diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48580.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48580.json new file mode 100644 index 00000000000..4b01c23c4cf --- /dev/null +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48580.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-48580", + "sourceIdentifier": "contact@securifera.com", + "published": "2023-08-09T18:15:10.540", + "lastModified": "2023-08-09T18:53:15.190", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for\u00a0the injection of arbitrary commands to the underlying operating system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.securifera.com/advisories/cve-2022-48580/", + "source": "contact@securifera.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48581.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48581.json new file mode 100644 index 00000000000..039c8e6c6da --- /dev/null +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48581.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-48581", + "sourceIdentifier": "contact@securifera.com", + "published": "2023-08-09T18:15:10.960", + "lastModified": "2023-08-09T18:53:15.190", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A command injection vulnerability exists in the \u201cdash export\u201d feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.securifera.com/advisories/cve-2022-48581/", + "source": "contact@securifera.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48582.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48582.json new file mode 100644 index 00000000000..3767db0495a --- /dev/null +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48582.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-48582", + "sourceIdentifier": "contact@securifera.com", + "published": "2023-08-09T18:15:11.073", + "lastModified": "2023-08-09T18:53:15.190", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.securifera.com/advisories/cve-2022-48582/", + "source": "contact@securifera.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48583.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48583.json new file mode 100644 index 00000000000..b32ec7b91c3 --- /dev/null +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48583.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-48583", + "sourceIdentifier": "contact@securifera.com", + "published": "2023-08-09T18:15:11.187", + "lastModified": "2023-08-09T18:53:15.190", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.securifera.com/advisories/cve-2022-48583/", + "source": "contact@securifera.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48584.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48584.json new file mode 100644 index 00000000000..f8d12170c9b --- /dev/null +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48584.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-48584", + "sourceIdentifier": "contact@securifera.com", + "published": "2023-08-09T18:15:11.287", + "lastModified": "2023-08-09T18:53:15.190", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.securifera.com/advisories/cve-2022-48584/", + "source": "contact@securifera.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48585.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48585.json new file mode 100644 index 00000000000..3081512dae8 --- /dev/null +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48585.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-48585", + "sourceIdentifier": "contact@securifera.com", + "published": "2023-08-09T18:15:11.483", + "lastModified": "2023-08-09T18:53:15.190", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability exists in the \u201cadmin brand portal\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.securifera.com/advisories/cve-2022-48585/", + "source": "contact@securifera.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48586.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48586.json new file mode 100644 index 00000000000..a16ae5c51b3 --- /dev/null +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48586.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-48586", + "sourceIdentifier": "contact@securifera.com", + "published": "2023-08-09T18:15:11.840", + "lastModified": "2023-08-09T18:53:15.190", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability exists in the \u201cjson walker\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.securifera.com/advisories/cve-2022-48586/", + "source": "contact@securifera.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48587.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48587.json new file mode 100644 index 00000000000..d8ecdb0824d --- /dev/null +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48587.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-48587", + "sourceIdentifier": "contact@securifera.com", + "published": "2023-08-09T18:15:12.187", + "lastModified": "2023-08-09T18:53:15.190", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability exists in the \u201cschedule editor\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.securifera.com/advisories/cve-2022-48587/", + "source": "contact@securifera.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48588.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48588.json new file mode 100644 index 00000000000..b8e3097fda4 --- /dev/null +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48588.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-48588", + "sourceIdentifier": "contact@securifera.com", + "published": "2023-08-09T18:15:12.327", + "lastModified": "2023-08-09T18:53:15.190", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability exists in the \u201cschedule editor decoupled\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.securifera.com/advisories/cve-2022-48588/", + "source": "contact@securifera.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48589.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48589.json new file mode 100644 index 00000000000..19cab2dace7 --- /dev/null +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48589.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-48589", + "sourceIdentifier": "contact@securifera.com", + "published": "2023-08-09T18:15:12.430", + "lastModified": "2023-08-09T18:53:15.190", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability exists in the \u201creporting job editor\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.securifera.com/advisories/cve-2022-48589/", + "source": "contact@securifera.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48590.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48590.json new file mode 100644 index 00000000000..f6550e4996f --- /dev/null +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48590.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-48590", + "sourceIdentifier": "contact@securifera.com", + "published": "2023-08-09T18:15:12.533", + "lastModified": "2023-08-09T18:53:15.190", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability exists in the \u201cadmin dynamic app mib errors\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.securifera.com/advisories/cve-2022-48590/", + "source": "contact@securifera.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48591.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48591.json new file mode 100644 index 00000000000..352d1fefb76 --- /dev/null +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48591.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-48591", + "sourceIdentifier": "contact@securifera.com", + "published": "2023-08-09T19:15:12.913", + "lastModified": "2023-08-09T19:15:12.913", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability exists in the vendor_state parameter of the \u201cvendor print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.securifera.com/advisories/cve-2022-48591/", + "source": "contact@securifera.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48592.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48592.json new file mode 100644 index 00000000000..9e79eb5db84 --- /dev/null +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48592.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-48592", + "sourceIdentifier": "contact@securifera.com", + "published": "2023-08-09T19:15:13.137", + "lastModified": "2023-08-09T19:15:13.137", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability exists in the vendor_country parameter of the \u201cvendor print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.securifera.com/advisories/cve-2022-48592/", + "source": "contact@securifera.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48593.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48593.json new file mode 100644 index 00000000000..c15a5f396a8 --- /dev/null +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48593.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-48593", + "sourceIdentifier": "contact@securifera.com", + "published": "2023-08-09T19:15:13.253", + "lastModified": "2023-08-09T19:15:13.253", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability exists in the \u201ctopology data service\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.securifera.com/advisories/cve-2022-48593/", + "source": "contact@securifera.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48594.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48594.json new file mode 100644 index 00000000000..307208177ef --- /dev/null +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48594.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-48594", + "sourceIdentifier": "contact@securifera.com", + "published": "2023-08-09T19:15:13.367", + "lastModified": "2023-08-09T19:15:13.367", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability exists in the \u201cticket watchers email\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.securifera.com/advisories/cve-2022-48594/", + "source": "contact@securifera.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48595.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48595.json new file mode 100644 index 00000000000..18b5412d9d5 --- /dev/null +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48595.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-48595", + "sourceIdentifier": "contact@securifera.com", + "published": "2023-08-09T19:15:13.467", + "lastModified": "2023-08-09T19:15:13.467", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability exists in the \u201cticket template watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.securifera.com/advisories/cve-2022-48595/", + "source": "contact@securifera.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48596.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48596.json new file mode 100644 index 00000000000..56276ac8df6 --- /dev/null +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48596.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-48596", + "sourceIdentifier": "contact@securifera.com", + "published": "2023-08-09T19:15:13.567", + "lastModified": "2023-08-09T19:15:13.567", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability exists in the \u201cticket queue watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.securifera.com/advisories/cve-2022-48596/", + "source": "contact@securifera.