-338xx/CVE-2023-33868.json
+++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33868.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-33868",
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "published": "2023-07-06T23:15:09.467",
-  "lastModified": "2023-07-07T12:50:22.490",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2023-07-14T13:28:07.760",
+  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
@ -12,6 +12,26 @@
  ],
  "metrics": {
    "cvssMetricV31": [
+      {
+        "source": "nvd@nist.gov",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      },
      {
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary",
@ -46,10 +66,43 @@
      ]
    }
  ],
+  "configurations": [
+    {
+      "operator": "AND",
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:piigab:m-bus_900s_firmware:-:*:*:*:*:*:*:*",
+              "matchCriteriaId": "04FDDDC1-90D6-4638-862E-2FDC640EA917"
+            }
+          ]
+        },
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": false,
+              "criteria": "cpe:2.3:h:piigab:m-bus_900s:-:*:*:*:*:*:*:*",
+              "matchCriteriaId": "748F8510-1EC7-4F5A-AF34-F9E84E526C78"
+            }
+          ]
+        }
+      ]
+    }
+  ],
  "references": [
    {
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-01",
-      "source": "ics-cert@hq.dhs.gov"
+      "source": "ics-cert@hq.dhs.gov",
+      "tags": [
+        "Third Party Advisory",
+        "US Government Resource"
+      ]
    }
  ]
 }
--- a/CVE-2023/CVE-2023-344xx/CVE-2023-34458.json
+++ b/CVE-2023/CVE-2023-344xx/CVE-2023-34458.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-34458",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2023-07-13T19:15:09.263",
-  "lastModified": "2023-07-13T19:15:09.263",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:26.623",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-34xx/CVE-2023-3433.json
+++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3433.json
@ -0,0 +1,63 @@
+{
+  "id": "CVE-2023-3433",
+  "sourceIdentifier": "cves@blacklanternsecurity.com",
+  "published": "2023-07-14T13:15:09.253",
+  "lastModified": "2023-07-14T13:15:09.253",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The \"nickname\" field within Savoir-faire Linux's Jami application is susceptible to a failed state when a user inserts special characters into the field. When present, these special characters, make it so the application cannot create the signature for the user and results in a local denial of service to the application.\u00a0"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cves@blacklanternsecurity.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 5.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cves@blacklanternsecurity.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-20"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://blog.blacklanternsecurity.com/p/Jami-Local-Denial-Of-Service-and-QRC-Handler-Vulnerabilities",
+      "source": "cves@blacklanternsecurity.com"
+    },
+    {
+      "url": "https://git.jami.net/savoirfairelinux/jami-client-qt/-/wikis/Changelog#nightly-january-10",
+      "source": "cves@blacklanternsecurity.com"
+    },
+    {
+      "url": "https://review.jami.net/c/jami-daemon/+/23575",
+      "source": "cves@blacklanternsecurity.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-34xx/CVE-2023-3434.json
+++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3434.json
@ -0,0 +1,63 @@
+{
+  "id": "CVE-2023-3434",
+  "sourceIdentifier": "cves@blacklanternsecurity.com",
+  "published": "2023-07-14T13:15:09.363",
+  "lastModified": "2023-07-14T13:15:09.363",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Input Validation in the hyperlink interpretation in\u00a0Savoir-faire Linux's Jami (version 20222284)\u00a0on Windows. \n\nThis allows an attacker to send a custom HTML anchor tag to pass a string value to the Windows QRC Handler through the Jami messenger.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cves@blacklanternsecurity.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "LOW",
+          "baseScore": 4.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 2.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cves@blacklanternsecurity.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-20"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://blog.blacklanternsecurity.com/p/Jami-Local-Denial-Of-Service-and-QRC-Handler-Vulnerabilities",
+      "source": "cves@blacklanternsecurity.com"
+    },
+    {
+      "url": "https://git.jami.net/savoirfairelinux/jami-client-qt/-/wikis/Changelog#nightly-january-10",
