diff --git a/CVE-2005/CVE-2005-15xx/CVE-2005-1513.json b/CVE-2005/CVE-2005-15xx/CVE-2005-1513.json
index bbb9fca9610..61af1bf90ca 100644
--- a/CVE-2005/CVE-2005-15xx/CVE-2005-1513.json
+++ b/CVE-2005/CVE-2005-15xx/CVE-2005-1513.json
@@ -2,7 +2,7 @@
"id": "CVE-2005-1513",
"sourceIdentifier": "cve@mitre.org",
"published": "2005-05-11T04:00:00.000",
- "lastModified": "2020-10-05T21:15:12.517",
+ "lastModified": "2023-06-08T17:15:09.390",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -86,6 +86,10 @@
"url": "http://packetstormsecurity.com/files/158203/Qmail-Local-Privilege-Escalation-Remote-Code-Execution.html",
"source": "cve@mitre.org"
},
+ {
+ "url": "http://packetstormsecurity.com/files/172804/RenderDoc-1.26-Local-Privilege-Escalation-Remote-Code-Execution.html",
+ "source": "cve@mitre.org"
+ },
{
"url": "http://seclists.org/fulldisclosure/2020/Jun/27",
"source": "cve@mitre.org"
@@ -94,6 +98,10 @@
"url": "http://seclists.org/fulldisclosure/2020/May/42",
"source": "cve@mitre.org"
},
+ {
+ "url": "http://seclists.org/fulldisclosure/2023/Jun/2",
+ "source": "cve@mitre.org"
+ },
{
"url": "http://securitytracker.com/id?1013911",
"source": "cve@mitre.org",
@@ -124,6 +132,10 @@
"url": "http://www.openwall.com/lists/oss-security/2020/06/16/2",
"source": "cve@mitre.org"
},
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/06/06/3",
+ "source": "cve@mitre.org"
+ },
{
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00002.html",
"source": "cve@mitre.org"
diff --git a/CVE-2010/CVE-2010-100xx/CVE-2010-10010.json b/CVE-2010/CVE-2010-100xx/CVE-2010-10010.json
index a451af70095..9956a7e44f4 100644
--- a/CVE-2010/CVE-2010-100xx/CVE-2010-10010.json
+++ b/CVE-2010/CVE-2010-100xx/CVE-2010-10010.json
@@ -2,8 +2,8 @@
"id": "CVE-2010-10010",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-01T05:15:09.503",
- "lastModified": "2023-06-01T13:00:30.717",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T16:35:34.303",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@@ -71,26 +93,54 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:psychostats:psychostats:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "3.2.2b",
+ "matchCriteriaId": "E48C920F-0B03-4DBC-AC23-7D0DA5EA2514"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
- {
- "url": "http://www.psychostats.com/forums/index.php?showtopic=20796&hl=",
- "source": "cna@vuldb.com"
- },
{
"url": "https://github.com/StarsAlliance/PsychoStats/commit/5d3b7311fd5085ec6ea1b1bfa9a05285964e07e4",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/StarsAlliance/PsychoStats/releases/tag/3.2.2b",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Release Notes"
+ ]
},
{
"url": "https://vuldb.com/?ctiid.230265",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://vuldb.com/?id.230265",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2010/CVE-2010-46xx/CVE-2010-4605.json b/CVE-2010/CVE-2010-46xx/CVE-2010-4605.json
index 036ceda03c2..18a82993f2c 100644
--- a/CVE-2010/CVE-2010-46xx/CVE-2010-4605.json
+++ b/CVE-2010/CVE-2010-46xx/CVE-2010-4605.json
@@ -2,7 +2,7 @@
"id": "CVE-2010-4605",
"sourceIdentifier": "cve@mitre.org",
"published": "2010-12-29T18:00:03.820",
- "lastModified": "2011-01-04T05:00:00.000",
+ "lastModified": "2023-06-06T19:14:10.453",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -134,8 +134,8 @@
"cpeMatch": [
{
"vulnerable": false,
- "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
- "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37"
+ "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
@@ -186,8 +186,8 @@
"cpeMatch": [
{
"vulnerable": false,
- "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
- "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37"
+ "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
@@ -223,8 +223,8 @@
"cpeMatch": [
{
"vulnerable": false,
- "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
- "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37"
+ "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
@@ -265,8 +265,8 @@
"cpeMatch": [
{
"vulnerable": false,
- "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
- "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37"
+ "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
@@ -297,8 +297,8 @@
"cpeMatch": [
{
"vulnerable": false,
- "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
- "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37"
+ "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
@@ -308,20 +308,34 @@
"references": [
{
"url": "http://securitytracker.com/id?1024901",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory",
+ "URL Repurposed",
+ "VDB Entry"
+ ]
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66686",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Broken Link",
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.ibm.com/support/docview.wss?uid=swg21454745",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Broken Link",
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.vupen.com/english/advisories/2010/3251",
"source": "cve@mitre.org",
"tags": [
+ "URL Repurposed",
"Vendor Advisory"
]
}
diff --git a/CVE-2012/CVE-2012-100xx/CVE-2012-10015.json b/CVE-2012/CVE-2012-100xx/CVE-2012-10015.json
index 880d849fcd8..fe227ec248a 100644
--- a/CVE-2012/CVE-2012-100xx/CVE-2012-10015.json
+++ b/CVE-2012/CVE-2012-100xx/CVE-2012-10015.json
@@ -2,8 +2,8 @@
"id": "CVE-2012-10015",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-31T00:15:09.417",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T20:57:21.780",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@@ -71,18 +93,46 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:bestwebsoft:twitter:*:*:*:*:*:wordpress:*:*",
+ "versionEndExcluding": "2.15",
+ "matchCriteriaId": "6A17D4CA-0788-46A9-B6CA-23710665EA55"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/wp-plugins/twitter-plugin/commit/a6d4659cbb2cbf18ccb0fb43549d5113d74e0146",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://vuldb.com/?ctiid.230154",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://vuldb.com/?id.230154",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2013/CVE-2013-100xx/CVE-2013-10029.json b/CVE-2013/CVE-2013-100xx/CVE-2013-10029.json
index 5c15fbb7c24..7dba4fe542f 100644
--- a/CVE-2013/CVE-2013-100xx/CVE-2013-10029.json
+++ b/CVE-2013/CVE-2013-100xx/CVE-2013-10029.json
@@ -2,8 +2,8 @@
"id": "CVE-2013-10029",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-05T21:15:09.250",
- "lastModified": "2023-06-05T21:15:09.250",
- "vulnStatus": "Received",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2013/CVE-2013-100xx/CVE-2013-10030.json b/CVE-2013/CVE-2013-100xx/CVE-2013-10030.json
new file mode 100644
index 00000000000..db955b690ab
--- /dev/null
+++ b/CVE-2013/CVE-2013-100xx/CVE-2013-10030.json
@@ -0,0 +1,88 @@
+{
+ "id": "CVE-2013-10030",
+ "sourceIdentifier": "cna@vuldb.com",
+ "published": "2023-06-05T22:15:09.260",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A vulnerability, which was classified as problematic, has been found in Exit Box Lite Plugin up to 1.06 on WordPress. Affected by this issue is some unknown functionality of the file wordpress-exit-box-lite.php. The manipulation leads to information disclosure. The attack may be launched remotely. Upgrading to version 1.10 is able to address this issue. The name of the patch is fad26701addb862c51baf85c6e3cc136aa79c309. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230672."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV30": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
+ "accessVector": "NETWORK",
+ "accessComplexity": "LOW",
+ "authentication": "SINGLE",
+ "confidentialityImpact": "PARTIAL",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.0
+ },
+ "baseSeverity": "MEDIUM",
+ "exploitabilityScore": 8.0,
+ "impactScore": 2.9,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": false
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-200"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/wp-plugins/wordpress-exit-box-lite/commit/fad26701addb862c51baf85c6e3cc136aa79c309",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.230672",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?id.230672",
+ "source": "cna@vuldb.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2013/CVE-2013-42xx/CVE-2013-4279.json b/CVE-2013/CVE-2013-42xx/CVE-2013-4279.json
index 11222deb912..a04848656a5 100644
--- a/CVE-2013/CVE-2013-42xx/CVE-2013-4279.json
+++ b/CVE-2013/CVE-2013-42xx/CVE-2013-4279.json
@@ -2,7 +2,7 @@
"id": "CVE-2013-4279",
"sourceIdentifier": "secalert@redhat.com",
"published": "2014-04-18T22:14:35.447",
- "lastModified": "2014-04-21T15:31:39.217",
+ "lastModified": "2023-06-07T13:59:55.603",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -62,64 +62,64 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:gilles_lamiral:imapsync:*:*:*:*:*:*:*:*",
+ "criteria": "cpe:2.3:a:imapsync_project:imapsync:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.564",
- "matchCriteriaId": "26E75D08-6932-4AC8-B134-7CB06E728F39"
+ "matchCriteriaId": "AA45BFF9-6304-432D-B494-43C25C65C7D6"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.53:*:*:*:*:*:*:*",
- "matchCriteriaId": "343C4B16-E908-41E4-97AC-66AB7A8DBF04"
+ "criteria": "cpe:2.3:a:imapsync_project:imapsync:1.53:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B40979AF-EB6A-46EB-99E4-D701581ED1BF"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.500:*:*:*:*:*:*:*",
- "matchCriteriaId": "952F3989-1470-4F84-93E0-A249934BF916"
+ "criteria": "cpe:2.3:a:imapsync_project:imapsync:1.500:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5474AB1C-7C65-4DBA-84FC-25225ED0D1F5"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.504:*:*:*:*:*:*:*",
- "matchCriteriaId": "A7F86126-2BFE-4E35-B5EF-D33F09D7E0D2"
+ "criteria": "cpe:2.3:a:imapsync_project:imapsync:1.504:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FAF07F71-64E1-4C03-990B-125F65BE1755"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.508:*:*:*:*:*:*:*",
- "matchCriteriaId": "371C1004-F850-461C-AFA3-D2BFC3FCADE5"
+ "criteria": "cpe:2.3:a:imapsync_project:imapsync:1.508:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8E69E9B3-6B60-42FC-BF19-5D03C18C2D87"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.516:*:*:*:*:*:*:*",
- "matchCriteriaId": "B069477A-B5E8-4AE4-A949-FF7C875AC765"
+ "criteria": "cpe:2.3:a:imapsync_project:imapsync:1.516:*:*:*:*:*:*:*",
+ "matchCriteriaId": "89F4D622-A8B7-4694-8299-6CD2A7CC4BC6"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.518:*:*:*:*:*:*:*",
- "matchCriteriaId": "8412FC3F-0B47-48B3-850E-B4C245CEB0B7"
+ "criteria": "cpe:2.3:a:imapsync_project:imapsync:1.518:*:*:*:*:*:*:*",
+ "matchCriteriaId": "561963EC-FC73-4284-91CB-D314EE02B3E3"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.525:*:*:*:*:*:*:*",
- "matchCriteriaId": "608A2C86-CEBB-4924-99A2-E4B93B0739A2"
+ "criteria": "cpe:2.3:a:imapsync_project:imapsync:1.525:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B0BECF9F-1286-4549-8C60-1956024E0662"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.542:*:*:*:*:*:*:*",
- "matchCriteriaId": "D1FE91AF-38CB-45B1-AC21-1CF2168C5A4B"
+ "criteria": "cpe:2.3:a:imapsync_project:imapsync:1.542:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E29744AC-E2CC-4C1E-8C06-8FD13CD44605"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.547:*:*:*:*:*:*:*",
- "matchCriteriaId": "AE4EF32F-8F3C-4FED-8AC9-E86186E9B55E"
+ "criteria": "cpe:2.3:a:imapsync_project:imapsync:1.547:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F9847527-D696-4BEC-A4D7-38ED38AB2C24"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.554:*:*:*:*:*:*:*",
- "matchCriteriaId": "85A720FD-427F-4FCC-8B17-37856347131F"
+ "criteria": "cpe:2.3:a:imapsync_project:imapsync:1.554:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2DCD5E84-F077-4690-A25E-A026531FE866"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.558:*:*:*:*:*:*:*",
- "matchCriteriaId": "730B64BC-0569-4DE1-9DEE-2BDE7778AB0D"
+ "criteria": "cpe:2.3:a:imapsync_project:imapsync:1.558:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8BDBB7C4-28E5-4C04-B55B-FC91E96CA0CE"
}
]
}
diff --git a/CVE-2014/CVE-2014-01xx/CVE-2014-0177.json b/CVE-2014/CVE-2014-01xx/CVE-2014-0177.json
index 57ce51d9009..37883d7247f 100644
--- a/CVE-2014/CVE-2014-01xx/CVE-2014-0177.json
+++ b/CVE-2014/CVE-2014-01xx/CVE-2014-0177.json
@@ -2,7 +2,7 @@
"id": "CVE-2014-0177",
"sourceIdentifier": "secalert@redhat.com",
"published": "2014-05-27T14:55:10.540",
- "lastModified": "2014-05-28T17:51:19.880",
+ "lastModified": "2023-06-06T14:02:25.683",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -62,9 +62,9 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:hub_project:hub:*:*:*:*:*:*:*:*",
+ "criteria": "cpe:2.3:a:github:hub:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.12.0",
- "matchCriteriaId": "4679EF96-344F-404F-8572-DC52C5A21D0C"
+ "matchCriteriaId": "53E52D34-F842-4DB6-AE48-7480A645A58D"
}
]
}
diff --git a/CVE-2014/CVE-2014-1251xx/CVE-2014-125103.json b/CVE-2014/CVE-2014-1251xx/CVE-2014-125103.json
index 2c1de646974..8b6fe350095 100644
--- a/CVE-2014/CVE-2014-1251xx/CVE-2014-125103.json
+++ b/CVE-2014/CVE-2014-1251xx/CVE-2014-125103.json
@@ -2,8 +2,8 @@
"id": "CVE-2014-125103",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-31T03:15:09.077",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T15:57:09.807",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@@ -71,18 +93,49 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:bestwebsoft:twitter:*:*:*:*:*:wordpress:*:*",
+ "versionEndIncluding": "1.3.2",
+ "matchCriteriaId": "BD158A27-B547-4078-B960-B946D5BE0813"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/wp-plugins/twitter-plugin/commit/e04d59ab578316ffeb204cf32dc71c0d0e1ff77c",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://vuldb.com/?ctiid.230155",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "https://vuldb.com/?id.230155",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2014/CVE-2014-1251xx/CVE-2014-125104.json b/CVE-2014/CVE-2014-1251xx/CVE-2014-125104.json
index 3649f74e1c4..612cc4c3b57 100644
--- a/CVE-2014/CVE-2014-1251xx/CVE-2014-125104.json
+++ b/CVE-2014/CVE-2014-1251xx/CVE-2014-125104.json
@@ -2,8 +2,8 @@
"id": "CVE-2014-125104",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-01T13:15:10.087",
- "lastModified": "2023-06-01T14:01:50.967",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T15:34:11.237",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@@ -71,22 +93,53 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:automattic:vaultpress:*:*:*:*:*:wordpress:*:*",
+ "versionEndExcluding": "1.6.1",
+ "matchCriteriaId": "6EC94A3B-50F7-4CE6-85CB-EC3D37F9E3C0"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/wp-plugins/vaultpress/commit/e3b92b14edca6291c5f998d54c90cbe98a1fb0e3",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/wp-plugins/vaultpress/releases/tag/1.6.1",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Release Notes"
+ ]
},
{
"url": "https://vuldb.com/?ctiid.230263",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://vuldb.com/?id.230263",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2014/CVE-2014-20xx/CVE-2014-2014.json b/CVE-2014/CVE-2014-20xx/CVE-2014-2014.json
index aff9caf8241..b6cce48d61a 100644
--- a/CVE-2014/CVE-2014-20xx/CVE-2014-2014.json
+++ b/CVE-2014/CVE-2014-20xx/CVE-2014-2014.json
@@ -2,7 +2,7 @@
"id": "CVE-2014-2014",
"sourceIdentifier": "cve@mitre.org",
"published": "2014-04-18T22:14:35.980",
- "lastModified": "2014-04-21T16:19:29.213",
+ "lastModified": "2023-06-07T13:59:55.603",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -62,79 +62,79 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:gilles_lamiral:imapsync:*:*:*:*:*:*:*:*",
+ "criteria": "cpe:2.3:a:imapsync_project:imapsync:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.580",
- "matchCriteriaId": "50F74B23-B18A-4BAF-97B9-1BC963729B8E"
+ "matchCriteriaId": "56905459-0B35-43B8-8C47-FBA9139EA823"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.53:*:*:*:*:*:*:*",
- "matchCriteriaId": "343C4B16-E908-41E4-97AC-66AB7A8DBF04"
+ "criteria": "cpe:2.3:a:imapsync_project:imapsync:1.53:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B40979AF-EB6A-46EB-99E4-D701581ED1BF"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.500:*:*:*:*:*:*:*",
- "matchCriteriaId": "952F3989-1470-4F84-93E0-A249934BF916"
+ "criteria": "cpe:2.3:a:imapsync_project:imapsync:1.500:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5474AB1C-7C65-4DBA-84FC-25225ED0D1F5"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.504:*:*:*:*:*:*:*",
- "matchCriteriaId": "A7F86126-2BFE-4E35-B5EF-D33F09D7E0D2"
+ "criteria": "cpe:2.3:a:imapsync_project:imapsync:1.504:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FAF07F71-64E1-4C03-990B-125F65BE1755"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.508:*:*:*:*:*:*:*",
- "matchCriteriaId": "371C1004-F850-461C-AFA3-D2BFC3FCADE5"
+ "criteria": "cpe:2.3:a:imapsync_project:imapsync:1.508:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8E69E9B3-6B60-42FC-BF19-5D03C18C2D87"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.516:*:*:*:*:*:*:*",
- "matchCriteriaId": "B069477A-B5E8-4AE4-A949-FF7C875AC765"
+ "criteria": "cpe:2.3:a:imapsync_project:imapsync:1.516:*:*:*:*:*:*:*",
+ "matchCriteriaId": "89F4D622-A8B7-4694-8299-6CD2A7CC4BC6"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.518:*:*:*:*:*:*:*",
- "matchCriteriaId": "8412FC3F-0B47-48B3-850E-B4C245CEB0B7"
+ "criteria": "cpe:2.3:a:imapsync_project:imapsync:1.518:*:*:*:*:*:*:*",
+ "matchCriteriaId": "561963EC-FC73-4284-91CB-D314EE02B3E3"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.525:*:*:*:*:*:*:*",
- "matchCriteriaId": "608A2C86-CEBB-4924-99A2-E4B93B0739A2"
+ "criteria": "cpe:2.3:a:imapsync_project:imapsync:1.525:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B0BECF9F-1286-4549-8C60-1956024E0662"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.542:*:*:*:*:*:*:*",
- "matchCriteriaId": "D1FE91AF-38CB-45B1-AC21-1CF2168C5A4B"
+ "criteria": "cpe:2.3:a:imapsync_project:imapsync:1.542:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E29744AC-E2CC-4C1E-8C06-8FD13CD44605"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.547:*:*:*:*:*:*:*",
- "matchCriteriaId": "AE4EF32F-8F3C-4FED-8AC9-E86186E9B55E"
+ "criteria": "cpe:2.3:a:imapsync_project:imapsync:1.547:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F9847527-D696-4BEC-A4D7-38ED38AB2C24"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.554:*:*:*:*:*:*:*",
- "matchCriteriaId": "85A720FD-427F-4FCC-8B17-37856347131F"
+ "criteria": "cpe:2.3:a:imapsync_project:imapsync:1.554:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2DCD5E84-F077-4690-A25E-A026531FE866"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.558:*:*:*:*:*:*:*",
- "matchCriteriaId": "730B64BC-0569-4DE1-9DEE-2BDE7778AB0D"
+ "criteria": "cpe:2.3:a:imapsync_project:imapsync:1.558:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8BDBB7C4-28E5-4C04-B55B-FC91E96CA0CE"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.564:*:*:*:*:*:*:*",
- "matchCriteriaId": "A73FF740-DBE1-47AF-B6C4-CE03C15BF4B3"
+ "criteria": "cpe:2.3:a:imapsync_project:imapsync:1.564:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A74F9B7A-6DAA-4ECA-8113-4629C7FDD987"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.567:*:*:*:*:*:*:*",
- "matchCriteriaId": "50B35AD1-C85B-483A-BF15-C8AA6A106A54"
+ "criteria": "cpe:2.3:a:imapsync_project:imapsync:1.567:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A525B607-E517-4CAD-80F1-053B8F8AB659"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:gilles_lamiral:imapsync:1.569:*:*:*:*:*:*:*",
- "matchCriteriaId": "FAB40920-47B3-483C-ACEB-49AF629DABFC"
+ "criteria": "cpe:2.3:a:imapsync_project:imapsync:1.569:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AFE68C11-2954-4C9E-8439-CB72D051A12A"
}
]
}
diff --git a/CVE-2015/CVE-2015-101xx/CVE-2015-10107.json b/CVE-2015/CVE-2015-101xx/CVE-2015-10107.json
index a34c96f3fa0..eb5b4b5150d 100644
--- a/CVE-2015/CVE-2015-101xx/CVE-2015-10107.json
+++ b/CVE-2015/CVE-2015-101xx/CVE-2015-10107.json
@@ -2,8 +2,8 @@
"id": "CVE-2015-10107",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-31T03:15:09.157",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T16:01:33.717",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@@ -71,18 +93,49 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:simplr_registration_form_plus\\+_project:simplr_registration_form_plus\\+:*:*:*:*:*:wordpress:*:*",
+ "versionEndIncluding": "2.3.4",
+ "matchCriteriaId": "1D78C503-96F1-4EB4-9272-13ABE04A18C3"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/wp-plugins/simplr-registration-form/commit/d588446844dd49232ab400ef213ff5b92121c33e",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://vuldb.com/?ctiid.230153",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "https://vuldb.com/?id.230153",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2015/CVE-2015-101xx/CVE-2015-10108.json b/CVE-2015/CVE-2015-101xx/CVE-2015-10108.json
index a001f00134f..2bd0637f35c 100644
--- a/CVE-2015/CVE-2015-101xx/CVE-2015-10108.json
+++ b/CVE-2015/CVE-2015-101xx/CVE-2015-10108.json
@@ -2,8 +2,8 @@
"id": "CVE-2015-10108",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-31T19:15:11.720",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T20:08:47.730",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@@ -71,22 +93,54 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:inline_google_spreadsheet_viewer_project:inline_google_spreadsheet_viewer:*:*:*:*:*:wordpress:*:*",
+ "versionEndIncluding": "0.9.6",
+ "matchCriteriaId": "9E1737CA-C283-46FF-9336-BE8A099C1B1F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/wp-plugins/inline-google-spreadsheet-viewer/commit/2a8057df8ca30adc859cecbe5cad21ac28c5b747",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/wp-plugins/inline-google-spreadsheet-viewer/releases/tag/0.9.6.1",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Release Notes"
+ ]
},
{
"url": "https://vuldb.com/?ctiid.230234",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://vuldb.com/?id.230234",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2015/CVE-2015-101xx/CVE-2015-10109.json b/CVE-2015/CVE-2015-101xx/CVE-2015-10109.json
index 890650eea9f..125606ce152 100644
--- a/CVE-2015/CVE-2015-101xx/CVE-2015-10109.json
+++ b/CVE-2015/CVE-2015-101xx/CVE-2015-10109.json
@@ -2,8 +2,8 @@
"id": "CVE-2015-10109",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-01T13:15:10.180",
- "lastModified": "2023-06-01T14:01:50.967",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T18:13:52.147",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@@ -61,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -69,24 +91,66 @@
"value": "CWE-352"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cincopa:video_and_media_plug-in:*:*:*:*:*:wordpress:*:*",
+ "versionEndExcluding": "1.137",
+ "matchCriteriaId": "0A7FCCD3-DAD8-4594-8299-2B201D22BBCB"
+ }
+ ]
+ }
+ ]
}
],
"references": [
{
"url": "https://github.com/wp-plugins/video-playlist-and-gallery-plugin/commit/ee28e91f4d5404905204c43b7b84a8ffecad932e",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/wp-plugins/video-playlist-and-gallery-plugin/releases/tag/1.137",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Release Notes"
+ ]
},
{
"url": "https://vuldb.com/?ctiid.230264",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://vuldb.com/?id.230264",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2015/CVE-2015-101xx/CVE-2015-10115.json b/CVE-2015/CVE-2015-101xx/CVE-2015-10115.json
index 208675fb25b..eca321630c6 100644
--- a/CVE-2015/CVE-2015-101xx/CVE-2015-10115.json
+++ b/CVE-2015/CVE-2015-101xx/CVE-2015-10115.json
@@ -2,8 +2,8 @@
"id": "CVE-2015-10115",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-05T18:15:09.417",
- "lastModified": "2023-06-05T18:15:09.417",
- "vulnStatus": "Received",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2015/CVE-2015-101xx/CVE-2015-10116.json b/CVE-2015/CVE-2015-101xx/CVE-2015-10116.json
new file mode 100644
index 00000000000..933bb039dce
--- /dev/null
+++ b/CVE-2015/CVE-2015-101xx/CVE-2015-10116.json
@@ -0,0 +1,88 @@
+{
+ "id": "CVE-2015-10116",
+ "sourceIdentifier": "cna@vuldb.com",
+ "published": "2023-06-06T01:15:40.430",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A vulnerability classified as problematic has been found in RealFaviconGenerator Favicon Plugin up to 1.2.12 on WordPress. This affects the function install_new_favicon of the file admin/class-favicon-by-realfavicongenerator-admin.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.2.13 is able to address this issue. The identifier of the patch is 949a1ae7216216350458844f50a72f100b56d4e7. It is recommended to upgrade the affected component. The identifier VDB-230661 was assigned to this vulnerability."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV30": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
+ "accessVector": "NETWORK",
+ "accessComplexity": "LOW",
+ "authentication": "NONE",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "PARTIAL",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.0
+ },
+ "baseSeverity": "MEDIUM",
+ "exploitabilityScore": 10.0,
