diff --git a/CVE-2021/CVE-2021-383xx/CVE-2021-38363.json b/CVE-2021/CVE-2021-383xx/CVE-2021-38363.json index ca260d40e99..3fa7fb3c03d 100644 --- a/CVE-2021/CVE-2021-383xx/CVE-2021-38363.json +++ b/CVE-2021/CVE-2021-383xx/CVE-2021-38363.json @@ -2,23 +2,83 @@ "id": "CVE-2021-38363", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-20T13:15:06.753", - "lastModified": "2023-04-20T13:15:13.917", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T18:29:57.960", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in ONOS 2.5.1. In IntentManager, the install-requested intent (which causes an exception) remains in pendingMap (in memory) forever. Deletion is possible neither by a user nor by the intermittent Intent Cleanup process." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-755" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:onos:2.5.1:*:*:*:*:*:*:*", + "matchCriteriaId": "5DD1D050-BBF8-45B6-9B4E-93FC5D062414" + } + ] + } + ] + } + ], "references": [ { "url": "https://opennetworking.org/onos/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Technical Description", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-383xx/CVE-2021-38364.json b/CVE-2021/CVE-2021-383xx/CVE-2021-38364.json index 1d63a1b082a..379bb16583c 100644 --- a/CVE-2021/CVE-2021-383xx/CVE-2021-38364.json +++ b/CVE-2021/CVE-2021-383xx/CVE-2021-38364.json @@ -2,23 +2,83 @@ "id": "CVE-2021-38364", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-20T13:15:06.827", - "lastModified": "2023-04-20T13:15:13.917", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T18:28:18.383", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of flow rules installed by intents. A remote attacker can install or remove a new intent, and consequently modify or delete the existing flow rules related to other intents." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-697" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:onos:2.5.1:*:*:*:*:*:*:*", + "matchCriteriaId": "5DD1D050-BBF8-45B6-9B4E-93FC5D062414" + } + ] + } + ] + } + ], "references": [ { "url": "https://opennetworking.org/onos/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Technical Description", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-237xx/CVE-2022-23721.json b/CVE-2022/CVE-2022-237xx/CVE-2022-23721.json new file mode 100644 index 00000000000..7c208decc8f --- /dev/null +++ b/CVE-2022/CVE-2022-237xx/CVE-2022-23721.json @@ -0,0 +1,106 @@ +{ + "id": "CVE-2022-23721", + "sourceIdentifier": "responsible-disclosure@pingidentity.com", + "published": "2023-04-25T19:15:10.087", + "lastModified": "2023-05-04T19:39:23.267", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + }, + { + "source": "responsible-disclosure@pingidentity.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 3.8, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.0, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + }, + { + "source": "responsible-disclosure@pingidentity.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-694" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.9", + "matchCriteriaId": "D1089203-0C94-4337-9108-DDACBB1CE79B" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://docs.pingidentity.com/r/en-us/pingid/davinci_pingid_windows_login_relnotes_2.9", + "source": "responsible-disclosure@pingidentity.com", + "tags": [ + "Release Notes" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-240xx/CVE-2022-24035.json b/CVE-2022/CVE-2022-240xx/CVE-2022-24035.json index 13889f131e0..f932324bf20 100644 --- a/CVE-2022/CVE-2022-240xx/CVE-2022-24035.json +++ b/CVE-2022/CVE-2022-240xx/CVE-2022-24035.json @@ -2,23 +2,83 @@ "id": "CVE-2022-24035", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-20T13:15:06.893", - "lastModified": "2023-04-20T13:15:13.917", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T18:27:25.390", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in ONOS 2.5.1. The purge-requested intent remains on the list, but it does not respond to changes in topology (e.g., link failure). In combination with other applications, it could lead to a failure of network management." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:onos:2.5.1:*:*:*:*:*:*:*", + "matchCriteriaId": "5DD1D050-BBF8-45B6-9B4E-93FC5D062414" + } + ] + } + ] + } + ], "references": [ { "url": "https://wiki.onosproject.org/display/ONOS/Intent+Framework", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Technical Description", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-279xx/CVE-2022-27978.json b/CVE-2022/CVE-2022-279xx/CVE-2022-27978.json new file mode 100644 index 00000000000..814dfc599fe --- /dev/null +++ b/CVE-2022/CVE-2022-279xx/CVE-2022-27978.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2022-27978", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-04-26T16:15:09.260", + "lastModified": "2023-05-04T18:47:32.747", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-755" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tooljet:tooljet:1.6:*:*:*:*:*:*:*", + "matchCriteriaId": "045EAA93-CC71-4B4B-BE27-6BA4E52D9DAB" + } + ] + } + ] + } + ], + "references": [ + { + "url": "http://tooljet.com", + "source": "cve@mitre.org", + "tags": [ + "Product" + ] + }, + { + "url": "https://github.com/fourcube/security-advisories/blob/main/security-advisories/20220320-tooljet.md", + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-279xx/CVE-2022-27979.json b/CVE-2022/CVE-2022-279xx/CVE-2022-27979.json new file mode 100644 index 00000000000..23047861acb --- /dev/null +++ b/CVE-2022/CVE-2022-279xx/CVE-2022-27979.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2022-27979", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-04-26T16:15:09.453", + "lastModified": "2023-05-04T18:34:40.333", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tooljet:tooljet:1.6.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A8C10A90-E547-4A76-A32E-7A73010BD212" + } + ] + } + ] + } + ], + "references": [ + { + "url": "http://tooljet.com", + "source": "cve@mitre.org", + "tags": [ + "Product" + ] + }, + { + "url": "https://github.com/fourcube/security-advisories/blob/main/security-advisories/20220321-tooljet-xss.md", + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-312xx/CVE-2022-31244.json b/CVE-2022/CVE-2022-312xx/CVE-2022-31244.json new file mode 100644 index 00000000000..511d76fc39e --- /dev/null +++ b/CVE-2022/CVE-2022-312xx/CVE-2022-31244.json @@ -0,0 +1,83 @@ +{ + "id": "CVE-2022-31244", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-04-25T16:15:08.990", + "lastModified": "2023-05-04T19:02:43.130", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows for privilege escalation." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nokia:one-network_directory_server:17r2:*:*:*:*:*:*:*", + "matchCriteriaId": "819D29A1-3700-4CE3-BEED-F3E815E8BD63" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://packetstormsecurity.com/files/171970/Nokia-OneNDS-17-Insecure-Permissions-Privilege-Escalation.html", + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] + }, + { + "url": "https://www.nokia.com/networks/products/one-nds/", + "source": "cve@mitre.org", + "tags": [ + "Product" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-399xx/CVE-2022-39989.json b/CVE-2022/CVE-2022-399xx/CVE-2022-39989.json new file mode 100644 index 00000000000..d2a1aac8c23 --- /dev/null +++ b/CVE-2022/CVE-2022-399xx/CVE-2022-39989.json @@ -0,0 +1,89 @@ +{ + "id": "CVE-2022-39989", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-04-26T14:15:09.387", + "lastModified": "2023-05-04T19:49:24.510", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Fighting Cock Information System 1.0, which uses default credentials, but does not force nor prompt the administrators to change the credentials." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fighting_cock_information_system_project:fighting_cock_information_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "11C6CA2F-C8E7-4BB1-A787-92E8621D817F" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://gist.github.com/0xHop/43c4da65e0d101328a46b1bd5a11b262", + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://gist.github.com/0xHop/6ed962a1978edb1bd620c9c487400403", + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] + }, + { + "url": "https://www.sourcecodester.com/php/12824/fighting-cock-information-system.html", + "source": "cve@mitre.org", + "tags": [ + "Product" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-404xx/CVE-2022-40482.json b/CVE-2022/CVE-2022-404xx/CVE-2022-40482.json new file mode 100644 index 00000000000..a8f019af20c --- /dev/null +++ b/CVE-2022/CVE-2022-404xx/CVE-2022-40482.json @@ -0,0 +1,102 @@ +{ + "id": "CVE-2022-40482", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-04-25T19:15:10.180", + "lastModified": "2023-05-04T19:40:31.363", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\\Auth\\SessionGuard class when a user is found to not exist." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "9.32.0", + "matchCriteriaId": "E4552441-3DC8-4890-B731-4F34868C15C8" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://ephort.dk/blog/laravel-timing-attack-vulnerability/", + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Technical Description", + "Third Party Advisory" + ] + }, + { + "url": "https://github.com/ephort/laravel-user-enumeration-demo", + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] + }, + { + "url": "https://github.com/laravel/framework/pull/44069", + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Vendor Advisory" + ] + }, + { + "url": "https://github.com/laravel/framework/releases/tag/v9.32.0", + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-407xx/CVE-2022-40722.json b/CVE-2022/CVE-2022-407xx/CVE-2022-40722.json new file mode 100644 index 00000000000..d0ea99b1c8f --- /dev/null +++ b/CVE-2022/CVE-2022-407xx/CVE-2022-40722.json @@ -0,0 +1,133 @@ +{ + "id": "CVE-2022-40722", + "sourceIdentifier": "responsible-disclosure@pingidentity.com", + "published": "2023-04-25T19:15:10.240", + "lastModified": "2023-05-04T19:46:42.447", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.3, + "impactScore": 4.0 + }, + { + "source": "responsible-disclosure@pingidentity.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-327" + } + ] + }, + { + "source": "responsible-disclosure@pingidentity.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-780" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.1.0", + "versionEndIncluding": "11.1.5", + "matchCriteriaId": "4F085AB7-29E3-4CC6-88C6-49EF87B1E7E9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.2.0", + "versionEndIncluding": "11.2.2", + "matchCriteriaId": "2F76BB82-2AE0-4330-84E7-BBFFABF030C0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pingidentity:pingid_adapter_for_pingfederate:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.13.2", + "matchCriteriaId": "9285EE82-E2F6-4C82-8F0E-2149B8652E71" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pingidentity:pingid_integration_kit:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.24", + "matchCriteriaId": "A0D3BE72-98EE-4FE4-BF80-CDD66F495AC1" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://docs.pingidentity.com/r/en-us/pingid/pingid_adapter_configuring_offline_mfa", + "source": "responsible-disclosure@pingidentity.com", + "tags": [ + "Product" + ] + }, + { + "url": "https://docs.pingidentity.com/r/en-us/pingid/pingid_integration_kit_2_20_rn", + "source": "responsible-disclosure@pingidentity.com", + "tags": [ + "Release Notes" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-407xx/CVE-2022-40723.json b/CVE-2022/CVE-2022-407xx/CVE-2022-40723.json new file mode 100644 index 00000000000..5ca2315ab99 --- /dev/null +++ b/CVE-2022/CVE-2022-407xx/CVE-2022-40723.json @@ -0,0 +1,132 @@ +{ + "id": "CVE-2022-40723", + "sourceIdentifier": "responsible-disclosure@pingidentity.com", + "published": "2023-04-25T19:15:10.310", + "lastModified": "2023-05-04T19:48:57.540", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, + { + "source": "responsible-disclosure@pingidentity.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + }, + { + "source": "responsible-disclosure@pingidentity.