+      "source": "cves@blacklanternsecurity.com"
+    },
+    {
+      "url": "https://review.jami.net/c/jami-client-qt/+/23569",
+      "source": "cves@blacklanternsecurity.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-359xx/CVE-2023-35945.json
+++ b/CVE-2023/CVE-2023-359xx/CVE-2023-35945.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-35945",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2023-07-13T21:15:08.880",
-  "lastModified": "2023-07-13T21:15:08.880",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:26.623",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-35xx/CVE-2023-3513.json
+++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3513.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-3513",
  "sourceIdentifier": "info@starlabs.sg",
  "published": "2023-07-14T05:15:09.683",
-  "lastModified": "2023-07-14T05:15:09.683",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:21.903",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-35xx/CVE-2023-3514.json
+++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3514.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-3514",
  "sourceIdentifier": "info@starlabs.sg",
  "published": "2023-07-14T05:15:09.763",
-  "lastModified": "2023-07-14T05:15:09.763",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:21.903",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-364xx/CVE-2023-36473.json
+++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36473.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-36473",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2023-07-13T21:15:08.957",
-  "lastModified": "2023-07-13T21:15:08.957",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:26.623",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-36xx/CVE-2023-3648.json
+++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3648.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-3648",
  "sourceIdentifier": "cve@gitlab.com",
  "published": "2023-07-14T07:15:08.387",
-  "lastModified": "2023-07-14T07:15:08.387",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:21.903",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-36xx/CVE-2023-3649.json
+++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3649.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-3649",
  "sourceIdentifier": "cve@gitlab.com",
  "published": "2023-07-14T07:15:08.593",
-  "lastModified": "2023-07-14T07:15:08.593",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:21.903",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-36xx/CVE-2023-3668.json
+++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3668.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-3668",
  "sourceIdentifier": "security@huntr.dev",
  "published": "2023-07-14T01:15:08.763",
-  "lastModified": "2023-07-14T01:15:08.763",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:21.903",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-36xx/CVE-2023-3672.json
+++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3672.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-3672",
  "sourceIdentifier": "security@huntr.dev",
  "published": "2023-07-14T10:15:08.920",
-  "lastModified": "2023-07-14T10:15:08.920",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:21.903",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-36xx/CVE-2023-3673.json
+++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3673.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-3673",
+  "sourceIdentifier": "security@huntr.dev",
+  "published": "2023-07-14T13:15:09.437",
+  "lastModified": "2023-07-14T13:15:09.437",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": " SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "security@huntr.dev",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@huntr.dev",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/pimcore/pimcore/commit/a06ce0abdba19ae0eefc38b035e677f8f0c2bce9",
+      "source": "security@huntr.dev"
+    },
+    {
+      "url": "https://huntr.dev/bounties/46ca0934-5260-477b-9e86-7b16bb18d0a9",
+      "source": "security@huntr.dev"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-372xx/CVE-2023-37272.json
+++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37272.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-37272",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2023-07-13T23:15:10.677",
-  "lastModified": "2023-07-13T23:15:10.677",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:26.623",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-372xx/CVE-2023-37273.json