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48597.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48597.json new file mode 100644 index 00000000000..e7884e51f8b --- /dev/null +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48597.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-48597", + "sourceIdentifier": "contact@securifera.com", + "published": "2023-08-09T19:15:13.667", + "lastModified": "2023-08-09T19:15:13.667", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability exists in the \u201cticket event report\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.securifera.com/advisories/cve-2022-48597/", + "source": "contact@securifera.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48598.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48598.json new file mode 100644 index 00000000000..cf80479128f --- /dev/null +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48598.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-48598", + "sourceIdentifier": "contact@securifera.com", + "published": "2023-08-09T19:15:13.770", + "lastModified": "2023-08-09T19:15:13.770", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability exists in the \u201creporter events type date\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.securifera.com/advisories/cve-2022-48598/", + "source": "contact@securifera.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48599.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48599.json new file mode 100644 index 00000000000..3f8109a03f8 --- /dev/null +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48599.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-48599", + "sourceIdentifier": "contact@securifera.com", + "published": "2023-08-09T19:15:13.877", + "lastModified": "2023-08-09T19:15:13.877", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability exists in the \u201creporter events type\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.securifera.com/advisories/cve-2022-48599/", + "source": "contact@securifera.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-486xx/CVE-2022-48600.json b/CVE-2022/CVE-2022-486xx/CVE-2022-48600.json new file mode 100644 index 00000000000..309f2cdb961 --- /dev/null +++ b/CVE-2022/CVE-2022-486xx/CVE-2022-48600.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-48600", + "sourceIdentifier": "contact@securifera.com", + "published": "2023-08-09T19:15:13.973", + "lastModified": "2023-08-09T19:15:13.973", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability exists in the \u201cnotes view\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.securifera.com/advisories/cve-2022-48600/", + "source": "contact@securifera.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-486xx/CVE-2022-48601.json b/CVE-2022/CVE-2022-486xx/CVE-2022-48601.json new file mode 100644 index 00000000000..c6d324f0fac --- /dev/null +++ b/CVE-2022/CVE-2022-486xx/CVE-2022-48601.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-48601", + "sourceIdentifier": "contact@securifera.com", + "published": "2023-08-09T19:15:14.080", + "lastModified": "2023-08-09T19:15:14.080", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability exists in the \u201cnetwork print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.securifera.com/advisories/cve-2022-48601/", + "source": "contact@securifera.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-486xx/CVE-2022-48602.json b/CVE-2022/CVE-2022-486xx/CVE-2022-48602.json new file mode 100644 index 00000000000..6e6faab9973 --- /dev/null +++ b/CVE-2022/CVE-2022-486xx/CVE-2022-48602.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-48602", + "sourceIdentifier": "contact@securifera.com", + "published": "2023-08-09T19:15:14.190", + "lastModified": "2023-08-09T19:15:14.190", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability exists in the \u201cmessage viewer print\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.securifera.com/advisories/cve-2022-48602/", + "source": "contact@securifera.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-486xx/CVE-2022-48603.json b/CVE-2022/CVE-2022-486xx/CVE-2022-48603.json new file mode 100644 index 00000000000..2a9b6fcaa95 --- /dev/null +++ b/CVE-2022/CVE-2022-486xx/CVE-2022-48603.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-48603", + "sourceIdentifier": "contact@securifera.com", + "published": "2023-08-09T19:15:14.297", + "lastModified": "2023-08-09T19:15:14.297", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability exists in the \u201cmessage viewer iframe\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.securifera.com/advisories/cve-2022-48603/", + "source": "contact@securifera.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-486xx/CVE-2022-48604.json b/CVE-2022/CVE-2022-486xx/CVE-2022-48604.json new file mode 100644 index 00000000000..a8debc9f7d3 --- /dev/null +++ b/CVE-2022/CVE-2022-486xx/CVE-2022-48604.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-48604", + "sourceIdentifier": "contact@securifera.com", + "published": "2023-08-09T19:15:14.393", + "lastModified": "2023-08-09T19:15:14.393", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability exists in the \u201clogging export\u201d feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "contact@securifera.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.securifera.com/advisories/cve-2022-48604/", + "source": "contact@securifera.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20802.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20802.json index 0bbee85c651..85479c93dda 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20802.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20802.json @@ -2,19 +2,126 @@ "id": "CVE-2023-20802", "sourceIdentifier": "security@mediatek.com", "published": "2023-08-07T04:15:13.797", - "lastModified": "2023-08-07T12:57:21.007", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:07:36.453", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420976." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/August-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-233xx/CVE-2023-23346.json b/CVE-2023/CVE-2023-233xx/CVE-2023-23346.json new file mode 100644 index 00000000000..3c55709d86e --- /dev/null +++ b/CVE-2023/CVE-2023-233xx/CVE-2023-23346.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-23346", + "sourceIdentifier": "psirt@hcl.com", + "published": "2023-08-09T19:15:14.500", + "lastModified": "2023-08-09T19:15:14.500", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@hcl.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.1, + "impactScore": 4.7 + } + ] + }, + "references": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106670", + "source": "psirt@hcl.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-296xx/CVE-2023-29689.json b/CVE-2023/CVE-2023-296xx/CVE-2023-29689.json index ddf9cf3c3e9..4bbe2c7f283 100644 --- a/CVE-2023/CVE-2023-296xx/CVE-2023-29689.json +++ b/CVE-2023/CVE-2023-296xx/CVE-2023-29689.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29689", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-04T15:15:10.137", - "lastModified": "2023-08-09T17:37:23.420", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-09T18:15:12.643", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -64,6 +64,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/174088/Pyro-CMS-3.9-Server-Side-Template-Injection.html", + "source": "cve@mitre.org" + }, { "url": "https://cupc4k3.lol/ssti-leads-to-rce-on-pyrocms-7515be27c811", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33953.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33953.json index 5872b9afe51..33e4c42d881 100644 --- a/CVE-2023/CVE-2023-339xx/CVE-2023-33953.json +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33953.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33953", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-08-09T13:15:09.370", - "lastModified": "2023-08-09T13:15:09.370", - "vulnStatus": "Received", + "lastModified": "2023-08-09T18:05:18.757", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-345xx/CVE-2023-34545.json b/CVE-2023/CVE-2023-345xx/CVE-2023-34545.json index 9a986b9e36f..d209cc817d1 100644 --- a/CVE-2023/CVE-2023-345xx/CVE-2023-34545.json +++ b/CVE-2023/CVE-2023-345xx/CVE-2023-34545.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34545", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-09T14:15:10.617", - "lastModified": "2023-08-09T14:15:10.617", - "vulnStatus": "Received", + "lastModified": "2023-08-09T18:05:18.757", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3518.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3518.json index 69a11169e91..79c0baca0e0 100644 --- a/CVE-2023/CVE-2023-35xx/CVE-2023-3518.json +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3518.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3518", "sourceIdentifier": "security@hashicorp.com", "published": "2023-08-09T16:15:09.957", - "lastModified": "2023-08-09T16:15:09.957", - "vulnStatus": "Received", + "lastModified": "2023-08-09T18:05:18.757", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36499.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36499.json index 7597430dc82..4613347e256 100644 --- a/CVE-2023/CVE-2023-364xx/CVE-2023-36499.json +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36499.json @@ -2,23 +2,93 @@ "id": "CVE-2023-36499", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-07T19:15:10.160", - "lastModified": "2023-08-07T19:30:24.240", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:02:22.460", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at genie_ap_wifi_change.cgi." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netgear:xr300_firmware:1.0.3.78:*:*:*:*:*:*:*", + "matchCriteriaId": "3E35B900-99B9-4937-B3F5-04212913F6DC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netgear:xr300:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5590CF28-B88A-4755-904B-1BC1778FBEDD" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/nvram_ssid/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://www.netgear.com/about/security/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36686.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36686.json index 041409220e6..c9199c3d589 100644 --- a/CVE-2023/CVE-2023-366xx/CVE-2023-36686.json +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36686.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36686", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-05T23:15:12.273", - "lastModified": "2023-08-06T12:00:51.333", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:01:02.050", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cartflows:cartflows:*:*:*:*:pro:wordpress:*:*", + "versionEndIncluding": "1.11.11", + "matchCriteriaId": "3E34F7ED-A303-41C6-8560-3A2DD5EE763B" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/cartflows-pro/wordpress-cartflows-pro-plugin-1-11-11-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-374xx/CVE-2023-37483.json b/CVE-2023/CVE-2023-374xx/CVE-2023-37483.json index 69b60b2daf7..f9eb9f340d2 100644 --- a/CVE-2023/CVE-2023-374xx/CVE-2023-37483.json +++ b/CVE-2023/CVE-2023-374xx/CVE-2023-37483.