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-305" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.1.0", + "versionEndIncluding": "11.1.5", + "matchCriteriaId": "4F085AB7-29E3-4CC6-88C6-49EF87B1E7E9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.2.0", + "versionEndIncluding": "11.2.2", + "matchCriteriaId": "2F76BB82-2AE0-4330-84E7-BBFFABF030C0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pingidentity:pingid_integration_kit:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.24", + "matchCriteriaId": "A0D3BE72-98EE-4FE4-BF80-CDD66F495AC1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pingidentity:radius_pcv:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.0.2", + "matchCriteriaId": "4A97675A-6B44-4AB9-AC7A-D67153A0273C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pingidentity:radius_pcv:2.10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "73EC03B9-23AE-4E5C-A7AD-44D10E3997FA" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://docs.pingidentity.com/r/en-us/pingid/pingid_integration_kit_2_19_rn", + "source": "responsible-disclosure@pingidentity.com", + "tags": [ + "Release Notes" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-407xx/CVE-2022-40724.json b/CVE-2022/CVE-2022-407xx/CVE-2022-40724.json new file mode 100644 index 00000000000..69c21f54eb4 --- /dev/null +++ b/CVE-2022/CVE-2022-407xx/CVE-2022-40724.json @@ -0,0 +1,128 @@ +{ + "id": "CVE-2022-40724", + "sourceIdentifier": "responsible-disclosure@pingidentity.com", + "published": "2023-04-25T19:15:10.383", + "lastModified": "2023-05-04T19:49:32.557", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site Request Forgery (CSRF) through crafted GET requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, + { + "source": "responsible-disclosure@pingidentity.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + }, + { + "source": "responsible-disclosure@pingidentity.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.3.0", + "versionEndIncluding": "10.3.11", + "matchCriteriaId": "D71A00D1-7F03-41CD-A62F-267D8EA85696" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.0.0", + "versionEndIncluding": "11.0.6", + "matchCriteriaId": "4E06480B-D92B-42C1-8A57-90E5F9229E15" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.1.0", + "versionEndIncluding": "11.1.5", + "matchCriteriaId": "4F085AB7-29E3-4CC6-88C6-49EF87B1E7E9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.2.0", + "versionEndIncluding": "11.2.2", + "matchCriteriaId": "2F76BB82-2AE0-4330-84E7-BBFFABF030C0" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://docs.pingidentity.com/r/en-us/pingfederate-110/fll1675188537050", + "source": "responsible-disclosure@pingidentity.com", + "tags": [ + "Release Notes" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-407xx/CVE-2022-40725.json b/CVE-2022/CVE-2022-407xx/CVE-2022-40725.json new file mode 100644 index 00000000000..73df5943dd3 --- /dev/null +++ b/CVE-2022/CVE-2022-407xx/CVE-2022-40725.json @@ -0,0 +1,106 @@ +{ + "id": "CVE-2022-40725", + "sourceIdentifier": "responsible-disclosure@pingidentity.com", + "published": "2023-04-25T19:15:10.447", + "lastModified": "2023-05-04T19:52:10.610", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be exploited to bypass the maximum PIN attempts permitted before the time-based lockout is activated." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 4.2 + }, + { + "source": "responsible-disclosure@pingidentity.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + }, + { + "source": "responsible-disclosure@pingidentity.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-288" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pingidentity:desktop:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.7.4", + "matchCriteriaId": "2FFF7637-5A29-4D36-A50F-B87B3F8EF030" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://docs.pingidentity.com/r/en-us/pingid/desktop_app_1.7.4", + "source": "responsible-disclosure@pingidentity.com", + "tags": [ + "Release Notes" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-452xx/CVE-2022-45291.json b/CVE-2022/CVE-2022-452xx/CVE-2022-45291.json new file mode 100644 index 00000000000..fa00ba20567 --- /dev/null +++ b/CVE-2022/CVE-2022-452xx/CVE-2022-45291.json @@ -0,0 +1,84 @@ +{ + "id": "CVE-2022-45291", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-04-25T19:15:10.520", + "lastModified": "2023-05-04T19:57:26.577", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS December 2020 (2012_lts) allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWS_printfile.php, PWS_frame_text.php, PWS_listfile.php, PWS_winter.php, and PWS_easyweathersetup.php endpoints. A contributing factor is a hardcoded login password of support, which is not documented. (This is not the same as the documented setup password, which is 12345.) The issue was fixed in late 2022." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pwsdashboard:personal_weather_station_dashboard:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3F21F28D-A86E-40D6-BAED-1A5D8AA88CEE" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://cavefxa.com/posts/cve-2022-45291/", + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Technical Description", + "Third Party Advisory" + ] + }, + { + "url": "https://pwsdashboard.com/", + "source": "cve@mitre.org", + "tags": [ + "Product" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-458xx/CVE-2022-45818.json b/CVE-2022/CVE-2022-458xx/CVE-2022-45818.json index 5b617db4fa0..a58316fc790 100644 --- a/CVE-2022/CVE-2022-458xx/CVE-2022-45818.json +++ b/CVE-2022/CVE-2022-458xx/CVE-2022-45818.json @@ -2,8 +2,8 @@ "id": "CVE-2022-45818", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-04T13:15:13.580", - "lastModified": "2023-05-04T13:15:13.580", - "vulnStatus": "Received", + "lastModified": "2023-05-04T18:45:32.047", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-463xx/CVE-2022-46302.json b/CVE-2022/CVE-2022-463xx/CVE-2022-46302.json index dab6ea4172d..115bc1e2245 100644 --- a/CVE-2022/CVE-2022-463xx/CVE-2022-46302.json +++ b/CVE-2022/CVE-2022-463xx/CVE-2022-46302.json @@ -2,8 +2,8 @@ "id": "CVE-2022-46302", "sourceIdentifier": "security@checkmk.com", "published": "2023-04-20T14:15:08.177", - "lastModified": "2023-04-20T14:41:19.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T18:32:15.130", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.0, + "impactScore": 6.0 + }, { "source": "security@checkmk.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-829" + } + ] + }, { "source": "security@checkmk.com", "type": "Secondary", @@ -46,10 +76,471 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:-:*:*:*:*:*:*", + "matchCriteriaId": "E15C521C-CD7F-434A-9F43-6ED5C7645DA7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b1:*:*:*:*:*:*", + "matchCriteriaId": "172724CA-44E1-4768-8BAF-611AE72C8510" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b10:*:*:*:*:*:*", + "matchCriteriaId": "EE1C7D4B-55E2-4A0B-96AD-4D1645141B43" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b11:*:*:*:*:*:*", + "matchCriteriaId": "BD1E3D74-1902-4958-8919-2077A41DC9C3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b12:*:*:*:*:*:*", + "matchCriteriaId": "7B691D90-C811-43A1-8062-71F2BF0EF5E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b2:*:*:*:*:*:*", + "matchCriteriaId": "AECA9A0D-0552-4DC2-97D4-F54B2C342177" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b3:*:*:*:*:*:*", + "matchCriteriaId": "99D39BA7-C78A-4667-95F1-55ACB9FD584F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b4:*:*:*:*:*:*", + "matchCriteriaId": "5B467203-3B24-4CAE-BEB4-88FEFA2223EF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b5:*:*:*:*:*:*", + "matchCriteriaId": "FDEC890E-D96A-490D-988D-B06C6CD86A05" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b6:*:*:*:*:*:*", + "matchCriteriaId": "D337C851-FEE8-44EE-A4A2-B3D5BE488C92" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b7:*:*:*:*:*:*", + "matchCriteriaId": "C38DF519-C97C-4D80-A686-72002CDD9406" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b8:*:*:*:*:*:*", + "matchCriteriaId": "D812CCC1-053C-4998-9335-2FB6E4A8BED8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:b9:*:*:*:*:*:*", + "matchCriteriaId": "DB52C0F4-B206-4F20-BDB7-3FF2E60185D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p1:*:*:*:*:*:*", + "matchCriteriaId": "D80533C1-AA9F-481B-A4A4-26AA0695C666" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p10:*:*:*:*:*:*", + "matchCriteriaId": "FA0AD652-2417-4C33-8299-0411FA002BAF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p11:*:*:*:*:*:*", + "matchCriteriaId": "29F70025-92A2-4618-A8DD-05098F45625F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p12:*:*:*:*:*:*", + "matchCriteriaId": "9CAAB02A-CB2D-42F9-9720-520822F88402" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p13:*:*:*:*:*:*", + "matchCriteriaId": "46C5993C-BEE1-4C9B-BCDB-09A36DA2485E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p14:*:*:*:*:*:*", + "matchCriteriaId": "53E01ABC-75DA-4323-9E8C-F97321974583" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p15:*:*:*:*:*:*", + "matchCriteriaId": "77427E05-C4A1-4C28-84B8-947E26CF7EA8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p16:*:*:*:*:*:*", + "matchCriteriaId": "6036F586-CA74-40DE-B76F-C76357A1E833" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p17:*:*:*:*:*:*", + "matchCriteriaId": "8F9B59E4-0468-495E-96C8-F765AFED2D67" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p18:*:*:*:*:*:*", + "matchCriteriaId": "4BD62952-9A86-4FEF-B8FC-3A2F468BFF95" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p19:*:*:*:*:*:*", + "matchCriteriaId": "84B6760F-4EB5-47C2-BDB1-9D654826B01D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p2:*:*:*:*:*:*", + "matchCriteriaId": "104EB827-02D7-4AB9-897D-16210E8934D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p20:*:*:*:*:*:*", + "matchCriteriaId": "232E5841-8303-410C-9191-F9603B808AB1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p21:*:*:*:*:*:*", + "matchCriteriaId": "B9276429-8D0B-4647-AFBE-9A0B158666D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p22:*:*:*:*:*:*", + "matchCriteriaId": "86E4613C-C843-473F-B7BE-E5759D8D35B4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p23:*:*:*:*:*:*", + "matchCriteriaId": "0FBD73A9-AF27-402E-9B42-B9DF1567CF43" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p24:*:*:*:*:*:*", + "matchCriteriaId": "9EEBA5A8-5330-47A8-9D3E-08A7E22F70C9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p25:*:*:*:*:*:*", + "matchCriteriaId": "3A5E5E38-94BA-4708-80A4-25CF71074E82" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p26:*:*:*:*:*:*", + "matchCriteriaId": "28FA4030-59CF-43CB-A9B7-E2304E2315DC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p27:*:*:*:*:*:*", + "matchCriteriaId": "1E00E39E-522C-4FDD-B4D7-0444FFC120ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p28:*:*:*:*:*:*", + "matchCriteriaId": "437611CD-D465-4A9D-91A8-E52EA99AEF2E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p29:*:*:*:*:*:*", + "matchCriteriaId": "D618A417-5DE0-43DA-BD5B-CB41BE70CAA7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:1.6.0:p30:*:*:*:*:*:*", + "matchCriteriaId": "35BB228F-5FD2-4926-9B66-CAACF9382248" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:-:*:*:*:*:*:*", + "matchCriteriaId": "E5138E25-A5AF-495D-A713-B8BDACC133D8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b1:*:*:*:*:*:*", + "matchCriteriaId": "7AE78B5E-2D00-462B-AC0E-5E68BC36ED1B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b2:*:*:*:*:*:*", + "matchCriteriaId": "9D69AA9A-C6FF-4A9F-8B02-2F207C4150FD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b3:*:*:*:*:*:*", + "matchCriteriaId": "452F359B-BCB5-46E0-A77A-383C3C2E2D60" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b4:*:*:*:*:*:*", + "matchCriteriaId": "D9A66C28-A2BA-4091-AB4C-05CDB1D3777F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b5:*:*:*:*:*:*", + "matchCriteriaId": "463A4A68-810B-4C20-A696-4F94DB20224B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b6:*:*:*:*:*:*", + "matchCriteriaId": "F4459581-214F-423B-A29D-31C789FD7F1C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b7:*:*:*:*:*:*", + "matchCriteriaId": "CC0CFABC-A53C-4FD3-A57A-CB72C87A034B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b8:*:*:*:*:*:*", + "matchCriteriaId": "F96B08FA-8129-4880-86FE-47B08C2B6964" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:i1:*:*:*:*:*:*", + "matchCriteriaId": "CAEB960C-5A5E-4F7C-8588-3F6737AE5DCA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p1:*:*:*:*:*:*", + "matchCriteriaId": "3CB134CD-0746-47C8-BAB8-2AE9C083C4D2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p10:*:*:*:*:*:*", + "matchCriteriaId": "E4B5DDAA-F7B5-4BFD-836E-F7DA0FC7B0C3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p11:*:*:*:*:*:*", + "matchCriteriaId": "A4DA5440-F376-4952-ABCB-AC557C5944A9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p12:*:*:*:*:*:*", + "matchCriteriaId": "DB7DB93B-CDD2-4662-893B-6E36F9EDA7FF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p13:*:*:*:*:*:*", + "matchCriteriaId": "81DFD64A-FEFD-4EBA-B6EC-28D3F0EEC33B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