+ "impactScore": 2.9,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": false
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/wp-plugins/favicon-by-realfavicongenerator/commit/949a1ae7216216350458844f50a72f100b56d4e7",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.230661",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?id.230661",
+ "source": "cna@vuldb.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2015/CVE-2015-101xx/CVE-2015-10117.json b/CVE-2015/CVE-2015-101xx/CVE-2015-10117.json
new file mode 100644
index 00000000000..b52041938db
--- /dev/null
+++ b/CVE-2015/CVE-2015-101xx/CVE-2015-10117.json
@@ -0,0 +1,92 @@
+{
+ "id": "CVE-2015-10117",
+ "sourceIdentifier": "cna@vuldb.com",
+ "published": "2023-06-06T02:15:08.830",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A vulnerability, which was classified as problematic, was found in Gravity Forms DPS PxPay Plugin up to 1.4.2 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.4.3 is able to address this issue. The name of the patch is 5966a5e6343e3d5610bdfa126a5cfbae95e629b6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230664."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV30": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.5,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 1.4
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
+ "accessVector": "NETWORK",
+ "accessComplexity": "LOW",
+ "authentication": "SINGLE",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "PARTIAL",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.0
+ },
+ "baseSeverity": "MEDIUM",
+ "exploitabilityScore": 8.0,
+ "impactScore": 2.9,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": false
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/wp-plugins/gravity-forms-dps-pxpay/commit/5966a5e6343e3d5610bdfa126a5cfbae95e629b6",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://github.com/wp-plugins/gravity-forms-dps-pxpay/releases/tag/1.4.3",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.230664",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?id.230664",
+ "source": "cna@vuldb.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2015/CVE-2015-85xx/CVE-2015-8543.json b/CVE-2015/CVE-2015-85xx/CVE-2015-8543.json
index a5d4d7ea7eb..44802dd6532 100644
--- a/CVE-2015/CVE-2015-85xx/CVE-2015-8543.json
+++ b/CVE-2015/CVE-2015-85xx/CVE-2015-8543.json
@@ -2,9 +2,9 @@
"id": "CVE-2015-8543",
"sourceIdentifier": "cve@mitre.org",
"published": "2015-12-28T11:59:06.077",
- "lastModified": "2018-01-05T02:30:20.977",
- "vulnStatus": "Modified",
- "evaluatorComment": "CWE-476: NULL Pointer Dereference",
+ "lastModified": "2023-06-07T12:47:10.247",
+ "vulnStatus": "Analyzed",
+ "evaluatorComment": "CWE-476: NULL Pointer Dereference",
"descriptions": [
{
"lang": "en",
@@ -16,13 +16,13 @@
}
],
"metrics": {
- "cvssMetricV30": [
+ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
- "version": "3.0",
- "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
@@ -85,8 +85,64 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
- "versionEndIncluding": "4.3.2",
- "matchCriteriaId": "17376827-DFED-4E71-8D4A-5E5C44073D57"
+ "versionEndExcluding": "3.2.75",
+ "matchCriteriaId": "447A331C-5777-435D-B7B6-89333DF274DA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.3",
+ "versionEndExcluding": "3.4.111",
+ "matchCriteriaId": "BCA33A60-D0CC-4CB7-80EC-23170FAC9A74"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.5",
+ "versionEndExcluding": "3.10.95",
+ "matchCriteriaId": "E7605378-BB0D-4C8C-A83F-115CE036DBBC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.11",
+ "versionEndExcluding": "3.12.52",
+ "matchCriteriaId": "D9F8AED6-5B8B-4402-8A3C-E5349F025298"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.13",
+ "versionEndExcluding": "3.14.59",
+ "matchCriteriaId": "B8AC651B-877B-40A1-B0FB-E13C039FBBCF"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.15",
+ "versionEndExcluding": "3.16.35",
+ "matchCriteriaId": "7DC4BA70-B111-4D2E-BC78-6601CED68F08"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.17",
+ "versionEndExcluding": "3.18.26",
+ "matchCriteriaId": "152B915A-F9A5-4DB5-B0B3-DBF5F092773B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.19",
+ "versionEndExcluding": "4.1.16",
+ "matchCriteriaId": "F829E177-AAF1-4509-964D-48DA8AE2C8BC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.2",
+ "versionEndExcluding": "4.3.4",
+ "matchCriteriaId": "B6B89F94-302A-4313-8FE5-E3C43BD4271E"
}
]
}
@@ -96,83 +152,150 @@
"references": [
{
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79462ad02e861803b3840cc782248c7359451cd9",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-0855.html",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.debian.org/security/2015/dsa-3426",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.debian.org/security/2016/dsa-3434",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.openwall.com/lists/oss-security/2015/12/09/5",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.securityfocus.com/bid/79698",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "http://www.securitytracker.com/id/1034892",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "http://www.ubuntu.com/usn/USN-2886-1",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.ubuntu.com/usn/USN-2888-1",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.ubuntu.com/usn/USN-2890-1",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.ubuntu.com/usn/USN-2890-2",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.ubuntu.com/usn/USN-2890-3",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1290475",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Issue Tracking",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://github.com/torvalds/linux/commit/79462ad02e861803b3840cc782248c7359451cd9",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2015/CVE-2015-86xx/CVE-2015-8660.json b/CVE-2015/CVE-2015-86xx/CVE-2015-8660.json
index 9c17bfce1b6..9b2711c5d02 100644
--- a/CVE-2015/CVE-2015-86xx/CVE-2015-8660.json
+++ b/CVE-2015/CVE-2015-86xx/CVE-2015-8660.json
@@ -2,8 +2,8 @@
"id": "CVE-2015-8660",
"sourceIdentifier": "secalert@redhat.com",
"published": "2015-12-28T11:59:08.093",
- "lastModified": "2023-02-13T00:55:13.190",
- "vulnStatus": "Modified",
+ "lastModified": "2023-06-07T12:44:34.670",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -15,13 +15,13 @@
}
],
"metrics": {
- "cvssMetricV30": [
+ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
- "version": "3.0",
- "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
@@ -85,8 +85,23 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
- "versionEndIncluding": "4.3.2",
- "matchCriteriaId": "17376827-DFED-4E71-8D4A-5E5C44073D57"
+ "versionStartIncluding": "3.18",
+ "versionEndExcluding": "3.18.31",
+ "matchCriteriaId": "3C4188E9-F514-4ED6-BBF3-A05801ED9CD0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.19",
+ "versionEndExcluding": "4.1.22",
+ "matchCriteriaId": "D2D231A6-F06A-481A-8F4C-D1A7E1EC3742"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.2",
+ "versionEndExcluding": "4.4",
+ "matchCriteriaId": "8F38C207-7F29-43E1-BB0B-F202DD2CFCF7"
}
]
}
@@ -96,95 +111,175 @@
"references": [
{
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=acff81ec2c79492b180fade3c2894425cd35a545",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "http://packetstormsecurity.com/files/135151/Ubuntu-14.04-LTS-15.10-overlayfs-Local-Root.html",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-1532.html",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-1539.html",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-1541.html",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.openwall.com/lists/oss-security/2015/12/23/5",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.securityfocus.com/bid/79671",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "http://www.securitytracker.com/id/1034548",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "http://www.ubuntu.com/usn/USN-2857-1",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.ubuntu.com/usn/USN-2857-2",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.ubuntu.com/usn/USN-2858-1",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.ubuntu.com/usn/USN-2858-2",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.ubuntu.com/usn/USN-2858-3",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1291329",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Issue Tracking",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://github.com/torvalds/linux/commit/acff81ec2c79492b180fade3c2894425cd35a545",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.exploit-db.com/exploits/39166/",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "https://www.exploit-db.com/exploits/39230/",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "https://www.exploit-db.com/exploits/40688/",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2015/CVE-2015-93xx/CVE-2015-9306.json b/CVE-2015/CVE-2015-93xx/CVE-2015-9306.json
index af10dfcb161..456226e606a 100644
--- a/CVE-2015/CVE-2015-93xx/CVE-2015-9306.json
+++ b/CVE-2015/CVE-2015-93xx/CVE-2015-9306.json
@@ -2,7 +2,7 @@
"id": "CVE-2015-9306",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-08-12T15:15:11.323",
- "lastModified": "2019-08-16T20:06:13.423",
+ "lastModified": "2023-06-06T18:43:33.990",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:smackcoders:ultimate_csv_importer:*:*:*:*:*:wordpress:*:*",
+ "criteria": "cpe:2.3:a:smackcoders:import_all_pages\\,_post_types\\,_products\\,_orders\\,_and_users_as_xml_\\&_csv:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.8.1",
- "matchCriteriaId": "89421471-21DA-4F9B-83B8-05ECCFB7962A"
+ "matchCriteriaId": "AECA9902-EED7-4BB7-AB78-F75B8C84D842"
}
]
}
diff --git a/CVE-2016/CVE-2016-100xx/CVE-2016-10088.json b/CVE-2016/CVE-2016-100xx/CVE-2016-10088.json
index 7704a4f7141..c3d20cebdb1 100644
--- a/CVE-2016/CVE-2016-100xx/CVE-2016-10088.json
+++ b/CVE-2016/CVE-2016-100xx/CVE-2016-10088.json
@@ -2,8 +2,8 @@
"id": "CVE-2016-10088",
"sourceIdentifier": "security@debian.org",
"published": "2016-12-30T18:59:00.130",
- "lastModified": "2018-01-05T02:30:31.400",
- "vulnStatus": "Modified",
+ "lastModified": "2023-06-07T12:44:09.807",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -15,13 +15,13 @@
}
],
"metrics": {
- "cvssMetricV30": [
+ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
- "version": "3.0",
- "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
@@ -85,8 +85,57 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
- "versionEndIncluding": "4.9",
- "matchCriteriaId": "C078FF02-3FD1-41D4-AB11-F63F20B93EB0"
+ "versionEndExcluding": "3.10.107",
+ "matchCriteriaId": "C7CC435A-771D-4B94-92E2-D1E1F6658911"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.11",
+ "versionEndExcluding": "3.12.70",
+ "matchCriteriaId": "62D40056-DC08-4609-8FAB-B6D924994367"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.13",
+ "versionEndExcluding": "3.16.40",
+ "matchCriteriaId": "1331ABAB-8C2B-4379-BA77-B655A5B9A83F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.17",
+ "versionEndExcluding": "3.18.47",
+ "matchCriteriaId": "B1A82714-1C53-498D-94AA-DE9F6B577522"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.19",
+ "versionEndExcluding": "4.1.38",
+ "matchCriteriaId": "755C626E-7669-4E6E-BC91-2656E4740E66"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.2",
+ "versionEndExcluding": "4.4.41",
+ "matchCriteriaId": "416DE4AD-4E79-4CC6-9B9D-15BA301E0811"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.5",
+ "versionEndExcluding": "4.8.17",
+ "matchCriteriaId": "852FD2CB-474A-4B94-8B29-1307B3402946"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.9",
+ "versionEndExcluding": "4.9.2",
+ "matchCriteriaId": "F0671122-FCD7-4CEF-B818-5680B6E594DA"
}
]
}
@@ -104,34 +153,55 @@
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html",
- "source": "security@debian.org"
+ "source": "security@debian.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.openwall.com/lists/oss-security/2016/12/30/1",
"source": "security@debian.org",
"tags": [
- "Mailing List"
+ "Mailing List",
+ "Third Party Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/95169",
- "source": "security@debian.org"
+ "source": "security@debian.org",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "http://www.securitytracker.com/id/1037538",
- "source": "security@debian.org"
+ "source": "security@debian.org",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:1842",
- "source": "security@debian.org"
+ "source": "security@debian.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:2077",
- "source": "security@debian.org"
+ "source": "security@debian.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:2669",
- "source": "security@debian.org"
+ "source": "security@debian.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://github.com/torvalds/linux/commit/128394eff343fc6d2f32172f03e24829539c5835",
diff --git a/CVE-2016/CVE-2016-102xx/CVE-2016-10200.json b/CVE-2016/CVE-2016-102xx/CVE-2016-10200.json
index 49a04075886..17fc5efdd1d 100644
--- a/CVE-2016/CVE-2016-102xx/CVE-2016-10200.json
+++ b/CVE-2016/CVE-2016-102xx/CVE-2016-10200.json
@@ -2,8 +2,8 @@
"id": "CVE-2016-10200",
"sourceIdentifier": "security@android.com",
"published": "2017-03-07T21:59:00.153",
- "lastModified": "2018-01-05T02:30:32.243",
- "vulnStatus": "Modified",
+ "lastModified": "2023-06-07T12:44:53.337",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -15,13 +15,13 @@
}
],
"metrics": {
- "cvssMetricV30": [
+ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
- "version": "3.0",
- "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
@@ -93,8 +93,51 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
- "versionEndIncluding": "4.8.13",
- "matchCriteriaId": "AFA59F0A-3755-48B8-997D-77B0F7A45B94"
+ "versionStartIncluding": "3.0.34",
+ "versionEndExcluding": "3.2",
+ "matchCriteriaId": "14FD3DA1-7FAC-4B6B-A0BB-54475E9C1380"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.2.20",
+ "versionEndExcluding": "3.2.88",
+ "matchCriteriaId": "3B82F618-7B1B-49EA-B1C0-8D4317DD2F72"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.4.2",
+ "versionEndExcluding": "3.12.69",
+ "matchCriteriaId": "736649AC-0E90-4495-B20F-FAB4D4051E48"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.13",
+ "versionEndExcluding": "3.16.40",
+ "matchCriteriaId": "1331ABAB-8C2B-4379-BA77-B655A5B9A83F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.17",
+ "versionEndExcluding": "3.18.52",
+ "matchCriteriaId": "8104AAC1-9700-4372-8E11-37B09309A76F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.19",
+ "versionEndExcluding": "4.4.38",
+ "matchCriteriaId": "5931D73A-2E25-417B-84CC-D257F64C28C7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.5",
+ "versionEndExcluding": "4.8.14",
+ "matchCriteriaId": "2454EAB6-FC42-4FA4-BE76-CBAA81D4ADC4"
}
]
}
@@ -144,31 +187,55 @@
},
{
"url": "http://www.securityfocus.com/bid/101783",
- "source": "security@android.com"
+ "source": "security@android.com",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "http://www.securitytracker.com/id/1037965",
- "source": "security@android.com"
+ "source": "security@android.com",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "http://www.securitytracker.com/id/1037968",
- "source": "security@android.com"
+ "source": "security@android.com",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:1842",
- "source": "security@android.com"
+ "source": "security@android.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:2077",
- "source": "security@android.com"
+ "source": "security@android.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:2437",
- "source": "security@android.com"
+ "source": "security@android.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:2444",
- "source": "security@android.com"
+ "source": "security@android.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://github.com/torvalds/linux/commit/32c231164b762dddefa13af5a0101032c70b50ef",
diff --git a/CVE-2016/CVE-2016-150xx/CVE-2016-15033.json b/CVE-2016/CVE-2016-150xx/CVE-2016-15033.json
new file mode 100644
index 00000000000..110da0066db
--- /dev/null
+++ b/CVE-2016/CVE-2016-150xx/CVE-2016-15033.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2016-15033",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:09.717",
+ "lastModified": "2023-06-07T02:45:10.733",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the via the delete-all-comments.php file in versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-434"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "http://blog.nintechnet.com/arbitrary-file-upload-vulnerability-in-wordpress-delete-all-comments-plugin/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wordpress.org/plugins/delete-all-comments/#developers",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b1e98d2d-20b1-4fff-96d4-0fb8e0d2615a?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2016/CVE-2016-45xx/CVE-2016-4558.json b/CVE-2016/CVE-2016-45xx/CVE-2016-4558.json
index 3907bea2755..18abeb5f4ed 100644
--- a/CVE-2016/CVE-2016-45xx/CVE-2016-4558.json
+++ b/CVE-2016/CVE-2016-45xx/CVE-2016-4558.json
@@ -2,9 +2,9 @@
"id": "CVE-2016-4558",
"sourceIdentifier": "cve@mitre.org",
"published": "2016-05-23T10:59:04.783",
- "lastModified": "2016-08-02T18:43:03.703",
+ "lastModified": "2023-06-07T12:45:02.130",
"vulnStatus": "Analyzed",
- "evaluatorComment": "CWE-416: Use After Free",
+ "evaluatorComment": "CWE-416: Use After Free",
"descriptions": [
{
"lang": "en",
@@ -16,13 +16,13 @@
}
],
"metrics": {
- "cvssMetricV30": [
+ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
- "version": "3.0",
- "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
@@ -86,8 +86,16 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
- "versionEndIncluding": "4.5.4",
- "matchCriteriaId": "1C36E5B8-129B-488B-B732-83E71CF311DD"
+ "versionStartIncluding": "4.4",
+ "versionEndExcluding": "4.4.11",
+ "matchCriteriaId": "854B0415-69B4-4DA9-9E3F-8C832E6D702E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.5",
+ "versionEndExcluding": "4.5.5",
+ "matchCriteriaId": "4EC30B3A-B105-4482-A6B1-A5D1C79EFBA2"
}
]
}
@@ -117,15 +125,25 @@
"references": [
{
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=92117d8443bc5afacc8d5ba82e541946310f106e",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/4",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.ubuntu.com/usn/USN-3005-1",
diff --git a/CVE-2016/CVE-2016-67xx/CVE-2016-6786.json b/CVE-2016/CVE-2016-67xx/CVE-2016-6786.json
index 97e6846f102..48bf9fef9a7 100644
--- a/CVE-2016/CVE-2016-67xx/CVE-2016-6786.json
+++ b/CVE-2016/CVE-2016-67xx/CVE-2016-6786.json
@@ -2,8 +2,8 @@
"id": "CVE-2016-6786",
"sourceIdentifier": "security@android.com",
"published": "2016-12-28T07:59:00.213",
- "lastModified": "2017-11-04T01:29:22.240",
- "vulnStatus": "Modified",
+ "lastModified": "2023-06-07T12:46:00.657",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -15,13 +15,13 @@
}
],
"metrics": {
- "cvssMetricV30": [
+ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
- "version": "3.0",
- "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
@@ -85,8 +85,29 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
- "versionEndIncluding": "3.19.8",
- "matchCriteriaId": "13BE712D-C8FA-4B87-9A81-D23E0DD30FD3"
+ "versionEndExcluding": "3.2.85",
+ "matchCriteriaId": "9A5A178A-A60C-4053-AEE0-5164430206AD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.3",
+ "versionEndExcluding": "3.16.40",
+ "matchCriteriaId": "6C5B0F97-B38C-412B-93E9-148AC6F6B58E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.17",
+ "versionEndExcluding": "3.18.54",
+ "matchCriteriaId": "56806170-9BCD-4160-A14A-558EFAB98EC8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.19",
+ "versionEndExcluding": "4.0",
+ "matchCriteriaId": "8A7FC79A-26B7-4E34-BB99-D25E74514239"
}
]
}
@@ -111,17 +132,25 @@
},
{
"url": "http://www.debian.org/security/2017/dsa-3791",
- "source": "security@android.com"
+ "source": "security@android.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.securityfocus.com/bid/94679",
- "source": "security@android.com"
+ "source": "security@android.com",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1403842",
"source": "security@android.com",
"tags": [
- "Issue Tracking"
+ "Issue Tracking",
+ "Third Party Advisory"
]
},
{
diff --git a/CVE-2016/CVE-2016-67xx/CVE-2016-6787.json b/CVE-2016/CVE-2016-67xx/CVE-2016-6787.json
index fa8e0e070bb..b01df72e19c 100644
--- a/CVE-2016/CVE-2016-67xx/CVE-2016-6787.json
+++ b/CVE-2016/CVE-2016-67xx/CVE-2016-6787.json
@@ -2,8 +2,8 @@
"id": "CVE-2016-6787",
"sourceIdentifier": "security@android.com",
"published": "2016-12-28T07:59:00.260",
- "lastModified": "2017-11-04T01:29:22.287",
- "vulnStatus": "Modified",
+ "lastModified": "2023-06-07T12:46:14.750",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -15,13 +15,13 @@
}
],
"metrics": {
- "cvssMetricV30": [
+ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
- "version": "3.0",
- "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
@@ -85,8 +85,29 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
- "versionEndIncluding": "3.19.8",
- "matchCriteriaId": "13BE712D-C8FA-4B87-9A81-D23E0DD30FD3"
+ "versionEndExcluding": "3.2.85",
+ "matchCriteriaId": "9A5A178A-A60C-4053-AEE0-5164430206AD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.3",
+ "versionEndExcluding": "3.16.40",
+ "matchCriteriaId": "6C5B0F97-B38C-412B-93E9-148AC6F6B58E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.17",
+ "versionEndExcluding": "3.18.54",
+ "matchCriteriaId": "56806170-9BCD-4160-A14A-558EFAB98EC8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.19",
+ "versionEndExcluding": "4.0",
+ "matchCriteriaId": "8A7FC79A-26B7-4E34-BB99-D25E74514239"
}
]
}
@@ -111,17 +132,25 @@
},
{
"url": "http://www.debian.org/security/2017/dsa-3791",
- "source": "security@android.com"
+ "source": "security@android.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.securityfocus.com/bid/94679",
- "source": "security@android.com"
+ "source": "security@android.com",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1403842",
"source": "security@android.com",
"tags": [
- "Issue Tracking"
+ "Issue Tracking",
+ "Third Party Advisory"
]
},
{
diff --git a/CVE-2017/CVE-2017-10001xx/CVE-2017-1000112.json b/CVE-2017/CVE-2017-10001xx/CVE-2017-1000112.json
index 0c5f8d52ef0..b79afbef17d 100644
--- a/CVE-2017/CVE-2017-10001xx/CVE-2017-1000112.json
+++ b/CVE-2017/CVE-2017-10001xx/CVE-2017-1000112.json
@@ -2,8 +2,8 @@
"id": "CVE-2017-1000112",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-10-05T01:29:04.477",
- "lastModified": "2018-08-06T01:29:00.380",
- "vulnStatus": "Modified",
+ "lastModified": "2023-06-07T12:46:19.047",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -15,13 +15,13 @@
}
],
"metrics": {
- "cvssMetricV30": [
+ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
- "version": "3.0",
- "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
@@ -85,8 +85,44 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
- "versionEndIncluding": "4.13.9",
- "matchCriteriaId": "3259E528-10D8-4E5E-99CE-AE8E7A8AC898"
+ "versionStartIncluding": "2.6.15",
+ "versionEndExcluding": "3.10.108",
+ "matchCriteriaId": "C3FE348E-5745-49CF-B0F6-52AA3E4F3A42"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.11",
+ "versionEndExcluding": "3.16.47",
+ "matchCriteriaId": "1B863019-9BE4-4D3F-907A-B5BFDEEE975E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.17",
+ "versionEndExcluding": "3.18.65",
+ "matchCriteriaId": "15A3222E-681C-4561-B7DF-C1D36FE3773C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.19",
+ "versionEndExcluding": "4.4.82",
+ "matchCriteriaId": "BCC5E165-3BA3-42E8-A9B4-BAC5C9C90365"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.5",
+ "versionEndExcluding": "4.9.43",
+ "matchCriteriaId": "FE7B437E-2829-4956-BBB4-79F150CABB0C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.10",
+ "versionEndExcluding": "4.12.7",
+ "matchCriteriaId": "9186C944-947B-4F51-8956-925591EFF822"
}
]
}
@@ -105,7 +141,10 @@
},
{
"url": "http://www.debian.org/security/2017/dsa-3981",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.securityfocus.com/bid/100262",
@@ -125,39 +164,67 @@
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:2918",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:2930",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:2931",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:3200",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:1931",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:1932",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:4159",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-1000112",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.exploit-db.com/exploits/45147/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2017/CVE-2017-174xx/CVE-2017-17442.json b/CVE-2017/CVE-2017-174xx/CVE-2017-17442.json
index 2bf7c8898a6..dc03d682553 100644
--- a/CVE-2017/CVE-2017-174xx/CVE-2017-17442.json
+++ b/CVE-2017/CVE-2017-174xx/CVE-2017-17442.json
@@ -2,12 +2,12 @@
"id": "CVE-2017-17442",
"sourceIdentifier": "secure@blackberry.com",
"published": "2018-03-13T18:29:00.227",
- "lastModified": "2018-04-11T15:58:11.083",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-07T19:15:09.113",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link."