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37483", "sourceIdentifier": "cna@sap.com", "published": "2023-08-08T01:15:17.313", - "lastModified": "2023-08-08T12:51:11.140", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:21:52.827", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -46,14 +66,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:powerdesigner:16.7:*:*:*:*:*:*:*", + "matchCriteriaId": "E17F2B57-5B4A-4718-8123-CBF87F1CCFE0" + } + ] + } + ] + } + ], "references": [ { "url": "https://me.sap.com/notes/3341460", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-374xx/CVE-2023-37484.json b/CVE-2023/CVE-2023-374xx/CVE-2023-37484.json index 80a103238b5..d94feb6eb55 100644 --- a/CVE-2023/CVE-2023-374xx/CVE-2023-37484.json +++ b/CVE-2023/CVE-2023-374xx/CVE-2023-37484.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37484", "sourceIdentifier": "cna@sap.com", "published": "2023-08-08T01:15:17.627", - "lastModified": "2023-08-08T12:51:11.140", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:21:40.633", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -46,14 +66,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:powerdesigner:16.7:*:*:*:*:*:*:*", + "matchCriteriaId": "E17F2B57-5B4A-4718-8123-CBF87F1CCFE0" + } + ] + } + ] + } + ], "references": [ { "url": "https://me.sap.com/notes/3341460", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-374xx/CVE-2023-37487.json b/CVE-2023/CVE-2023-374xx/CVE-2023-37487.json index 2a1e70be9f9..1ff7cef57d1 100644 --- a/CVE-2023/CVE-2023-374xx/CVE-2023-37487.json +++ b/CVE-2023/CVE-2023-374xx/CVE-2023-37487.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37487", "sourceIdentifier": "cna@sap.com", "published": "2023-08-08T01:15:18.247", - "lastModified": "2023-08-08T12:51:11.140", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:21:30.300", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -46,14 +66,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:business_one:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "391F491C-2DE8-44E5-B054-42F188161C8A" + } + ] + } + ] + } + ], "references": [ { "url": "https://me.sap.com/notes/3333616", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-374xx/CVE-2023-37490.json b/CVE-2023/CVE-2023-374xx/CVE-2023-37490.json index 04578231450..c369adf9d04 100644 --- a/CVE-2023/CVE-2023-374xx/CVE-2023-37490.json +++ b/CVE-2023/CVE-2023-374xx/CVE-2023-37490.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37490", "sourceIdentifier": "cna@sap.com", "published": "2023-08-08T01:15:18.677", - "lastModified": "2023-08-08T12:51:11.140", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:21:14.410", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -46,14 +66,42 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:420:*:*:*:*:*:*:*", + "matchCriteriaId": "38BA0DF9-D893-4AF9-923E-E47EA5C02C52" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:430:*:*:*:*:*:*:*", + "matchCriteriaId": "85CBCF48-5478-4EE5-8F69-6E59EFDB707D" + } + ] + } + ] + } + ], "references": [ { "url": "https://me.sap.com/notes/3317710", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-374xx/CVE-2023-37491.json b/CVE-2023/CVE-2023-374xx/CVE-2023-37491.json index 4ea02757295..dd24669e6a2 100644 --- a/CVE-2023/CVE-2023-374xx/CVE-2023-37491.json +++ b/CVE-2023/CVE-2023-374xx/CVE-2023-37491.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37491", "sourceIdentifier": "cna@sap.com", "published": "2023-08-08T01:15:18.840", - "lastModified": "2023-08-08T12:51:11.140", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:20:38.800", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -46,14 +66,77 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:message_server:kernel_7.22:*:*:*:*:*:*:*", + "matchCriteriaId": "C5B5281B-885B-4121-9532-E3BDA2325273" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:message_server:kernel_7.53:*:*:*:*:*:*:*", + "matchCriteriaId": "253C27F5-F9DF-4A73-BEC4-1710A14DD008" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:message_server:kernel_7.54:*:*:*:*:*:*:*", + "matchCriteriaId": "231F8984-8AF6-4AA1-8E9E-0DA7860F70AF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:message_server:kernel_7.77:*:*:*:*:*:*:*", + "matchCriteriaId": "8066016B-B096-49F2-9DE1-A86C2B863AF7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:message_server:krnl64nuc_7.22:*:*:*:*:*:*:*", + "matchCriteriaId": "2A1340C0-7CA8-4CE6-9E20-2ED434EBFD1E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:message_server:krnl64nuc_7.22ex:*:*:*:*:*:*:*", + "matchCriteriaId": "4FA177BA-4BEA-48C8-B142-8120E0112551" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:message_server:rnl64uc_7.22:*:*:*:*:*:*:*", + "matchCriteriaId": "992F4CF6-2ECD-41AF-923C-399C74E1F84D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:message_server:rnl64uc_7.22ext:*:*:*:*:*:*:*", + "matchCriteriaId": "D95E9CA2-8B8A-47AF-BD8F-642F59783B4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:message_server:rnl64uc_7.53:*:*:*:*:*:*:*", + "matchCriteriaId": "D1875FA4-5448-47D5-9E86-416E2DFA5E6F" + } + ] + } + ] + } + ], "references": [ { "url": "https://me.sap.com/notes/3344295", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-374xx/CVE-2023-37492.json b/CVE-2023/CVE-2023-374xx/CVE-2023-37492.json index a1163d2f3be..0d8817d3775 100644 --- a/CVE-2023/CVE-2023-374xx/CVE-2023-37492.json +++ b/CVE-2023/CVE-2023-374xx/CVE-2023-37492.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37492", "sourceIdentifier": "cna@sap.com", "published": "2023-08-08T01:15:18.993", - "lastModified": "2023-08-08T12:51:11.140", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:20:16.060", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "cna@sap.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,16 +64,119 @@ "value": "CWE-862" } ] + }, + { + "source": "cna@sap.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:sap_basis:*:*:*", + "matchCriteriaId": "6F048ED9-2DDF-4EB9-8571-73832AFABF6A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:sap_basis:*:*:*", + "matchCriteriaId": "C37DC475-6B9A-493C-9A6F-28CDD65D2A5B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:sap_basis:*:*:*", + "matchCriteriaId": "2BD9FE51-F76C-439A-A3C0-5279EC1059F7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:sap_basis:*:*:*", + "matchCriteriaId": "4EB54432-0E1A-45F2-BEE1-8DC28FAADA9F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:sap_basis:*:*:*", + "matchCriteriaId": "8E96C58C-ED44-487B-A67E-FDAE3C29023A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:sap_basis:*:*:*", + "matchCriteriaId": "A14DF5EB-B8CE-4A47-9959-2F65A5DCEF5F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:sap_basis:*:*:*", + "matchCriteriaId": "419BA423-0803-4F51-8889-014A521F02CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:sap_basis:*:*:*", + "matchCriteriaId": "DA20ECDC-8807-462C-A0F0-70DF6F5A119B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:sap_basis:*:*:*", + "matchCriteriaId": "800AAC21-325C-4F16-AE5A-9F89327E5356" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:sap_basis:*:*:*", + "matchCriteriaId": "BDC15DB7-A95B-475F-AAA6-60A801F65690" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:sap_basis:*:*:*", + "matchCriteriaId": "55A2FECF-A32E-4188-9563-E8BA0E952261" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:757:*:*:*:sap_basis:*:*:*", + "matchCriteriaId": "9CBF2E53-17F0-4BF0-9C38-749C7E611BF4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:758:*:*:*:sap_basis:*:*:*", + "matchCriteriaId": "5160572B-E3AB-4B96-8950-07DDAFA0E4A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:793:*:*:*:sap_basis:*:*:*", + "matchCriteriaId": "AB104F44-D209-41D3-AE25-A5A4A8CE3323" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:804:*:*:*:sap_basis:*:*:*", + "matchCriteriaId": "FF9FC6F8-E0D3-4F96-BB6C-E922C4C87327" + } + ] + } + ] } ], "references": [ { "url": "https://me.sap.com/notes/3348000", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-375xx/CVE-2023-37569.json b/CVE-2023/CVE-2023-375xx/CVE-2023-37569.json index 5cbcf6024a4..b327802c6ac 100644 --- a/CVE-2023/CVE-2023-375xx/CVE-2023-37569.json +++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37569.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37569", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2023-08-08T09:15:10.620", - "lastModified": "2023-08-08T12:51:11.140", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:15:12.777", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -47,6 +47,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/174084/Emagic-Data-Center-Management-Suite-6.0-Remote-Command-Execution.html", + "source": "vdisclose@cert-in.org.in" + }, { "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0226", "source": "vdisclose@cert-in.org.in" diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38392.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38392.json index c444cffc20f..0302b356b07 100644 --- a/CVE-2023/CVE-2023-383xx/CVE-2023-38392.json +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38392.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38392", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-07T13:15:11.880", - "lastModified": "2023-08-07T15:41:35.637", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:01:11.383", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpgogo:custom_field_template:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.6.0", + "matchCriteriaId": "DB6B4744-E7BC-4CC7-82FC-3F80563221D5" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/custom-field-template/wordpress-custom-field-template-plugin-2-5-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-384xx/CVE-2023-38412.json b/CVE-2023/CVE-2023-384xx/CVE-2023-38412.json index 63595e23bb2..e44ee056ad5 100644 --- a/CVE-2023/CVE-2023-384xx/CVE-2023-38412.json +++ b/CVE-2023/CVE-2023-384xx/CVE-2023-38412.json @@ -2,23 +2,93 @@ "id": "CVE-2023-38412", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-07T19:15:10.233", - "lastModified": "2023-08-07T19:30:24.240", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:02:31.297", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at ia_ap_setting.cgi." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netgear:r6900p_firmware:1.3.3.154:*:*:*:*:*:*:*", + "matchCriteriaId": "0A8B361B-A65E-47CE-B77B-4D2F5C44BD3C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C41908FF-AE64-4949-80E3-BEE061B2DA8A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/nvram_ssid/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://www.netgear.com/about/security/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-385xx/CVE-2023-38591.json b/CVE-2023/CVE-2023-385xx/CVE-2023-38591.json index 79eaca34e97..325d6013d27 100644 --- a/CVE-2023/CVE-2023-385xx/CVE-2023-38591.json +++ b/CVE-2023/CVE-2023-385xx/CVE-2023-38591.json @@ -2,23 +2,93 @@ "id": "CVE-2023-38591", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-07T19:15:10.317", - "lastModified": "2023-08-07T19:30:24.240", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:02:39.737", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer overflows via the wla_ssid and wla_temp_ssid parameters at bsw_ssid.cgi." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netgear:dg834gv5_firmware:1.6.01.34:*:*:*:*:*:*:*", + "matchCriteriaId": "7EA427BF-331A-46BC-9C67-3CFF3661C1BB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netgear:dg834gv5:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F92A4286-8696-4FC7-9D1D-4035E267770B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/nvram_ssid/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://www.netgear.com/about/security/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-386xx/CVE-2023-38646.json b/CVE-2023/CVE-2023-386xx/CVE-2023-38646.json index 8127bd4de7a..9dbf8732f31 100644 --- a/CVE-2023/CVE-2023-386xx/CVE-2023-38646.json +++ b/CVE-2023/CVE-2023-386xx/CVE-2023-38646.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38646", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-21T15:15:10.003", - "lastModified": "2023-07-31T18:36:05.793", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-09T18:15:13.213", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -113,6 +113,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/174091/Metabase-Remote-Code-Execution.html", + "source": "cve@mitre.org" + }, { "url": "https://github.com/metabase/metabase/issues/32552", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38921.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38921.json index 940193f2705..0dfe6aaa315 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38921.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38921.json @@ -2,23 +2,120 @@ "id": "CVE-2023-38921", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-07T19:15:10.393", - "lastModified": "2023-08-07T19:30:24.240", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:03:20.593", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip parameters." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netgear:wg302v2_firmware:5.2.9:*:*:*:*:*:*:*", + "matchCriteriaId": "2BB7BBB6-E1A4-4271-8E0C-B8DC73B0E934" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netgear:wg302v2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "55487992-36DA-45AB-8D58-E440D98E116D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netgear:wag302v2_firmware:5.1.19:*:*:*:*:*:*:*", + "matchCriteriaId": "BC914778-D3E7-4D0C-8F48-108BCCA08991" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netgear:wag302v2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9CAC63A2-F40A-4FDE-949D-A1852DF3E107" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/FirmRec/IoT-Vulns/tree/main/netgear/upgrade_handler", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.netgear.com/about/security/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38922.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38922.json index 370156835b6..6626231a519 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38922.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38922.json @@ -2,23 +2,147 @@ "id": "CVE-2023-38922", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-07T19:15:10.477", - "lastModified": "2023-08-07T19:30:24.240", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:03:54.593", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth function." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netgear:jwnr2000v2_firmware:1.0.0.11:*:*:*:*:*:*:*", + "matchCriteriaId": "21E91328-4F46-42D4-A99F-A83AE71C8F2D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netgear:jwnr2000v2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "32886871-051A-40D8-97FA-6DCD20714D79" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netgear:xwn5001_firmware:0.4.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "9C025A46-FB26-409A-888F-7336F871AC8A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netgear:xwn5001:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5EEF5DCA-0EDB-4966-95AC-52B2661B8D1B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netgear:xavn2001v2_firmware:0.4.0.7:*:*:*:*:*:*:*", + "matchCriteriaId": "6A2B5F63-7A1F-41F9-8184-112AB2D0979C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netgear:xavn2001v2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9DA4AFAA-8FBF-43FB-B2FB-8FF806FF2BBB" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_passwd_auth/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.netgear.com/about/security/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38924.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38924.json index 5db3a871734..6b4b75fb5f6 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38924.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38924.json @@ -2,23 +2,93 @@ "id": "CVE-2023-38924", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-07T19:15:10.563", - "lastModified": "2023-08-07T19:30:20.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:04:06.470", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the http_password parameter at setup.cgi." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netgear:dgn3500_firmware:1.1.00.37:*:*:*:*:*:*:*", + "matchCriteriaId": "2E149146-F876-4F97-AE57-FA30FFB77DA3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netgear:dgn3500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2FEBFD21-8AC6-4470-B742-58E2E946E427" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_password_create_smb_cfg/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.netgear.com/about/security/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38925.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38925.json index eede1a5b16a..a691379087b 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38925.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38925.json @@ -2,23 +2,147 @@ "id": "CVE-2023-38925", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-07T19:15:10.633", - "lastModified": "2023-08-07T19:30:20.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:04:34.407", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Netgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 were discovered to contain a buffer overflow via the http_passwd parameter in password.cgi." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netgear:dc112a_firmware:1.0.0.64:*:*:*:*:*:*:*", + "matchCriteriaId": "40766026-137D-4E44-9DEC-18E1B66CD074" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netgear:dc112a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F87FFC46-137D-45B8-B437-F15565FB33D0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netgear:ex6200_firmware:1.0.3.94:*:*:*:*:*:*:*", + "matchCriteriaId": "E7B6521D-DFB6-47BF-8D4C-559763C56C9F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netgear:ex6200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3186CC67-B567-4A0C-BD2C-0433716FBD1B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netgear:r6300v2_firmware:1.0.4.8:*:*:*:*:*:*:*", + "matchCriteriaId": "54C33521-BF2B-4C9B-BA3B-90ADB6B61145" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netgear:r6300v2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7909744D-FE9B-49D1-ADB3-029CCC432A47" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_passwd_smb_pass/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.netgear.com/about/security/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38926.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38926.json index 523eec41660..e59b6d4a2f3 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38926.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38926.json @@ -2,23 +2,93 @@ "id": "CVE-2023-38926", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-07T19:15:10.707", - "lastModified": "2023-08-07T19:30:20.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:04:22.037", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter at acosNvramConfig_set." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netgear:ex6200_firmware:1.0.3.94:*:*:*:*:*:*:*", + "matchCriteriaId": "E7B6521D-DFB6-47BF-8D4C-559763C56C9F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netgear:ex6200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3186CC67-B567-4A0C-BD2C-0433716FBD1B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/nvram_ssid/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://www.netgear.com/about/security/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38928.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38928.json index 3509720b60e..52abd5119ff 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38928.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38928.json @@ -2,23 +2,93 @@ "id": "CVE-2023-38928", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-07T19:15:10.777", - "lastModified": "2023-08-07T19:30:20.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:04:57.017", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usb_remote_invite.cgi." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netgear:r7100lg_firmware:1.0.0.78:*:*:*:*:*:*:*", + "matchCriteriaId": "F2A7064F-FF99-4B7C-B35B-693E7787AD1C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366FA778-3C2A-42AF-9141-DAD7043B406C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/FirmRec/IoT-Vulns/tree/main/netgear/usb_remote_invite_password", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.netgear.com/about/security/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38929.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38929.json index 46795c5ff92..bef8a683032 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38929.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38929.json @@ -2,19 +2,87 @@ "id": "CVE-2023-38929", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-07T19:15:10.843", - "lastModified": "2023-08-07T19:30:20.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:05:18.777", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda 4G300 v1.01.42 was discovered to contain a stack overflow via the page parameter at /VirtualSer." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:4g300_firmware:1.01.42:*:*:*:*:*:*:*", + "matchCriteriaId": "7A11C718-6F74-46FD-8C72-6E9FF1FA9FE4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:4g300:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B8A63A3E-E6B1-42C8-ABA8-5E19777392B5" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/VirtualSer/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38930.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38930.json index 7b1e99c3ebc..3a508fee066 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38930.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38930.json @@ -2,19 +2,195 @@ "id": "CVE-2023-38930", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-07T19:15:10.907", - "lastModified": "2023-08-07T19:30:20.