p14:*:*:*:*:*:*", + "matchCriteriaId": "918ACC6A-2EE8-401F-B18A-94B8757B202E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p15:*:*:*:*:*:*", + "matchCriteriaId": "1B6AE143-5A29-4EE8-AF7D-5D495A2248D0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p16:*:*:*:*:*:*", + "matchCriteriaId": "9B678D96-5987-4423-A713-57812B896380" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p17:*:*:*:*:*:*", + "matchCriteriaId": "A16EA6BD-003D-416E-B6C7-EBE5AA4AC2B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p18:*:*:*:*:*:*", + "matchCriteriaId": "7A016627-9BF2-4D25-AB97-172EAEC4C187" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p19:*:*:*:*:*:*", + "matchCriteriaId": "333FBE01-E5C1-4668-B50F-B64A34E799A8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p2:*:*:*:*:*:*", + "matchCriteriaId": "FE7C4821-74F2-442C-B51F-A52788FC61F4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p20:*:*:*:*:*:*", + "matchCriteriaId": "168E2F68-E3EA-407F-8DCE-BDB1F557FFFA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p21:*:*:*:*:*:*", + "matchCriteriaId": "D7A74CB5-CC6E-4166-B884-498F2CF1A33E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p22:*:*:*:*:*:*", + "matchCriteriaId": "42DCB139-5BBE-45F3-80F5-3A43D95A58BB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p23:*:*:*:*:*:*", + "matchCriteriaId": "1A3E3E6C-DCC0-466D-A505-5F80379CF0AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p24:*:*:*:*:*:*", + "matchCriteriaId": "1542CDC8-9697-44DE-8F6A-3EB25D07EEE9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p25:*:*:*:*:*:*", + "matchCriteriaId": "1A5B33FF-EA21-4AEB-8D9A-21DA9DB5892A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p26:*:*:*:*:*:*", + "matchCriteriaId": "78616E5A-E1FF-40AA-8E13-0B2E84CE6F8F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p27:*:*:*:*:*:*", + "matchCriteriaId": "5D956394-C3F3-4C88-A791-364AE555D522" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p3:*:*:*:*:*:*", + "matchCriteriaId": "1982ED3B-A0FA-476A-BFB2-5B7B53289496" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p4:*:*:*:*:*:*", + "matchCriteriaId": "AA60BF44-AF52-458A-BD3F-9FD5D8408575" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p5:*:*:*:*:*:*", + "matchCriteriaId": "9BFE55DC-89EA-404F-8DDF-93E351366789" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p6:*:*:*:*:*:*", + "matchCriteriaId": "C62D8997-DD3B-4B83-B6A5-DFC2408A9164" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p7:*:*:*:*:*:*", + "matchCriteriaId": "80B4A77F-F636-49BB-8CB6-60064984463F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p8:*:*:*:*:*:*", + "matchCriteriaId": "356E5744-AB8E-4FBA-992F-74ED8F9086CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p9:*:*:*:*:*:*", + "matchCriteriaId": "41FB6FFA-F38F-4754-A1E6-35073D84069E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:-:*:*:*:*:*:*", + "matchCriteriaId": "BC0AC5A2-3724-4942-ABE2-CA9F3B9B4BDA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b1:*:*:*:*:*:*", + "matchCriteriaId": "E3AAC1AD-C2F5-4171-BD92-95A8BA09E79A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b2:*:*:*:*:*:*", + "matchCriteriaId": "8CB8C4BB-4AE6-4EA2-8F38-780B627721ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b3:*:*:*:*:*:*", + "matchCriteriaId": "D0F14106-2A3D-4FC7-A0C7-6EDA75D1A8F7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b4:*:*:*:*:*:*", + "matchCriteriaId": "F8C2DA36-8419-4846-BFA0-A729BE7D72C5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b5:*:*:*:*:*:*", + "matchCriteriaId": "8AA4FA3D-7A59-4597-9D79-B6B020D86BD1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b6:*:*:*:*:*:*", + "matchCriteriaId": "79F0CF88-FF11-4741-AFF6-9F88F57C2140" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b7:*:*:*:*:*:*", + "matchCriteriaId": "8E93629E-C0CB-4636-B343-1C0646D8228E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b8:*:*:*:*:*:*", + "matchCriteriaId": "58102464-E66F-49CD-8952-3F3F9A6A45CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b9:*:*:*:*:*:*", + "matchCriteriaId": "9C98E509-8466-4F95-ABE7-7ECC91640E04" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p1:*:*:*:*:*:*", + "matchCriteriaId": "A7B89F71-ABD2-4B2D-AE6B-C0F243E89443" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p2:*:*:*:*:*:*", + "matchCriteriaId": "960DF373-EDE6-4318-B6E9-07573ED5907A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p3:*:*:*:*:*:*", + "matchCriteriaId": "3144AABF-74CB-44EE-A618-8529A8ACFCF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p4:*:*:*:*:*:*", + "matchCriteriaId": "88AC7AB0-40DF-44D1-83EA-FDD4D5346BBD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p5:*:*:*:*:*:*", + "matchCriteriaId": "4285A4A3-3DED-456D-93D4-1B9FDB42C1EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p6:*:*:*:*:*:*", + "matchCriteriaId": "098FD286-B6CB-4428-9A62-A5F24B4D9E92" + } + ] + } + ] + } + ], "references": [ { "url": "https://checkmk.com/werk/14281", - "source": "security@checkmk.com" + "source": "security@checkmk.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20870.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20870.json new file mode 100644 index 00000000000..815fb53ad35 --- /dev/null +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20870.json @@ -0,0 +1,84 @@ +{ + "id": "CVE-2023-20870", + "sourceIdentifier": "security@vmware.com", + "published": "2023-04-25T22:15:09.463", + "lastModified": "2023-05-04T19:57:36.087", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.5, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0.0", + "versionEndExcluding": "13.0.2", + "matchCriteriaId": "B628132D-043A-4989-9524-9FA53B1DEADC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.0.0", + "versionEndExcluding": "17.0.2", + "matchCriteriaId": "53930936-892B-421E-B75C-BD2DEC4A09AA" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://www.vmware.com/security/advisories/VMSA-2023-0008.html", + "source": "security@vmware.com", + "tags": [ + "Vendor Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2007.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2007.json index c4cb2d581c0..a24ef75a000 100644 --- a/CVE-2023/CVE-2023-20xx/CVE-2023-2007.json +++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2007.json @@ -2,16 +2,49 @@ "id": "CVE-2023-2007", "sourceIdentifier": "secalert@redhat.com", "published": "2023-04-24T23:15:18.877", - "lastModified": "2023-04-25T12:52:57.877", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T18:24:30.803", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-667" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -23,10 +56,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.0", + "matchCriteriaId": "87B81C9D-7173-4FFB-97BC-9C41AB20A53C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/torvalds/linux/commit/b04e75a4a8a81887386a0d2dbf605a48e779d2a0", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-227xx/CVE-2023-22728.json b/CVE-2023/CVE-2023-227xx/CVE-2023-22728.json new file mode 100644 index 00000000000..55be797d905 --- /dev/null +++ b/CVE-2023/CVE-2023-227xx/CVE-2023-22728.json @@ -0,0 +1,103 @@ +{ + "id": "CVE-2023-22728", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-04-26T14:15:09.490", + "lastModified": "2023-05-04T19:52:51.293", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:silverstripe:framework:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.12.5", + "matchCriteriaId": "12AC8517-3E73-4583-BD9E-E9D129DEDAF8" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://github.com/silverstripe/silverstripe-framework/commit/fd5d8217e83768d7bf841e94b2d4d82642d5bc58", + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] + }, + { + "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-jh3w-6jp2-vqqm", + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-229xx/CVE-2023-22916.json b/CVE-2023/CVE-2023-229xx/CVE-2023-22916.json index be1b9fce650..fc1ca3e49f8 100644 --- a/CVE-2023/CVE-2023-229xx/CVE-2023-22916.json +++ b/CVE-2023/CVE-2023-229xx/CVE-2023-22916.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22916", "sourceIdentifier": "security@zyxel.com.tw", "published": "2023-04-24T17:15:09.767", - "lastModified": "2023-04-24T17:43:16.267", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T19:35:46.887", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + }, { "source": "security@zyxel.com.tw", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "security@zyxel.com.tw", "type": "Secondary", @@ -46,10 +76,537 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.00", + "versionEndIncluding": "5.35", + "matchCriteriaId": "D646F135-E86F-44CF-BD04-3041CFBDE7B6" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.00", + "versionEndIncluding": "5.35", + "matchCriteriaId": "C560A27F-849A-427B-98C3-E9DD4952D01F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.00", + "versionEndIncluding": "5.35", + "matchCriteriaId": "7F4C2F76-16B0-4695-922E-A4DFB616DCF7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.00", + "versionEndIncluding": "5.35", + "matchCriteriaId": "BFACF97D-CEDF-4CEC-931A-30DDB81FE111" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*", + "matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.10", + "versionEndIncluding": "5.35", + "matchCriteriaId": "0CD56415-0C96-42EA-B214-149D3FF8CB31" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*", + "matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.00", + "versionEndIncluding": "5.35", + "matchCriteriaId": "08997853-52B9-4DF2-A1D0-1C2D81850BA0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.00", + "versionEndIncluding": "5.35", + "matchCriteriaId": "74238C9E-D64D-4539-B4BA-FDE47C713EE0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.00", + "versionEndIncluding": "5.35", + "matchCriteriaId": "8BA7FE08-56D3-4538-BD83-C721C486796C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.00", + "versionEndIncluding": "5.35", + "matchCriteriaId": "D9C932EA-A6CD-4CB6-80AE-2B25351E99DB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.00", + "versionEndIncluding": "5.35", + "matchCriteriaId": "313E3559-F68E-4602-8D52-CC41AD1EC9A2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.00", + "versionEndIncluding": "5.35", + "matchCriteriaId": "786D44ED-568A-456F-A068-97C03C532CCE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.10", + "versionEndIncluding": "5.35", + "matchCriteriaId": "9DFC6353-26D9-48B7-B73E-541619A21E2A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.10", + "versionEndIncluding": "5.35", + "matchCriteriaId": "2B96A47F-C37B-46B2-AAA9-2B9FB1114642" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.10", + "versionEndIncluding": "5.35", + "matchCriteriaId": "426E4382-81ED-438D-ACAB-78CA8993C226" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*", + "matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.10", + "versionEndIncluding": "5.35", + "matchCriteriaId": "FB3080DC-B3F0-4494-8CA8-8508F76BE273" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.10", + "versionEndIncluding": "5.35", + "matchCriteriaId": "DBBF5B18-0977-43D8-9FDD-38E039994615" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.10", + "versionEndIncluding": "5.35", + "matchCriteriaId": "74E1323C-3010-4E27-9F1C-E0FFF8FED2FC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.10", + "versionEndIncluding": "5.35", + "matchCriteriaId": "4F0D40B2-5456-4B59-8A60-66DE573C23F2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*", + "matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps", - "source": "security@zyxel.com.tw" + "source": "security@zyxel.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2294.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2294.json index 0747f15735f..1c5db3e4e34 100644 --- a/CVE-2023/CVE-2023-22xx/CVE-2023-2294.json +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2294.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2294", "sourceIdentifier": "cna@vuldb.com", "published": "2023-04-26T06:15:09.283", - "lastModified": "2023-04-26T06:15:09.283", - "vulnStatus": "Received", + "lastModified": "2023-05-04T18:00:41.803", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ucms_project:ucms:1.6:*:*:*:*:*:*:*", + "matchCriteriaId": "4ED914EC-C479-4D5F-8322-2241E409AECC" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/yztale/UCMS1.6/blob/main/README.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.227481", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.227481", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23470.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23470.json index c8ab5513bd5..84b3dbe529b 100644 --- a/CVE-2023/CVE-2023-234xx/CVE-2023-23470.json +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23470.