+ "value": "In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link.\n\n"
},
{
"lang": "es",
diff --git a/CVE-2017/CVE-2017-174xx/CVE-2017-17485.json b/CVE-2017/CVE-2017-174xx/CVE-2017-17485.json
index a7fc592104f..f4e357439ae 100644
--- a/CVE-2017/CVE-2017-174xx/CVE-2017-17485.json
+++ b/CVE-2017/CVE-2017-174xx/CVE-2017-17485.json
@@ -2,7 +2,7 @@
"id": "CVE-2017-17485",
"sourceIdentifier": "cve@mitre.org",
"published": "2018-01-10T18:29:01.167",
- "lastModified": "2021-01-19T15:51:00.490",
+ "lastModified": "2023-06-08T18:00:10.447",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -86,9 +86,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
- "versionStartIncluding": "2.6.0",
"versionEndExcluding": "2.6.7.3",
- "matchCriteriaId": "694CA8C9-6F69-4334-AE76-6C3C9F4D6DD6"
+ "matchCriteriaId": "1DF0B092-75D2-4A01-9CDC-B3AB2F4CF2C3"
},
{
"vulnerable": true,
diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20185.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20185.json
new file mode 100644
index 00000000000..d7f76a7f9ee
--- /dev/null
+++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20185.json
@@ -0,0 +1,92 @@
+{
+ "id": "CVE-2017-20185",
+ "sourceIdentifier": "cna@vuldb.com",
+ "published": "2023-06-06T02:15:09.473",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Fuzzy SWMP. It has been rated as problematic. This issue affects some unknown processing of the file swmp.php of the component GET Parameter Handler. The manipulation of the argument theme leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 792bcab637cb8c3bd251d8fc8771512c5329a93e. It is recommended to apply a patch to fix this issue. The identifier VDB-230669 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV30": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.5,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 1.4
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
+ "accessVector": "NETWORK",
+ "accessComplexity": "LOW",
+ "authentication": "SINGLE",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "PARTIAL",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.0
+ },
+ "baseSeverity": "MEDIUM",
+ "exploitabilityScore": 8.0,
+ "impactScore": 2.9,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": false
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/fuzzymannerz/swmp/commit/792bcab637cb8c3bd251d8fc8771512c5329a93e",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://github.com/fuzzymannerz/swmp/pull/12",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.230669",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?id.230669",
+ "source": "cna@vuldb.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2017/CVE-2017-75xx/CVE-2017-7525.json b/CVE-2017/CVE-2017-75xx/CVE-2017-7525.json
index 12d95ea95f6..ebc0b28b3c1 100644
--- a/CVE-2017/CVE-2017-75xx/CVE-2017-7525.json
+++ b/CVE-2017/CVE-2017-75xx/CVE-2017-7525.json
@@ -2,7 +2,7 @@
"id": "CVE-2017-7525",
"sourceIdentifier": "secalert@redhat.com",
"published": "2018-02-06T15:29:00.297",
- "lastModified": "2022-04-12T16:17:48.247",
+ "lastModified": "2023-06-08T17:57:47.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -96,9 +96,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
- "versionStartIncluding": "2.6.0",
"versionEndExcluding": "2.6.7.1",
- "matchCriteriaId": "B6E8B388-3493-43DC-953A-E5AF0514E6C2"
+ "matchCriteriaId": "2BD0008C-1562-400E-9E79-973384BAE68C"
},
{
"vulnerable": true,
diff --git a/CVE-2018/CVE-2018-113xx/CVE-2018-11307.json b/CVE-2018/CVE-2018-113xx/CVE-2018-11307.json
index 1334bc80e6e..ee0dccc3724 100644
--- a/CVE-2018/CVE-2018-113xx/CVE-2018-11307.json
+++ b/CVE-2018/CVE-2018-113xx/CVE-2018-11307.json
@@ -2,7 +2,7 @@
"id": "CVE-2018-11307",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-07-09T16:15:12.807",
- "lastModified": "2021-02-22T21:47:23.463",
+ "lastModified": "2023-06-08T17:56:38.010",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -86,9 +86,9 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
- "versionStartIncluding": "2.6.0",
+ "versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.6.7.3",
- "matchCriteriaId": "694CA8C9-6F69-4334-AE76-6C3C9F4D6DD6"
+ "matchCriteriaId": "7036DA13-110D-40B3-8494-E361BBF4AFCD"
},
{
"vulnerable": true,
@@ -360,6 +360,7 @@
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"source": "cve@mitre.org",
"tags": [
+ "Patch",
"Third Party Advisory"
]
}
diff --git a/CVE-2018/CVE-2018-209xx/CVE-2018-20967.json b/CVE-2018/CVE-2018-209xx/CVE-2018-20967.json
index cc5b97074d8..882ae568cf8 100644
--- a/CVE-2018/CVE-2018-209xx/CVE-2018-20967.json
+++ b/CVE-2018/CVE-2018-209xx/CVE-2018-20967.json
@@ -2,7 +2,7 @@
"id": "CVE-2018-20967",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-08-14T16:15:12.440",
- "lastModified": "2019-08-19T19:06:00.490",
+ "lastModified": "2023-06-06T18:43:33.990",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:smackcoders:wp_ultimate_csv_importer:*:*:*:*:*:wordpress:*:*",
+ "criteria": "cpe:2.3:a:smackcoders:import_all_pages\\,_post_types\\,_products\\,_orders\\,_and_users_as_xml_\\&_csv:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "5.6.1",
- "matchCriteriaId": "DE5BAA04-BB50-442E-B283-7687902C60E0"
+ "matchCriteriaId": "339A1411-8FA5-44CA-A22D-7D406CE33958"
}
]
}
diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25046.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25046.json
index 4d284e33e73..1503953128b 100644
--- a/CVE-2018/CVE-2018-250xx/CVE-2018-25046.json
+++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25046.json
@@ -2,12 +2,12 @@
"id": "CVE-2018-25046",
"sourceIdentifier": "security@golang.org",
"published": "2022-12-27T22:15:11.140",
- "lastModified": "2023-01-06T16:31:54.073",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-08T21:15:15.203",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory."
+ "value": "Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory."
}
],
"metrics": {
diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25086.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25086.json
index 8f425a41680..ed147676ad4 100644
--- a/CVE-2018/CVE-2018-250xx/CVE-2018-25086.json
+++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25086.json
@@ -2,8 +2,8 @@
"id": "CVE-2018-25086",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-01T07:15:08.860",
- "lastModified": "2023-06-01T13:00:30.717",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T20:01:17.053",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@@ -71,22 +93,53 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:fanpress_cm_project:fanpress_cm:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.6.0",
+ "versionEndIncluding": "3.6.3",
+ "matchCriteriaId": "4B8BBB43-6747-480E-91C2-B47173EE96F4"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/sea75300/fanpresscm3/commit/c380d343c2107fcee55ab00eb8d189ce5e03369b",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/sea75300/fanpresscm3/releases/tag/v3.6.4",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Release Notes"
+ ]
},
{
"url": "https://vuldb.com/?ctiid.230235",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required"
+ ]
},
{
"url": "https://vuldb.com/?id.230235",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25087.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25087.json
new file mode 100644
index 00000000000..970d1721258
--- /dev/null
+++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25087.json
@@ -0,0 +1,92 @@
+{
+ "id": "CVE-2018-25087",
+ "sourceIdentifier": "cna@vuldb.com",
+ "published": "2023-06-06T03:15:08.947",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A vulnerability classified as problematic was found in Arborator Server. This vulnerability affects the function start of the file project.cgi. The manipulation of the argument project leads to denial of service. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as cdbdbcbd491db65e9d697ab4365605fdfab1a604. It is recommended to apply a patch to fix this issue. VDB-230662 is the identifier assigned to this vulnerability."
+ },
+ {
+ "lang": "es",
+ "value": "Esta vulnerabilidad afecta a la funci\u00f3n de inicio del archivo project.cgi de Arborator Server. La manipulaci\u00f3n de los argumentos del archivo project provoca una denegaci\u00f3n de servicio. Este producto utiliza un ciclo de actualizaciones continua, por lo tanto no hay detalles de la versi\u00f3n afectada ni actualizadas. El parche es identificado como cdbdbcbd491db65e9d697ab4365605fdfab1a604. Es recomendable aplicar un parche para solucionar este problema. El identificador asignado a esta vulnerabilidad es VDB-230662."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV30": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "LOW",
+ "baseScore": 3.5,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 1.4
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P",
+ "accessVector": "ADJACENT_NETWORK",
+ "accessComplexity": "LOW",
+ "authentication": "SINGLE",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "PARTIAL",
+ "baseScore": 2.7
+ },
+ "baseSeverity": "LOW",
+ "exploitabilityScore": 5.1,
+ "impactScore": 2.9,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": false
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-404"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/Arborator/arborator-server/commit/cdbdbcbd491db65e9d697ab4365605fdfab1a604",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.230662",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?id.230662",
+ "source": "cna@vuldb.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-169xx/CVE-2019-16942.json b/CVE-2019/CVE-2019-169xx/CVE-2019-16942.json
index 02f2893ffc6..8b93eedf45e 100644
--- a/CVE-2019/CVE-2019-169xx/CVE-2019-16942.json
+++ b/CVE-2019/CVE-2019-169xx/CVE-2019-16942.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-16942",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-10-01T17:15:10.323",
- "lastModified": "2022-10-29T02:32:52.257",
+ "lastModified": "2023-06-08T18:00:31.667",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -86,9 +86,9 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
- "versionStartIncluding": "2.6.0",
+ "versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.6.7.3",
- "matchCriteriaId": "694CA8C9-6F69-4334-AE76-6C3C9F4D6DD6"
+ "matchCriteriaId": "7036DA13-110D-40B3-8494-E361BBF4AFCD"
},
{
"vulnerable": true,
diff --git a/CVE-2019/CVE-2019-250xx/CVE-2019-25073.json b/CVE-2019/CVE-2019-250xx/CVE-2019-25073.json
index 543764b1e91..718f51be07d 100644
--- a/CVE-2019/CVE-2019-250xx/CVE-2019-25073.json
+++ b/CVE-2019/CVE-2019-250xx/CVE-2019-25073.json
@@ -2,12 +2,12 @@
"id": "CVE-2019-25073",
"sourceIdentifier": "security@golang.org",
"published": "2022-12-27T22:15:11.397",
- "lastModified": "2023-01-06T16:55:35.867",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-08T21:15:15.307",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "Improper path santiziation in github.com/goadesign/goa before v3.0.9, v2.0.10, or v1.4.3 allow remote attackers to read files outside of the intended directory."
+ "value": "Improper path sanitization in github.com/goadesign/goa before v3.0.9, v2.0.10, or v1.4.3 allow remote attackers to read files outside of the intended directory."
}
],
"metrics": {
diff --git a/CVE-2019/CVE-2019-251xx/CVE-2019-25138.json b/CVE-2019/CVE-2019-251xx/CVE-2019-25138.json
new file mode 100644
index 00000000000..85e2a57504f
--- /dev/null
+++ b/CVE-2019/CVE-2019-251xx/CVE-2019-25138.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2019-25138",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:09.963",
+ "lastModified": "2023-06-07T02:45:10.733",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the usp_check_images function in versions up to, and including, 20190312. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-434"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/arbitrary-file-upload-vulnerability-in-wordpress-user-submitted-posts-plugin/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wordpress.org/plugins/user-submitted-posts/#developers",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a97877b-fb4d-4e87-bcff-56be65fee6ce?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-251xx/CVE-2019-25139.json b/CVE-2019/CVE-2019-251xx/CVE-2019-25139.json
new file mode 100644
index 00000000000..d7be9fab6da
--- /dev/null
+++ b/CVE-2019/CVE-2019-251xx/CVE-2019-25139.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2019-25139",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:10.033",
+ "lastModified": "2023-06-07T02:45:10.733",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthenticated settings reset in versions up to, and including 1.8.1 due to missing capability checks in the ~/functions/data-reset-post.php file which makes it possible for unauthenticated attackers to trigger a plugin settings reset."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 2.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/unauthenticated-stored-xss-in-wordpress-coming-soon-page-and-maintenance-mode-plugin/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2121321",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2123149",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/61fdc6e9-75ea-4226-9527-a5fd02efde70?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-251xx/CVE-2019-25140.json b/CVE-2019/CVE-2019-251xx/CVE-2019-25140.json
new file mode 100644
index 00000000000..0915e473cf7
--- /dev/null
+++ b/CVE-2019/CVE-2019-251xx/CVE-2019-25140.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2019-25140",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:10.107",
+ "lastModified": "2023-06-07T02:45:10.733",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WordPress Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the logo_width, logo_height, rcsp_logo_url, home_sec_link_txt, rcsp_headline and rcsp_description parameters in versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/unauthenticated-stored-xss-in-wordpress-coming-soon-page-and-maintenance-mode-plugin/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2121321/responsive-coming-soon",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2123149/responsive-coming-soon",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/738c6c77-97ef-4e47-9f14-9b73ea425bc2?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-251xx/CVE-2019-25141.json b/CVE-2019/CVE-2019-251xx/CVE-2019-25141.json
new file mode 100644
index 00000000000..c036cff0c80
--- /dev/null
+++ b/CVE-2019/CVE-2019-251xx/CVE-2019-25141.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2019-25141",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:10.180",
+ "lastModified": "2023-06-07T02:45:10.733",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability checks on the admin_init() function, in addition to insufficient input validation. This makes it possible for unauthenticated attackers to modify the plugins settings and arbitrary options on the site that can be used to inject new administrative user accounts."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/critical-0day-vulnerability-fixed-in-wordpress-easy-wp-smtp-plugin/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Feasy-wp-smtp&old=2052057&new_path=%2Feasy-wp-smtp&new=2052058&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wordpress.org/support/topic/vulnerability-26/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/84b75f7d-7258-46f6-aee6-b96d70bee264?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-251xx/CVE-2019-25142.json b/CVE-2019/CVE-2019-251xx/CVE-2019-25142.json
new file mode 100644
index 00000000000..03fd2dfb661
--- /dev/null
+++ b/CVE-2019/CVE-2019-251xx/CVE-2019-25142.json
@@ -0,0 +1,79 @@
+{
+ "id": "CVE-2019-25142",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:10.250",
+ "lastModified": "2023-06-07T02:45:10.733",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 (Mesmerize) and 1.0.172 (Materialis). This is due to 'companion_disable_popup' function only checking the nonce while sending user input to the 'update_option' function. This makes it possible for authenticated attackers to change otherwise restricted options."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-mesmerize-and-materialis-themes-fixed-an-authenticated-options-change-vulnerability/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=121290%40materialis&new=121290%40materialis&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=121291%40mesmerize&new=121291%40mesmerize&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wordpress.org/themes/materialis/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wordpress.org/themes/mesmerize/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wpscan.com/vulnerability/e4d70f03-69d5-4cca-8300-985f68d19ddc",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8c9c3302-47cd-4dbe-b79e-5e6032928074?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-251xx/CVE-2019-25143.json b/CVE-2019/CVE-2019-251xx/CVE-2019-25143.json
new file mode 100644
index 00000000000..e7fd0f47517
--- /dev/null
+++ b/CVE-2019/CVE-2019-251xx/CVE-2019-25143.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2019-25143",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:10.320",
+ "lastModified": "2023-06-07T02:45:10.733",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdpr_cookie_compliance_reset_settings AJAX action in versions up to, and including, 4.0.2. This makes it possible for authenticated attackers to reset all of the settings."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-gdpr-cookie-compliance-plugin-fixed-authenticated-settings-deletion-vulnerability/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wpscan.com/vulnerability/5ac51325-a7f5-4d38-9b41-61855206083d",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-gdpr-cookie-compliance-security-bypass-4-0-2/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9116d719-f536-4b8a-9e73-9a8a922f8a35?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-251xx/CVE-2019-25144.json b/CVE-2019/CVE-2019-251xx/CVE-2019-25144.json
new file mode 100644
index 00000000000..1a8069d0390
--- /dev/null
+++ b/CVE-2019/CVE-2019-251xx/CVE-2019-25144.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2019-25144",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:10.380",
+ "lastModified": "2023-06-07T02:45:10.733",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.2.10 due to insufficient input sanitization. This makes it possible for unauthenticated attackers to inject arbitrary HTML in pages that execute if they can successfully trick a administrator into performing an action such as clicking on a link."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-80"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-vulnerable-to-html-injection/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/946ba166-3309-4e47-8b6b-d3f017bbfcc8?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-251xx/CVE-2019-25145.json b/CVE-2019/CVE-2019-251xx/CVE-2019-25145.json
new file mode 100644
index 00000000000..673947feddf
--- /dev/null
+++ b/CVE-2019/CVE-2019-251xx/CVE-2019-25145.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2019-25145",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:10.447",
+ "lastModified": "2023-06-07T02:45:10.733",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Contact Form & SMTP Plugin by PirateForms plugin for WordPress is vulnerable to HTML injection in the \u2018public/class-pirateforms-public.php\u2019 file in versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary HTML in emails that could be used to phish unsuspecting victims."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/html-injection-vulnerability-in-wordpress-pirate-forms-plugin/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9e34c3f6-cc84-4e45-9948-6f7fd5cba8cd?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-251xx/CVE-2019-25146.json b/CVE-2019/CVE-2019-251xx/CVE-2019-25146.json
new file mode 100644
index 00000000000..8311782d6d9
--- /dev/null
+++ b/CVE-2019/CVE-2019-251xx/CVE-2019-25146.json
@@ -0,0 +1,71 @@
+{
+ "id": "CVE-2019-25146",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:10.513",
+ "lastModified": "2023-06-07T02:45:10.733",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The DELUCKS SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the saveSettings() function that had no capability checks in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute whenever a victim accesses the page."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/vulnerability-in-the-wordpress-delucks-seo-plugin-actively-exploited/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2161211",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-delucks-seo-cross-site-scripting-2-1-7/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.pluginvulnerabilities.com/2019/09/21/hackers-may-already-be-targeting-this-persistent-xss-vulnerability-in-delucks-seo/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aaa2f738-4764-467c-9544-889ca8ba73d1?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-251xx/CVE-2019-25147.json b/CVE-2019/CVE-2019-251xx/CVE-2019-25147.json
new file mode 100644
index 00000000000..ee733e9d985
--- /dev/null
+++ b/CVE-2019/CVE-2019-251xx/CVE-2019-25147.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2019-25147",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:10.577",
+ "lastModified": "2023-06-07T02:45:10.733",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Pretty Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via various IP headers as well as the referer header in versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping in the track_link function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/stored-xss-and-csv-injection-vulnerabilities-in-wordpress-shortlinks-by-pretty-links-plugin/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2108490%40pretty-link%2Ftrunk&old=2078274%40pretty-link%2Ftrunk&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ae058c5b-b90b-4a1e-9f56-d56dbd2d3607?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-251xx/CVE-2019-25148.json b/CVE-2019/CVE-2019-251xx/CVE-2019-25148.json
new file mode 100644
index 00000000000..26bfd2a7add
--- /dev/null
+++ b/CVE-2019/CVE-2019-251xx/CVE-2019-25148.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2019-25148",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:10.633",
+ "lastModified": "2023-06-07T02:45:10.733",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.9.0.3 due to insufficient input sanitization. This makes it possible for unauthenticated attackers to inject arbitrary HTML in pages that execute if they can successfully trick a administrator into performing an action such as clicking on a link."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-vulnerable-to-html-injection/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.svn.wordpress.org/wp-html-mail/trunk/readme.txt",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b3af900c-4048-4f4f-93e9-c60ca34d015b?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-251xx/CVE-2019-25149.json b/CVE-2019/CVE-2019-251xx/CVE-2019-25149.json
new file mode 100644
index 00000000000..e50423d6fac
--- /dev/null
+++ b/CVE-2019/CVE-2019-251xx/CVE-2019-25149.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2019-25149",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:10.700",
+ "lastModified": "2023-06-07T02:45:10.733",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary Plugin Deactivation in versions up to, and including, 2.0.6. This allows authenticated attackers with any capability level to deactivate any plugin on the site, including plugins necessary to site functionality or security."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.6,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 4.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-285"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-ape-gallery-plugin-fixed-authenticated-arbitrary-plugin-deactivation-vulnerability/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dfd6c2b8-b00c-49d1-930f-50397e742ac5?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-251xx/CVE-2019-25150.json b/CVE-2019/CVE-2019-251xx/CVE-2019-25150.json
new file mode 100644
index 00000000000..8cf86b10c9b
--- /dev/null
+++ b/CVE-2019/CVE-2019-251xx/CVE-2019-25150.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2019-25150",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:10.773",
+ "lastModified": "2023-06-07T02:45:10.733",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Email Templates plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.3. This makes it possible for attackers to present phishing forms or conduct cross-site request forgery attacks against site administrators."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-74"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-vulnerable-to-html-injection/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wordpress.org/plugins/email-templates/#developers",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f5c449f1-4715-4033-b0a3-6a8ca968aabc?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-251xx/CVE-2019-25151.json b/CVE-2019/CVE-2019-251xx/CVE-2019-25151.json
new file mode 100644
index 00000000000..0bd23670217
--- /dev/null
+++ b/CVE-2019/CVE-2019-251xx/CVE-2019-25151.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2019-25151",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:10.843",
+ "lastModified": "2023-06-07T02:45:10.733",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Funnel Builder plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the activate_plugin function in versions up to, and including, 1.3.0. This makes it possible for authenticated attackers to activate any plugin on the vulnerable service."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-269"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/privilege-escalation-vulnerability-fixed-in-wordpress-cartflows-plugin/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wpscan.com/vulnerability/b6725319-909f-4d5c-9b34-8b6ea627b223%5D",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-funnel-builder-by-cartflows-create-high-converting-sales-funnels-for-wordpress-privilege-escalation-1-3-0/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f0b95670-0767-4325-88d0-4ae6d7302558?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-107xx/CVE-2020-10732.json b/CVE-2020/CVE-2020-107xx/CVE-2020-10732.json
index 068da0fc07d..88058b1faf9 100644
--- a/CVE-2020/CVE-2020-107xx/CVE-2020-10732.json
+++ b/CVE-2020/CVE-2020-107xx/CVE-2020-10732.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-10732",
"sourceIdentifier": "secalert@redhat.com",
"published": "2020-06-12T14:15:11.277",
- "lastModified": "2023-02-12T23:38:59.777",
- "vulnStatus": "Modified",
+ "lastModified": "2023-06-06T13:46:20.090",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -115,8 +115,51 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
- "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "3.16.85",