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:05:36.363", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac7_firmware:15.03.06.44:*:*:*:*:*:*:*", + "matchCriteriaId": "4D94B37C-491D-4E7C-8273-F46FEDA62C9F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac7:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "96503617-6B69-4862-ADFE-4EF379876F0F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:f1203_firmware:2.0.1.6:*:*:*:*:*:*:*", + "matchCriteriaId": "0B3530E4-70D6-4246-84CA-E25797329DE0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0FB77DC8-C11D-418A-AB87-5FE0226CA6CA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:fh1205_firmware:2.0.0.7\\(775\\):*:*:*:*:*:*:*", + "matchCriteriaId": "706158B7-6114-4AA8-A1A0-BB24119A3264" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7E92D910-72BB-443F-9927-1E72AC8C8C9B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac5_firmware:15.03.06.28:*:*:*:*:*:*:*", + "matchCriteriaId": "7F928648-C8B2-4D37-8343-C74AABEFAB07" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac5:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D141716B-56F0-4061-9D87-943B7858F2F4" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac9_firmware:15.03.06.42_multi:*:*:*:*:*:*:*", + "matchCriteriaId": "7AE11228-D2BB-48CF-BFDA-E2AA73E73C3C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac9:3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F482F89-B0F6-450D-B675-43EC0A9E6A4B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/addWifiMacFilter/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38932.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38932.json index 783c60fad92..f67b4253757 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38932.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38932.json @@ -2,23 +2,175 @@ "id": "CVE-2023-38932", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-07T19:15:11.043", - "lastModified": "2023-08-07T19:30:20.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:05:45.487", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter in the SafeEmailFilter function." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:f1202_firmware:1.2.0.9:*:*:*:*:*:*:*", + "matchCriteriaId": "3AE52B3C-3B08-4B8E-965B-0B7BD05EBBB1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:f1202:-:*:*:*:*:*:*:*", + "matchCriteriaId": "37DF507C-5EDA-46A0-851E-ED8BC0B54F88" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:pa202_firmware:1.1.2.5:*:*:*:*:*:*:*", + "matchCriteriaId": "68BF38F0-62D2-4789-8E5E-A6E7F5BC3AC3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:pa202:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1EAE4C66-1579-4B54-B268-FD75363E4699" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:pw201a_firmware:1.1.2.5:*:*:*:*:*:*:*", + "matchCriteriaId": "8444B664-7963-4DC7-9141-EF055F175FF2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:pw201a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7614AEA9-9216-4872-A29C-C51736516F54" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:fh1202_firmware:1.2.0.9:*:*:*:*:*:*:*", + "matchCriteriaId": "9DA584AC-7E1F-4FF7-91EA-F82AC2D2D3CC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:fh1202:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4A632A11-60A0-457C-A039-BED32F83BD52" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/formSafeEmailFilter", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.netgear.com/about/security/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38934.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38934.json index 2be8f08bbcb..d6ebe1d8262 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38934.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38934.json @@ -2,19 +2,141 @@ "id": "CVE-2023-38934", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-07T19:15:11.207", - "lastModified": "2023-08-07T19:30:20.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:06:05.253", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) was discovered to contain a stack overflow via the deviceId parameter in the formSetDeviceName function." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:fh1203_firmware:2.0.1.6:*:*:*:*:*:*:*", + "matchCriteriaId": "E28AF51D-EBFB-4EC8-9FCB-C3DFAE1DBB2E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4E7A0DCB-AC18-4F32-86E2-F2C2E9118A71" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:f1203_firmware:2.0.1.6:*:*:*:*:*:*:*", + "matchCriteriaId": "0B3530E4-70D6-4246-84CA-E25797329DE0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0FB77DC8-C11D-418A-AB87-5FE0226CA6CA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:fh1205_firmware:2.0.0.7\\(775\\):*:*:*:*:*:*:*", + "matchCriteriaId": "706158B7-6114-4AA8-A1A0-BB24119A3264" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7E92D910-72BB-443F-9927-1E72AC8C8C9B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetDeviceName/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38938.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38938.json index 510e8fb0b92..f1c7b93a86b 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38938.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38938.json @@ -2,19 +2,168 @@ "id": "CVE-2023-38938", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-07T19:15:11.477", - "lastModified": "2023-08-07T19:30:20.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:06:15.870", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter at /L7Im." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:f1202_firmware:1.2.0.9:*:*:*:*:*:*:*", + "matchCriteriaId": "3AE52B3C-3B08-4B8E-965B-0B7BD05EBBB1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:f1202:-:*:*:*:*:*:*:*", + "matchCriteriaId": "37DF507C-5EDA-46A0-851E-ED8BC0B54F88" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:pa202_firmware:1.1.2.5:*:*:*:*:*:*:*", + "matchCriteriaId": "68BF38F0-62D2-4789-8E5E-A6E7F5BC3AC3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:pa202:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1EAE4C66-1579-4B54-B268-FD75363E4699" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:pw201a_firmware:1.1.2.5:*:*:*:*:*:*:*", + "matchCriteriaId": "8444B664-7963-4DC7-9141-EF055F175FF2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:pw201a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7614AEA9-9216-4872-A29C-C51736516F54" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:fh1202_firmware:1.2.0.9:*:*:*:*:*:*:*", + "matchCriteriaId": "9DA584AC-7E1F-4FF7-91EA-F82AC2D2D3CC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:fh1202:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4A632A11-60A0-457C-A039-BED32F83BD52" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/frmL7ImForm", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38939.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38939.json index 8e73be7e2b6..bbcb294438f 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38939.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38939.json @@ -2,19 +2,114 @@ "id": "CVE-2023-38939", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-07T19:15:11.540", - "lastModified": "2023-08-07T19:30:20.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:06:28.010", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda F1202 V1.2.0.9 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the mit_ssid parameter in the formWrlsafeset function." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:f1202_firmware:1.2.0.9:*:*:*:*:*:*:*", + "matchCriteriaId": "3AE52B3C-3B08-4B8E-965B-0B7BD05EBBB1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:f1202:-:*:*:*:*:*:*:*", + "matchCriteriaId": "37DF507C-5EDA-46A0-851E-ED8BC0B54F88" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:fh1202_firmware:1.2.0.9:*:*:*:*:*:*:*", + "matchCriteriaId": "9DA584AC-7E1F-4FF7-91EA-F82AC2D2D3CC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:fh1202:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4A632A11-60A0-457C-A039-BED32F83BD52" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/formWrlsafeset", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38940.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38940.json index 1edf9234c9d..c60cc0cfe84 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38940.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38940.json @@ -2,19 +2,141 @@ "id": "CVE-2023-38940", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-07T19:15:11.610", - "lastModified": "2023-08-07T19:30:20.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:06:42.090", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:fh1203_firmware:2.0.1.6:*:*:*:*:*:*:*", + "matchCriteriaId": "E28AF51D-EBFB-4EC8-9FCB-C3DFAE1DBB2E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4E7A0DCB-AC18-4F32-86E2-F2C2E9118A71" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:f1203_firmware:2.0.1.6:*:*:*:*:*:*:*", + "matchCriteriaId": "0B3530E4-70D6-4246-84CA-E25797329DE0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0FB77DC8-C11D-418A-AB87-5FE0226CA6CA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:fh1205_firmware:2.0.0.7\\(775\\):*:*:*:*:*:*:*", + "matchCriteriaId": "706158B7-6114-4AA8-A1A0-BB24119A3264" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7E92D910-72BB-443F-9927-1E72AC8C8C9B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/form_fast_setting_wifi_set", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38997.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38997.json new file mode 100644 index 00000000000..0c9efeede06 --- /dev/null +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38997.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-38997", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-09T19:15:14.593", + "lastModified": "2023-08-09T19:15:14.593", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A directory traversal vulnerability in the Captive Portal templates of OPNsense before 23.7 allows attackers to execute arbitrary system commands as root via a crafted ZIP archive." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/opnsense/core/commit/448762d440b51574f1906c0ec2f5ea6dc4f16eb2", + "source": "cve@mitre.org" + }, + { + "url": "https://logicaltrust.net/blog/2023/08/opnsense.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38998.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38998.json new file mode 100644 index 00000000000..ec17cb0c8f6 --- /dev/null +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38998.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-38998", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-09T19:15:14.660", + "lastModified": "2023-08-09T19:15:14.660", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An open redirect in the Login page of OPNsense before 23.7 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/opnsense/core/commit/6bc025af1705dcdd8ef22ff5d4fcb986fa4e45f8", + "source": "cve@mitre.org" + }, + { + "url": "https://logicaltrust.net/blog/2023/08/opnsense.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38999.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38999.json new file mode 100644 index 00000000000..608227e774b --- /dev/null +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38999.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-38999", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-09T19:15:14.723", + "lastModified": "2023-08-09T19:15:14.723", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense before 23.7 allows attackers to cause a Denial of Service (DoS) via a crafted GET request." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/opnsense/core/commit/5d68f43d1f254144831881fc87d885eed120cf3c", + "source": "cve@mitre.org" + }, + { + "url": "https://logicaltrust.net/blog/2023/08/opnsense.