+++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37273.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-37273",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2023-07-13T23:15:10.747",
-  "lastModified": "2023-07-13T23:15:10.747",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:26.623",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-372xx/CVE-2023-37274.json
+++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37274.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-37274",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2023-07-13T23:15:10.820",
-  "lastModified": "2023-07-13T23:15:10.820",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:26.623",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-372xx/CVE-2023-37275.json
+++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37275.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-37275",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2023-07-13T23:15:10.890",
-  "lastModified": "2023-07-13T23:15:10.890",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:26.623",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-372xx/CVE-2023-37278.json
+++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37278.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-37278",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2023-07-13T23:15:10.963",
-  "lastModified": "2023-07-13T23:15:10.963",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:26.623",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-374xx/CVE-2023-37463.json
+++ b/CVE-2023/CVE-2023-374xx/CVE-2023-37463.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-37463",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2023-07-13T20:15:09.327",
-  "lastModified": "2023-07-13T20:15:09.327",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:26.623",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-374xx/CVE-2023-37466.json
+++ b/CVE-2023/CVE-2023-374xx/CVE-2023-37466.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-37466",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2023-07-14T00:15:09.263",
-  "lastModified": "2023-07-14T00:15:09.263",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:21.903",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-374xx/CVE-2023-37468.json
+++ b/CVE-2023/CVE-2023-374xx/CVE-2023-37468.json
@ -2,12 +2,16 @@
  "id": "CVE-2023-37468",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2023-07-13T21:15:09.253",
-  "lastModified": "2023-07-13T21:15:09.253",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:26.623",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "Feedbacksystem is a personalized feedback system for students using artificial intelligence. Passwords of users using LDAP login are stored in clear text in the database. The LDAP users password is passed unencrypted in the LoginController.scala and stored in the database when logging in for the first time. Users using only local login or the cas login are not affected. This issue has been patched in version 1.19.2.\n\n"
+    },
+    {
+      "lang": "es",
+      "value": "Feedbacksystem es un sistema de feedback personalizado para estudiantes que utiliza inteligencia artificial. Las contrase\u00f1as de los usuarios que utilizan el login LDAP se almacenan en texto claro en la base de datos. La contrase\u00f1a de los usuarios LDAP se pasa sin cifrar en el \"LoginController.scala\" y se almacena en la base de datos cuando se inicia sesi\u00f3n por primera vez. Los usuarios que utilizan s\u00f3lo el inicio de sesi\u00f3n local o el inicio de sesi\u00f3n cas no se ven afectados. Este problema ha sido corregido en la versi\u00f3n 1.19.2. "
    }
  ],
  "metrics": {
--- a/CVE-2023/CVE-2023-375xx/CVE-2023-37598.json
+++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37598.json
@ -2,12 +2,16 @@
  "id": "CVE-2023-37598",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-07-13T21:15:09.337",
-  "lastModified": "2023-07-13T21:15:09.337",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:26.623",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete new virtual fax function."
+    },
+    {
+      "lang": "es",
+      "value": "Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en issabel-pbx v4.0.0-6 permite a un atacante remoto causar una denegaci\u00f3n de servicio a trav\u00e9s de la funci\u00f3n de eliminar nuevo fax virtual. "
    }
  ],
  "metrics": {},
--- a/CVE-2023/CVE-2023-375xx/CVE-2023-37599.json
+++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37599.json
@ -2,12 +2,16 @@
  "id": "CVE-2023-37599",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-07-13T22:15:09.013",
-  "lastModified": "2023-07-13T22:15:09.013",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:26.623",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory"