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23470", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-05-04T14:15:08.847", - "lastModified": "2023-05-04T14:15:08.847", - "vulnStatus": "Received", + "lastModified": "2023-05-04T18:45:32.047", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-238xx/CVE-2023-23837.json b/CVE-2023/CVE-2023-238xx/CVE-2023-23837.json new file mode 100644 index 00000000000..1298bc6a840 --- /dev/null +++ b/CVE-2023/CVE-2023-238xx/CVE-2023-23837.json @@ -0,0 +1,116 @@ +{ + "id": "CVE-2023-23837", + "sourceIdentifier": "psirt@solarwinds.com", + "published": "2023-04-25T18:15:09.300", + "lastModified": "2023-05-04T19:30:04.907", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "No exception handling vulnerability which revealed sensitive or excessive information to users." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + { + "source": "psirt@solarwinds.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-755" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:solarwinds:database_performance_analyzer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.2", + "matchCriteriaId": "D6A0B85E-0E93-4DA4-989C-B9E131E03019" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-2_release_notes.htm", + "source": "psirt@solarwinds.com", + "tags": [ + "Release Notes" + ] + }, + { + "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2023-23837", + "source": "psirt@solarwinds.com", + "tags": [ + "Broken Link", + "Vendor Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-238xx/CVE-2023-23838.json b/CVE-2023/CVE-2023-238xx/CVE-2023-23838.json new file mode 100644 index 00000000000..e1483ebb28c --- /dev/null +++ b/CVE-2023/CVE-2023-238xx/CVE-2023-23838.json @@ -0,0 +1,116 @@ +{ + "id": "CVE-2023-23838", + "sourceIdentifier": "psirt@solarwinds.com", + "published": "2023-04-25T18:15:09.370", + "lastModified": "2023-05-04T19:32:26.440", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, + { + "source": "psirt@solarwinds.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.4, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:solarwinds:database_performance_analyzer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.2", + "matchCriteriaId": "D6A0B85E-0E93-4DA4-989C-B9E131E03019" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-2_release_notes.htm", + "source": "psirt@solarwinds.com", + "tags": [ + "Release Notes" + ] + }, + { + "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2023-23838", + "source": "psirt@solarwinds.com", + "tags": [ + "Broken Link", + "Vendor Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2361.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2361.json index c68cdacf4ed..5adeb8ef4ef 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2361.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2361.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2361", "sourceIdentifier": "security@huntr.dev", "published": "2023-04-28T08:15:09.340", - "lastModified": "2023-04-28T12:58:08.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T18:53:57.203", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.5.21", + "matchCriteriaId": "72C537D6-67BA-4562-B853-F99E6C14315C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/pimcore/pimcore/commit/6970649f5d3790a1db9ef4324bece0d4cb95366a", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/24d91b83-c3df-48f5-a713-9def733f2de7", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2363.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2363.json index 72f0d3b9be8..fb480f8e237 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2363.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2363.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2363", "sourceIdentifier": "cna@vuldb.com", "published": "2023-04-28T11:15:08.847", - "lastModified": "2023-04-28T12:58:08.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T18:54:49.473", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:resort_reservation_system_project:resort_reservation_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "57B25E14-73A3-436D-900D-0E09E0A423DE" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Resort_Reservation_System-SQL-Injection-1.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.227639", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.227639", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2364.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2364.json index 37ce9744a6e..7ba65e99844 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2364.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2364.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2364", "sourceIdentifier": "cna@vuldb.com", "published": "2023-04-28T11:15:08.923", - "lastModified": "2023-04-28T12:58:08.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T18:55:06.683", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,44 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:resort_reservation_system_project:resort_reservation_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "57B25E14-73A3-436D-900D-0E09E0A423DE" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Resort_Reservation_System-Stored-Cross-Site-Scripting-1.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.227640", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.227640", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2365.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2365.json index bbfde92444c..8a985bce0c7 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2365.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2365.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2365", "sourceIdentifier": "cna@vuldb.com", "published": "2023-04-28T12:15:09.877", - "lastModified": "2023-04-28T12:58:08.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T18:55:20.170", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,44 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:faculty_evaluation_system_project:faculty_evaluation_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2433CE4C-87DF-4B90-A449-C844403740C8" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/oV201/cve_report/blob/main/vendors/oretnom23/faculty-evaluation-system/SQLi-1.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.227641", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.227641", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2366.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2366.json index 7f21557fa87..3483d10c722 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2366.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2366.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2366", "sourceIdentifier": "cna@vuldb.com", "published": "2023-04-28T12:15:09.937", - "lastModified": "2023-04-28T12:58:08.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T18:55:31.070", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,44 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:faculty_evaluation_system_project:faculty_evaluation_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2433CE4C-87DF-4B90-A449-C844403740C8" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/oV201/cve_report/blob/main/vendors/oretnom23/faculty-evaluation-system/SQLi-2.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.227642", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.227642", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2367.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2367.json index 60f292f3ab1..b6b73eb6479 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2367.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2367.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2367", "sourceIdentifier": "cna@vuldb.com", "published": "2023-04-28T13:15:13.697", - "lastModified": "2023-04-28T14:11:00.307", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T18:55:44.637", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,44 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:faculty_evaluation_system_project:faculty_evaluation_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2433CE4C-87DF-4B90-A449-C844403740C8" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/f0llow/bug_report/blob/main/vendors/oretnom23/faculty-evaluation-system/SQLi-1.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.227643", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.227643", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2368.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2368.json index d8d367134de..05ee1e0de85 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2368.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2368.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2368", "sourceIdentifier": "cna@vuldb.com", "published": "2023-04-28T13:15:13.797", - "lastModified": "2023-04-28T14:11:00.307", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T18:55:55.883", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,44 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:faculty_evaluation_system_project:faculty_evaluation_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2433CE4C-87DF-4B90-A449-C844403740C8" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/f0llow/bug_report/blob/main/vendors/oretnom23/faculty-evaluation-system/SQLi-2.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.227644", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.227644", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2369.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2369.json index 77083241b93..4114e4b8d40 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2369.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2369.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2369", "sourceIdentifier": "cna@vuldb.com", "published": "2023-04-28T13:15:13.863", - "lastModified": "2023-04-28T14:11:00.307", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T18:56:02.097", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,44 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:faculty_evaluation_system_project:faculty_evaluation_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2433CE4C-87DF-4B90-A449-C844403740C8" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/f0llow/bug_report/blob/main/vendors/oretnom23/faculty-evaluation-system/SQLi-3.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.227645", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.227645", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-247xx/CVE-2023-24796.json b/CVE-2023/CVE-2023-247xx/CVE-2023-24796.json new file mode 100644 index 00000000000..fced0ea0e36 --- /dev/null +++ b/CVE-2023/CVE-2023-247xx/CVE-2023-24796.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-24796", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-04-26T13:15:08.807", + "lastModified": "2023-05-04T19:42:22.003", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "Password vulnerability found in Vinga WR-AC1200 81.102.1.4370 and before allows a remote attacker to execute arbitrary code via the password parameter at the /goform/sysTools and /adm/systools.asp endpoints." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vinga:wr-ac1200_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "81.102.1.4370", + "matchCriteriaId": "1CEAF5F2-85F9-4DE1-B989-EE66D6B220B5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:vinga:wr-ac1200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CC887451-A336-4BD3-BDF2-72B44E31D208" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://gist.github.com/yinfei6/3664387cb5b66b68c7eff4bfdb51b2d6", + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-249xx/CVE-2023-24958.json b/CVE-2023/CVE-2023-249xx/CVE-2023-24958.json index 8ac464cdbcf..174f03fa763 100644 --- a/CVE-2023/CVE-2023-249xx/CVE-2023-24958.json +++ b/CVE-2023/CVE-2023-249xx/CVE-2023-24958.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24958", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-05-04T14:15:10.173", - "lastModified": "2023-05-04T14:15:10.173", - "vulnStatus": "Received", + "lastModified": "2023-05-04T18:45:32.047", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-253xx/CVE-2023-25313.json b/CVE-2023/CVE-2023-253xx/CVE-2023-25313.json new file mode 100644 index 00000000000..4c0343fecd0 --- /dev/null +++ b/CVE-2023/CVE-2023-253xx/CVE-2023-25313.json @@ -0,0 +1,77 @@ +{ + "id": "CVE-2023-25313", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-04-25T16:15:09.417", + "lastModified": "2023-05-04T19:05:02.003", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "OS injection vulnerability in World Wide Broadcast Network AVideo version before 12.4, allows attackers to execute arbitrary code via the video link field to the Embed a video link feature." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*", + "versionEndExcluding": "12.4", + "matchCriteriaId": "C7827575-CC53-4298-AA70-AFD19408C79A" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-pgvh-p3g4-86jw", + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-259xx/CVE-2023-25962.json b/CVE-2023/CVE-2023-259xx/CVE-2023-25962.json index 74e9df2553a..8e4004512f2 100644 --- a/CVE-2023/CVE-2023-259xx/CVE-2023-25962.json +++ b/CVE-2023/CVE-2023-259xx/CVE-2023-25962.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25962", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-04T13:15:18.060", - "lastModified": "2023-05-04T13:15:18.060", - "vulnStatus": "Received", + "lastModified": "2023-05-04T18:45:32.047", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2519.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2519.json new file mode 100644 index 00000000000..a7ee451928b --- /dev/null +++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2519.json @@ -0,0 +1,84 @@ +{ + "id": "CVE-2023-2519", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-05-04T17:15:13.753", + "lastModified": "2023-05-04T18:45:32.047", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in Caton CTP Relay Server 1.2.9 and classified as critical. This vulnerability affects unknown code of the file /server/api/v1/login of the component API. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. VDB-228010 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 7.5 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.228010", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.228010", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2520.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2520.json new file mode 100644 index 00000000000..bb147a14394 --- /dev/null +++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2520.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-2520", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-05-04T17:15:13.843", + "lastModified": "2023-05-04T18:45:32.047", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Caton Prime 2.1.2.51.e8d7225049(202303031001) and classified as critical. This issue affects some unknown processing of the file cgi-bin/tools_ping.cgi?action=Command of the component Ping Handler. The manipulation of the argument Destination leads to command injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-228011. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE", + "baseScore": 9.0 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.228011", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.228011", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.youtube.com/watch?v=H1y7CXjJDmU", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2521.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2521.json new file mode 100644 index 00000000000..c22ecaffcd4 --- /dev/null +++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2521.json @@ -0,0 +1,84 @@ +{ + "id": "CVE-2023-2521", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-05-04T17:15:13.917", + "lastModified": "2023-05-04T18:45:32.047", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in NEXTU NEXT-7004N 3.0.1. It has been classified as problematic. Affected is an unknown function of the file /boafrm/formFilter of the component POST Request Handler. The manipulation of the argument url with the input leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-228012. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.228012", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.228012", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2522.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2522.json new file mode 100644 index 00000000000..541024cc979 --- /dev/null +++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2522.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-2522", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-05-04T18:15:09.763", + "lastModified": "2023-05-04T18:45:32.047", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Chengdu VEC40G 3.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /send_order.cgi?parameter=access_detect of the component Network Detection. The manipulation of the argument COUNT with the input 3 | netstat -an leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228013 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/eckert-lcc/cve/blob/main/Flying%20fish%20star.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.228013", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.228013", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2523.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2523.json new file mode 100644 index 00000000000..913bdcfdb98 --- /dev/null +++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2523.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-2523", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-05-04T18:15:10.063", + "lastModified": "2023-05-04T18:45:32.047", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobile_upload_save. The manipulation of the argument upload_quwan leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228014 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 7.5 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/RCEraser/cve/blob/main/Weaver.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.228014", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.228014", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2524.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2524.json new file mode 100644 index 00000000000..4f18ad149ca --- /dev/null +++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2524.json @@ -0,0 +1,84 @@ +{ + "id": "CVE-2023-2524", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-05-04T19:15:09.123", + "lastModified": "2023-05-04T19:15:09.123", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in Control iD RHiD 23.3.19.0. This affects an unknown part of the file /v2/#/. The manipulation leads to direct request. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-228015. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-425" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.228015", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.228015", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-260xx/CVE-2023-26010.json b/CVE-2023/CVE-2023-260xx/CVE-2023-26010.json index 242a8545675..50f5768fc5b 100644 --- a/CVE-2023/CVE-2023-260xx/CVE-2023-26010.json +++ b/CVE-2023/CVE-2023-260xx/CVE-2023-26010.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26010", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-04T14:15:10.593", - "lastModified": "2023-05-04T14:15:10.593", - "vulnStatus": "Received", + "lastModified": "2023-05-04T18:45:32.047", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-260xx/CVE-2023-26012.json b/CVE-2023/CVE-2023-260xx/CVE-2023-26012.json index 63245bc327c..33eabdf7a92 100644 --- a/CVE-2023/CVE-2023-260xx/CVE-2023-26012.json +++ b/CVE-2023/CVE-2023-260xx/CVE-2023-26012.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26012", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-04T14:15:11.090", - "lastModified": "2023-05-04T14:15:11.090", - "vulnStatus": "Received", + "lastModified": "2023-05-04T18:45:32.047", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-260xx/CVE-2023-26016.json b/CVE-2023/CVE-2023-260xx/CVE-2023-26016.json index a7b9a59f89f..489674ef4f2 100644 --- a/CVE-2023/CVE-2023-260xx/CVE-2023-26016.json +++ b/CVE-2023/CVE-2023-260xx/CVE-2023-26016.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26016", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-04T13:15:18.633", - "lastModified": "2023-05-04T13:15:18.633", - "vulnStatus": "Received", + "lastModified": "2023-05-04T18:45:32.047", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-260xx/CVE-2023-26098.json b/CVE-2023/CVE-2023-260xx/CVE-2023-26098.json index 6322428ea08..c422e71cafe 100644 --- a/CVE-2023/CVE-2023-260xx/CVE-2023-26098.json +++ b/CVE-2023/CVE-2023-260xx/CVE-2023-26098.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26098", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-25T12:15:09.427", - "lastModified": "2023-04-25T12:52:57.877", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T18:47:35.130", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -34,14 +54,49 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:telindus:apsal:3.14.2022.235_b:*:*:*:*:*:*:*", + "matchCriteriaId": "1550EDE4-64F7-4BEE-BEB6-4964143F5E19" + } + ] + } + ] + } + ], "references": [ { "url": "https://excellium-services.com/cert-xlm-advisory/CVE-2023-26098", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.telindus.lu/fr/produits/apsal", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-271xx/CVE-2023-27105.json b/CVE-2023/CVE-2023-271xx/CVE-2023-27105.json index 8a534da80f2..fad5341ed7c 100644 --- a/CVE-2023/CVE-2023-271xx/CVE-2023-27105.json +++ b/CVE-2023/CVE-2023-271xx/CVE-2023-27105.json @@ -2,23 +2,110 @@ "id": "CVE-2023-27105", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-25T15:15:08.783", - "lastModified": "2023-04-25T15:57:53.957", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T18:59:37.013", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Wi-Fi file transfer module of Shanling M5S Portable Music Player with Shanling MTouch OS v4.3 and Shanling M2X Portable Music Player with Shanling MTouch OS v3.3 allows attackers to arbitrarily read, delete, or modify any critical system files via directory traversal." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:shanling:eddict_player:2.1.3:*:*:*:*:android:*:*", + "matchCriteriaId": "BED08E66-5FFE-4762-BB89-3BD069D0EC78" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:shanling:mtouch_os:3.3:*:*:*:*:*:*:*", + "matchCriteriaId": "C12870AC-301D-4F5C-9E5C-81EA23255DD0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:shanling:m2x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2AE7280C-81D1-407E-94D2-E50D2D21105E" + } + ] + } + ] + } + ], "references": [ { "url": "https://en.shanling.com/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://hexavector.github.io/4bf46f12/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-278xx/CVE-2023-27843.json b/CVE-2023/CVE-2023-278xx/CVE-2023-27843.json new file mode 100644 index 00000000000..b8fcad2cc2a --- /dev/null +++ b/CVE-2023/CVE-2023-278xx/CVE-2023-27843.json @@ -0,0 +1,85 @@ +{ + "id": "CVE-2023-27843", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-04-26T00:15:09.267", + "lastModified": "2023-05-04T19:27:59.923", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "SQL injection vulnerability found in PrestaShop askforaquote v.5.4.2 and before allow a remote attacker to gain privileges via the QuotesProduct::deleteProduct component." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ask_for_a_quote_project:ask_for_a_quote:*:*:*:*:*:prestashop:*:*", + "versionEndIncluding": "5.4.2", + "matchCriteriaId": "3B662915-A5FD-435A-A507-794EF762E756" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://addons.prestashop.com/en/quotes/3725-ask-for-a-quote-convert-to-order-messaging-system.html", + "source": "cve@mitre.org", + "tags": [ + "Product" + ] + }, + { + "url": "https://friends-of-presta.github.io/security-advisories/modules/2023/04/25/askforaquote.html", + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28771.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28771.json index 59fca7b2168..560f2d9ba94 100644 --- a/CVE-2023/CVE-2023-287xx/CVE-2023-28771.json +++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28771.