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-38xx/CVE-2023-3896.json b/CVE-2023/CVE-2023-38xx/CVE-2023-3896.json index a92312d5091..ecfd5fda522 100644 --- a/CVE-2023/CVE-2023-38xx/CVE-2023-3896.json +++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3896.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3896", "sourceIdentifier": "security@opencloudos.tech", "published": "2023-08-07T13:15:12.927", - "lastModified": "2023-08-07T15:41:35.637", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:00:58.977", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security@opencloudos.tech", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-369" + } + ] + }, { "source": "security@opencloudos.tech", "type": "Secondary", @@ -46,14 +76,41 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vim:vim:9.0.1367:*:*:*:*:*:*:*", + "matchCriteriaId": "E7C64D89-A08A-462B-A7A0-081F1CF58908" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/vim/vim/issues/12528", - "source": "security@opencloudos.tech" + "source": "security@opencloudos.tech", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Vendor Advisory" + ] }, { "url": "https://github.com/vim/vim/pull/12540", - "source": "security@opencloudos.tech" + "source": "security@opencloudos.tech", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-390xx/CVE-2023-39000.json b/CVE-2023/CVE-2023-390xx/CVE-2023-39000.json new file mode 100644 index 00000000000..380de56c5f4 --- /dev/null +++ b/CVE-2023/CVE-2023-390xx/CVE-2023-39000.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-39000", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-09T19:15:14.787", + "lastModified": "2023-08-09T19:15:14.787", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense before 23.7 allows attackers to inject arbitrary JavaScript via the URL path." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/opnsense/core/commit/d1f350ce70e477adc86d445f5cda9b24f9ff0168", + "source": "cve@mitre.org" + }, + { + "url": "https://logicaltrust.net/blog/2023/08/opnsense.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-390xx/CVE-2023-39001.json b/CVE-2023/CVE-2023-390xx/CVE-2023-39001.json new file mode 100644 index 00000000000..7724db28644 --- /dev/null +++ b/CVE-2023/CVE-2023-390xx/CVE-2023-39001.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-39001", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-09T19:15:14.850", + "lastModified": "2023-08-09T19:15:14.850", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A command injection vulnerability in the component diag_backup.php of OPNsense before 23.7 allows attackers to execute arbitrary commands via a crafted backup configuration file." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/opnsense/core/commit/e800097d0c287bb665f0751a98a67c75ef7b45e5", + "source": "cve@mitre.org" + }, + { + "url": "https://logicaltrust.net/blog/2023/08/opnsense.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-390xx/CVE-2023-39002.json b/CVE-2023/CVE-2023-390xx/CVE-2023-39002.json new file mode 100644 index 00000000000..a1334320212 --- /dev/null +++ b/CVE-2023/CVE-2023-390xx/CVE-2023-39002.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-39002", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-09T19:15:14.900", + "lastModified": "2023-08-09T19:15:14.900", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense before 23.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/opnsense/core/commit/a4f6a8f8d604271f81984cfcbba0471af58e34dc", + "source": "cve@mitre.org" + }, + { + "url": "https://logicaltrust.net/blog/2023/08/opnsense.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-390xx/CVE-2023-39003.json b/CVE-2023/CVE-2023-390xx/CVE-2023-39003.json new file mode 100644 index 00000000000..ee76d90f3c7 --- /dev/null +++ b/CVE-2023/CVE-2023-390xx/CVE-2023-39003.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-39003", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-09T19:15:14.953", + "lastModified": "2023-08-09T19:15:14.953", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "OPNsense before 23.7 was discovered to contain insecure permissions in the directory /tmp." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://opnsense.com", + "source": "cve@mitre.org" + }, + { + "url": "https://logicaltrust.net/blog/2023/08/opnsense.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-390xx/CVE-2023-39004.json b/CVE-2023/CVE-2023-390xx/CVE-2023-39004.json new file mode 100644 index 00000000000..89e48aec607 --- /dev/null +++ b/CVE-2023/CVE-2023-390xx/CVE-2023-39004.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-39004", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-09T19:15:15.013", + "lastModified": "2023-08-09T19:15:15.013", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Insecure permissions in the configuration directory (/conf/) of OPNsense before 23.7 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://opnsense.com", + "source": "cve@mitre.org" + }, + { + "url": "https://logicaltrust.net/blog/2023/08/opnsense.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-390xx/CVE-2023-39005.json b/CVE-2023/CVE-2023-390xx/CVE-2023-39005.json new file mode 100644 index 00000000000..9946b5e79b1 --- /dev/null +++ b/CVE-2023/CVE-2023-390xx/CVE-2023-39005.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-39005", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-09T19:15:15.077", + "lastModified": "2023-08-09T19:15:15.077", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Insecure permissions exist for configd.socket in OPNsense before 23.7." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/opnsense/core/issues/6647", + "source": "cve@mitre.org" + }, + { + "url": "https://logicaltrust.net/blog/2023/08/opnsense.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-390xx/CVE-2023-39006.json b/CVE-2023/CVE-2023-390xx/CVE-2023-39006.json new file mode 100644 index 00000000000..78631fdb862 --- /dev/null +++ b/CVE-2023/CVE-2023-390xx/CVE-2023-39006.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-39006", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-09T19:15:15.140", + "lastModified": "2023-08-09T19:15:15.140", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Crash Reporter (crash_reporter.php) component of OPNsense before 23.7 mishandles input sanitization." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/opnsense/core/commit/1c05a19d9d52c7bfa4ac52114935d9fe76d5d181", + "source": "cve@mitre.org" + }, + { + "url": "https://logicaltrust.net/blog/2023/08/opnsense.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-390xx/CVE-2023-39007.json b/CVE-2023/CVE-2023-390xx/CVE-2023-39007.json new file mode 100644 index 00000000000..93de1a53d59 --- /dev/null +++ b/CVE-2023/CVE-2023-390xx/CVE-2023-39007.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-39007", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-09T19:15:15.207", + "lastModified": "2023-08-09T19:15:15.207", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "/ui/cron/item/open in the Cron component of OPNsense before 23.7 allows XSS." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/opnsense/core/commit/5edff49db1cd8b5078611e2f542d91c02af2b25c", + "source": "cve@mitre.org" + }, + { + "url": "https://logicaltrust.net/blog/2023/08/opnsense.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-390xx/CVE-2023-39008.json b/CVE-2023/CVE-2023-390xx/CVE-2023-39008.json new file mode 100644 index 00000000000..891b2e20dec --- /dev/null +++ b/CVE-2023/CVE-2023-390xx/CVE-2023-39008.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-39008", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-09T19:15:15.270", + "lastModified": "2023-08-09T19:15:15.270", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense before 23.7 allows attackers to execute arbitrary system commands." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/opnsense/core/commit/e800097d0c287bb665f0751a98a67c75ef7b45e5", + "source": "cve@mitre.org" + }, + { + "url": "https://logicaltrust.net/blog/2023/08/opnsense.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-394xx/CVE-2023-39436.json b/CVE-2023/CVE-2023-394xx/CVE-2023-39436.json index 13503d175ac..e7201f87014 100644 --- a/CVE-2023/CVE-2023-394xx/CVE-2023-39436.json +++ b/CVE-2023/CVE-2023-394xx/CVE-2023-39436.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39436", "sourceIdentifier": "cna@sap.com", "published": "2023-08-08T01:15:19.150", - "lastModified": "2023-08-08T12:51:11.140", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:19:29.723", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -46,14 +66,72 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:supplier_relationship_management:600:*:*:*:*:*:*:*", + "matchCriteriaId": "55527525-88C2-4FAD-AD3F-023928317556" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:supplier_relationship_management:602:*:*:*:*:*:*:*", + "matchCriteriaId": "15FDAEAF-58BD-4839-839F-A1E8C8E0E0AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:supplier_relationship_management:603:*:*:*:*:*:*:*", + "matchCriteriaId": "794DE5E4-B5A6-4ACC-8EBF-F76FCAD7369C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:supplier_relationship_management:604:*:*:*:*:*:*:*", + "matchCriteriaId": "685CA87A-7F6F-4D75-83D9-C5F26201257D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:supplier_relationship_management:605:*:*:*:*:*:*:*", + "matchCriteriaId": "189F4096-39A5-44E6-B954-70B45FA1F695" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:supplier_relationship_management:606:*:*:*:*:*:*:*", + "matchCriteriaId": "24247E81-67E8-42DE-9871-2EC7F0960A98" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:supplier_relationship_management:616:*:*:*:*:*:*:*", + "matchCriteriaId": "2EFCE15C-77A9-4C6E-8616-3F7EBA1EB220" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:supplier_relationship_management:617:*:*:*:*:*:*:*", + "matchCriteriaId": "67BE6CAE-5A02-4567-ADEA-2B16C763CA06" + } + ] + } + ] + } + ], "references": [ { "url": "https://me.sap.com/notes/2067220", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-394xx/CVE-2023-39437.json b/CVE-2023/CVE-2023-394xx/CVE-2023-39437.json index fb67ce7c231..0013e195456 100644 --- a/CVE-2023/CVE-2023-394xx/CVE-2023-39437.json +++ b/CVE-2023/CVE-2023-394xx/CVE-2023-39437.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39437", "sourceIdentifier": "cna@sap.com", "published": "2023-08-08T01:15:19.477", - "lastModified": "2023-08-08T12:51:11.140", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:19:10.230", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -46,14 +66,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:business_one:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "391F491C-2DE8-44E5-B054-42F188161C8A" + } + ] + } + ] + } + ], "references": [ { "url": "https://me.sap.com/notes/3358300", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-394xx/CVE-2023-39440.json b/CVE-2023/CVE-2023-394xx/CVE-2023-39440.json index f79afd8ab57..f80b161ae83 100644 --- a/CVE-2023/CVE-2023-394xx/CVE-2023-39440.json +++ b/CVE-2023/CVE-2023-394xx/CVE-2023-39440.