+    },
+    {
+      "lang": "es",
+      "value": "Un problema en issabel-pbx v4.0.0-6 permite a un atacante remoto obtener informaci\u00f3n sensible a trav\u00e9s del directorio \"modules\"."
    }
  ],
  "metrics": {},
--- a/CVE-2023/CVE-2023-377xx/CVE-2023-37714.json
+++ b/CVE-2023/CVE-2023-377xx/CVE-2023-37714.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-37714",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-07-14T00:15:09.340",
-  "lastModified": "2023-07-14T00:15:09.340",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:21.903",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-377xx/CVE-2023-37715.json
+++ b/CVE-2023/CVE-2023-377xx/CVE-2023-37715.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-37715",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-07-14T00:15:09.387",
-  "lastModified": "2023-07-14T00:15:09.387",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:21.903",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-377xx/CVE-2023-37716.json
+++ b/CVE-2023/CVE-2023-377xx/CVE-2023-37716.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-37716",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-07-14T00:15:09.430",
-  "lastModified": "2023-07-14T00:15:09.430",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:21.903",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-377xx/CVE-2023-37717.json
+++ b/CVE-2023/CVE-2023-377xx/CVE-2023-37717.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-37717",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-07-14T00:15:09.477",
-  "lastModified": "2023-07-14T00:15:09.477",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:21.903",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-377xx/CVE-2023-37718.json
+++ b/CVE-2023/CVE-2023-377xx/CVE-2023-37718.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-37718",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-07-14T00:15:09.523",
-  "lastModified": "2023-07-14T00:15:09.523",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:21.903",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-377xx/CVE-2023-37719.json
+++ b/CVE-2023/CVE-2023-377xx/CVE-2023-37719.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-37719",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-07-14T00:15:09.570",
-  "lastModified": "2023-07-14T00:15:09.570",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:21.903",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-377xx/CVE-2023-37721.json
+++ b/CVE-2023/CVE-2023-377xx/CVE-2023-37721.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-37721",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-07-14T00:15:09.617",
-  "lastModified": "2023-07-14T00:15:09.617",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:21.903",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-377xx/CVE-2023-37722.json
+++ b/CVE-2023/CVE-2023-377xx/CVE-2023-37722.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-37722",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-07-14T00:15:09.660",
-  "lastModified": "2023-07-14T00:15:09.660",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:21.903",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-377xx/CVE-2023-37723.json
+++ b/CVE-2023/CVE-2023-377xx/CVE-2023-37723.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-37723",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-07-14T00:15:09.707",
-  "lastModified": "2023-07-14T00:15:09.707",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:21.903",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-378xx/CVE-2023-37836.json
+++ b/CVE-2023/CVE-2023-378xx/CVE-2023-37836.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-37836",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-07-13T23:15:11.173",
-  "lastModified": "2023-07-13T23:15:11.173",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:26.623",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-378xx/CVE-2023-37837.json
+++ b/CVE-2023/CVE-2023-378xx/CVE-2023-37837.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-37837",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-07-13T23:15:11.217",
-  "lastModified": "2023-07-13T23:15:11.217",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:21.903",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-378xx/CVE-2023-37839.json
+++ b/CVE-2023/CVE-2023-378xx/CVE-2023-37839.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-37839",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-07-13T22:15:09.070",