+ "matchCriteriaId": "4F9567FB-F394-443B-9A95-1DA060A9CCA6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.4",
+ "versionEndExcluding": "4.4.226",
+ "matchCriteriaId": "73253D32-56D4-437F-A88C-25D7A631AA5C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.9",
+ "versionEndExcluding": "4.9.226",
+ "matchCriteriaId": "C08B096E-3683-410F-8B4F-B4A9C9A1A57E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.14",
+ "versionEndExcluding": "4.14.183",
+ "matchCriteriaId": "05BF7F52-27D8-4903-8006-5890E8F01ECE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.19",
+ "versionEndExcluding": "4.19.126",
+ "matchCriteriaId": "8A296354-CF5F-4631-8F36-7C4C8F3452C6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "5.4",
+ "versionEndExcluding": "5.4.44",
+ "matchCriteriaId": "381D2366-9899-4AFC-A83A-A2883EE78FA7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "5.6",
+ "versionEndExcluding": "5.6.16",
+ "matchCriteriaId": "FA20E67F-6725-42A2-92B6-498AFAC5CD22"
}
]
}
@@ -583,7 +626,10 @@
},
{
"url": "https://lore.kernel.org/lkml/CAG_fn=VZZ7yUxtOGzuTLkr7wmfXWtKK9BHHYawj=rt9XWnCYvg%40mail.gmail.com/",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://security.netapp.com/advisory/ntap-20210129-0005/",
diff --git a/CVE-2020/CVE-2020-160xx/CVE-2020-16009.json b/CVE-2020/CVE-2020-160xx/CVE-2020-16009.json
index 1f2afd1e95f..84e12ec2a97 100644
--- a/CVE-2020/CVE-2020-160xx/CVE-2020-16009.json
+++ b/CVE-2020/CVE-2020-160xx/CVE-2020-16009.json
@@ -2,12 +2,12 @@
"id": "CVE-2020-16009",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2020-11-03T03:15:15.527",
- "lastModified": "2021-07-21T11:39:23.747",
+ "lastModified": "2023-06-06T13:59:53.593",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2021-11-03",
"cisaActionDue": "2022-05-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
- "cisaVulnerabilityName": "Chromium V8 Implementation Vulnerability",
+ "cisaVulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability",
"descriptions": [
{
"lang": "en",
@@ -90,6 +90,12 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cefsharp:cefsharp:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "86.0.241",
+ "matchCriteriaId": "43539102-63D7-4F9D-A7D7-CA4AFC1853A6"
+ },
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
diff --git a/CVE-2020/CVE-2020-190xx/CVE-2020-19028.json b/CVE-2020/CVE-2020-190xx/CVE-2020-19028.json
index 593d21bdc0a..b946c2e3ba3 100644
--- a/CVE-2020/CVE-2020-190xx/CVE-2020-19028.json
+++ b/CVE-2020/CVE-2020-190xx/CVE-2020-19028.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-19028",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-05T21:15:10.307",
- "lastModified": "2023-06-05T21:15:10.307",
- "vulnStatus": "Received",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2020/CVE-2020-365xx/CVE-2020-36559.json b/CVE-2020/CVE-2020-365xx/CVE-2020-36559.json
index d12e766bd3d..dc5c44d707f 100644
--- a/CVE-2020/CVE-2020-365xx/CVE-2020-36559.json
+++ b/CVE-2020/CVE-2020-365xx/CVE-2020-36559.json
@@ -2,12 +2,12 @@
"id": "CVE-2020-36559",
"sourceIdentifier": "security@golang.org",
"published": "2022-12-27T22:15:11.500",
- "lastModified": "2023-01-06T16:58:38.340",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-08T21:15:15.410",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "Due to improper santization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read."
+ "value": "Due to improper sanitization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read."
}
],
"metrics": {
diff --git a/CVE-2020/CVE-2020-365xx/CVE-2020-36560.json b/CVE-2020/CVE-2020-365xx/CVE-2020-36560.json
index f2fe2ca068e..77b4ffdde4e 100644
--- a/CVE-2020/CVE-2020-365xx/CVE-2020-36560.json
+++ b/CVE-2020/CVE-2020-365xx/CVE-2020-36560.json
@@ -2,12 +2,12 @@
"id": "CVE-2020-36560",
"sourceIdentifier": "security@golang.org",
"published": "2022-12-27T22:15:11.573",
- "lastModified": "2023-01-06T01:26:52.687",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-08T21:15:15.467",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory."
+ "value": "Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory."
}
],
"metrics": {
diff --git a/CVE-2020/CVE-2020-365xx/CVE-2020-36561.json b/CVE-2020/CVE-2020-365xx/CVE-2020-36561.json
index d288760562e..bc590b5ac1f 100644
--- a/CVE-2020/CVE-2020-365xx/CVE-2020-36561.json
+++ b/CVE-2020/CVE-2020-365xx/CVE-2020-36561.json
@@ -2,12 +2,12 @@
"id": "CVE-2020-36561",
"sourceIdentifier": "security@golang.org",
"published": "2022-12-27T22:15:11.623",
- "lastModified": "2023-01-06T01:27:02.303",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-08T21:15:15.530",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory."
+ "value": "Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory."
}
],
"metrics": {
diff --git a/CVE-2020/CVE-2020-365xx/CVE-2020-36566.json b/CVE-2020/CVE-2020-365xx/CVE-2020-36566.json
index 9a3d7e4d12e..50361de45f5 100644
--- a/CVE-2020/CVE-2020-365xx/CVE-2020-36566.json
+++ b/CVE-2020/CVE-2020-365xx/CVE-2020-36566.json
@@ -2,12 +2,12 @@
"id": "CVE-2020-36566",
"sourceIdentifier": "security@golang.org",
"published": "2022-12-27T22:15:11.723",
- "lastModified": "2023-01-06T01:27:35.930",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-08T21:15:15.587",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory."
+ "value": "Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory."
}
],
"metrics": {
diff --git a/CVE-2020/CVE-2020-366xx/CVE-2020-36694.json b/CVE-2020/CVE-2020-366xx/CVE-2020-36694.json
index ee709de0738..2136ddf16a1 100644
--- a/CVE-2020/CVE-2020-366xx/CVE-2020-36694.json
+++ b/CVE-2020/CVE-2020-366xx/CVE-2020-36694.json
@@ -2,7 +2,7 @@
"id": "CVE-2020-36694",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-21T23:15:08.960",
- "lastModified": "2023-05-26T03:35:48.850",
+ "lastModified": "2023-06-06T18:41:54.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -17,19 +17,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "attackVector": "NETWORK",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
"attackComplexity": "LOW",
- "privilegesRequired": "NONE",
+ "privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
- "baseScore": 9.8,
- "baseSeverity": "CRITICAL"
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
},
- "exploitabilityScore": 3.9,
+ "exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
diff --git a/CVE-2020/CVE-2020-366xx/CVE-2020-36696.json b/CVE-2020/CVE-2020-366xx/CVE-2020-36696.json
new file mode 100644
index 00000000000..7e50feb091e
--- /dev/null
+++ b/CVE-2020/CVE-2020-366xx/CVE-2020-36696.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2020-36696",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:10.930",
+ "lastModified": "2023-06-07T02:45:10.733",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_downloads() function in versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to download files from the vulnerable service."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-285"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/high-severity-vulnerability-fixed-in-product-input-fields-for-woocommerce/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2349889%40product-input-fields-for-woocommerce&new=2349889%40product-input-fields-for-woocommerce&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wpscan.com/vulnerability/15f345e6-fc53-4bac-bc5a-de898181ea74",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01e41573-9329-48e1-9191-e8e1532f7afc?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-366xx/CVE-2020-36697.json b/CVE-2020/CVE-2020-366xx/CVE-2020-36697.json
new file mode 100644
index 00000000000..f1f22189321
--- /dev/null
+++ b/CVE-2020/CVE-2020-366xx/CVE-2020-36697.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2020-36697",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:10.997",
+ "lastModified": "2023-06-07T02:45:10.733",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WP GDPR plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 2.1.1. This makes it possible for unauthenticated attackers to delete any comment and modify the plugin\u2019s settings."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 7.3,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/unauthenticated-stored-xss-and-content-spoofing-vulnerabilities-in-wordpress-wp-gdpr-plugin-unpatched/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wp-gdpr-multiple-vulnerabilities-2-1-1/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/032e775a-97be-4d93-bac3-094e35be4b11?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-366xx/CVE-2020-36699.json b/CVE-2020/CVE-2020-366xx/CVE-2020-36699.json
new file mode 100644
index 00000000000..4c7df4d9420
--- /dev/null
+++ b/CVE-2020/CVE-2020-366xx/CVE-2020-36699.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2020-36699",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:11.060",
+ "lastModified": "2023-06-07T02:45:04.330",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Quick Page/Post Redirect Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the qppr_save_quick_redirect_ajax and qppr_delete_quick_redirect functions in versions up to, and including, 5.1.9. This makes it possible for low-privileged attackers to interact with the plugin settings and to create a redirect link that would forward all traffic to an external malicious website."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-284"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-wordpress-quick-page-post-redirect-plugin-unpatched/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wpscan.com/vulnerability/10198",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-quick-page-post-redirect-security-bypass-5-1-9/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/11c4b855-8589-4ad2-b414-566ac8eb4632?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36700.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36700.json
new file mode 100644
index 00000000000..45fbf2a87b6
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36700.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2020-36700",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:11.127",
+ "lastModified": "2023-06-07T02:45:04.330",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. This is due to a security nonce being leaked in the '/wp-admin/index.php' page. This makes it possible for authenticated attackers to change arbitrary WordPress options, delete arbitrary files/folders, and inject arbitrary content."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-284"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-kingcomposer-page-builder-fixed-multiple-critical-vulnerabilities/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2320014%40kingcomposer&new=2320014%40kingcomposer&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wordpress.org/plugins/kingcomposer/#developers",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1bdba04e-df4d-4094-877e-611d69e2e25d?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36701.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36701.json
new file mode 100644
index 00000000000..fd06f609dbb
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36701.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2020-36701",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:11.193",
+ "lastModified": "2023-06-07T02:45:04.330",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Page Builder: KingComposer plugin for WordPress is vulnerable to Arbitrary File Uploads in versions up to, and including, 2.9.3 via the 'process_bulk_action' function in the 'kingcomposer/includes/kc.extensions.php' file. This makes it possible for authenticated users with author level permissions and above to upload arbitrary files onto the server which can be used to execute code on the server."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-434"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-kingcomposer-page-builder-fixed-multiple-critical-vulnerabilities/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2320014%40kingcomposer&new=2320014%40kingcomposer&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wordpress.org/plugins/kingcomposer/#developers",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/45a62dd0-386c-41b3-b8dd-ced443da9f92?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36702.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36702.json
new file mode 100644
index 00000000000..08f71737cfe
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36702.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2020-36702",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:11.257",
+ "lastModified": "2023-06-07T02:45:04.330",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7. This is due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber+ roles to update the plugin's settings."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 3.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-ultimate-addons-for-gutenberg-plugin-fixed-vulnerability/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4419a302-4305-44f8-a256-dd276b5cd751?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36703.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36703.json
new file mode 100644
index 00000000000..83b04fa10ba
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36703.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2020-36703",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:11.327",
+ "lastModified": "2023-06-07T02:45:04.330",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the upload_files capability to inject arbitrary web scripts in pages that will execute whenever a user accesses the page with the stored web scripts."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.1,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-elementor-plugin-fixed-svg-xss-protection-bypass-vulnerability/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/42db52ae-f881-4082-b475-8577a28641c6?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36704.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36704.json
new file mode 100644
index 00000000000..b7da5245ed0
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36704.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2020-36704",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:11.380",
+ "lastModified": "2023-06-07T02:45:04.330",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Fruitful Theme for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters stored via the fruitful_theme_options_action AJAX action in versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.1,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/authenticated-stored-xss-vulnerability-in-wordpress-fruitful-theme/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/49cf047f-4e8c-4f37-b8c0-d931c02fda7c?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36705.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36705.json
new file mode 100644
index 00000000000..49437edf996
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36705.json
@@ -0,0 +1,71 @@
+{
+ "id": "CVE-2020-36705",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T13:15:09.167",
+ "lastModified": "2023-06-07T14:35:57.670",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the _ning_upload_image function in versions up to, and including, 1.5.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-434"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/critical-vulnerability-in-adning-advertising-plugin-actively-exploited-in-the-wild/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://codecanyon.net/item/wp-pro-advertising-system-all-in-one-ad-manager/269693",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wpscan.com/vulnerability/e9873fe3-fc06-4a52-aa32-6922cab7830c",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/blog/2020/07/critical-vulnerabilities-patched-in-adning-advertising-plugin/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4a263b74-e9ae-4fd2-be9b-9b8e9eee5982?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36707.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36707.json
new file mode 100644
index 00000000000..5a46284725a
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36707.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2020-36707",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:11.440",
+ "lastModified": "2023-06-07T02:45:04.330",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Coming Soon & Maintenance Mode Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.57. This is due to confusing logic functions missing or having incorrect nonce validation. This makes it possible for unauthenticated attackers to gain and perform otherwise unauthorized access and actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://jetpack.com/features/security/library/nifty-coming-soon-and-under-construction-page-plugin/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wpscan.com/vulnerability/aa47a464-af97-43bc-b6cb-75a08ce3ece7",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-coming-soon-maintenance-mode-page-cross-site-request-forgery-1-57/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/59278214-b0ce-44bf-8d8f-265c5c50006a?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36708.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36708.json
new file mode 100644
index 00000000000..e74ad6f2371
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36708.json
@@ -0,0 +1,71 @@
+{
+ "id": "CVE-2020-36708",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:11.503",
+ "lastModified": "2023-06-07T02:45:04.330",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1.2.7, MedZone Lite <= 1.2.4, Regina Lite <= 2.0.4, Transcend <= 1.1.8, Affluent <= 1.1.0, Bonkers <= 1.0.4, Antreas <= 1.0.2, Sparkling <= 2.4.8, and NatureMag Lite <= 1.0.4. This is due to epsilon_framework_ajax_action. This makes it possible for unauthenticated attackers to call functions and achieve remote code execution."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-94"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/unauthenticated-function-injection-vulnerability-fixed-in-15-wordpress-themes/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://blog.nintechnet.com/unauthenticated-function-injection-vulnerability-in-wordpress-sparkling-theme/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wpscan.com/vulnerability/bec52a5b-c892-4763-a962-05da7100eca5",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/blog/2020/11/large-scale-attacks-target-epsilon-framework-themes/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5b75c322-539d-44e9-8f26-5ff929874b67?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36709.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36709.json
new file mode 100644
index 00000000000..8ad922bd89b
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36709.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2020-36709",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:11.570",
+ "lastModified": "2023-06-07T02:45:04.330",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Page Builder: KingComposer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via via shortcode in versions before 2.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-kingcomposer-page-builder-fixed-multiple-critical-vulnerabilities/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wpsocket.com/plugin/kingcomposer/changelog/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6447de64-b484-4f64-ad78-7df81b5a0ed7?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36710.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36710.json
new file mode 100644
index 00000000000..36fe2c283e2
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36710.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2020-36710",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:11.637",
+ "lastModified": "2023-06-07T02:45:04.330",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-863"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-wps-hide-login-fixed-security-issue/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7808329f-1688-480c-a83c-c4ab2fa86da6?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36711.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36711.json
new file mode 100644
index 00000000000..a726b57a37c
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36711.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2020-36711",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:11.707",
+ "lastModified": "2023-06-07T02:45:04.330",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the update_layout function in versions up to, and including, 6.2.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.1,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/avada-wordpress-theme-fixed-multiple-vulnerabilities/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://theme-fusion.com/security-fix-added-in-6-2-3/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/684a1e8e-30f2-47dd-9df6-145198030c52?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36712.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36712.json
new file mode 100644
index 00000000000..854947f74ee
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36712.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2020-36712",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:11.770",
+ "lastModified": "2023-06-07T02:45:04.330",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. This is due to the kaliforms_form_delete_uploaded_file function lacking any privilege or user protections. This makes it possible for unauthenticated attackers to delete any site post or page with the id parameter."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.6,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 4.0
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-kali-forms-plugin-fixed-multiple-vulnerabilities/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/92644676-add4-415c-9a1a-c6616108688d?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36713.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36713.json
new file mode 100644
index 00000000000..8c00c868c32
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36713.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2020-36713",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:11.837",
+ "lastModified": "2023-06-07T02:45:04.330",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.1.5. This is due to unrestricted access to the 'register' and 'update_user_profile' routes. This makes it possible for unauthenticated attackers to create new administrator accounts, delete existing administrator accounts, or escalate privileges on any account."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-288"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/critical-vulnerability-fixed-in-wordpress-mstore-api-plugin/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-mstore-api-security-bypass-2-1-5/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/934c3ce9-cf2d-4bf6-9a34-f448cb2e5a1d?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36715.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36715.json
new file mode 100644
index 00000000000..58e2fa62c41
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36715.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2020-36715",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:11.920",
+ "lastModified": "2023-06-07T02:45:04.330",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Login/Signup Popup plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions up to, and including, 1.4. This makes it possible for authenticated attackers to inject arbitrary web scripts into the plugin settings that execute if they can successfully trick a user into performing an action such as clicking on a link."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 7.4,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.1,
+ "impactScore": 3.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/zero-day-vulnerability-fixed-in-wordpress-login-signup-popup-plugin/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2304979/easy-login-woocommerce",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/96d264fe-e7e1-4eec-b235-9d288bc5a22f?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36716.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36716.json
new file mode 100644
index 00000000000..918142372f9
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36716.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2020-36716",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:11.987",
+ "lastModified": "2023-06-07T02:45:04.330",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setup_page function in versions up to, and including, 4.0.1. This makes it possible for unauthenticated attackers to run the setup wizard (if it has not been run previously) and access plugin configuration options."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 7.3,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-wp-security-audit-log-plugin/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2252006",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9d0a8be3-6630-4cf7-b6cb-cdc86b99acb3?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36717.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36717.json
new file mode 100644
index 00000000000..2ab1f93cabb
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36717.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2020-36717",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:12.043",
+ "lastModified": "2023-06-07T02:45:04.330",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to incorrect nonce handling throughout the plugin's function. This makes it possible for unauthenticated attackers to access the plugin's administrative functions via forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-kali-forms-plugin-fixed-multiple-vulnerabilities/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a5bcf456-f991-4775-8c3e-a3c0212a5765?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36718.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36718.json
new file mode 100644
index 00000000000..161ba12ff56
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36718.json
@@ -0,0 +1,75 @@
+{
+ "id": "CVE-2020-36718",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:12.107",
+ "lastModified": "2023-06-07T02:45:04.330",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input \"njt_gdpr_allow_permissions\" value. This allows unauthenticated attackers to inject a PHP Object."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-502"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/gdpr-ccpa-compliance-support-plugin-fixed-insecure-deserialization-vulnerability/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2408938",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2411356/ninja-gdpr-compliance",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wordpress.org/plugins/ninja-gdpr-compliance/#developers",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wpscan.com/vulnerability/92f1d6fb-c665-419e-a13b-688b1df6c395",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a2871261-3231-4a52-9a38-bb3caf461e7d?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36719.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36719.json