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39440", "sourceIdentifier": "cna@sap.com", "published": "2023-08-08T01:15:20.100", - "lastModified": "2023-08-08T12:51:11.140", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:22:07.123", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + }, { "source": "cna@sap.com", "type": "Secondary", @@ -46,14 +66,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:420:*:*:*:*:*:*:*", + "matchCriteriaId": "38BA0DF9-D893-4AF9-923E-E47EA5C02C52" + } + ] + } + ] + } + ], "references": [ { "url": "https://me.sap.com/notes/3312586", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", - "source": "cna@sap.com" + "source": "cna@sap.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-395xx/CVE-2023-39528.json b/CVE-2023/CVE-2023-395xx/CVE-2023-39528.json index 6ccd5ebb470..7ccfdc63cfd 100644 --- a/CVE-2023/CVE-2023-395xx/CVE-2023-39528.json +++ b/CVE-2023/CVE-2023-395xx/CVE-2023-39528.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39528", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-07T21:15:10.597", - "lastModified": "2023-08-08T12:51:11.140", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T19:45:03.020", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.0 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,14 +70,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.1.1", + "matchCriteriaId": "705A3EBE-48E5-4E3B-A8D8-471098F8B56E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/PrestaShop/PrestaShop/commit/11de3a84322fa4ecd0995ac40d575db61804724c", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-hpf4-v7v2-95p2", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-395xx/CVE-2023-39529.json b/CVE-2023/CVE-2023-395xx/CVE-2023-39529.json index 2d0582fab76..1a5ee24db7e 100644 --- a/CVE-2023/CVE-2023-395xx/CVE-2023-39529.json +++ b/CVE-2023/CVE-2023-395xx/CVE-2023-39529.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39529", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-07T21:15:10.703", - "lastModified": "2023-08-08T12:51:11.140", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T19:46:13.237", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,14 +76,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.1.1", + "matchCriteriaId": "705A3EBE-48E5-4E3B-A8D8-471098F8B56E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/PrestaShop/PrestaShop/commit/b08c647305dc1e9e6a2445b724d13a9733b6ed82", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-2rf5-3fw8-qm47", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-395xx/CVE-2023-39530.json b/CVE-2023/CVE-2023-395xx/CVE-2023-39530.json index 21eec129006..b0230ce2b59 100644 --- a/CVE-2023/CVE-2023-395xx/CVE-2023-39530.json +++ b/CVE-2023/CVE-2023-395xx/CVE-2023-39530.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39530", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-07T21:15:10.817", - "lastModified": "2023-08-08T12:51:11.140", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T19:36:10.557", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,14 +70,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.1.1", + "matchCriteriaId": "705A3EBE-48E5-4E3B-A8D8-471098F8B56E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/PrestaShop/PrestaShop/commit/6ce750b2367a7309b6bf50166f1873cb86ad57e9", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-v4gr-v679-42p7", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-395xx/CVE-2023-39531.json b/CVE-2023/CVE-2023-395xx/CVE-2023-39531.json index 1197951ec24..0100c094761 100644 --- a/CVE-2023/CVE-2023-395xx/CVE-2023-39531.json +++ b/CVE-2023/CVE-2023-395xx/CVE-2023-39531.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39531", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-09T17:15:09.827", - "lastModified": "2023-08-09T17:15:09.827", - "vulnStatus": "Received", + "lastModified": "2023-08-09T18:05:18.757", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-399xx/CVE-2023-39969.json b/CVE-2023/CVE-2023-399xx/CVE-2023-39969.json index ab13b37179c..fd727f1f467 100644 --- a/CVE-2023/CVE-2023-399xx/CVE-2023-39969.json +++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39969.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39969", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-09T16:15:09.733", - "lastModified": "2023-08-09T16:15:09.733", - "vulnStatus": "Received", + "lastModified": "2023-08-09T18:05:18.757", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3953.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3953.json index d1023858e8b..329378028e9 100644 --- a/CVE-2023/CVE-2023-39xx/CVE-2023-3953.json +++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3953.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3953", "sourceIdentifier": "cybersecurity@se.com", "published": "2023-08-09T15:15:09.623", - "lastModified": "2023-08-09T15:15:09.623", - "vulnStatus": "Received", + "lastModified": "2023-08-09T18:05:18.757", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40012.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40012.json index a378a1b879b..d3849d20bb9 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40012.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40012.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40012", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-09T16:15:10.060", - "lastModified": "2023-08-09T16:15:10.060", - "vulnStatus": "Received", + "lastModified": "2023-08-09T18:05:18.757", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-41xx/CVE-2023-4165.json b/CVE-2023/CVE-2023-41xx/CVE-2023-4165.json index 6eed32e39c9..9b63e864eb0 100644 --- a/CVE-2023/CVE-2023-41xx/CVE-2023-4165.json +++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4165.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4165", "sourceIdentifier": "cna@vuldb.com", "published": "2023-08-05T14:15:23.390", - "lastModified": "2023-08-06T12:01:01.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:54:06.607", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tongda2000:tongda_oa:11.10:*:*:*:*:*:*:*", + "matchCriteriaId": "8F52BB0F-F178-4DFE-AE9E-6C91D2137799" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/nagenanhai/cve/blob/main/sql.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.236181", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.236181", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-41xx/CVE-2023-4166.json b/CVE-2023/CVE-2023-41xx/CVE-2023-4166.json index be3bd326374..92c9446c44d 100644 --- a/CVE-2023/CVE-2023-41xx/CVE-2023-4166.json +++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4166.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4166", "sourceIdentifier": "cna@vuldb.com", "published": "2023-08-05T16:15:23.747", - "lastModified": "2023-08-06T12:01:01.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:30:04.680", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tongda2000:tongda_oa:11.10:*:*:*:*:*:*:*", + "matchCriteriaId": "8F52BB0F-F178-4DFE-AE9E-6C91D2137799" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Das1yGa0/cve/blob/main/sql.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.236182", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.236182", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-41xx/CVE-2023-4167.json b/CVE-2023/CVE-2023-41xx/CVE-2023-4167.json index ac50fe9a49c..32d17389496 100644 --- a/CVE-2023/CVE-2023-41xx/CVE-2023-4167.json +++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4167.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4167", "sourceIdentifier": "cna@vuldb.com", "published": "2023-08-05T16:15:23.907", - "lastModified": "2023-08-06T12:01:01.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:37:23.557", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:emby:emby.releases:4.7.13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "522A039F-CD65-48A0-BEC2-71F59E93FBCE" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/whoamiecho/vuls/blob/main/emby.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.236183", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.236183", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-41xx/CVE-2023-4168.json b/CVE-2023/CVE-2023-41xx/CVE-2023-4168.json index 6d5b9f28a8f..7cdb2bffb2b 100644 --- a/CVE-2023/CVE-2023-41xx/CVE-2023-4168.json +++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4168.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4168", "sourceIdentifier": "cna@vuldb.com", "published": "2023-08-05T18:15:09.563", - "lastModified": "2023-08-07T18:15:10.287", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-08-09T19:58:40.947", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -61,8 +83,18 @@ }, "weaknesses": [ { - "source": "cna@vuldb.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -71,18 +103,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:templatecookie:adlisting:2.14.0:*:*:*:*:*:*:*", + "matchCriteriaId": "799A4E72-E409-4345-B0BA-A7DBDF6EE9F5" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/174015/Adlisting-Classified-Ads-2.14.0-Information-Disclosure.html", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.236184", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.236184", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-41xx/CVE-2023-4169.json b/CVE-2023/CVE-2023-41xx/CVE-2023-4169.json index 40ec6b31228..ca4fa933d42 100644 --- a/CVE-2023/CVE-2023-41xx/CVE-2023-4169.json +++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4169.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4169", "sourceIdentifier": "cna@vuldb.com", "published": "2023-08-05T18:15:17.850", - "lastModified": "2023-08-06T12:01:01.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T19:24:47.690", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -61,8 +83,18 @@ }, "weaknesses": [ { - "source": "cna@vuldb.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -71,18 +103,59 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ruijie:rg-ew1200g_firmware:1.0\\(1\\)b1p5:*:*:*:*:*:*:*", + "matchCriteriaId": "3B16D6E8-5A22-45DB-9DAE-AC8CBC2DC1E5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:ruijie:rg-ew1200g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1D49D3A7-F8C9-4273-B947-21B516DB5877" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/blakespire/repoforcve/tree/main/RG-EW1200G", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.236185", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.236185", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-41xx/CVE-2023-4170.json b/CVE-2023/CVE-2023-41xx/CVE-2023-4170.json index 2b6d184c19c..2607214ca9b 100644 --- a/CVE-2023/CVE-2023-41xx/CVE-2023-4170.json +++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4170.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4170", "sourceIdentifier": "cna@vuldb.com", "published": "2023-08-05T19:15:18.463", - "lastModified": "2023-08-06T12:01:01.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T19:35:58.457", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dedebiz:dedebiz:6.2.10:*:*:*:*:*:*:*", + "matchCriteriaId": "DB0617CF-E88B-4486-B850-BAE317599BB6" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Wkingxc/CVE/blob/master/dedebiz_XSS.pdf", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.236186", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.236186", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-41xx/CVE-2023-4185.json b/CVE-2023/CVE-2023-41xx/CVE-2023-4185.json index 6d108a04ed9..127b857f981 100644 --- a/CVE-2023/CVE-2023-41xx/CVE-2023-4185.json +++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4185.