-  "lastModified": "2023-07-13T22:15:09.070",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:26.623",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/CVE-2023/CVE-2023-378xx/CVE-2023-37849.json
+++ b/CVE-2023/CVE-2023-378xx/CVE-2023-37849.json
@ -2,12 +2,16 @@
  "id": "CVE-2023-37849",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-07-13T22:15:09.110",
-  "lastModified": "2023-07-13T22:15:09.110",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:26.623",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "A DLL hijacking vulnerability in Panda Security VPN for Windows prior to version v15.14.8 allows attackers to execute arbitrary code via placing a crafted DLL file in the same directory as PANDAVPN.exe."
+    },
+    {
+      "lang": "es",
+      "value": "Una vulnerabilidad de secuestro de DLL en Panda Security VPN para Windows anterior a la versi\u00f3n v15.14.8 permite a los atacantes ejecutar c\u00f3digo arbitrario mediante la colocaci\u00f3n de un archivo DLL manipulado en el mismo directorio que \"PANDAVPN.exe\". "
    }
  ],
  "metrics": {},
--- a/CVE-2023/CVE-2023-382xx/CVE-2023-38286.json
+++ b/CVE-2023/CVE-2023-382xx/CVE-2023-38286.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-38286",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-07-14T05:15:09.627",
-  "lastModified": "2023-07-14T05:15:09.627",
-  "vulnStatus": "Received",
+  "lastModified": "2023-07-14T12:47:21.903",
+  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-07-14T12:01:01.112657+00:00
+2023-07-14T14:00:36.960023+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-07-14T10:15:08.920000+00:00
+2023-07-14T13:28:07.760000+00:00
 ```

 ### Last Data Feed Release
@ -29,20 +29,48 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-220299
+220303
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `4`

-* [CVE-2023-3672](CVE-2023/CVE-2023-36xx/CVE-2023-3672.json) (`2023-07-14T10:15:08.920`)
+* [CVE-2023-2975](CVE-2023/CVE-2023-29xx/CVE-2023-2975.json) (`2023-07-14T12:15:09.023`)
+* [CVE-2023-3433](CVE-2023/CVE-2023-34xx/CVE-2023-3433.json) (`2023-07-14T13:15:09.253`)
+* [CVE-2023-3434](CVE-2023/CVE-2023-34xx/CVE-2023-3434.json) (`2023-07-14T13:15:09.363`)
+* [CVE-2023-3673](CVE-2023/CVE-2023-36xx/CVE-2023-3673.json) (`2023-07-14T13:15:09.437`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `0`
+Recently modified CVEs: `44`

+* [CVE-2023-3672](CVE-2023/CVE-2023-36xx/CVE-2023-3672.json) (`2023-07-14T12:47:21.903`)
+* [CVE-2023-34458](CVE-2023/CVE-2023-344xx/CVE-2023-34458.json) (`2023-07-14T12:47:26.623`)
+* [CVE-2023-30561](CVE-2023/CVE-2023-305xx/CVE-2023-30561.json) (`2023-07-14T12:47:26.623`)
+* [CVE-2023-30562](CVE-2023/CVE-2023-305xx/CVE-2023-30562.json) (`2023-07-14T12:47:26.623`)
+* [CVE-2023-30563](CVE-2023/CVE-2023-305xx/CVE-2023-30563.json) (`2023-07-14T12:47:26.623`)
+* [CVE-2023-30564](CVE-2023/CVE-2023-305xx/CVE-2023-30564.json) (`2023-07-14T12:47:26.623`)
+* [CVE-2023-30565](CVE-2023/CVE-2023-305xx/CVE-2023-30565.json) (`2023-07-14T12:47:26.623`)
+* [CVE-2023-37463](CVE-2023/CVE-2023-374xx/CVE-2023-37463.json) (`2023-07-14T12:47:26.623`)
+* [CVE-2023-35945](CVE-2023/CVE-2023-359xx/CVE-2023-35945.json) (`2023-07-14T12:47:26.623`)
+* [CVE-2023-36473](CVE-2023/CVE-2023-364xx/CVE-2023-36473.json) (`2023-07-14T12:47:26.623`)
+* [CVE-2023-37468](CVE-2023/CVE-2023-374xx/CVE-2023-37468.json) (`2023-07-14T12:47:26.623`)
+* [CVE-2023-37598](CVE-2023/CVE-2023-375xx/CVE-2023-37598.json) (`2023-07-14T12:47:26.623`)
+* [CVE-2023-37599](CVE-2023/CVE-2023-375xx/CVE-2023-37599.json) (`2023-07-14T12:47:26.623`)
+* [CVE-2023-37839](CVE-2023/CVE-2023-378xx/CVE-2023-37839.json) (`2023-07-14T12:47:26.623`)
+* [CVE-2023-37849](CVE-2023/CVE-2023-378xx/CVE-2023-37849.json) (`2023-07-14T12:47:26.623`)
+* [CVE-2023-37272](CVE-2023/CVE-2023-372xx/CVE-2023-37272.json) (`2023-07-14T12:47:26.623`)
+* [CVE-2023-37273](CVE-2023/CVE-2023-372xx/CVE-2023-37273.json) (`2023-07-14T12:47:26.623`)
+* [CVE-2023-37274](CVE-2023/CVE-2023-372xx/CVE-2023-37274.json) (`2023-07-14T12:47:26.623`)
+* [CVE-2023-37275](CVE-2023/CVE-2023-372xx/CVE-2023-37275.json) (`2023-07-14T12:47:26.623`)
+* [CVE-2023-37278](CVE-2023/CVE-2023-372xx/CVE-2023-37278.json) (`2023-07-14T12:47:26.623`)
+* [CVE-2023-37836](CVE-2023/CVE-2023-378xx/CVE-2023-37836.json) (`2023-07-14T12:47:26.623`)
+* [CVE-2023-30560](CVE-2023/CVE-2023-305xx/CVE-2023-30560.json) (`2023-07-14T12:47:32.250`)
+* [CVE-2023-20899](CVE-2023/CVE-2023-208xx/CVE-2023-20899.json) (`2023-07-14T12:48:30.153`)
+* [CVE-2023-28862](CVE-2023/CVE-2023-288xx/CVE-2023-28862.json) (`2023-07-14T13:15:09.167`)
+* [CVE-2023-33868](CVE-2023/CVE-2023-338xx/CVE-2023-33868.json) (`2023-07-14T13:28:07.760`)


 ## Download and Usage