new file mode 100644
index 00000000000..541562f4805
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36719.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2020-36719",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:12.173",
+ "lastModified": "2023-06-07T02:45:04.330",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lp_cc_addons_actions function. This makes it possible for unauthenticated attackers to arbitrarily install, activate and deactivate any plugin."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-listingpro-theme-fixed-a-critical-vulnerability/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://themeforest.net/item/listingpro-multipurpose-directory-theme/19386460",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a08fa649-3092-4c26-a009-2dd576b9b1ac?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36720.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36720.json
new file mode 100644
index 00000000000..0c792ada83c
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36720.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2020-36720",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:12.233",
+ "lastModified": "2023-06-07T02:45:04.330",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the update_option lacking proper authentication checks. This makes it possible for any authenticated attacker to change (or delete) the plugin's settings."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 4.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-kali-forms-plugin-fixed-multiple-vulnerabilities/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wordpress.org/plugins/kali-forms/#developers",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9ed8e24d-6bd0-4638-9031-997ce2228fad?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36721.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36721.json
new file mode 100644
index 00000000000..f73f6cfc96a
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36721.json
@@ -0,0 +1,71 @@
+{
+ "id": "CVE-2020-36721",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:12.297",
+ "lastModified": "2023-06-07T02:45:04.330",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. This is due to the 'activello_activate_plugin' and 'activello_deactivate_plugin' functions in the 'inc/welcome-screen/class-activello-welcome.php' file missing capability and security checks/nonces. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins installed on a vulnerable site."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 2.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-284"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/unauthenticated-function-injection-vulnerability-fixed-in-15-wordpress-themes/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wordpress.org/themes/activello/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wordpress.org/themes/brilliance/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wordpress.org/themes/newspaper-x/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a9e4e989-8e55-4ea7-8f42-9f67cfab1168?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36722.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36722.json
new file mode 100644
index 00000000000..3c4f7519dbc
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36722.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2020-36722",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:12.357",
+ "lastModified": "2023-06-07T02:44:59.217",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Visual Composer plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 26.0 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/multiple-xss-vulnerabilities-fixed-in-wordpress-visual-composer-plugin/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wpscan.com/vulnerability/10229",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-visual-composer-website-builder-multiple-cross-site-scripting-vulnerabilities-26-0/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c476d9af-9060-4294-874a-86e550253d3b?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36723.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36723.json
new file mode 100644
index 00000000000..19e1805da7d
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36723.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2020-36723",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:12.420",
+ "lastModified": "2023-06-07T02:44:59.217",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email addresses, phone numbers, physical addresses and user post counts."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-200"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-listingpro-theme-fixed-a-critical-vulnerability/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://themeforest.net/item/listingpro-multipurpose-directory-theme/19386460",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b9b21f8e-8d66-4d3e-a383-bea20a3c4498?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36724.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36724.json
new file mode 100644
index 00000000000..3bbf3e38868
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36724.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2020-36724",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:12.487",
+ "lastModified": "2023-06-07T02:44:59.217",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Wordable plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.1. This is due to the use of a user supplied hashing algorithm passed to the hash_hmac() function and the use of a loose comparison on the hash which allows an attacker to trick the function into thinking it has a valid hash. This makes it possible for unauthenticated attackers to gain administrator privileges."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-288"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-plugins-and-themes-vulnerabilities-roundup/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2234193/wordable/trunk/wordable.php",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/be1ab218-37bd-407a-8cb9-66f761849c21?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36725.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36725.json
new file mode 100644
index 00000000000..6583b8d2127
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36725.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2020-36725",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:12.553",
+ "lastModified": "2023-06-07T02:44:59.217",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins for WordPress are vulnerable to an Options Change vulnerability in versions up to, and including, 1.21.11 and 1.21.4 via the 'ti-woocommerce-wishlist/includes/export.class.php' file. This makes it possible for authenticated attackers to gain otherwise restricted access to the vulnerable blog and update any settings."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/critical-zero-day-vulnerability-fixed-in-wordpress-ti-woocommerce-wishlist-plugin/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://templateinvaders.com/changelogs/ti-woocommerce-wishlist-plugin-changelog/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wpscan.com/vulnerability/2e2fb815-7cca-4e6c-b466-179337fe99ee",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d60b5741-5496-4e87-bcb0-adaa0db07d90?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36726.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36726.json
new file mode 100644
index 00000000000..b18d05fb868
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36726.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2020-36726",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:12.617",
+ "lastModified": "2023-06-07T02:44:59.217",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-502"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-ultimate-reviews-plugin-fixed-insecure-deserialization-vulnerability/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2409141",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db30acd7-ce51-45d9-8ff0-6ceea8237a8c?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36727.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36727.json
new file mode 100644
index 00000000000..e4b5a7b579e
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36727.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2020-36727",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:12.673",
+ "lastModified": "2023-06-07T02:44:59.217",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up to, and including, 1.5.1. This is due to unsanitized input from the 'customFieldsDetails' parameter being passed through a deserialization function. This potentially makes it possible for unauthenticated attackers to inject a serialized PHP object."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-502"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/insecure-deserialization-vulnerability-in-wordpress-newsletter-manager-plugin-unpatched/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wpscan.com/vulnerability/b82124b1-e5e1-4f1e-9513-90474fd3f066",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dcfd8c4d-d48b-468d-a7d5-1ec05b068f79?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36728.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36728.json
new file mode 100644
index 00000000000..56093a76785
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36728.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2020-36728",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T13:15:09.330",
+ "lastModified": "2023-06-07T14:35:57.670",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. This allows unauthenticated attackers to delete arbitrary files which can be used to reset and gain full control of a site."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 2.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/critical-vulnerability-in-adning-advertising-plugin-actively-exploited-in-the-wild/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://codecanyon.net/item/wp-pro-advertising-system-all-in-one-ad-manager/269693",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/blog/2020/07/critical-vulnerabilities-patched-in-adning-advertising-plugin/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e7506429-7f8a-45b5-b1b0-6fdb39599ee5?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36729.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36729.json
new file mode 100644
index 00000000000..8d5d586f3df
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36729.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2020-36729",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:12.733",
+ "lastModified": "2023-06-07T02:44:59.217",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The 2J-SlideShow Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'twoj_slideshow_setup' function called via the wp_ajax_twoj_slideshow_setup AJAX action in versions up to, and including, 1.3.31. This makes it possible for authenticated attackers (Subscriber, or above level access) to allow attackers to perform otherwise restricted actions and subsequently deactivate any plugins on the blog."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-285"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-2j-slideshow-plugin-fixed-authenticated-arbitrary-plugin-deactivation-vulnerability/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2226528%402j-slideshow&new=2226528%402j-slideshow&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-images-slideshow-by-2j-image-slider-security-bypass-1-3-31/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f06d1b9e-e27d-4c43-a69b-7641518e4615?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36730.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36730.json
new file mode 100644
index 00000000000..195909a0313
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36730.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2020-36730",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:12.800",
+ "lastModified": "2023-06-07T02:44:59.217",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmp_get_post_detail(), niteo_export_csv(), and cmp_disable_comingsoon_ajax() functions in versions up to, and including, 3.8.1. This makes it possible for unauthenticated attackers to read posts, export subscriber lists, and/or deactivate the plugin."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 8.3,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/multiple-vulnerabilities-fixed-in-cmp-coming-soon-and-maintenance-plugin/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wpscan.com/vulnerability/10341",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-cmp-coming-soon-maintenance-by-niteothemes-security-bypass-3-8-1/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f1ef067b-e4b4-4174-b6ff-ec94a7afd55d?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36731.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36731.json
new file mode 100644
index 00000000000..e72af5e8956
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36731.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2020-36731",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:12.863",
+ "lastModified": "2023-06-07T02:44:59.217",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Flexible Checkout Fields for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Plugin Settings update, in addition to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to missing authorization checks on the updateSettingsAction() function which is called via an admin_init hook, along with missing sanitization and escaping on the settings that are stored."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/zero-day-vulnerability-fixed-in-wordpress-flexible-checkout-fields-for-woocommerce-plugin/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/blog/2020/02/site-takeover-campaign-exploits-multiple-zero-day-vulnerabilities/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd12a952-2e99-41f7-b74c-55c2b7d8deed?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-88xx/CVE-2020-8840.json b/CVE-2020/CVE-2020-88xx/CVE-2020-8840.json
index 8272903e4f9..a23c65b0795 100644
--- a/CVE-2020/CVE-2020-88xx/CVE-2020-8840.json
+++ b/CVE-2020/CVE-2020-88xx/CVE-2020-8840.json
@@ -2,7 +2,7 @@
"id": "CVE-2020-8840",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-02-10T21:56:10.653",
- "lastModified": "2021-02-22T21:45:18.413",
+ "lastModified": "2023-06-08T17:54:21.093",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -86,9 +86,9 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
- "versionStartIncluding": "2.7.0",
+ "versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.7.9.7",
- "matchCriteriaId": "29BC94E0-FEBC-4E86-825C-0101DC339852"
+ "matchCriteriaId": "2F87CF67-6994-43F1-BEC3-DD7D122D0146"
},
{
"vulnerable": true,
diff --git a/CVE-2020/CVE-2020-89xx/CVE-2020-8908.json b/CVE-2020/CVE-2020-89xx/CVE-2020-8908.json
index 99fb6af99bb..bdd980e97e3 100644
--- a/CVE-2020/CVE-2020-89xx/CVE-2020-8908.json
+++ b/CVE-2020/CVE-2020-89xx/CVE-2020-8908.json
@@ -2,12 +2,12 @@
"id": "CVE-2020-8908",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2020-12-10T23:15:13.973",
- "lastModified": "2022-05-10T15:21:59.830",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-06T10:15:09.257",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured."
+ "value": "A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.\n\n"
},
{
"lang": "es",
@@ -298,280 +298,140 @@
]
},
{
- "url": "https://lists.apache.org/thread.html/r007add131977f4f576c232b25e024249a3d16f66aad14a4b52819d21@%3Ccommon-issues.hadoop.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/r007add131977f4f576c232b25e024249a3d16f66aad14a4b52819d21%40%3Ccommon-issues.hadoop.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
- "url": "https://lists.apache.org/thread.html/r07ed3e4417ad043a27bee7bb33322e9bfc7d7e6d1719b8e3dfd95c14@%3Cdev.drill.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/r07ed3e4417ad043a27bee7bb33322e9bfc7d7e6d1719b8e3dfd95c14%40%3Cdev.drill.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
- "url": "https://lists.apache.org/thread.html/r161b87f8037bbaff400194a63cd2016c9a69f5949f06dcc79beeab54@%3Cdev.drill.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/r161b87f8037bbaff400194a63cd2016c9a69f5949f06dcc79beeab54%40%3Cdev.drill.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
- "url": "https://lists.apache.org/thread.html/r215b3d50f56faeb2f9383505f3e62faa9f549bb23e8a9848b78a968e@%3Ccommits.ws.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Patch",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/r215b3d50f56faeb2f9383505f3e62faa9f549bb23e8a9848b78a968e%40%3Ccommits.ws.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
- "url": "https://lists.apache.org/thread.html/r294be9d31c0312d2c0837087204b5d4bf49d0552890e6eec716fa6a6@%3Cyarn-issues.hadoop.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/r294be9d31c0312d2c0837087204b5d4bf49d0552890e6eec716fa6a6%40%3Cyarn-issues.hadoop.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
- "url": "https://lists.apache.org/thread.html/r2fe45d96eea8434b91592ca08109118f6308d60f6d0e21d52438cfb4@%3Cdev.drill.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/r2fe45d96eea8434b91592ca08109118f6308d60f6d0e21d52438cfb4%40%3Cdev.drill.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
- "url": "https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf072b601b58d4e748@%3Ccommits.pulsar.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf072b601b58d4e748%40%3Ccommits.pulsar.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
- "url": "https://lists.apache.org/thread.html/r3dd8881de891598d622227e9840dd7c2ef1d08abbb49e9690c7ae1bc@%3Cissues.geode.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/r3dd8881de891598d622227e9840dd7c2ef1d08abbb49e9690c7ae1bc%40%3Cissues.geode.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
- "url": "https://lists.apache.org/thread.html/r4776f62dfae4a0006658542f43034a7fc199350e35a66d4e18164ee6@%3Ccommits.cxf.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Patch",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/r4776f62dfae4a0006658542f43034a7fc199350e35a66d4e18164ee6%40%3Ccommits.cxf.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
- "url": "https://lists.apache.org/thread.html/r49549a8322f62cd3acfa4490d25bfba0be04f3f9ff4d14fe36199d27@%3Cyarn-dev.hadoop.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/r49549a8322f62cd3acfa4490d25bfba0be04f3f9ff4d14fe36199d27%40%3Cyarn-dev.hadoop.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
- "url": "https://lists.apache.org/thread.html/r58a8775205ab1839dba43054b09a9ab3b25b423a4170b2413c4067ac@%3Ccommon-issues.hadoop.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/r58a8775205ab1839dba43054b09a9ab3b25b423a4170b2413c4067ac%40%3Ccommon-issues.hadoop.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
- "url": "https://lists.apache.org/thread.html/r5b3d93dfdfb7708e796e8762ab40edbde8ff8add48aba53e5ea26f44@%3Cissues.geode.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/r5b3d93dfdfb7708e796e8762ab40edbde8ff8add48aba53e5ea26f44%40%3Cissues.geode.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
- "url": "https://lists.apache.org/thread.html/r5d61b98ceb7bba939a651de5900dbd67be3817db6bfcc41c6e04e199@%3Cyarn-issues.hadoop.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/r5d61b98ceb7bba939a651de5900dbd67be3817db6bfcc41c6e04e199%40%3Cyarn-issues.hadoop.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
- "url": "https://lists.apache.org/thread.html/r6874dfe26eefc41b7c9a5e4a0487846fc4accf8c78ff948b24a1104a@%3Cdev.drill.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/r6874dfe26eefc41b7c9a5e4a0487846fc4accf8c78ff948b24a1104a%40%3Cdev.drill.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
- "url": "https://lists.apache.org/thread.html/r68d86f4b06c808204f62bcb254fcb5b0432528ee8d37a07ef4bc8222@%3Ccommits.ws.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Patch",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/r68d86f4b06c808204f62bcb254fcb5b0432528ee8d37a07ef4bc8222%40%3Ccommits.ws.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
- "url": "https://lists.apache.org/thread.html/r79e47ed555bdb1180e528420a7a2bb898541367a29a3bc6bbf0baf2c@%3Cissues.hive.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/r79e47ed555bdb1180e528420a7a2bb898541367a29a3bc6bbf0baf2c%40%3Cissues.hive.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
- "url": "https://lists.apache.org/thread.html/r7b0e81d8367264d6cad98766a469d64d11248eb654417809bfdacf09@%3Cyarn-issues.hadoop.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/r7b0e81d8367264d6cad98766a469d64d11248eb654417809bfdacf09%40%3Cyarn-issues.hadoop.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
- "url": "https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e00ef5e12bd5f6ba@%3Cissues.maven.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e00ef5e12bd5f6ba%40%3Cissues.maven.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
- "url": "https://lists.apache.org/thread.html/ra7ab308481ee729f998691e8e3e02e93b1dedfc98f6b1cd3d86923b3@%3Cyarn-issues.hadoop.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/ra7ab308481ee729f998691e8e3e02e93b1dedfc98f6b1cd3d86923b3%40%3Cyarn-issues.hadoop.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
- "url": "https://lists.apache.org/thread.html/rb2364f4cf4d274eab5a7ecfaf64bf575cedf8b0173551997c749d322@%3Cgitbox.hive.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/rb2364f4cf4d274eab5a7ecfaf64bf575cedf8b0173551997c749d322%40%3Cgitbox.hive.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
- "url": "https://lists.apache.org/thread.html/rb8c0f1b7589864396690fe42a91a71dea9412e86eec66dc85bbacaaf@%3Ccommits.cxf.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Patch",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/rb8c0f1b7589864396690fe42a91a71dea9412e86eec66dc85bbacaaf%40%3Ccommits.cxf.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
- "url": "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3%40%3Ctorque-dev.db.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
- "url": "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a@%3Ctorque-dev.db.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a%40%3Ctorque-dev.db.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
- "url": "https://lists.apache.org/thread.html/rc607bc52f3507b8b9c28c6a747c3122f51ac24afe80af2a670785b97@%3Cissues.geode.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/rc607bc52f3507b8b9c28c6a747c3122f51ac24afe80af2a670785b97%40%3Cissues.geode.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
- "url": "https://lists.apache.org/thread.html/rcafc3a637d82bdc9a24036b2ddcad1e519dd0e6f848fcc3d606fd78f@%3Cdev.hive.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/rcafc3a637d82bdc9a24036b2ddcad1e519dd0e6f848fcc3d606fd78f%40%3Cdev.hive.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
- "url": "https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378da2e4aa29c6bcb95@%3Cgithub.arrow.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378da2e4aa29c6bcb95%40%3Cgithub.arrow.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
- "url": "https://lists.apache.org/thread.html/rd2704306ec729ccac726e50339b8a8f079515cc29ccb77713b16e7c5@%3Cissues.hive.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/rd2704306ec729ccac726e50339b8a8f079515cc29ccb77713b16e7c5%40%3Cissues.hive.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
- "url": "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604@%3Ctorque-dev.db.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604%40%3Ctorque-dev.db.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
- "url": "https://lists.apache.org/thread.html/rd7e12d56d49d73e2b8549694974b07561b79b05455f7f781954231bf@%3Cdev.pig.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/rd7e12d56d49d73e2b8549694974b07561b79b05455f7f781954231bf%40%3Cdev.pig.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
- "url": "https://lists.apache.org/thread.html/re120f6b3d2f8222121080342c5801fdafca2f5188ceeb3b49c8a1d27@%3Cyarn-issues.hadoop.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/re120f6b3d2f8222121080342c5801fdafca2f5188ceeb3b49c8a1d27%40%3Cyarn-issues.hadoop.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
- "url": "https://lists.apache.org/thread.html/reebbd63c25bc1a946caa419cec2be78079f8449d1af48e52d47c9e85@%3Cissues.geode.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/reebbd63c25bc1a946caa419cec2be78079f8449d1af48e52d47c9e85%40%3Cissues.geode.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
- "url": "https://lists.apache.org/thread.html/rf00b688ffa620c990597f829ff85fdbba8bf73ee7bfb34783e1f0d4e@%3Cyarn-dev.hadoop.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/rf00b688ffa620c990597f829ff85fdbba8bf73ee7bfb34783e1f0d4e%40%3Cyarn-dev.hadoop.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
- "url": "https://lists.apache.org/thread.html/rf9f0fa84b8ae1a285f0210bafec6de2a9eba083007d04640b82aa625@%3Cissues.geode.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/rf9f0fa84b8ae1a285f0210bafec6de2a9eba083007d04640b82aa625%40%3Cissues.geode.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
- "url": "https://lists.apache.org/thread.html/rfc27e2727a20a574f39273e0432aa97486a332f9b3068f6ac1346594@%3Cdev.myfaces.apache.org%3E",
- "source": "cve-coordination@google.com",
- "tags": [
- "Mailing List",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/rfc27e2727a20a574f39273e0432aa97486a332f9b3068f6ac1346594%40%3Cdev.myfaces.apache.org%3E",
+ "source": "cve-coordination@google.com"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220210-0003/",
diff --git a/CVE-2021/CVE-2021-217xx/CVE-2021-21741.json b/CVE-2021/CVE-2021-217xx/CVE-2021-21741.json
index cd1a19cbfd5..fa744bc1d36 100644
--- a/CVE-2021/CVE-2021-217xx/CVE-2021-21741.json
+++ b/CVE-2021/CVE-2021-217xx/CVE-2021-21741.json
@@ -2,12 +2,12 @@
"id": "CVE-2021-21741",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2021-08-30T18:15:08.107",
- "lastModified": "2021-09-07T14:04:59.580",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-05T22:15:10.770",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A conference management system of ZTE is impacted by a command execution vulnerability. Since the soapmonitor's java object service is enabled by default, the attacker could exploit this vulnerability to execute arbitrary commands by sending a deserialized payload to port 5001."
+ "value": "There is a command execution vulnerability in a ZTE conference management system. As some services are enabled by default, the attacker could exploit this vulnerability to execute arbitrary commands by sending specific serialization command."