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28771", "sourceIdentifier": "security@zyxel.com.tw", "published": "2023-04-25T02:15:08.743", - "lastModified": "2023-04-25T12:52:57.877", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T18:46:01.730", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security@zyxel.com.tw", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, { "source": "security@zyxel.com.tw", "type": "Secondary", @@ -46,10 +76,576 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.60", + "versionEndExcluding": "5.36", + "matchCriteriaId": "558978AD-8153-4C1F-A6DE-CCFBF69F754D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.60", + "versionEndExcluding": "5.35", + "matchCriteriaId": "B150462B-6A4A-4B8C-800D-A83E24C79819" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*", + "matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.60", + "versionEndExcluding": "5.36", + "matchCriteriaId": "A32A52F5-5406-4A44-A5C1-42FCDC8C6B22" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.60", + "versionEndExcluding": "5.36", + "matchCriteriaId": "320FC232-D76C-4D8A-8003-7C9A7A287A4C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.60", + "versionEndExcluding": "5.36", + "matchCriteriaId": "2360F0CC-6958-47B6-87A9-B03D52DEBAF8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.60", + "versionEndExcluding": "5.36", + "matchCriteriaId": "6C4EE067-E0F0-49B7-8698-8B1AD8E346F0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*", + "matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.60", + "versionEndExcluding": "5.36", + "matchCriteriaId": "D96CB09A-9AB3-4360-ACFC-A917E7EEC460" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.60", + "versionEndExcluding": "5.36", + "matchCriteriaId": "F0226DAD-492B-493D-B15E-90AA593BAAAB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.60", + "versionEndExcluding": "5.36", + "matchCriteriaId": "030F29C9-5435-4EA5-B009-895BB2259C19" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.60", + "versionEndExcluding": "5.36", + "matchCriteriaId": "3CF08551-BA8E-47BC-985D-D5ED76A46793" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*", + "matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.60", + "versionEndExcluding": "5.36", + "matchCriteriaId": "62ACD903-AC40-451C-B2AB-6F843B3C8897" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.60", + "versionEndExcluding": "5.36", + "matchCriteriaId": "BE7B066A-5AF0-42AF-A341-A91802F588F1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*", + "matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.60", + "versionEndExcluding": "5.36", + "matchCriteriaId": "04A828C5-B71C-43EE-8132-C14C58A52360" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.60", + "versionEndExcluding": "5.36", + "matchCriteriaId": "42F4D9F3-BCBF-4990-B270-3592D69FCC22" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.60", + "versionEndExcluding": "5.36", + "matchCriteriaId": "E136FA9E-48A2-428C-9F0A-CD9DB7F91581" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.60", + "versionEndExcluding": "5.36", + "matchCriteriaId": "5DCFD02F-5884-4A96-957D-4CEEDB3826BE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.60", + "versionEndExcluding": "5.36", + "matchCriteriaId": "9C6AFD50-926C-4579-A951-4EFDCBA512F0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:zywall_usg_310_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.60", + "versionEndExcluding": "4.73", + "matchCriteriaId": "D84D915E-8075-4DFC-8C83-D7E6A65D7AFC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:zywall_usg_310_firmware:4.73:-:*:*:*:*:*:*", + "matchCriteriaId": "34699536-4CA4-4F87-8E69-A16F2C88A1E8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:zywall_usg_310:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A983A8D5-1B1E-4DE5-93FE-DED5B2DDCB83" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:zywall_usg_100_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.60", + "versionEndExcluding": "4.73", + "matchCriteriaId": "81F20DFB-ED71-4D6F-9B15-4F86341550A9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:zywall_usg_100_firmware:4.73:-:*:*:*:*:*:*", + "matchCriteriaId": "5D5DCBFB-AB12-4525-ADD4-F85059E59177" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:zywall_usg_100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BB902356-D134-434B-8BAF-2CB366F32050" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls", - "source": "security@zyxel.com.tw" + "source": "security@zyxel.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-288xx/CVE-2023-28847.json b/CVE-2023/CVE-2023-288xx/CVE-2023-28847.json new file mode 100644 index 00000000000..67543002b93 --- /dev/null +++ b/CVE-2023/CVE-2023-288xx/CVE-2023-28847.json @@ -0,0 +1,142 @@ +{ + "id": "CVE-2023-28847", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-04-25T17:15:08.963", + "lastModified": "2023-05-04T19:19:34.863", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server 24.0.0 prior to 24.0.11 and 25.0.0 prior to 25.0.5; as well as Nextcloud Server Enterprise 23.0.0 prior to 23.0.12.6, 24.0.0 prior to 24.0.11, and 25.0.0 prior to 25.0.5; an attacker is not restricted in verifying passwords of share links so they can just start brute forcing the password. Nextcloud Server 24.0.11 and 25.0.5 and Nextcloud Enterprise Server 23.0.12.6, 24.0.11, and 25.0.5 contain a fix for this issue. No known workarounds are available." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.6, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-307" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "23.0.0", + "versionEndExcluding": "23.0.12.6", + "matchCriteriaId": "CE1029E7-ACE9-4547-A18D-10300912A87B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", + "versionStartIncluding": "24.0.0", + "versionEndExcluding": "24.0.11", + "matchCriteriaId": "F826F841-9E60-44B7-81F0-77E552CC2BAC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "24.0.0", + "versionEndExcluding": "24.0.11", + "matchCriteriaId": "6A5FB4F4-16FC-4B98-897C-4DA109899A28" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", + "versionStartIncluding": "25.0.0", + "versionEndExcluding": "25.0.5", + "matchCriteriaId": "8B9FE0C2-3437-42C6-9F9E-84DB8AC4D3B3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "25.0.0", + "versionEndExcluding": "25.0.5", + "matchCriteriaId": "88FDB61B-A9D8-4762-B6DD-A6FFF347E0B7" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-r5wf-xj97-3w7w", + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://github.com/nextcloud/server/pull/35057", + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking", + "Patch" + ] + }, + { + "url": "https://hackerone.com/reports/1894653", + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-288xx/CVE-2023-28882.json b/CVE-2023/CVE-2023-288xx/CVE-2023-28882.json index 22b6325dc8d..cfc3d7c3d37 100644 --- a/CVE-2023/CVE-2023-288xx/CVE-2023-28882.json +++ b/CVE-2023/CVE-2023-288xx/CVE-2023-28882.json @@ -2,19 +2,76 @@ "id": "CVE-2023-28882", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-28T04:15:38.017", - "lastModified": "2023-04-28T12:58:08.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T18:53:59.980", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trustwave:modsecurity:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.5", + "versionEndExcluding": "3.0.9", + "matchCriteriaId": "E45908C1-75D7-49A7-86EE-07B4305BDA04" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.trustwave.com/en-us/resources/security-resources/software-updates/announcing-modsecurity-version-309/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-292xx/CVE-2023-29200.json b/CVE-2023/CVE-2023-292xx/CVE-2023-29200.json new file mode 100644 index 00000000000..c3cf5c936ca --- /dev/null +++ b/CVE-2023/CVE-2023-292xx/CVE-2023-29200.json @@ -0,0 +1,125 @@ +{ + "id": "CVE-2023-29200", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-04-25T18:15:09.510", + "lastModified": "2023-05-04T19:35:45.310", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "Contao is an open source content management system. Prior to versions 4.9.40, 4.13.21, and 5.1.4, logged in users can list arbitrary system files in the file manager by manipulating the Ajax request. However, it is not possible to read the contents of these files. Users should update to Contao 4.9.40, 4.13.21 or 5.1.4 to receive a patch. There are no known workarounds." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.0.0", + "versionEndExcluding": "4.9.40", + "matchCriteriaId": "899AC8E3-897E-4949-937A-DC2BE6C83064" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.10.0", + "versionEndExcluding": "4.13.21", + "matchCriteriaId": "374F1348-15EC-4952-B6B7-3E19BE0950DE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.0.0", + "versionEndExcluding": "5.1.4", + "matchCriteriaId": "F47206DC-DFB3-43F7-BD46-67C4893F1A37" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager", + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://github.com/contao/contao/commit/6f3e705f4ff23f4419563d09d8485793569f31df", + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] + }, + { + "url": "https://github.com/contao/contao/security/advisories/GHSA-fp7q-xhhw-6rj3", + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-292xx/CVE-2023-29257.json b/CVE-2023/CVE-2023-292xx/CVE-2023-29257.json new file mode 100644 index 00000000000..5e1bcf2b0a2 --- /dev/null +++ b/CVE-2023/CVE-2023-292xx/CVE-2023-29257.json @@ -0,0 +1,225 @@ +{ + "id": "CVE-2023-29257", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-04-26T13:15:08.853", + "lastModified": "2023-05-04T19:39:08.163", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.1", + "versionEndExcluding": "11.1.4", + "matchCriteriaId": "421BBE95-3D5B-421A-9DC1-8B08D019B2A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.5", + "versionEndExcluding": "11.5.8", + "matchCriteriaId": "65161064-A4A3-48E5-AC0A-388429FF2F53" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:10.5:-:*:*:*:*:*:*", + "matchCriteriaId": "190AE881-F7BF-486E-BDAE-197337D70CDB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:10.5:fp1:*:*:*:*:*:*", + "matchCriteriaId": "8D1BAA43-4C77-4AC7-8561-93EDE0AED000" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:10.5:fp10:*:*:*:*:*:*", + "matchCriteriaId": "F6FDF4D8-1822-43E6-AE65-3E4F8743D3A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:10.5:fp2:*:*:*:*:*:*", + "matchCriteriaId": "87C39880-D0E9-4487-9A80-B4D1A999032F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3:*:*:*:*:*:*", + "matchCriteriaId": "8842A8B6-E470-4536-AB5D-DA1C62A05F58" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3a:*:*:*:*:*:*", + "matchCriteriaId": "92BF0482-E4FE-454E-84DD-27074097F3F3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:10.5:fp4:*:*:*:*:*:*", + "matchCriteriaId": "3705A79B-7903-4055-9CDC-55D60D2AC2E4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:10.5:fp5:*:*:*:*:*:*", + "matchCriteriaId": "CBDFCE61-EE04-4901-844D-61B8966C1B81" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:10.5:fp6:*:*:*:*:*:*", + "matchCriteriaId": "53A23363-413D-4785-B8C1-9AC2F96000EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:10.5:fp7:*:*:*:*:*:*", + "matchCriteriaId": "6E22D884-A33F-41D7-84CB-B6360A39863F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:10.5:fp8:*:*:*:*:*:*", + "matchCriteriaId": "4DA56D35-93E9-4659-B180-2FD636A39BAB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:10.5:fp9:*:*:*:*:*:*", + "matchCriteriaId": "6E7F0B02-EA0B-4BD1-AA0C-2A4735221963" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:11.1.4:-:*:*:*:*:*:*", + "matchCriteriaId": "7F91EC14-CD9A-42EB-9D81-6025A1D74749" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp1:*:*:*:*:*:*", + "matchCriteriaId": "5D098641-0833-4718-BB6A-273E1CA0F887" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp2:*:*:*:*:*:*", + "matchCriteriaId": "8B451F96-2A58-4758-86E6-F8A030805C51" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp3:*:*:*:*:*:*", + "matchCriteriaId": "69CBC98E-BECE-41A4-A0D9-9F3AC1602ABE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp4:*:*:*:*:*:*", + "matchCriteriaId": "20386F14-BC32-4174-9F3A-F7406486976A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp5:*:*:*:*:*:*", + "matchCriteriaId": "DD0DD54B-AB2E-4C56-B348-FF87C174270A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp6:*:*:*:*:*:*", + "matchCriteriaId": "CC14EF40-FE00-47F9-8A78-98713F903D9C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252011", + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] + }, + { + "url": "https://www.ibm.com/support/pages/node/6985691", + "source": "psirt@us.ibm.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29552.