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4185", "sourceIdentifier": "cna@vuldb.com", "published": "2023-08-06T13:15:14.137", - "lastModified": "2023-08-07T12:57:26.370", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:52:43.840", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -75,18 +97,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mayurik:online_hospital_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "82E9FA36-133C-473E-A155-A5FF15908E42" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Yusoyea/VulList/blob/main/Hospital%20Management%20System%20patientlogin.php%20has%20Sqlinjection.pdf", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.236220", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.236220", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-41xx/CVE-2023-4192.json b/CVE-2023/CVE-2023-41xx/CVE-2023-4192.json index c9eb5f406b2..58f4f477ac4 100644 --- a/CVE-2023/CVE-2023-41xx/CVE-2023-4192.json +++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4192.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4192", "sourceIdentifier": "cna@vuldb.com", "published": "2023-08-07T00:15:09.387", - "lastModified": "2023-08-07T12:57:26.370", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T18:15:25.423", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -75,18 +97,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:resort_reservation_system_project:resort_reservation_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "57B25E14-73A3-436D-900D-0E09E0A423DE" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Yesec/Resort-Reservation-System/blob/main/SQL%20Injection%20in%20manage_user.php/vuln.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.236235", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.236235", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-41xx/CVE-2023-4199.json b/CVE-2023/CVE-2023-41xx/CVE-2023-4199.json index 3ffef7c121a..205e5b301db 100644 --- a/CVE-2023/CVE-2023-41xx/CVE-2023-4199.json +++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4199.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4199", "sourceIdentifier": "cna@vuldb.com", "published": "2023-08-07T18:15:10.667", - "lastModified": "2023-08-07T18:20:15.283", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T19:52:53.200", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mayurik:inventory_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "92A0265A-E1A5-4424-8D30-EC76231AEE53" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Yesec/Inventory-Management-System/blob/main/SQL%20Injection%20in%20catagory_data.php/vuln.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.236289", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.236289", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4273.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4273.json index e4a71d3e3a7..1c034b7ac8a 100644 --- a/CVE-2023/CVE-2023-42xx/CVE-2023-4273.json +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4273.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4273", "sourceIdentifier": "secalert@redhat.com", "published": "2023-08-09T15:15:09.823", - "lastModified": "2023-08-09T15:15:09.823", - "vulnStatus": "Received", + "lastModified": "2023-08-09T18:05:18.757", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/README.md b/README.md index 730dc989fdb..77d3f3740d0 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-09T18:00:37.265849+00:00 +2023-08-09T20:00:27.134268+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-09T17:59:30.673000+00:00 +2023-08-09T19:58:40.947000+00:00 ``` ### Last Data Feed Release @@ -29,48 +29,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -222163 +222201 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `38` -* [CVE-2023-39969](CVE-2023/CVE-2023-399xx/CVE-2023-39969.json) (`2023-08-09T16:15:09.733`) -* [CVE-2023-3518](CVE-2023/CVE-2023-35xx/CVE-2023-3518.json) (`2023-08-09T16:15:09.957`) -* [CVE-2023-40012](CVE-2023/CVE-2023-400xx/CVE-2023-40012.json) (`2023-08-09T16:15:10.060`) -* [CVE-2023-39531](CVE-2023/CVE-2023-395xx/CVE-2023-39531.json) (`2023-08-09T17:15:09.827`) +* [CVE-2022-48593](CVE-2022/CVE-2022-485xx/CVE-2022-48593.json) (`2023-08-09T19:15:13.253`) +* [CVE-2022-48594](CVE-2022/CVE-2022-485xx/CVE-2022-48594.json) (`2023-08-09T19:15:13.367`) +* [CVE-2022-48595](CVE-2022/CVE-2022-485xx/CVE-2022-48595.json) (`2023-08-09T19:15:13.467`) +* [CVE-2022-48596](CVE-2022/CVE-2022-485xx/CVE-2022-48596.json) (`2023-08-09T19:15:13.567`) +* [CVE-2022-48597](CVE-2022/CVE-2022-485xx/CVE-2022-48597.json) (`2023-08-09T19:15:13.667`) +* [CVE-2022-48598](CVE-2022/CVE-2022-485xx/CVE-2022-48598.json) (`2023-08-09T19:15:13.770`) +* [CVE-2022-48599](CVE-2022/CVE-2022-485xx/CVE-2022-48599.json) (`2023-08-09T19:15:13.877`) +* [CVE-2022-48600](CVE-2022/CVE-2022-486xx/CVE-2022-48600.json) (`2023-08-09T19:15:13.973`) +* [CVE-2022-48601](CVE-2022/CVE-2022-486xx/CVE-2022-48601.json) (`2023-08-09T19:15:14.080`) +* [CVE-2022-48602](CVE-2022/CVE-2022-486xx/CVE-2022-48602.json) (`2023-08-09T19:15:14.190`) +* [CVE-2022-48603](CVE-2022/CVE-2022-486xx/CVE-2022-48603.json) (`2023-08-09T19:15:14.297`) +* [CVE-2022-48604](CVE-2022/CVE-2022-486xx/CVE-2022-48604.json) (`2023-08-09T19:15:14.393`) +* [CVE-2023-23346](CVE-2023/CVE-2023-233xx/CVE-2023-23346.json) (`2023-08-09T19:15:14.500`) +* [CVE-2023-38997](CVE-2023/CVE-2023-389xx/CVE-2023-38997.json) (`2023-08-09T19:15:14.593`) +* [CVE-2023-38998](CVE-2023/CVE-2023-389xx/CVE-2023-38998.json) (`2023-08-09T19:15:14.660`) +* [CVE-2023-38999](CVE-2023/CVE-2023-389xx/CVE-2023-38999.json) (`2023-08-09T19:15:14.723`) +* [CVE-2023-39000](CVE-2023/CVE-2023-390xx/CVE-2023-39000.json) (`2023-08-09T19:15:14.787`) +* [CVE-2023-39001](CVE-2023/CVE-2023-390xx/CVE-2023-39001.json) (`2023-08-09T19:15:14.850`) +* [CVE-2023-39002](CVE-2023/CVE-2023-390xx/CVE-2023-39002.json) (`2023-08-09T19:15:14.900`) +* [CVE-2023-39003](CVE-2023/CVE-2023-390xx/CVE-2023-39003.json) (`2023-08-09T19:15:14.953`) +* [CVE-2023-39004](CVE-2023/CVE-2023-390xx/CVE-2023-39004.json) (`2023-08-09T19:15:15.013`) +* [CVE-2023-39005](CVE-2023/CVE-2023-390xx/CVE-2023-39005.json) (`2023-08-09T19:15:15.077`) +* [CVE-2023-39006](CVE-2023/CVE-2023-390xx/CVE-2023-39006.json) (`2023-08-09T19:15:15.140`) +* [CVE-2023-39007](CVE-2023/CVE-2023-390xx/CVE-2023-39007.json) (`2023-08-09T19:15:15.207`) +* [CVE-2023-39008](CVE-2023/CVE-2023-390xx/CVE-2023-39008.json) (`2023-08-09T19:15:15.270`) ### CVEs modified in the last Commit -Recently modified CVEs: `94` +Recently modified CVEs: `52` -* [CVE-2023-23757](CVE-2023/CVE-2023-237xx/CVE-2023-23757.json) (`2023-08-09T17:52:32.070`) -* [CVE-2023-38763](CVE-2023/CVE-2023-387xx/CVE-2023-38763.json) (`2023-08-09T17:52:32.503`) -* [CVE-2023-3650](CVE-2023/CVE-2023-36xx/CVE-2023-3650.json) (`2023-08-09T17:52:43.370`) -* [CVE-2023-39508](CVE-2023/CVE-2023-395xx/CVE-2023-39508.json) (`2023-08-09T17:52:57.137`) -* [CVE-2023-38764](CVE-2023/CVE-2023-387xx/CVE-2023-38764.json) (`2023-08-09T17:53:00.830`) -* [CVE-2023-3671](CVE-2023/CVE-2023-36xx/CVE-2023-3671.json) (`2023-08-09T17:53:05.527`) -* [CVE-2023-3575](CVE-2023/CVE-2023-35xx/CVE-2023-3575.json) (`2023-08-09T17:53:14.573`) -* [CVE-2023-20804](CVE-2023/CVE-2023-208xx/CVE-2023-20804.json) (`2023-08-09T17:53:15.283`) -* [CVE-2023-3524](CVE-2023/CVE-2023-35xx/CVE-2023-3524.json) (`2023-08-09T17:53:21.030`) -* [CVE-2023-3492](CVE-2023/CVE-2023-34xx/CVE-2023-3492.json) (`2023-08-09T17:53:34.870`) -* [CVE-2023-20805](CVE-2023/CVE-2023-208xx/CVE-2023-20805.json) (`2023-08-09T17:53:38.957`) -* [CVE-2023-3365](CVE-2023/CVE-2023-33xx/CVE-2023-3365.json) (`2023-08-09T17:53:54.090`) -* [CVE-2023-2843](CVE-2023/CVE-2023-28xx/CVE-2023-2843.json) (`2023-08-09T17:54:01.737`) -* [CVE-2023-38765](CVE-2023/CVE-2023-387xx/CVE-2023-38765.json) (`2023-08-09T17:54:16.737`) -* [CVE-2023-0604](CVE-2023/CVE-2023-06xx/CVE-2023-0604.json) (`2023-08-09T17:54:28.973`) -* [CVE-2023-38766](CVE-2023/CVE-2023-387xx/CVE-2023-38766.json) (`2023-08-09T17:55:00.717`) -* [CVE-2023-38767](CVE-2023/CVE-2023-387xx/CVE-2023-38767.json) (`2023-08-09T17:55:22.623`) -* [CVE-2023-36220](CVE-2023/CVE-2023-362xx/CVE-2023-36220.json) (`2023-08-09T17:55:37.767`) -* [CVE-2023-38768](CVE-2023/CVE-2023-387xx/CVE-2023-38768.json) (`2023-08-09T17:55:47.517`) -* [CVE-2023-38769](CVE-2023/CVE-2023-387xx/CVE-2023-38769.json) (`2023-08-09T17:56:35.557`) -* [CVE-2023-38770](CVE-2023/CVE-2023-387xx/CVE-2023-38770.json) (`2023-08-09T17:57:18.643`) -* [CVE-2023-38771](CVE-2023/CVE-2023-387xx/CVE-2023-38771.json) (`2023-08-09T17:57:29.410`) -* [CVE-2023-38773](CVE-2023/CVE-2023-387xx/CVE-2023-38773.json) (`2023-08-09T17:57:38.727`) -* [CVE-2023-4187](CVE-2023/CVE-2023-41xx/CVE-2023-4187.json) (`2023-08-09T17:58:37.840`) -* [CVE-2023-20781](CVE-2023/CVE-2023-207xx/CVE-2023-20781.json) (`2023-08-09T17:59:30.673`) +* [CVE-2023-20802](CVE-2023/CVE-2023-208xx/CVE-2023-20802.json) (`2023-08-09T18:07:36.453`) +* [CVE-2023-29689](CVE-2023/CVE-2023-296xx/CVE-2023-29689.json) (`2023-08-09T18:15:12.643`) +* [CVE-2023-37569](CVE-2023/CVE-2023-375xx/CVE-2023-37569.json) (`2023-08-09T18:15:12.777`) +* [CVE-2023-38646](CVE-2023/CVE-2023-386xx/CVE-2023-38646.json) (`2023-08-09T18:15:13.213`) +* [CVE-2023-4192](CVE-2023/CVE-2023-41xx/CVE-2023-4192.json) (`2023-08-09T18:15:25.423`) +* [CVE-2023-39437](CVE-2023/CVE-2023-394xx/CVE-2023-39437.json) (`2023-08-09T18:19:10.230`) +* [CVE-2023-39436](CVE-2023/CVE-2023-394xx/CVE-2023-39436.json) (`2023-08-09T18:19:29.723`) +* [CVE-2023-37492](CVE-2023/CVE-2023-374xx/CVE-2023-37492.json) (`2023-08-09T18:20:16.060`) +* [CVE-2023-37491](CVE-2023/CVE-2023-374xx/CVE-2023-37491.json) (`2023-08-09T18:20:38.800`) +* [CVE-2023-37490](CVE-2023/CVE-2023-374xx/CVE-2023-37490.json) (`2023-08-09T18:21:14.410`) +* [CVE-2023-37487](CVE-2023/CVE-2023-374xx/CVE-2023-37487.json) (`2023-08-09T18:21:30.300`) +* [CVE-2023-37484](CVE-2023/CVE-2023-374xx/CVE-2023-37484.json) (`2023-08-09T18:21:40.633`) +* [CVE-2023-37483](CVE-2023/CVE-2023-374xx/CVE-2023-37483.json) (`2023-08-09T18:21:52.827`) +* [CVE-2023-39440](CVE-2023/CVE-2023-394xx/CVE-2023-39440.json) (`2023-08-09T18:22:07.123`) +* [CVE-2023-4166](CVE-2023/CVE-2023-41xx/CVE-2023-4166.json) (`2023-08-09T18:30:04.680`) +* [CVE-2023-4167](CVE-2023/CVE-2023-41xx/CVE-2023-4167.json) (`2023-08-09T18:37:23.557`) +* [CVE-2023-4185](CVE-2023/CVE-2023-41xx/CVE-2023-4185.json) (`2023-08-09T18:52:43.840`) +* [CVE-2023-4165](CVE-2023/CVE-2023-41xx/CVE-2023-4165.json) (`2023-08-09T18:54:06.607`) +* [CVE-2023-4169](CVE-2023/CVE-2023-41xx/CVE-2023-4169.json) (`2023-08-09T19:24:47.690`) +* [CVE-2023-4170](CVE-2023/CVE-2023-41xx/CVE-2023-4170.json) (`2023-08-09T19:35:58.457`) +* [CVE-2023-39530](CVE-2023/CVE-2023-395xx/CVE-2023-39530.json) (`2023-08-09T19:36:10.557`) +* [CVE-2023-39528](CVE-2023/CVE-2023-395xx/CVE-2023-39528.json) (`2023-08-09T19:45:03.020`) +* [CVE-2023-39529](CVE-2023/CVE-2023-395xx/CVE-2023-39529.json) (`2023-08-09T19:46:13.237`) +* [CVE-2023-4199](CVE-2023/CVE-2023-41xx/CVE-2023-4199.json) (`2023-08-09T19:52:53.200`) +* [CVE-2023-4168](CVE-2023/CVE-2023-41xx/CVE-2023-4168.json) (`2023-08-09T19:58:40.947`) ## Download and Usage