},
{
"lang": "es",
diff --git a/CVE-2021/CVE-2021-250xx/CVE-2021-25019.json b/CVE-2021/CVE-2021-250xx/CVE-2021-25019.json
index 1b9666f2658..cc1c66d8e49 100644
--- a/CVE-2021/CVE-2021-250xx/CVE-2021-25019.json
+++ b/CVE-2021/CVE-2021-250xx/CVE-2021-25019.json
@@ -2,7 +2,7 @@
"id": "CVE-2021-25019",
"sourceIdentifier": "contact@wpscan.com",
"published": "2022-03-21T19:15:09.403",
- "lastModified": "2022-03-28T18:41:35.317",
+ "lastModified": "2023-06-07T02:42:47.690",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:squirrly:seo:*:*:*:*:*:wordpress:*:*",
+ "criteria": "cpe:2.3:a:squirrly:seo_plugin_by_squirrly_seo:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "11.1.12",
- "matchCriteriaId": "A7DCDFF4-4D4C-479A-A0BF-25964F60B776"
+ "matchCriteriaId": "73F9EE75-1EC7-41E3-B08B-FB213A92519F"
}
]
}
diff --git a/CVE-2021/CVE-2021-312xx/CVE-2021-31233.json b/CVE-2021/CVE-2021-312xx/CVE-2021-31233.json
index 008d94e5a28..d851bf3825f 100644
--- a/CVE-2021/CVE-2021-312xx/CVE-2021-31233.json
+++ b/CVE-2021/CVE-2021-312xx/CVE-2021-31233.json
@@ -2,23 +2,82 @@
"id": "CVE-2021-31233",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T01:15:42.983",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T01:17:15.663",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability found in Fighting Cock Information System v.1.0 allows a remote attacker to obtain sensitive information via the edit_breed.php parameter."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:fighting_cock_information_system_project:fighting_cock_information_system:1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "11C6CA2F-C8E7-4BB1-A787-92E8621D817F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/gabesolomon/CVE-2021-31233",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.sourcecodester.com/php/12824/fighting-cock-information-system.html",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-312xx/CVE-2021-31239.json b/CVE-2021/CVE-2021-312xx/CVE-2021-31239.json
index d986e05e18f..6624206042b 100644
--- a/CVE-2021/CVE-2021-312xx/CVE-2021-31239.json
+++ b/CVE-2021/CVE-2021-312xx/CVE-2021-31239.json
@@ -2,7 +2,7 @@
"id": "CVE-2021-31239",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-09T02:15:08.907",
- "lastModified": "2023-05-22T04:15:09.640",
+ "lastModified": "2023-06-09T08:15:09.170",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -80,6 +80,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXFL4TDAH72PRCPD5UPZMJMKIMVOPLTI/",
"source": "cve@mitre.org"
},
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230609-0010/",
+ "source": "cve@mitre.org"
+ },
{
"url": "https://www.sqlite.org/cves.html",
"source": "cve@mitre.org",
diff --git a/CVE-2021/CVE-2021-316xx/CVE-2021-31693.json b/CVE-2021/CVE-2021-316xx/CVE-2021-31693.json
index 93e8daab5ae..5e0eacee5ea 100644
--- a/CVE-2021/CVE-2021-316xx/CVE-2021-31693.json
+++ b/CVE-2021/CVE-2021-316xx/CVE-2021-31693.json
@@ -2,12 +2,12 @@
"id": "CVE-2021-31693",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-11-29T21:15:10.597",
- "lastModified": "2023-02-23T23:40:42.283",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-07T16:15:09.247",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS."
+ "value": "The 10Web Photo Gallery plugin through 1.5.68 for WordPress allows XSS via album_gallery_id_0, bwg_album_search_0, and type_0 for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-46889. NOTE: VMware information, previously connected to this CVE ID because of a typo, is at CVE-2022-31693."
}
],
"metrics": {
@@ -67,18 +67,8 @@
],
"references": [
{
- "url": "https://security.netapp.com/advisory/ntap-20221223-0009/",
- "source": "cve@mitre.org",
- "tags": [
- "Third Party Advisory"
- ]
- },
- {
- "url": "https://www.vmware.com/security/advisories/VMSA-2022-0029.html",
- "source": "cve@mitre.org",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://packetstormsecurity.com/files/162227/WordPress-Photo-Gallery-1.5.69-Cross-Site-Scripting.html",
+ "source": "cve@mitre.org"
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-332xx/CVE-2021-33223.json b/CVE-2021/CVE-2021-332xx/CVE-2021-33223.json
new file mode 100644
index 00000000000..fd57a55fc14
--- /dev/null
+++ b/CVE-2021/CVE-2021-332xx/CVE-2021-33223.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2021-33223",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-07T01:15:38.877",
+ "lastModified": "2023-06-07T02:45:15.873",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate privileges via the userid and role parameters in the out.UsrMgr.php file."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://sunil-singh.notion.site/SeedDMS-6-0-15-Insecure-Direct-Object-Reference-IDOR-ff504354656b47b2b0cee0b7a82ad08c",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://www.notion.so/SeedDMS-6-0-15-Incorrect-Access-Control-ff504354656b47b2b0cee0b7a82ad08c",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-36xx/CVE-2021-3610.json b/CVE-2021/CVE-2021-36xx/CVE-2021-3610.json
index 4944715539b..620ddeb6bee 100644
--- a/CVE-2021/CVE-2021-36xx/CVE-2021-3610.json
+++ b/CVE-2021/CVE-2021-36xx/CVE-2021-3610.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-3610",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-02-24T19:15:09.213",
- "lastModified": "2023-06-05T18:15:09.593",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-06-06T14:01:31.377",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -95,8 +95,16 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "6.9.10.88",
+ "versionEndExcluding": "6.9.12-14",
+ "matchCriteriaId": "4B402469-D9D7-42B8-B2E5-365A0C17B333"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "7.0.0-0",
"versionEndExcluding": "7.0.11-14",
- "matchCriteriaId": "AB20F030-CB81-4D8C-8351-B18A3ADFF4BC"
+ "matchCriteriaId": "8C4ED8DF-FA1F-4CB5-8724-9E8B1C3B10AA"
}
]
}
@@ -136,11 +144,18 @@
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/05/29/4",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/06/05/1",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List",
+ "Patch"
+ ]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973689",
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4337.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4337.json
new file mode 100644
index 00000000000..aa1d4a3b1f1
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4337.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2021-4337",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T13:15:09.437",
+ "lastModified": "2023-06-07T14:35:57.670",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wp_ajax_svx_ajax_factory function in various versions listed below. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to read, edit, or delete WordPress settings, plugin settings, and to arbitrarily list all users on a WordPress website. The plugins impacted are: Product Filter for WooCommerce < 8.2.0, Improved Product Options for WooCommerce < 5.3.0, Improved Sale Badges for WooCommerce < 4.4.0, Share, Print and PDF Products for WooCommerce < 2.8.0, Product Loops for WooCommerce < 1.7.0, XforWooCommerce < 1.7.0, Package Quantity Discount < 1.2.0, Price Commander for WooCommerce < 1.3.0, Comment and Review Spam Control for WooCommerce < 1.5.0, Add Product Tabs for WooCommerce < 1.5.0, Autopilot SEO for WooCommerce < 1.6.0, Floating Cart < 1.3.0, Live Search for WooCommerce < 2.1.0, Bulk Add to Cart for WooCommerce < 1.3.0, Live Product Editor for WooCommerce < 4.7.0, and Warranties and Returns for WooCommerce < 5.3.0."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/16-woocommerce-product-add-ons-plugins-fixed-vulnerabilities/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/05481984-7c18-4ec7-8d7c-831809c3e86b?source=cve",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://xforwoocommerce.com/blog/change-log/xforwoocommerce-1-7-0/",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4338.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4338.json
new file mode 100644
index 00000000000..84c1b5d4db1
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4338.json
@@ -0,0 +1,71 @@
+{
+ "id": "CVE-2021-4338",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:12.937",
+ "lastModified": "2023-06-07T02:44:59.217",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The 404 to 301 plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the open_redirect & save_redirect functions in versions up to, and including, 3.0.7. This makes it possible for authenticated attackers to view, create and edit redirections."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.1,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-284"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/broken-access-control-vulnerability-fixed-in-wordpress-404-to-301-plugin/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2546695/404-to-301",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wpscan.com/vulnerability/9f147107-bc5a-4a01-9979-cd9e16061f12",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-404-to-301-redirect-log-and-notify-404-errors-security-bypass-3-0-7/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/05d6b27f-b1e5-4bb8-b7db-f8295a5e0d5b?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4339.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4339.json
new file mode 100644
index 00000000000..c3baa299568
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4339.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2021-4339",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:13.000",
+ "lastModified": "2023-06-07T02:44:59.217",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The uListing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the \"ulisting/includes/route.php\" file on the /1/api/ulisting-user/search REST-API route in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to retrieve the list of all users and their email address in the database."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2456786%40ulisting&new=2456786%40ulisting&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0a6615fd-7c37-45d9-a657-0ba00df840e5?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4340.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4340.json
new file mode 100644
index 00000000000..4e407d21763
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4340.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2021-4340",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:13.060",
+ "lastModified": "2023-06-07T02:44:59.217",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The uListing plugin for WordPress is vulnerable to generic SQL Injection via the \u2018listing_id\u2019 parameter in versions up to, and including, 1.6.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/10b7a88f-ce46-42aa-ab5a-81f38288a659?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4341.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4341.json
new file mode 100644
index 00000000000..3b8525697f0
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4341.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2021-4341",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:13.127",
+ "lastModified": "2023-06-07T02:44:59.217",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stm_update_email_data AJAX action in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to change any WordPress option in the database."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1814537d-8307-4d1f-86c8-801519172be5?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4342.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4342.json
new file mode 100644
index 00000000000..c2119bec432
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4342.json
@@ -0,0 +1,83 @@
+{
+ "id": "CVE-2021-4342",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:13.190",
+ "lastModified": "2023-06-07T02:44:59.217",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Over 70 plugins and themes were vulnerable to Cross-Site Request Forgery due to improperly implemented nonce protection that could be bypassed."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1b3d9251-9824-4bd0-aa2f-5a967ef01de3?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4343.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4343.json
new file mode 100644
index 00000000000..10fa82a8fff
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4343.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2021-4343",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:13.257",
+ "lastModified": "2023-06-07T02:44:59.217",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Unauthenticated Account Creation plugin for WordPress is vulnerable to Unauthenticated Account Creation in versions up to, and including, 1.6.6. This is due to the stm_listing_register AJAX action function being accessible and taking roles unprotected. This makes it possible for unauthenticated attackers to create accounts, even those with administrator privileges."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2456786%40ulisting&new=2456786%40ulisting&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1c6bf45b-b02d-43bb-b682-7f1ae994e1d3?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4344.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4344.json
new file mode 100644
index 00000000000..79a9e4090d3
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4344.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2021-4344",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:13.317",
+ "lastModified": "2023-06-07T02:44:59.217",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Frontend File Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 18.2. This is due to lacking mishandling the use of user IDs that is accessible by the visitor. This makes it possible for unauthenticated or authenticated attackers to access the information and privileges of other users, including 'guest users', in their own category (authenticated, or unauthenticated guests)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.1,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-285"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/28a7b2c9-5d8d-4b49-a47c-473e3288b563?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4345.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4345.json
new file mode 100644
index 00000000000..497678b8f41
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4345.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2021-4345",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:13.377",
+ "lastModified": "2023-06-07T02:44:59.217",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::save_role_api method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to remove or add roles, and add capabilities."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 2.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2456786%40ulisting&new=2456786%40ulisting&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/44e112a7-8f51-4d2a-a4b3-74a47ef3aec7?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4346.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4346.json
new file mode 100644
index 00000000000..2b5ce1b094b
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4346.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2021-4346",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:13.440",
+ "lastModified": "2023-06-07T02:44:59.217",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The uListing plugin for WordPress is vulnerable to Unauthenticated Arbitrary Account Changes in versions up to, and including, 1.6.6. This is due to missing login checks on the stm_listing_profile_edit AJAX action. This makes it possible for unauthenticated attackers to edit any account on the blog, such as changing the admin account's email address."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2456786%40ulisting&new=2456786%40ulisting&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/41800ea9-1ace-42fc-9e7f-d760a126342b?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4347.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4347.json
new file mode 100644
index 00000000000..03edd5d6095
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4347.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2021-4347",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:13.523",
+ "lastModified": "2023-06-07T02:44:59.217",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The function update_shipment_status_email_status_fun in the plugin Advanced Shipment Tracking for WooCommerce in versions up to 3.2.6 is vulnerable to authenticated arbitrary options update. The function allows attackers (including those at customer level) to update any WordPress option in the database. Version 3.2.5 was initially released as a fix, but doesn't fully address the issue."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.9,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.1,
+ "impactScore": 6.0
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-advanced-shipment-tracking-for-woocommerce-fixed-critical-vulnerability/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4174b47a-75d0-4ada-bd4d-efbaf0b1a049?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4348.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4348.json
new file mode 100644
index 00000000000..5921bbf1b11
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4348.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2021-4348",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:13.607",
+ "lastModified": "2023-06-07T02:44:59.217",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Ultimate GDPR & CCPA plugin for WordPress is vulnerable to unauthenticated settings import and export via the export_settings & import_settings functions in versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to change plugin settings and conduct attacks such as redirecting visitors to malicious sites."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/critical-vulnerability-in-wordpress-ultimate-gdpr-ccpa-compliance-toolkit-plugin/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/40e2e8fb-ea36-4602-bead-8daf75d6dfb9?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4349.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4349.json
new file mode 100644
index 00000000000..8865319b287
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4349.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2021-4349",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:13.670",
+ "lastModified": "2023-06-07T02:44:53.933",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to conduct unspecified attacks via forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2473649/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2acd40d5-8a9c-4ca8-9c89-5bf639b1c66c?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4350.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4350.json
new file mode 100644
index 00000000000..4f8d7e0ebb4
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4350.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2021-4350",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:13.730",
+ "lastModified": "2023-06-07T02:44:53.933",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated HTML Injection in versions up to, and including, 18.2. This is due to lacking authentication protections on the wpfm_send_file_in_email AJAX action. This makes it possible for unauthenticated attackers to send emails using the site with a custom subject, recipient email, and body with unsanitized HTML content. This effectively lets the attacker use the site as a spam relay."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/49150180-9de0-4318-b21b-779daaeb7a52?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4351.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4351.json
new file mode 100644
index 00000000000..9dc3f2b4d3c
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4351.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2021-4351",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:13.797",
+ "lastModified": "2023-06-07T02:44:53.933",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Post Meta Change in versions up to, and including, 18.2. This is due to lacking authentication protections, capability checks, and sanitization, all on the wpfm_file_meta_update AJAX action. This makes it possible for unauthenticated attackers to change the meta data of certain posts and pages."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.8,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5539aa79-66ad-43fa-967c-2bec877061e0?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4352.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4352.json
new file mode 100644
index 00000000000..3f47d719e97
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4352.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2021-4352",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:13.860",
+ "lastModified": "2023-06-07T02:44:53.933",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the save_locsettings function in versions up to, and including, 1.8.1. This makes it possible for unauthenticated attackers to change the settings of the plugin."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-284"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-jobsearch-wp-job-board-plugin-fixed-vulnerability/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wpscan.com/vulnerability/ed7e664e-5a73-4d2d-a599-a0be89d6c2d1",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/59170f0a-975e-487c-bdb0-585c802b3127?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4354.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4354.json
new file mode 100644
index 00000000000..66f852429b7
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4354.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2021-4354",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:13.927",
+ "lastModified": "2023-06-07T02:44:53.933",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The PWA for WP & AMP for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pwaforwp_splashscreen_uploader function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-434"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-pwa-for-wp-and-amp-plugin-fixed-vulnerabilities/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6082791e-feac-41f7-b565-9d98624ddf50?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4355.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4355.json
new file mode 100644
index 00000000000..dc85fd740d2
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4355.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2021-4355",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:13.987",
+ "lastModified": "2023-06-07T02:44:53.933",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the download_orderdetail_list(), change_orderlist(), and download_member_list() functions called via admin_init hooks in versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to download lists of members, products and orders."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-welcart-e-commerce-plugin-fixed-vulnerabilities/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/671f5ba5-1f18-49fa-aa97-eaebdb3417bb?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4356.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4356.json
new file mode 100644
index 00000000000..2da0e7ee55c
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4356.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2021-4356",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:14.043",
+ "lastModified": "2023-06-07T02:44:53.933",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Download\r\n in versions up to, and including, 18.2. This is due to lacking authentication protections, capability checks, and sanitization, all on the wpfm_file_meta_update AJAX action. This makes it possible for unauthenticated attackers to download arbitrary files on the site, potentially leading to site takeover."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.0,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 2.2,
+ "impactScore": 6.0
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2554359%40nmedia-user-file-uploader&new=2554359%40nmedia-user-file-uploader&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/79e2011c-5e4d-4d02-831f-6b4dcfcaa51e?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4357.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4357.json
new file mode 100644
index 00000000000..ee1afa6a188
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4357.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2021-4357",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:14.107",
+ "lastModified": "2023-06-07T02:44:53.933",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability checks, and a missing security nonce, on the UlistingUserRole::save_role_api function in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to arbitrarily delete site posts and pages."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.1,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2456786%40ulisting&new=2456786%40ulisting&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wordpress.org/plugins/ulisting/#developers",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/71aa14b8-39bc-4b91-a7cf-9d203fdf44ea?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4358.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4358.json
new file mode 100644
index 00000000000..b2cb3151422
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4358.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2021-4358",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:14.170",
+ "lastModified": "2023-06-07T02:44:53.933",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 3.1.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-wp-dsgvo-tools-gdpr-plugin-patched-vulnerability-actively-exploited/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wordpress.org/support/topic/weiterleitung-redirects/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6c18ab1b-02f1-4679-8cff-679d98dc9f4a?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4359.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4359.json
new file mode 100644
index 00000000000..8adfdccd9cb
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4359.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2021-4359",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:14.230",
+ "lastModified": "2023-06-07T02:44:53.933",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 18.2. This is due to lacking authentication protections and lacking a security nonce on the wpfm_delete_file AJAX action. This makes it possible for unauthenticated attackers to delete any posts and pages on the site."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 2.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2554359%40nmedia-user-file-uploader&new=2554359%40nmedia-user-file-uploader&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/84c61d00-20c1-4176-a74d-ea6ff6220f26?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4360.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4360.json
new file mode 100644
index 00000000000..1332f206b41
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4360.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2021-4360",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:14.293",
+ "lastModified": "2023-06-07T02:44:53.933",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Controlled Admin Access plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 1.5.5 by not properly restricting access to the configuration page. This makes it possible for attackers to create a new administrator role with unrestricted access."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.9,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.1,
+ "impactScore": 6.0
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-284"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-controlled-admin-access-plugin/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.svn.wordpress.org/controlled-admin-access/trunk/readme.txt",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wpscan.com/vulnerability/5ddc0a9d-c081-4bef-aa87-3b10d037379c",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8c57211a-f59d-4379-b09e-7c6049a6b04d?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4361.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4361.json
new file mode 100644
index 00000000000..96d4e0540f1
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4361.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2021-4361",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:14.363",
+ "lastModified": "2023-06-07T02:44:53.933",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_job_integrations_settin_save AJAX action in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to update arbitrary options on the site."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-284"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-jobsearch-wp-job-board-plugin-fixed-vulnerability/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wpscan.com/vulnerability/a69aa52f-9876-4180-97a4-713459b43f24",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/839a0cc0-a656-4107-a748-4ad85e950237?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4362.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4362.json
new file mode 100644
index 00000000000..4181411ce64
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4362.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2021-4362",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:14.420",
+ "lastModified": "2023-06-07T02:44:53.933",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the kiwi_social_share_get_option() function called via the kiwi_social_share_get_option AJAX action in version 2.1.0. This makes it possible for unauthenticated attackers to read and modify arbitrary options on a WordPress site that can be used for complete site takeover. This was a previously fixed vulnerability that was reintroduced in this version."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-kiwi-social-sharing-plugin-fixed-critical-vulnerability/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wordpress.org/plugins/kiwi-social-share/#developers",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8148b6d0-190a-4b97-8af7-edd6943116d1?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4363.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4363.json
new file mode 100644
index 00000000000..a34793fa5fb
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4363.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2021-4363",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:14.483",
+ "lastModified": "2023-06-07T02:44:53.933",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.5 due to insufficient input sanitization and output escaping on the 'save_content_front' function that uses print_r on the user-supplied $_REQUEST values . This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-wp-quick-frontend-editor-plugin-unpatched/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wordpress.org/plugins/wp-quick-front-end-editor/#developers",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7ce8ae7d-c2a5-4da3-8bdd-20dfdb5ce700?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4364.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4364.json
new file mode 100644
index 00000000000..506c821b10a
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4364.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2021-4364",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:14.543",