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29552.json new file mode 100644 index 00000000000..d02fe123989 --- /dev/null +++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29552.json @@ -0,0 +1,198 @@ +{ + "id": "CVE-2023-29552", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-04-25T16:15:09.537", + "lastModified": "2023-05-04T19:07:23.597", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:suse:manager_server:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A4E8CE0B-23E7-45BF-AAFB-AD12DC7EB0F0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*", + "matchCriteriaId": "F13F07CC-739B-465C-9184-0E9D708BD4C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", + "matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:sap:*:*", + "matchCriteriaId": "5D18AA86-88AF-481B-A24F-429BF79264AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:-:*:*", + "matchCriteriaId": "B1B7847D-6C17-4817-B71E-C034894B70A9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:sap:*:*", + "matchCriteriaId": "C665A768-DBDA-4197-9159-A2791E98A84F" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vmware:esxi:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.0", + "matchCriteriaId": "D223DD19-0441-4EBD-9F51-5E9012434517" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:service_location_protocol_project:service_location_protocol:-:*:*:*:*:*:*:*", + "matchCriteriaId": "64E7C090-F632-4975-9C4C-E89100088BF4" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://blogs.vmware.com/security/2023/04/vmware-response-to-cve-2023-29552-reflective-denial-of-service-dos-amplification-vulnerability-in-slp.html", + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://curesec.com/blog/article/CVE-2023-29552-Service-Location-Protocol-Denial-of-Service-Amplification-Attack-212.html", + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] + }, + { + "url": "https://datatracker.ietf.org/doc/html/rfc2608", + "source": "cve@mitre.org", + "tags": [ + "Technical Description" + ] + }, + { + "url": "https://github.com/curesec/slpload", + "source": "cve@mitre.org", + "tags": [ + "Product" + ] + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230426-0001/", + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp", + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] + }, + { + "url": "https://www.cisa.gov/news-events/alerts/2023/04/25/abuse-service-location-protocol-may-lead-dos-attacks", + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] + }, + { + "url": "https://www.suse.com/support/kb/doc/?id=000021051", + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-298xx/CVE-2023-29827.json b/CVE-2023/CVE-2023-298xx/CVE-2023-29827.json index 84766578883..db7625201f3 100644 --- a/CVE-2023/CVE-2023-298xx/CVE-2023-29827.json +++ b/CVE-2023/CVE-2023-298xx/CVE-2023-29827.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29827", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-04T14:15:11.363", - "lastModified": "2023-05-04T14:15:11.363", - "vulnStatus": "Received", + "lastModified": "2023-05-04T18:45:32.047", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-299xx/CVE-2023-29994.json b/CVE-2023/CVE-2023-299xx/CVE-2023-29994.json new file mode 100644 index 00000000000..642c231d4b3 --- /dev/null +++ b/CVE-2023/CVE-2023-299xx/CVE-2023-29994.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-29994", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-04T17:15:13.577", + "lastModified": "2023-05-04T18:45:32.047", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In NanoMQ v0.15.0-0, Heap overflow occurs in read_byte function of mqtt_code.c." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/emqx/nanomq/issues/1042", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-299xx/CVE-2023-29995.json b/CVE-2023/CVE-2023-299xx/CVE-2023-29995.json new file mode 100644 index 00000000000..2ce11655697 --- /dev/null +++ b/CVE-2023/CVE-2023-299xx/CVE-2023-29995.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-29995", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-04T17:15:13.643", + "lastModified": "2023-05-04T18:45:32.047", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In NanoMQ v0.15.0-0, a Heap overflow occurs in copyn_utf8_str function of mqtt_parser.c" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/emqx/nanomq/issues/1043", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-299xx/CVE-2023-29996.json b/CVE-2023/CVE-2023-299xx/CVE-2023-29996.json new file mode 100644 index 00000000000..1c330d87391 --- /dev/null +++ b/CVE-2023/CVE-2023-299xx/CVE-2023-29996.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-29996", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-04T17:15:13.690", + "lastModified": "2023-05-04T18:45:32.047", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfo_decode and unsubinfo_decode." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/emqx/nanomq/issues/1038", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-301xx/CVE-2023-30106.json b/CVE-2023/CVE-2023-301xx/CVE-2023-30106.json new file mode 100644 index 00000000000..dd2beef8939 --- /dev/null +++ b/CVE-2023/CVE-2023-301xx/CVE-2023-30106.json @@ -0,0 +1,89 @@ +{ + "id": "CVE-2023-30106", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-04-26T00:15:09.310", + "lastModified": "2023-05-04T19:28:56.020", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "Sourcecodester Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS) via page=about." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:medicine_tracker_system_project:medicine_tracker_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "313F1413-ACA3-49E9-9315-856D212D7DB5" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Rajeshwar40/CVE/blob/main/2023-30106", + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://www.sourcecodester.com", + "source": "cve@mitre.org", + "tags": [ + "Product" + ] + }, + { + "url": "https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-mts_0.zip", + "source": "cve@mitre.org", + "tags": [ + "Product" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-301xx/CVE-2023-30111.json b/CVE-2023/CVE-2023-301xx/CVE-2023-30111.json new file mode 100644 index 00000000000..7e416087917 --- /dev/null +++ b/CVE-2023/CVE-2023-301xx/CVE-2023-30111.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2023-30111", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-04-26T00:15:09.347", + "lastModified": "2023-05-04T18:02:09.460", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:medicine_tracker_system_project:medicine_tracker_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "313F1413-ACA3-49E9-9315-856D212D7DB5" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Rajeshwar40/CVE/blob/main/2023-30111", + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-mts_0.zip", + "source": "cve@mitre.org", + "tags": [ + "Product" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-301xx/CVE-2023-30112.json b/CVE-2023/CVE-2023-301xx/CVE-2023-30112.json new file mode 100644 index 00000000000..0b29560c174 --- /dev/null +++ b/CVE-2023/CVE-2023-301xx/CVE-2023-30112.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2023-30112", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-04-26T14:15:09.660", + "lastModified": "2023-05-04T19:52:11.437", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "Medicine Tracker System in PHP 1.0.0 is vulnerable to SQL Injection." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:medicine_tracker_system_project:medicine_tracker_system:1.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "12D8990C-56A8-424F-A615-0E5350924342" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Rajeshwar40/CVE/blob/main/CVE-2023-30112", + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-mts_0.zip", + "source": "cve@mitre.org", + "tags": [ + "Product" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-301xx/CVE-2023-30177.json b/CVE-2023/CVE-2023-301xx/CVE-2023-30177.json new file mode 100644 index 00000000000..1401928b542 --- /dev/null +++ b/CVE-2023/CVE-2023-301xx/CVE-2023-30177.json @@ -0,0 +1,75 @@ +{ + "id": "CVE-2023-30177", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-04-25T18:15:09.627", + "lastModified": "2023-05-04T19:36:10.787", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:craftcms:craft_cms:3.7.59:*:*:*:*:*:*:*", + "matchCriteriaId": "5B3C0EB0-BC83-4827-A8FA-8C0F9A3FC159" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://github.com/craftcms/cms/commit/00fb253d5318e10204433e5d93934108e574005e", + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-301xx/CVE-2023-30184.json b/CVE-2023/CVE-2023-301xx/CVE-2023-30184.json new file mode 100644 index 00000000000..0ee6e871ba3 --- /dev/null +++ b/CVE-2023/CVE-2023-301xx/CVE-2023-30184.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-30184", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-04T17:15:14.047", + "lastModified": "2023-05-04T18:45:32.047", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability in Typecho v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter at /index.php/archives/1/comment." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/typecho/typecho/issues/1546", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-302xx/CVE-2023-30203.json b/CVE-2023/CVE-2023-302xx/CVE-2023-30203.json new file mode 100644 index 00000000000..4e9ac727aab --- /dev/null +++ b/CVE-2023/CVE-2023-302xx/CVE-2023-30203.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-30203", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-04T17:15:14.093", + "lastModified": "2023-05-04T18:45:32.047", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the event_id parameter at /php-jms/result_sheet.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/judging-management-system/SQLi-2.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-302xx/CVE-2023-30265.json b/CVE-2023/CVE-2023-302xx/CVE-2023-30265.json new file mode 100644 index 00000000000..d616a53975c --- /dev/null +++ b/CVE-2023/CVE-2023-302xx/CVE-2023-30265.json @@ -0,0 +1,76 @@ +{ + "id": "CVE-2023-30265", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-04-26T14:15:09.697", + "lastModified": "2023-05-04T19:15:15.477", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "CLTPHP <=6.0 is vulnerable to Directory Traversal." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cltphp:cltphp:*:*:*:*:*:*:*:*", + "versionEndIncluding": "6.0", + "matchCriteriaId": "15CDA35B-3FCD-4AAA-B686-95A08504F7FD" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://github.com/HuBenLab/HuBenVulList/blob/main/CLTPHP6.0%20Path%20Traversal.md", + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-302xx/CVE-2023-30266.json b/CVE-2023/CVE-2023-302xx/CVE-2023-30266.json new file mode 100644 index 00000000000..7aa2d6e088f --- /dev/null +++ b/CVE-2023/CVE-2023-302xx/CVE-2023-30266.json @@ -0,0 +1,76 @@ +{ + "id": "CVE-2023-30266", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-04-26T14:15:09.737", + "lastModified": "2023-05-04T19:14:22.830", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cltphp:cltphp:*:*:*:*:*:*:*:*", + "versionEndIncluding": "6.0", + "matchCriteriaId": "15CDA35B-3FCD-4AAA-B686-95A08504F7FD" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://github.com/HuBenLab/HuBenVulList/blob/main/CLTPHP6.0%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type%201.md", + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-302xx/CVE-2023-30267.json b/CVE-2023/CVE-2023-302xx/CVE-2023-30267.json new file mode 100644 index 00000000000..274291ad84e --- /dev/null +++ b/CVE-2023/CVE-2023-302xx/CVE-2023-30267.json @@ -0,0 +1,76 @@ +{ + "id": "CVE-2023-30267", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-04-26T14:15:09.777", + "lastModified": "2023-05-04T18:43:05.367", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "CLTPHP <=6.0 is vulnerable to Cross Site Scripting (XSS) via application/home/controller/Changyan.php." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cltphp:cltphp:*:*:*:*:*:*:*:*", + "versionEndIncluding": "6.0", + "matchCriteriaId": "15CDA35B-3FCD-4AAA-B686-95A08504F7FD" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://github.com/HuBenLab/HuBenVulList/blob/main/CLTPHP6.0%20Reflected%20cross-site%20scripting(XSS).md", + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-302xx/CVE-2023-30269.json b/CVE-2023/CVE-2023-302xx/CVE-2023-30269.json new file mode 100644 index 00000000000..31331a078ee --- /dev/null +++ b/CVE-2023/CVE-2023-302xx/CVE-2023-30269.json @@ -0,0 +1,76 @@ +{ + "id": "CVE-2023-30269", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-04-26T14:15:09.813", + "lastModified": "2023-05-04T19:08:50.027", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "CLTPHP <=6.0 is vulnerable to Improper Input Validation via application/admin/controller/Template.php." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cltphp:cltphp:*:*:*:*:*:*:*:*", + "versionEndIncluding": "6.0", + "matchCriteriaId": "15CDA35B-3FCD-4AAA-B686-95A08504F7FD" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://github.com/HuBenLab/HuBenVulList/blob/main/CLTPHP6.0%20Improper%20Input%20Validation%201.md", + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-304xx/CVE-2023-30402.json b/CVE-2023/CVE-2023-304xx/CVE-2023-30402.json new file mode 100644 index 00000000000..6a9a9c9e423 --- /dev/null +++ b/CVE-2023/CVE-2023-304xx/CVE-2023-30402.json @@ -0,0 +1,77 @@ +{ + "id": "CVE-2023-30402", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-04-25T16:15:09.590", + "lastModified": "2023-05-04T19:13:06.880", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "YASM v1.3.0 was discovered to contain a heap overflow via the function handle_dot_label at /nasm/nasm-token.re." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yasm_project:yasm:1.3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "AD6556F7-3880-452A-ABA9-1A8A14BA41F3" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://github.com/yasm/yasm/issues/206", + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-305xx/CVE-2023-30545.json b/CVE-2023/CVE-2023-305xx/CVE-2023-30545.json new file mode 100644 index 00000000000..40f05a038cc --- /dev/null +++ b/CVE-2023/CVE-2023-305xx/CVE-2023-30545.json @@ -0,0 +1,117 @@ +{ + "id": "CVE-2023-30545", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-04-25T18:15:09.677", + "lastModified": "2023-05-04T19:38:07.270", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, it is possible for a user with access to the SQL Manager (Advanced Options -> Database) to arbitrarily read any file on the operating system when using SQL function `LOAD_FILE` in a `SELECT` request. This gives the user access to critical information. A patch is available in PrestaShop 8.0.4 and PS 1.7.8.9\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.7.8.9", + "matchCriteriaId": "38174A16-34A0-4E08-8485-B413ADC32907" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "8.0.4", + "matchCriteriaId": "B84AB40A-755F-4AD7-AD86-D2FD642C710D" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://github.com/PrestaShop/PrestaShop/commit/cddac4198a47c602878a787280d813f60c6c0630", + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] + }, + { + "url": "https://github.com/PrestaShop/PrestaShop/commit/d900806e1841a31f26ff0a1843a6888fc1bb7f81", + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] + }, + { + "url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-8r4m-5p6p-52rp", + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-305xx/CVE-2023-30550.json b/CVE-2023/CVE-2023-305xx/CVE-2023-30550.json new file mode 100644 index 00000000000..0a473e2a9d1 --- /dev/null +++ b/CVE-2023/CVE-2023-305xx/CVE-2023-30550.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-30550", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-05-04T18:15:10.150", + "lastModified": "2023-05-04T18:45:32.047", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some operating permissions. The issue has been fixed in version 2.9.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/metersphere/metersphere/releases/tag/v2.9.0", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-j5cq-cpw2-gp2q", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30619.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30619.json index 80812703ce3..ec61c6299bf 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30619.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30619.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30619", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-04T14:15:11.663", - "lastModified": "2023-05-04T14:15:11.663", - "vulnStatus": "Received", + "lastModified": "2023-05-04T18:45:32.047", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30629.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30629.json index df5cff2c4db..9c393c0a73d 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30629.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30629.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30629", "sourceIdentifier": "security-advisories@github.com", "published": "2023-04-24T22:15:10.030", - "lastModified": "2023-04-25T12:52:57.877", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T18:22:10.567", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,26 +66,61 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vyper_project:vyper:*:*:*:*:*:*:*:*", + "versionStartIncluding": "0.3.1", + "versionEndExcluding": "0.3.8", + "matchCriteriaId": "AAB49684-EB30-49CD-9385-AD790BEB56F9" + } + ] + } + ] + } + ], "references": [ { "url": "https://docs.vyperlang.org/en/v0.3.7/built-in-functions.html#raw_call", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/lidofinance/gate-seals/blob/051593e74df01a4131c485b4fda52e691cd4b7d8/contracts/GateSeal.vy#L164", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/lidofinance/gate-seals/pull/5/files", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/vyperlang/vyper/commit/851f7a1b3aa2a36fd041e3d0ed38f9355a58c8ae", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-w9g2-3w7p-72g9", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31223.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31223.json index d8200221bcd..3eb45d4c45b 100644 --- a/CVE-2023/CVE-2023-312xx/CVE-2023-31223.json +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31223.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31223", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-25T23:15:09.090", - "lastModified": "2023-04-25T23:15:09.090", - "vulnStatus": "Received", + "lastModified": "2023-05-04T19:47:24.003", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -34,10 +54,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dradisframework:dradis:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.8.0", + "matchCriteriaId": "8988FEBD-6558-4753-B319-095CF5504732" + } + ] + } + ] + } + ], "references": [ { "url": "https://dradisframework.com/ce/security_reports.html#fixed-4.8.0", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index b1a20e0b8d5..fbcde7c7ec8 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-05-04T18:00:29.167574+00:00 +2023-05-04T20:00:25.177435+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-05-04T16:06:52.953000+00:00 +2023-05-04T19:57:36.087000+00:00 ``` ### Last Data Feed Release @@ -29,20 +29,93 @@ Download and Changelog: [Click](releases/latest) ### Total Number of included CVEs ```plain -214055 +214067 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `4` +* [CVE-2023-2522](CVE-2023/CVE-2023-25xx/CVE-2023-2522.json) (`2023-05-04T18:15:09.763`) +* [CVE-2023-2523](CVE-2023/CVE-2023-25xx/CVE-2023-2523.json) (`2023-05-04T18:15:10.063`) +* [CVE-2023-2524](CVE-2023/CVE-2023-25xx/CVE-2023-2524.json) (`2023-05-04T19:15:09.123`) +* [CVE-2023-30550](CVE-2023/CVE-2023-305xx/CVE-2023-30550.json) (`2023-05-04T18:15:10.150`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `70` -* [CVE-2023-29469](CVE-2023/CVE-2023-294xx/CVE-2023-29469.json) (`2023-05-04T16:06:52.953`) +* [CVE-2021-38363](CVE-2021/CVE-2021-383xx/CVE-2021-38363.json) (`2023-05-04T18:29:57.960`) +* [CVE-2021-38364](CVE-2021/CVE-2021-383xx/CVE-2021-38364.json) (`2023-05-04T18:28:18.383`) +* [CVE-2022-23721](CVE-2022/CVE-2022-237xx/CVE-2022-23721.json) (`2023-05-04T19:39:23.267`) +* [CVE-2022-24035](CVE-2022/CVE-2022-240xx/CVE-2022-24035.json) (`2023-05-04T18:27:25.390`) +* [CVE-2022-27978](CVE-2022/CVE-2022-279xx/CVE-2022-27978.json) (`2023-05-04T18:47:32.747`) +* [CVE-2022-27979](CVE-2022/CVE-2022-279xx/CVE-2022-27979.json) (`2023-05-04T18:34:40.333`) +* [CVE-2022-31244](CVE-2022/CVE-2022-312xx/CVE-2022-31244.json) (`2023-05-04T19:02:43.130`) +* [CVE-2022-39989](CVE-2022/CVE-2022-399xx/CVE-2022-39989.json) (`2023-05-04T19:49:24.510`) +* [CVE-2022-40482](CVE-2022/CVE-2022-404xx/CVE-2022-40482.json) (`2023-05-04T19:40:31.363`) +* [CVE-2022-40722](CVE-2022/CVE-2022-407xx/CVE-2022-40722.json) (`2023-05-04T19:46:42.447`) +* [CVE-2022-40723](CVE-2022/CVE-2022-407xx/CVE-2022-40723.json) (`2023-05-04T19:48:57.540`) +* [CVE-2022-40724](CVE-2022/CVE-2022-407xx/CVE-2022-40724.json) (`2023-05-04T19:49:32.557`) +* [CVE-2022-40725](CVE-2022/CVE-2022-407xx/CVE-2022-40725.json) (`2023-05-04T19:52:10.610`) +* [CVE-2022-45291](CVE-2022/CVE-2022-452xx/CVE-2022-45291.json) (`2023-05-04T19:57:26.577`) +* [CVE-2022-45818](CVE-2022/CVE-2022-458xx/CVE-2022-45818.json) (`2023-05-04T18:45:32.047`) +* [CVE-2022-46302](CVE-2022/CVE-2022-463xx/CVE-2022-46302.json) (`2023-05-04T18:32:15.130`) +* [CVE-2023-2007](CVE-2023/CVE-2023-20xx/CVE-2023-2007.json) (`2023-05-04T18:24:30.803`) +* [CVE-2023-20870](CVE-2023/CVE-2023-208xx/CVE-2023-20870.json) (`2023-05-04T19:57:36.087`) +* [CVE-2023-22728](CVE-2023/CVE-2023-227xx/CVE-2023-22728.json) (`2023-05-04T19:52:51.293`) +* [CVE-2023-22916](CVE-2023/CVE-2023-229xx/CVE-2023-22916.json) (`2023-05-04T19:35:46.887`) +* [CVE-2023-2294](CVE-2023/CVE-2023-22xx/CVE-2023-2294.json) (`2023-05-04T18:00:41.803`) +* [CVE-2023-23470](CVE-2023/CVE-2023-234xx/CVE-2023-23470.json) (`2023-05-04T18:45:32.047`) +* [CVE-2023-2361](CVE-2023/CVE-2023-23xx/CVE-2023-2361.json) (`2023-05-04T18:53:57.203`) +* [CVE-2023-2363](CVE-2023/CVE-2023-23xx/CVE-2023-2363.json) (`2023-05-04T18:54:49.473`) +* [CVE-2023-2364](CVE-2023/CVE-2023-23xx/CVE-2023-2364.json) (`2023-05-04T18:55:06.683`) +* [CVE-2023-2365](CVE-2023/CVE-2023-23xx/CVE-2023-2365.json) (`2023-05-04T18:55:20.170`) +* [CVE-2023-2366](CVE-2023/CVE-2023-23xx/CVE-2023-2366.json) (`2023-05-04T18:55:31.070`) +* [CVE-2023-2367](CVE-2023/CVE-2023-23xx/CVE-2023-2367.json) (`2023-05-04T18:55:44.637`) +* [CVE-2023-2368](CVE-2023/CVE-2023-23xx/CVE-2023-2368.json) (`2023-05-04T18:55:55.883`) +* [CVE-2023-2369](CVE-2023/CVE-2023-23xx/CVE-2023-2369.json) (`2023-05-04T18:56:02.097`) +* [CVE-2023-23837](CVE-2023/CVE-2023-238xx/CVE-2023-23837.json) (`2023-05-04T19:30:04.907`) +* [CVE-2023-23838](CVE-2023/CVE-2023-238xx/CVE-2023-23838.json) (`2023-05-04T19:32:26.440`) +* [CVE-2023-24796](CVE-2023/CVE-2023-247xx/CVE-2023-24796.json) (`2023-05-04T19:42:22.003`) +* [CVE-2023-24958](CVE-2023/CVE-2023-249xx/CVE-2023-24958.json) (`2023-05-04T18:45:32.047`) +* [CVE-2023-2519](CVE-2023/CVE-2023-25xx/CVE-2023-2519.json) (`2023-05-04T18:45:32.047`) +* [CVE-2023-2520](CVE-2023/CVE-2023-25xx/CVE-2023-2520.json) (`2023-05-04T18:45:32.047`) +* [CVE-2023-2521](CVE-2023/CVE-2023-25xx/CVE-2023-2521.json) (`2023-05-04T18:45:32.047`) +* [CVE-2023-25313](CVE-2023/CVE-2023-253xx/CVE-2023-25313.json) (`2023-05-04T19:05:02.003`) +* [CVE-2023-25962](CVE-2023/CVE-2023-259xx/CVE-2023-25962.json) (`2023-05-04T18:45:32.047`) +* [CVE-2023-26010](CVE-2023/CVE-2023-260xx/CVE-2023-26010.json) (`2023-05-04T18:45:32.047`) +* [CVE-2023-26012](CVE-2023/CVE-2023-260xx/CVE-2023-26012.json) (`2023-05-04T18:45:32.047`) +* [CVE-2023-26016](CVE-2023/CVE-2023-260xx/CVE-2023-26016.json) (`2023-05-04T18:45:32.047`) +* [CVE-2023-26098](CVE-2023/CVE-2023-260xx/CVE-2023-26098.json) (`2023-05-04T18:47:35.130`) +* [CVE-2023-27105](CVE-2023/CVE-2023-271xx/CVE-2023-27105.json) (`2023-05-04T18:59:37.013`) +* [CVE-2023-27843](CVE-2023/CVE-2023-278xx/CVE-2023-27843.json) (`2023-05-04T19:27:59.923`) +* [CVE-2023-28771](CVE-2023/CVE-2023-287xx/CVE-2023-28771.json) (`2023-05-04T18:46:01.730`) +* [CVE-2023-28847](CVE-2023/CVE-2023-288xx/CVE-2023-28847.json) (`2023-05-04T19:19:34.863`) +* [CVE-2023-28882](CVE-2023/CVE-2023-288xx/CVE-2023-28882.json) (`2023-05-04T18:53:59.980`) +* [CVE-2023-29200](CVE-2023/CVE-2023-292xx/CVE-2023-29200.json) (`2023-05-04T19:35:45.310`) +* [CVE-2023-29257](CVE-2023/CVE-2023-292xx/CVE-2023-29257.json) (`2023-05-04T19:39:08.163`) +* [CVE-2023-29552](CVE-2023/CVE-2023-295xx/CVE-2023-29552.json) (`2023-05-04T19:07:23.597`) +* [CVE-2023-29827](CVE-2023/CVE-2023-298xx/CVE-2023-29827.json) (`2023-05-04T18:45:32.047`) +* [CVE-2023-29994](CVE-2023/CVE-2023-299xx/CVE-2023-29994.json) (`2023-05-04T18:45:32.047`) +* [CVE-2023-29995](CVE-2023/CVE-2023-299xx/CVE-2023-29995.json) (`2023-05-04T18:45:32.047`) +* [CVE-2023-29996](CVE-2023/CVE-2023-299xx/CVE-2023-29996.json) (`2023-05-04T18:45:32.047`) +* [CVE-2023-30106](CVE-2023/CVE-2023-301xx/CVE-2023-30106.json) (`2023-05-04T19:28:56.020`) +* [CVE-2023-30111](CVE-2023/CVE-2023-301xx/CVE-2023-30111.json) (`2023-05-04T18:02:09.460`) +* [CVE-2023-30112](CVE-2023/CVE-2023-301xx/CVE-2023-30112.json) (`2023-05-04T19:52:11.437`) +* [CVE-2023-30177](CVE-2023/CVE-2023-301xx/CVE-2023-30177.json) (`2023-05-04T19:36:10.787`) +* [CVE-2023-30184](CVE-2023/CVE-2023-301xx/CVE-2023-30184.json) (`2023-05-04T18:45:32.047`) +* [CVE-2023-30203](CVE-2023/CVE-2023-302xx/CVE-2023-30203.json) (`2023-05-04T18:45:32.047`) +* [CVE-2023-30265](CVE-2023/CVE-2023-302xx/CVE-2023-30265.json) (`2023-05-04T19:15:15.477`) +* [CVE-2023-30266](CVE-2023/CVE-2023-302xx/CVE-2023-30266.json) (`2023-05-04T19:14:22.830`) +* [CVE-2023-30267](CVE-2023/CVE-2023-302xx/CVE-2023-30267.json) (`2023-05-04T18:43:05.367`) +* [CVE-2023-30269](CVE-2023/CVE-2023-302xx/CVE-2023-30269.json) (`2023-05-04T19:08:50.027`) +* [CVE-2023-30402](CVE-2023/CVE-2023-304xx/CVE-2023-30402.json) (`2023-05-04T19:13:06.880`) +* [CVE-2023-30545](CVE-2023/CVE-2023-305xx/CVE-2023-30545.json) (`2023-05-04T19:38:07.270`) +* [CVE-2023-30619](CVE-2023/CVE-2023-306xx/CVE-2023-30619.json) (`2023-05-04T18:45:32.047`) +* [CVE-2023-30629](CVE-2023/CVE-2023-306xx/CVE-2023-30629.json) (`2023-05-04T18:22:10.567`) +* [CVE-2023-31223](CVE-2023/CVE-2023-312xx/CVE-2023-31223.json) (`2023-05-04T19:47:24.003`) ## Download and Usage