+ "lastModified": "2023-06-07T02:44:53.933",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_add_job_import_schedule_call() function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to add and/or modify schedule calls."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-284"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-jobsearch-wp-job-board-plugin-fixed-vulnerability/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wpscan.com/vulnerability/7e2dd5df-f758-419c-bfb8-b8e53235fede",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9114018f-0678-4973-bb1e-932f0d93f963?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4365.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4365.json
new file mode 100644
index 00000000000..3c2d894cf58
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4365.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2021-4365",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:14.603",
+ "lastModified": "2023-06-07T02:44:53.933",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to, and including, 18.2. This is due to lacking authentication protections and santisation all on the wpfm_edit_file_title_desc AJAX action. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2554359%40nmedia-user-file-uploader&new=2554359%40nmedia-user-file-uploader&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a9c82154-d390-44ba-a54a-89f4bb69cdce?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4366.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4366.json
new file mode 100644
index 00000000000..90c26bdbafd
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4366.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2021-4366",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:14.660",
+ "lastModified": "2023-06-07T02:44:53.933",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwp_update_features_options function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to change the otherwise restricted settings within the plugin."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-pwa-for-wp-and-amp-plugin-fixed-vulnerabilities/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wpscan.com/vulnerability/b38a51d7-375e-4cca-88ba-ccab796ac134",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a9892dd1-3939-41a9-a828-fa1bf7d96eb8?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4367.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4367.json
new file mode 100644
index 00000000000..8894f39bae4
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4367.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2021-4367",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:14.723",
+ "lastModified": "2023-06-07T02:44:53.933",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Flo Forms \u2013 Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Options Change by using the flo_import_forms_options AJAX action in versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping along with missing capability checks. This makes it possible for authenticated attackers, like subscribers, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.1,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/zero-day-vulnerability-fixed-in-wordpress-flo-forms-plugin/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wpscan.com/vulnerability/b4a83501-c727-4c9b-a9a1-46b399ab0caa",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a175e103-ab89-404b-8736-94d0d93d6cf3?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4368.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4368.json
new file mode 100644
index 00000000000..54f7b35b463
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4368.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2021-4368",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:14.783",
+ "lastModified": "2023-06-07T02:44:53.933",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 18.2. This is due to lacking capability checks and a security nonce, all on the wpfm_save_settings AJAX action. This makes it possible for subscriber-level attackers to edit the plugin settings, such as the allowed upload file types. This can lead to remote code execution through other vulnerabilities."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.9,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.1,
+ "impactScore": 6.0
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2554359%40nmedia-user-file-uploader&new=2554359%40nmedia-user-file-uploader&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/adb1d8b0-b1d6-40df-b591-f1062ee744fb?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4369.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4369.json
new file mode 100644
index 00000000000..cebfa4d704a
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4369.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2021-4369",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:14.843",
+ "lastModified": "2023-06-07T02:44:53.933",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Content Injection in versions up to, and including, 18.2. This is due to lacking authorization protections, checks against users editing other's posts, and lacking a security nonce, all on the wpfm_edit_file_title_desc AJAX action. This makes it possible for unauthenticated attackers to edit the content and title of every page on the site."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.8,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2554359%40nmedia-user-file-uploader&new=2554359%40nmedia-user-file-uploader&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c434e6b8-0dd5-4ffe-93b1-1af614c08f85?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4370.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4370.json
new file mode 100644
index 00000000000..0746429c670
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4370.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2021-4370",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:14.903",
+ "lastModified": "2023-06-07T02:44:48.507",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The uListing plugin for WordPress is vulnerable to authorization bypass as most actions and endpoints are accessible to unauthenticated users, lack security nonces, and data is seldom validated. This issue exists in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to conduct numerous administrative actions, including those less critical than the explicitly outlined ones in our detection."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2456786%40ulisting&new=2456786%40ulisting&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c5ada976-03b8-4219-9ae3-9060fb7b9de5?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4371.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4371.json
new file mode 100644
index 00000000000..82223fc2f6d
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4371.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2021-4371",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:14.967",
+ "lastModified": "2023-06-07T02:44:48.507",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Setting Changs in versions up to, and including, 5.5. This is due to lacking both a security nonce and a capabilities check. This makes it possible for low-authenticated attackers to change plugin settings even when they do not have the capabilities to do so."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-wp-quick-frontend-editor-plugin-unpatched/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wordpress.org/plugins/wp-quick-front-end-editor/#developers",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c392750b-ae4a-48b5-9ccb-43852fb13e27?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4372.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4372.json
new file mode 100644
index 00000000000..82a4f9501f3
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4372.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2021-4372",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:15.023",
+ "lastModified": "2023-06-07T02:44:48.507",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.1. This is due to missing sanitization on the settings imported via the import() function. This makes it possible for unauthenticated attackers to import a settings file containing malicious JavaScript that would execute when an administrator accesses the settings area of the site."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 2.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/woocommerce-dynamic-pricing-and-discounts-plugin-fixed-multiple-vulnerabilities/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bcaa5d0e-b764-4566-bd46-2d41dc391c36?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4373.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4373.json
new file mode 100644
index 00000000000..f38850ea102
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4373.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2021-4373",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:15.083",
+ "lastModified": "2023-06-07T02:44:48.507",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to import settings via forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-288"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2473344",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cfc6c595-dad2-4abc-8187-ed72355273b8?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4374.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4374.json
new file mode 100644
index 00000000000..4e0006d9fe3
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4374.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2021-4374",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:15.147",
+ "lastModified": "2023-06-07T02:44:48.507",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the process_form.php file. This makes it possible for unauthenticated attackers to arbitrarily update the settings of a vulnerable site and ultimately compromise the entire site."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.1,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/critical-vulnerability-fixed-in-wordpress-automatic-plugin/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d0567dc8-7a4c-42f4-bf45-f31a8efaa354?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4375.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4375.json
new file mode 100644
index 00000000000..ba77248b091
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4375.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2021-4375",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:15.207",
+ "lastModified": "2023-06-07T02:44:48.507",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the usces_download_system_information() function in versions up to, and including, 2.2.7. This makes it possible for authenticated attackers to download information including WordPress settings, plugin settings, PHP settings and server settings."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-welcart-e-commerce-plugin-fixed-vulnerabilities/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d82e856b-c8c9-4139-ad54-89368e3b7125?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4376.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4376.json
new file mode 100644
index 00000000000..f9e0777fea3
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4376.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2021-4376",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:15.277",
+ "lastModified": "2023-06-07T02:44:48.507",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WooCommerce Multi Currency plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers to change the price of a product to an arbitrary value."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2734576%40woo-multi-currency&new=2734576%40woo-multi-currency&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wordpress.org/plugins/woo-multi-currency/#developers",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wpscan.com/vulnerability/480125bc-bab3-45b8-9325-a4d406655a61",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d8a490c6-14c1-4c71-b44c-1e362cc892a8?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4377.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4377.json
new file mode 100644
index 00000000000..aa709c51bb0
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4377.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2021-4377",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:15.340",
+ "lastModified": "2023-06-07T02:44:48.507",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Doneren met Mollie plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.8.5 via the dmm_export_donations() function which is called via the admin_post_dmm_export hook due to missing capability checks. This can allow authenticated attackers to extract a CSV file that contains sensitive information about the donors."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-200"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/information-disclosure-vulnerability-fixed-in-wordpress-doneren-met-mollie-plugin/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2459548",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wpscan.com/vulnerability/36afc442-9634-498e-961e-4c935880cd2b",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ed99a056-42c6-4540-950e-12f8b547b64d?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4378.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4378.json
new file mode 100644
index 00000000000..f4072fdb7b5
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4378.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2021-4378",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:15.407",
+ "lastModified": "2023-06-07T02:44:48.507",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with minimal permissions like subscribers, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.1,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-wp-quick-frontend-editor-plugin-unpatched/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ed137706-1313-4bff-882b-13d9fa11498c?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4379.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4379.json
new file mode 100644
index 00000000000..24ad43f2e0d
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4379.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2021-4379",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T13:15:09.527",
+ "lastModified": "2023-06-07T14:35:57.670",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmc_bulk_fixed_price function in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to make changes to product prices."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/vulnerability-fixed-in-wordpress-woocommerce-multi-currency-plugin/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://codecanyon.net/item/woocommerce-multi-currency/20948446",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2318ae9-4115-442e-9293-a9251787c5f3?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4380.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4380.json
new file mode 100644
index 00000000000..200da300771
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4380.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2021-4380",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T13:15:09.623",
+ "lastModified": "2023-06-07T14:35:57.670",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wp_pinterest_automatic_parse_request' function and the 'process_form.php' script in versions up to, and including, 1.14.3. This makes it possible for unauthenticated attackers to update arbitrary options on a site that can be used to create new administrative user accounts or redirect unsuspecting site visitors."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-284"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/critical-vulnerability-fixed-in-wordpress-pinterest-automatic-plugin/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wpscan.com/vulnerability/ffd344fd-de2c-4f27-8932-41aa0a3c3d05",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-pinterest-automatic-pin-security-bypass-4-14-3/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e4fdc902-4cfe-4116-a294-9a0fcb2de346?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4381.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4381.json
new file mode 100644
index 00000000000..960277e1f56
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4381.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2021-4381",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:15.470",
+ "lastModified": "2023-06-07T02:44:48.507",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::import_new_layout method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to change any WordPress option in the database."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2456786%40ulisting&new=2456786%40ulisting&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ff5755dc-2262-47f6-ac3a-6bca9529d088?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4382.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4382.json
new file mode 100644
index 00000000000..b67ff39ea83
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4382.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2021-4382",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:15.540",
+ "lastModified": "2023-06-07T02:44:48.507",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Recently plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the fetch_external_image() function in versions up to, and including, 3.0.4. This makes it possible for authenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-434"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2542693",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wpscan.com/vulnerability/92c3f26a-1a84-459a-874b-07dc83c9f42a",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-recently-multiple-vulnerabilities-3-0-4/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f8297149-2de3-4e49-80f9-6ea59dea6bce?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4383.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4383.json
new file mode 100644
index 00000000000..09e517e9fd9
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4383.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2021-4383",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:15.607",
+ "lastModified": "2023-06-07T02:44:48.507",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to page content injection in versions up to, and including, 5.5. This is due to missing capability checks in the plugin's page-editing functionality. This makes it possible for low-authenticated attackers, such as subscribers, to edit/create any page or post on the blog."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-wp-quick-frontend-editor-plugin-unpatched/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wordpress.org/plugins/wp-quick-front-end-editor/#developers",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f5492bff-cfd9-41ed-a59b-4445d5e83e86?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-468xx/CVE-2021-46889.json b/CVE-2021/CVE-2021-468xx/CVE-2021-46889.json
new file mode 100644
index 00000000000..0553ebb8b16
--- /dev/null
+++ b/CVE-2021/CVE-2021-468xx/CVE-2021-46889.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2021-46889",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-07T14:15:09.640",
+ "lastModified": "2023-06-07T14:35:57.670",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS via theme_id for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-31693."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://packetstormsecurity.com/files/162227/WordPress-Photo-Gallery-1.5.69-Cross-Site-Scripting.html",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-03xx/CVE-2022-0360.json b/CVE-2022/CVE-2022-03xx/CVE-2022-0360.json
index 1968729f026..202b0a0ecdf 100644
--- a/CVE-2022/CVE-2022-03xx/CVE-2022-0360.json
+++ b/CVE-2022/CVE-2022-03xx/CVE-2022-0360.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-0360",
"sourceIdentifier": "contact@wpscan.com",
"published": "2022-02-28T09:15:09.043",
- "lastModified": "2022-03-08T16:36:29.600",
+ "lastModified": "2023-06-07T02:43:44.747",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:smackcoders:easy_drag_and_drop_all_import:*:*:*:*:*:wordpress:*:*",
+ "criteria": "cpe:2.3:a:smackcoders:import_all_pages\\,_post_types\\,_products\\,_orders\\,_and_users_as_xml_\\&_csv:*:*:*:*:wordpress:*:*:*",
"versionEndExcluding": "6.4.3",
- "matchCriteriaId": "414366FE-B774-42F9-B649-6C65F9D74F29"
+ "matchCriteriaId": "B7ABE294-3FB3-4189-9394-7B346C0B37C2"
}
]
}
diff --git a/CVE-2022/CVE-2022-19xx/CVE-2022-1977.json b/CVE-2022/CVE-2022-19xx/CVE-2022-1977.json
index f1dfe2f3bd5..9f2a7f3e9b1 100644
--- a/CVE-2022/CVE-2022-19xx/CVE-2022-1977.json
+++ b/CVE-2022/CVE-2022-19xx/CVE-2022-1977.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-1977",
"sourceIdentifier": "contact@wpscan.com",
"published": "2022-06-27T09:15:10.527",
- "lastModified": "2022-07-06T12:54:30.657",
+ "lastModified": "2023-06-07T15:06:55.573",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -94,9 +94,9 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:smackcoders:download_import_all_xml\\,_csv_\\&_txt_into_wordpress:*:*:*:*:*:wordpress:*:*",
+ "criteria": "cpe:2.3:a:smackcoders:import_all_pages\\,_post_types\\,_products\\,_orders\\,_and_users_as_xml_\\&_csv:*:*:*:*:wordpress:*:*:*",
"versionEndExcluding": "6.5.3",
- "matchCriteriaId": "961C4FB5-F5E3-49E7-BC20-69E986F57DE6"
+ "matchCriteriaId": "56DC31EC-7B43-47FC-9497-1683AA939B99"
}
]
}
diff --git a/CVE-2022/CVE-2022-220xx/CVE-2022-22060.json b/CVE-2022/CVE-2022-220xx/CVE-2022-22060.json
new file mode 100644
index 00000000000..9a6f71b5b9a
--- /dev/null
+++ b/CVE-2022/CVE-2022-220xx/CVE-2022-22060.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2022-22060",
+ "sourceIdentifier": "product-security@qualcomm.com",
+ "published": "2023-06-06T08:15:09.193",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Assertion occurs while processing Reconfiguration message due to improper validation"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "product-security@qualcomm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
+ "source": "product-security@qualcomm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-220xx/CVE-2022-22076.json b/CVE-2022/CVE-2022-220xx/CVE-2022-22076.json
new file mode 100644
index 00000000000..b69e6e3cf16
--- /dev/null
+++ b/CVE-2022/CVE-2022-220xx/CVE-2022-22076.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2022-22076",
+ "sourceIdentifier": "product-security@qualcomm.com",
+ "published": "2023-06-06T08:15:09.717",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "information disclosure due to cryptographic issue in Core during RPMB read request."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "product-security@qualcomm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.5,
+ "impactScore": 4.0
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
+ "source": "product-security@qualcomm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-258xx/CVE-2022-25834.json b/CVE-2022/CVE-2022-258xx/CVE-2022-25834.json
new file mode 100644
index 00000000000..2ca0f376bfb
--- /dev/null
+++ b/CVE-2022/CVE-2022-258xx/CVE-2022-25834.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2022-25834",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-07T01:15:38.987",
+ "lastModified": "2023-06-07T02:45:15.873",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://docs.percona.com/percona-xtrabackup/8.0/release-notes/8.0/8.0.32-26.0.html#improvements",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://www.percona.com/doc/percona-xtrabackup/2.4/index.html",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-28xx/CVE-2022-2880.json b/CVE-2022/CVE-2022-28xx/CVE-2022-2880.json
index 867d9591436..72b3846394e 100644
--- a/CVE-2022/CVE-2022-28xx/CVE-2022-2880.json
+++ b/CVE-2022/CVE-2022-28xx/CVE-2022-2880.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-2880",
"sourceIdentifier": "security@golang.org",
"published": "2022-10-14T15:15:18.090",
- "lastModified": "2023-03-03T15:42:13.457",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-08T21:15:15.697",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged."
+ "value": "Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged."
},
{
"lang": "es",
diff --git a/CVE-2022/CVE-2022-316xx/CVE-2022-31693.json b/CVE-2022/CVE-2022-316xx/CVE-2022-31693.json
new file mode 100644
index 00000000000..1e514b13d12
--- /dev/null
+++ b/CVE-2022/CVE-2022-316xx/CVE-2022-31693.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2022-31693",
+ "sourceIdentifier": "security@vmware.com",
+ "published": "2023-06-07T14:15:09.727",
+ "lastModified": "2023-06-07T14:35:57.670",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20221223-0009/",
+ "source": "security@vmware.com"
+ },
+ {
+ "url": "https://www.vmware.com/security/advisories/VMSA-2022-0029.html",
+ "source": "security@vmware.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-32xx/CVE-2022-3214.json b/CVE-2022/CVE-2022-32xx/CVE-2022-3214.json
index e77edb51c58..a1993a1109c 100644
--- a/CVE-2022/CVE-2022-32xx/CVE-2022-3214.json
+++ b/CVE-2022/CVE-2022-32xx/CVE-2022-3214.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-3214",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2022-09-16T19:15:10.087",
- "lastModified": "2022-09-21T15:25:34.953",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-05T23:15:09.853",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Version 1.8.0 and prior have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution."
+ "value": "Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to\u00a0\n\n1.9.03.009\n\n have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution.\n\n"
},
{
"lang": "es",
@@ -60,7 +60,7 @@
},
"weaknesses": [
{
- "source": "nvd@nist.gov",
+ "source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
@@ -70,7 +70,7 @@
]
},
{
- "source": "ics-cert@hq.dhs.gov",
+ "source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
diff --git a/CVE-2022/CVE-2022-32xx/CVE-2022-3243.json b/CVE-2022/CVE-2022-32xx/CVE-2022-3243.json
index 1a735898e0a..0f0a05b6eff 100644
--- a/CVE-2022/CVE-2022-32xx/CVE-2022-3243.json
+++ b/CVE-2022/CVE-2022-32xx/CVE-2022-3243.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-3243",
"sourceIdentifier": "contact@wpscan.com",
"published": "2022-10-17T12:15:10.597",
- "lastModified": "2022-10-20T19:26:41.870",
+ "lastModified": "2023-06-07T15:06:18.073",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -59,9 +59,9 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:smackcoders:an_ultimate_wordpress_importer_cum_migration_as_csv_\\&_xml:*:*:*:*:*:wordpress:*:*",
+ "criteria": "cpe:2.3:a:smackcoders:import_all_pages\\,_post_types\\,_products\\,_orders\\,_and_users_as_xml_\\&_csv:*:*:*:*:wordpress:*:*:*",
"versionEndExcluding": "6.5.8",
- "matchCriteriaId": "D49978A6-28D2-4086-808C-ED074C5B4A1B"
+ "matchCriteriaId": "00F99057-7DDD-4C18-B8A3-B6FAE83B2820"
}
]
}
diff --git a/CVE-2022/CVE-2022-32xx/CVE-2022-3244.json b/CVE-2022/CVE-2022-32xx/CVE-2022-3244.json
index cbcad1c16e4..1f54e406fc9 100644
--- a/CVE-2022/CVE-2022-32xx/CVE-2022-3244.json
+++ b/CVE-2022/CVE-2022-32xx/CVE-2022-3244.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-3244",
"sourceIdentifier": "contact@wpscan.com",
"published": "2022-10-17T12:15:10.657",
- "lastModified": "2022-10-20T19:31:31.963",
+ "lastModified": "2023-06-07T02:44:22.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -59,9 +59,9 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:smackcoders:an_ultimate_wordpress_importer_cum_migration_as_csv_\\&_xml:*:*:*:*:*:wordpress:*:*",
+ "criteria": "cpe:2.3:a:smackcoders:import_all_pages\\,_post_types\\,_products\\,_orders\\,_and_users_as_xml_\\&_csv:*:*:*:*:wordpress:*:*:*",
"versionEndExcluding": "6.5.8",
- "matchCriteriaId": "D49978A6-28D2-4086-808C-ED074C5B4A1B"
+ "matchCriteriaId": "00F99057-7DDD-4C18-B8A3-B6FAE83B2820"
}
]
}
diff --git a/CVE-2022/CVE-2022-332xx/CVE-2022-33224.json b/CVE-2022/CVE-2022-332xx/CVE-2022-33224.json
new file mode 100644
index 00000000000..6446077b09e
--- /dev/null
+++ b/CVE-2022/CVE-2022-332xx/CVE-2022-33224.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2022-33224",
+ "sourceIdentifier": "product-security@qualcomm.com",
+ "published": "2023-06-06T08:15:09.850",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Memory corruption in core due to buffer copy without check9ing the size of input while processing ioctl queries."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "product-security@qualcomm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
+ "source": "product-security@qualcomm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-332xx/CVE-2022-33226.json b/CVE-2022/CVE-2022-332xx/CVE-2022-33226.json
new file mode 100644
index 00000000000..2173021a5b3
--- /dev/null
+++ b/CVE-2022/CVE-2022-332xx/CVE-2022-33226.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2022-33226",
+ "sourceIdentifier": "product-security@qualcomm.com",
+ "published": "2023-06-06T08:15:10.000",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Memory corruption due to buffer copy without checking the size of input in Core while processing ioctl commands from diag client applications."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "product-security@qualcomm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
+ "source": "product-security@qualcomm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-332xx/CVE-2022-33227.json b/CVE-2022/CVE-2022-332xx/CVE-2022-33227.json
new file mode 100644
index 00000000000..777067a934a
--- /dev/null
+++ b/CVE-2022/CVE-2022-332xx/CVE-2022-33227.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2022-33227",
+ "sourceIdentifier": "product-security@qualcomm.com",
+ "published": "2023-06-06T08:15:10.163",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Memory corruption in Linux android due to double free while calling unregister provider after register call."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "product-security@qualcomm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
+ "source": "product-security@qualcomm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-332xx/CVE-2022-33230.json b/CVE-2022/CVE-2022-332xx/CVE-2022-33230.json
new file mode 100644
index 00000000000..74375b71740
--- /dev/null
+++ b/CVE-2022/CVE-2022-332xx/CVE-2022-33230.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2022-33230",
+ "sourceIdentifier": "product-security@qualcomm.com",
+ "published": "2023-06-06T08:15:10.320",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Memory corruption in FM Host due to buffer copy without checking the size of input in FM Host"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "product-security@qualcomm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
+ "source": "product-security@qualcomm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-332xx/CVE-2022-33240.json b/CVE-2022/CVE-2022-332xx/CVE-2022-33240.json
new file mode 100644
index 00000000000..f74ac02dd26
--- /dev/null
+++ b/CVE-2022/CVE-2022-332xx/CVE-2022-33240.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2022-33240",
+ "sourceIdentifier": "product-security@qualcomm.com",
+ "published": "2023-06-06T08:15:10.437",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Memory corruption in Audio due to incorrect type cast during audio use-cases."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "product-security@qualcomm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
+ "source": "product-security@qualcomm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-332xx/CVE-2022-33251.json b/CVE-2022/CVE-2022-332xx/CVE-2022-33251.json
new file mode 100644
index 00000000000..c1374971b23
--- /dev/null
+++ b/CVE-2022/CVE-2022-332xx/CVE-2022-33251.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2022-33251",
+ "sourceIdentifier": "product-security@qualcomm.com",
+ "published": "2023-06-06T08:15:10.560",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Transient DOS due to reachable assertion in Modem because of invalid network configuration."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "product-security@qualcomm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
+ "source": "product-security@qualcomm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-332xx/CVE-2022-33263.json b/CVE-2022/CVE-2022-332xx/CVE-2022-33263.json
new file mode 100644
index 00000000000..af757e92dc1
--- /dev/null
+++ b/CVE-2022/CVE-2022-332xx/CVE-2022-33263.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2022-33263",
+ "sourceIdentifier": "product-security@qualcomm.com",
+ "published": "2023-06-06T08:15:10.653",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Memory corruption due to use after free in Core when multiple DCI clients register and deregister."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "product-security@qualcomm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
+ "source": "product-security@qualcomm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-332xx/CVE-2022-33264.json b/CVE-2022/CVE-2022-332xx/CVE-2022-33264.json
new file mode 100644
index 00000000000..2039c57469c
--- /dev/null
+++ b/CVE-2022/CVE-2022-332xx/CVE-2022-33264.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2022-33264",
+ "sourceIdentifier": "product-security@qualcomm.com",
+ "published": "2023-06-06T08:15:10.740",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "product-security@qualcomm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.9,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.0,
+ "impactScore": 5.3
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
+ "source": "product-security@qualcomm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-332xx/CVE-2022-33267.json b/CVE-2022/CVE-2022-332xx/CVE-2022-33267.json
new file mode 100644
index 00000000000..c8f06f380e1
--- /dev/null
+++ b/CVE-2022/CVE-2022-332xx/CVE-2022-33267.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2022-33267",
+ "sourceIdentifier": "product-security@qualcomm.com",
+ "published": "2023-06-06T08:15:10.817",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Memory corruption in Linux while sending DRM request."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "product-security@qualcomm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
+ "source": "product-security@qualcomm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-333xx/CVE-2022-33303.json b/CVE-2022/CVE-2022-333xx/CVE-2022-33303.json
new file mode 100644
index 00000000000..e4cbdfa092c
--- /dev/null
+++ b/CVE-2022/CVE-2022-333xx/CVE-2022-33303.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2022-33303",
+ "sourceIdentifier": "product-security@qualcomm.com",
+ "published": "2023-06-06T08:15:10.903",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Transient DOS due to uncontrolled resource consumption in Linux kernel when malformed messages are sent from the Gunyah Resource Manager message queue."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "product-security@qualcomm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
+ "source": "product-security@qualcomm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-333xx/CVE-2022-33307.json b/CVE-2022/CVE-2022-333xx/CVE-2022-33307.json
new file mode 100644
index 00000000000..51c59cae964
--- /dev/null
+++ b/CVE-2022/CVE-2022-333xx/CVE-2022-33307.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2022-33307",
+ "sourceIdentifier": "product-security@qualcomm.com",
+ "published": "2023-06-06T08:15:10.993",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "product-security@qualcomm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.4,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.5,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
+ "source": "product-security@qualcomm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-357xx/CVE-2022-35742.json b/CVE-2022/CVE-2022-357xx/CVE-2022-35742.json
index 6b805d733d8..1a087622571 100644
--- a/CVE-2022/CVE-2022-357xx/CVE-2022-35742.json
+++ b/CVE-2022/CVE-2022-357xx/CVE-2022-35742.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-35742",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-06-01T02:15:09.420",
- "lastModified": "2023-06-01T13:00:35.567",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T18:20:13.760",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -38,10 +38,68 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*",
+ "matchCriteriaId": "40C15EDD-98D4-4D06-BA06-21AE0F33C72D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FF177984-A906-43FA-BF60-298133FBBD6B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:-:*:*:*",
+ "matchCriteriaId": "8D513A61-6427-4F85-AADF-99D6F223AF2B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:rt:*:*:*",
+ "matchCriteriaId": "DDA98A76-D0D1-4BFA-BEAC-1C2313F7B859"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E2B1657C-0FF4-461A-BE2A-641275C4B0A0"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35742",
- "source": "secure@microsoft.com"
+ "source": "secure@microsoft.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-357xx/CVE-2022-35743.json b/CVE-2022/CVE-2022-357xx/CVE-2022-35743.json
index 1aaaef7d65b..b04c46aece7 100644
--- a/CVE-2022/CVE-2022-357xx/CVE-2022-35743.json
+++ b/CVE-2022/CVE-2022-357xx/CVE-2022-35743.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-35743",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-31T19:15:16.203",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T17:45:47.143",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -34,10 +34,142 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-94"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.10240.19387",
+ "matchCriteriaId": "2EFA9C64-845A-4586-AC7E-40648401ABBA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.10240.19387",
+ "matchCriteriaId": "E6989C4C-9E9D-4E88-8DFF-FC45FF77B58C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.14393.5291",
+ "matchCriteriaId": "88477737-BB11-4827-8F46-4F3584294342"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.14393.5291",
+ "matchCriteriaId": "49F93CEE-F8F3-4748-8583-6508DD886571"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "E10FB53B-BB2F-4EE5-B8CA-3C382A844EA5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "85213B81-17AA-49D6-9CCD-FF760D4DA598"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "8BE348C7-853C-4F90-89B7-A43EF269ACE6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "10.0.19044.1889",
+ "matchCriteriaId": "4F8DCD6B-C358-48DE-B39C-99432DD427E3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "10.0.22000.856",
+ "matchCriteriaId": "AEAAF664-B70D-4228-B962-5D0AD81DD066"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
+ "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
+ "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_20h2:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "84F9B6B1-4FEE-4D4B-B35F-B07822CCD669"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35743",
- "source": "secure@microsoft.com"
+ "source": "secure@microsoft.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-357xx/CVE-2022-35744.json b/CVE-2022/CVE-2022-357xx/CVE-2022-35744.json
index 3fb5a4259bf..981abfd4fb7 100644
--- a/CVE-2022/CVE-2022-357xx/CVE-2022-35744.json
+++ b/CVE-2022/CVE-2022-357xx/CVE-2022-35744.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-35744",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-31T19:15:16.273",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T01:44:43.797",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -34,10 +34,191 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.10240.19387",
+ "matchCriteriaId": "2EFA9C64-845A-4586-AC7E-40648401ABBA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.10240.19387",
+ "matchCriteriaId": "E6989C4C-9E9D-4E88-8DFF-FC45FF77B58C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.14393.5291",
+ "matchCriteriaId": "88477737-BB11-4827-8F46-4F3584294342"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.14393.5291",
+ "matchCriteriaId": "49F93CEE-F8F3-4748-8583-6508DD886571"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "897654D8-62FE-4791-92FD-9BB107818CB7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "8782B6CE-955B-4C27-AC23-89712AB0164C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "AA7ABB50-E9E2-492D-8C0E-6BDA4AAD519C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "A1086CAA-244A-4579-B0E6-8981C1A762F0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "23E66457-1CE9-445E-8698-54A754FA9169"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "FE64DCEC-7E9E-40EA-98C0-1BD90750B8F6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "CB0CF625-97ED-4985-AA28-9D3110AD9CFB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "3DF68BAC-5D09-4A1A-9971-CF49D7B4ACDD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "B5D590DA-9C8F-408D-8236-2F3F859BBF4B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.22000.856",
+ "matchCriteriaId": "5A6DF122-390D-4736-9225-B06888C1940E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.22000.856",
+ "matchCriteriaId": "16091D00-29E1-47CD-8C9D-336B453337A8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
+ "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.3.9600.20520",
+ "matchCriteriaId": "BB297C81-A488-4C19-A036-70EDC8E40C5F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.3.9600.20520",
+ "matchCriteriaId": "1081F2CA-941D-4B7A-AC8D-A1223E2EDA1F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
+ "matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
+ "matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
+ "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_20h2:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "84F9B6B1-4FEE-4D4B-B35F-B07822CCD669"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35744",
- "source": "secure@microsoft.com"
+ "source": "secure@microsoft.com",
+ "tags": [
+ "Mitigation",
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-357xx/CVE-2022-35745.json b/CVE-2022/CVE-2022-357xx/CVE-2022-35745.json
index 745ffec1b98..9d7b2122963 100644
--- a/CVE-2022/CVE-2022-357xx/CVE-2022-35745.json
+++ b/CVE-2022/CVE-2022-357xx/CVE-2022-35745.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-35745",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-31T19:15:16.367",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T17:37:52.407",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -34,10 +34,141 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.10240.19387",
+ "matchCriteriaId": "2EFA9C64-845A-4586-AC7E-40648401ABBA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.10240.19387",
+ "matchCriteriaId": "E6989C4C-9E9D-4E88-8DFF-FC45FF77B58C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.14393.5291",
+ "matchCriteriaId": "88477737-BB11-4827-8F46-4F3584294342"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.14393.5291",
+ "matchCriteriaId": "49F93CEE-F8F3-4748-8583-6508DD886571"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "E10FB53B-BB2F-4EE5-B8CA-3C382A844EA5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "85213B81-17AA-49D6-9CCD-FF760D4DA598"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "8BE348C7-853C-4F90-89B7-A43EF269ACE6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "10.0.22000.856",
+ "matchCriteriaId": "AEAAF664-B70D-4228-B962-5D0AD81DD066"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
+ "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
+ "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
+ "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_20h2:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "84F9B6B1-4FEE-4D4B-B35F-B07822CCD669"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35745",
- "source": "secure@microsoft.com"
+ "source": "secure@microsoft.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-357xx/CVE-2022-35746.json b/CVE-2022/CVE-2022-357xx/CVE-2022-35746.json
index a339db9dce0..eed540b6ca8 100644
--- a/CVE-2022/CVE-2022-357xx/CVE-2022-35746.json
+++ b/CVE-2022/CVE-2022-357xx/CVE-2022-35746.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-35746",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-31T19:15:16.427",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T17:33:18.430",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -34,10 +34,132 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.10240.19387",
+ "matchCriteriaId": "2EFA9C64-845A-4586-AC7E-40648401ABBA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.10240.19387",
+ "matchCriteriaId": "E6989C4C-9E9D-4E88-8DFF-FC45FF77B58C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.14393.5291",
+ "matchCriteriaId": "88477737-BB11-4827-8F46-4F3584294342"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.14393.5291",
+ "matchCriteriaId": "49F93CEE-F8F3-4748-8583-6508DD886571"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "E10FB53B-BB2F-4EE5-B8CA-3C382A844EA5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "85213B81-17AA-49D6-9CCD-FF760D4DA598"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "8BE348C7-853C-4F90-89B7-A43EF269ACE6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "10.0.19044.1889",
+ "matchCriteriaId": "4F8DCD6B-C358-48DE-B39C-99432DD427E3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "10.0.22000.856",
+ "matchCriteriaId": "AEAAF664-B70D-4228-B962-5D0AD81DD066"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_20h2:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "84F9B6B1-4FEE-4D4B-B35F-B07822CCD669"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35746",
- "source": "secure@microsoft.com"
+ "source": "secure@microsoft.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-357xx/CVE-2022-35747.json b/CVE-2022/CVE-2022-357xx/CVE-2022-35747.json
index 564887eddd8..1c4690bfe94 100644
--- a/CVE-2022/CVE-2022-357xx/CVE-2022-35747.json
+++ b/CVE-2022/CVE-2022-357xx/CVE-2022-35747.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-35747",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-31T19:15:16.490",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T16:28:14.107",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -34,10 +34,147 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.10240.19387",
+ "matchCriteriaId": "2EFA9C64-845A-4586-AC7E-40648401ABBA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.10240.19387",
+ "matchCriteriaId": "E6989C4C-9E9D-4E88-8DFF-FC45FF77B58C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.14393.5291",
+ "matchCriteriaId": "88477737-BB11-4827-8F46-4F3584294342"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.14393.5291",
+ "matchCriteriaId": "49F93CEE-F8F3-4748-8583-6508DD886571"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "E10FB53B-BB2F-4EE5-B8CA-3C382A844EA5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "85213B81-17AA-49D6-9CCD-FF760D4DA598"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "8BE348C7-853C-4F90-89B7-A43EF269ACE6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "10.0.19044.1889",
+ "matchCriteriaId": "4F8DCD6B-C358-48DE-B39C-99432DD427E3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "10.0.22000.856",
+ "matchCriteriaId": "AEAAF664-B70D-4228-B962-5D0AD81DD066"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
+ "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
+ "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
+ "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_20h2:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "84F9B6B1-4FEE-4D4B-B35F-B07822CCD669"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35747",
- "source": "secure@microsoft.com"
+ "source": "secure@microsoft.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-357xx/CVE-2022-35748.json b/CVE-2022/CVE-2022-357xx/CVE-2022-35748.json
index 4e98dcf5f4b..7b6dfbd90d5 100644
--- a/CVE-2022/CVE-2022-357xx/CVE-2022-35748.json
+++ b/CVE-2022/CVE-2022-357xx/CVE-2022-35748.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-35748",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-31T19:15:16.550",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T16:23:58.707",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -34,10 +34,68 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_20h2:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "84F9B6B1-4FEE-4D4B-B35F-B07822CCD669"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35748",
- "source": "secure@microsoft.com"
+ "source": "secure@microsoft.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-357xx/CVE-2022-35749.json b/CVE-2022/CVE-2022-357xx/CVE-2022-35749.json
index 97834b059ae..1f295c0ae9b 100644
--- a/CVE-2022/CVE-2022-357xx/CVE-2022-35749.json
+++ b/CVE-2022/CVE-2022-357xx/CVE-2022-35749.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-35749",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-31T19:15:16.610",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T16:20:45.687",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -34,10 +34,126 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.10240.19387",
+ "matchCriteriaId": "2EFA9C64-845A-4586-AC7E-40648401ABBA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.10240.19387",
+ "matchCriteriaId": "E6989C4C-9E9D-4E88-8DFF-FC45FF77B58C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.14393.5291",
+ "matchCriteriaId": "88477737-BB11-4827-8F46-4F3584294342"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.14393.5291",
+ "matchCriteriaId": "49F93CEE-F8F3-4748-8583-6508DD886571"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "E10FB53B-BB2F-4EE5-B8CA-3C382A844EA5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "85213B81-17AA-49D6-9CCD-FF760D4DA598"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "8BE348C7-853C-4F90-89B7-A43EF269ACE6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "10.0.22000.856",
+ "matchCriteriaId": "AEAAF664-B70D-4228-B962-5D0AD81DD066"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_20h2:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "84F9B6B1-4FEE-4D4B-B35F-B07822CCD669"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35749",
- "source": "secure@microsoft.com"
+ "source": "secure@microsoft.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-357xx/CVE-2022-35750.json b/CVE-2022/CVE-2022-357xx/CVE-2022-35750.json
index c88734dab5f..23a8613b8d5 100644
--- a/CVE-2022/CVE-2022-357xx/CVE-2022-35750.json
+++ b/CVE-2022/CVE-2022-357xx/CVE-2022-35750.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-35750",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-31T19:15:16.677",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T20:54:17.420",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -34,10 +34,190 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.10240.19387",
+ "matchCriteriaId": "2EFA9C64-845A-4586-AC7E-40648401ABBA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.10240.19387",
+ "matchCriteriaId": "E6989C4C-9E9D-4E88-8DFF-FC45FF77B58C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.14393.5291",
+ "matchCriteriaId": "88477737-BB11-4827-8F46-4F3584294342"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.14393.5291",
+ "matchCriteriaId": "49F93CEE-F8F3-4748-8583-6508DD886571"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "897654D8-62FE-4791-92FD-9BB107818CB7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "8782B6CE-955B-4C27-AC23-89712AB0164C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "AA7ABB50-E9E2-492D-8C0E-6BDA4AAD519C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "A1086CAA-244A-4579-B0E6-8981C1A762F0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "23E66457-1CE9-445E-8698-54A754FA9169"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "FE64DCEC-7E9E-40EA-98C0-1BD90750B8F6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "CB0CF625-97ED-4985-AA28-9D3110AD9CFB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "3DF68BAC-5D09-4A1A-9971-CF49D7B4ACDD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "B5D590DA-9C8F-408D-8236-2F3F859BBF4B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.22000.856",
+ "matchCriteriaId": "5A6DF122-390D-4736-9225-B06888C1940E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.22000.856",
+ "matchCriteriaId": "16091D00-29E1-47CD-8C9D-336B453337A8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
+ "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.3.9600.20520",
+ "matchCriteriaId": "BB297C81-A488-4C19-A036-70EDC8E40C5F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.3.9600.20520",
+ "matchCriteriaId": "1081F2CA-941D-4B7A-AC8D-A1223E2EDA1F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
+ "matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
+ "matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
+ "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_20h2:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "84F9B6B1-4FEE-4D4B-B35F-B07822CCD669"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35750",
- "source": "secure@microsoft.com"
+ "source": "secure@microsoft.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-357xx/CVE-2022-35751.json b/CVE-2022/CVE-2022-357xx/CVE-2022-35751.json
index b4fff38139a..597a90f64dd 100644
--- a/CVE-2022/CVE-2022-357xx/CVE-2022-35751.json
+++ b/CVE-2022/CVE-2022-357xx/CVE-2022-35751.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-35751",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-31T19:15:16.747",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T21:08:04.577",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -34,10 +34,131 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.10240.19387",
+ "matchCriteriaId": "2EFA9C64-845A-4586-AC7E-40648401ABBA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.14393.5291",
+ "matchCriteriaId": "88477737-BB11-4827-8F46-4F3584294342"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "8782B6CE-955B-4C27-AC23-89712AB0164C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "23E66457-1CE9-445E-8698-54A754FA9169"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.22000.856",
+ "matchCriteriaId": "21644D2D-4D32-4849-A2E6-937320D5DD89"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.22000.856",
+ "matchCriteriaId": "16091D00-29E1-47CD-8C9D-336B453337A8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*",
+ "matchCriteriaId": "7FE8B00B-4F39-4755-A323-8AD71F5E3EBE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "6.3.9600.20520",
+ "matchCriteriaId": "2BCD529E-2497-4617-9076-89755BC06557"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.3.9600.20520",
+ "matchCriteriaId": "1081F2CA-941D-4B7A-AC8D-A1223E2EDA1F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
+ "matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
+ "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_20h2:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "84F9B6B1-4FEE-4D4B-B35F-B07822CCD669"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35751",
- "source": "secure@microsoft.com"
+ "source": "secure@microsoft.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-357xx/CVE-2022-35752.json b/CVE-2022/CVE-2022-357xx/CVE-2022-35752.json
index 1a6c29b789d..e3b1031bcd6 100644
--- a/CVE-2022/CVE-2022-357xx/CVE-2022-35752.json
+++ b/CVE-2022/CVE-2022-357xx/CVE-2022-35752.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-35752",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-31T19:15:16.813",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T20:49:37.877",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -34,10 +34,190 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.10240.19387",
+ "matchCriteriaId": "2EFA9C64-845A-4586-AC7E-40648401ABBA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.10240.19387",
+ "matchCriteriaId": "E6989C4C-9E9D-4E88-8DFF-FC45FF77B58C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.14393.5291",
+ "matchCriteriaId": "88477737-BB11-4827-8F46-4F3584294342"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.14393.5291",
+ "matchCriteriaId": "49F93CEE-F8F3-4748-8583-6508DD886571"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "897654D8-62FE-4791-92FD-9BB107818CB7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "8782B6CE-955B-4C27-AC23-89712AB0164C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "AA7ABB50-E9E2-492D-8C0E-6BDA4AAD519C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "A1086CAA-244A-4579-B0E6-8981C1A762F0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "23E66457-1CE9-445E-8698-54A754FA9169"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "FE64DCEC-7E9E-40EA-98C0-1BD90750B8F6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "CB0CF625-97ED-4985-AA28-9D3110AD9CFB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "3DF68BAC-5D09-4A1A-9971-CF49D7B4ACDD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "B5D590DA-9C8F-408D-8236-2F3F859BBF4B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.22000.856",
+ "matchCriteriaId": "5A6DF122-390D-4736-9225-B06888C1940E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.22000.856",
+ "matchCriteriaId": "16091D00-29E1-47CD-8C9D-336B453337A8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
+ "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.3.9600.20520",
+ "matchCriteriaId": "BB297C81-A488-4C19-A036-70EDC8E40C5F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.3.9600.20520",
+ "matchCriteriaId": "1081F2CA-941D-4B7A-AC8D-A1223E2EDA1F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
+ "matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
+ "matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
+ "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_20h2:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "84F9B6B1-4FEE-4D4B-B35F-B07822CCD669"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35752",
- "source": "secure@microsoft.com"
+ "source": "secure@microsoft.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-357xx/CVE-2022-35753.json b/CVE-2022/CVE-2022-357xx/CVE-2022-35753.json
index 8d264b8ee7d..c8c953545fc 100644
--- a/CVE-2022/CVE-2022-357xx/CVE-2022-35753.json
+++ b/CVE-2022/CVE-2022-357xx/CVE-2022-35753.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-35753",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-31T19:15:16.877",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T20:53:15.907",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -34,10 +34,190 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.10240.19387",
+ "matchCriteriaId": "2EFA9C64-845A-4586-AC7E-40648401ABBA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.10240.19387",
+ "matchCriteriaId": "E6989C4C-9E9D-4E88-8DFF-FC45FF77B58C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.14393.5291",
+ "matchCriteriaId": "88477737-BB11-4827-8F46-4F3584294342"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.14393.5291",
+ "matchCriteriaId": "49F93CEE-F8F3-4748-8583-6508DD886571"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "897654D8-62FE-4791-92FD-9BB107818CB7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "8782B6CE-955B-4C27-AC23-89712AB0164C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "AA7ABB50-E9E2-492D-8C0E-6BDA4AAD519C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "A1086CAA-244A-4579-B0E6-8981C1A762F0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "23E66457-1CE9-445E-8698-54A754FA9169"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "FE64DCEC-7E9E-40EA-98C0-1BD90750B8F6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "CB0CF625-97ED-4985-AA28-9D3110AD9CFB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "3DF68BAC-5D09-4A1A-9971-CF49D7B4ACDD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "B5D590DA-9C8F-408D-8236-2F3F859BBF4B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.22000.856",
+ "matchCriteriaId": "5A6DF122-390D-4736-9225-B06888C1940E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.22000.856",
+ "matchCriteriaId": "16091D00-29E1-47CD-8C9D-336B453337A8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
+ "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.3.9600.20520",
+ "matchCriteriaId": "BB297C81-A488-4C19-A036-70EDC8E40C5F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.3.9600.20520",
+ "matchCriteriaId": "1081F2CA-941D-4B7A-AC8D-A1223E2EDA1F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
+ "matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
+ "matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
+ "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_20h2:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "84F9B6B1-4FEE-4D4B-B35F-B07822CCD669"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35753",
- "source": "secure@microsoft.com"
+ "source": "secure@microsoft.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-357xx/CVE-2022-35754.json b/CVE-2022/CVE-2022-357xx/CVE-2022-35754.json
index 29e97bf27de..477beece516 100644
--- a/CVE-2022/CVE-2022-357xx/CVE-2022-35754.json
+++ b/CVE-2022/CVE-2022-357xx/CVE-2022-35754.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-35754",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-31T19:15:16.937",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T20:05:03.270",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -34,10 +34,175 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.10240.19387",
+ "matchCriteriaId": "2EFA9C64-845A-4586-AC7E-40648401ABBA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.10240.19387",
+ "matchCriteriaId": "E6989C4C-9E9D-4E88-8DFF-FC45FF77B58C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.14393.5291",
+ "matchCriteriaId": "88477737-BB11-4827-8F46-4F3584294342"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.14393.5291",
+ "matchCriteriaId": "49F93CEE-F8F3-4748-8583-6508DD886571"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "897654D8-62FE-4791-92FD-9BB107818CB7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "8782B6CE-955B-4C27-AC23-89712AB0164C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "AA7ABB50-E9E2-492D-8C0E-6BDA4AAD519C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "CB0CF625-97ED-4985-AA28-9D3110AD9CFB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "3DF68BAC-5D09-4A1A-9971-CF49D7B4ACDD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "B5D590DA-9C8F-408D-8236-2F3F859BBF4B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "48DBD396-1A41-4010-8329-40C75799FB61"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "A73BFCC4-E660-461D-94BA-746B4C066767"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "FC8AF724-4B64-480D-9E7E-7D656F8DF29C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.22000.856",
+ "matchCriteriaId": "5A6DF122-390D-4736-9225-B06888C1940E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.22000.856",
+ "matchCriteriaId": "16091D00-29E1-47CD-8C9D-336B453337A8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
+ "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.3.9600.20520",
+ "matchCriteriaId": "BB297C81-A488-4C19-A036-70EDC8E40C5F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.3.9600.20520",
+ "matchCriteriaId": "1081F2CA-941D-4B7A-AC8D-A1223E2EDA1F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_20h2:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "84F9B6B1-4FEE-4D4B-B35F-B07822CCD669"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35754",
- "source": "secure@microsoft.com"
+ "source": "secure@microsoft.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-357xx/CVE-2022-35755.json b/CVE-2022/CVE-2022-357xx/CVE-2022-35755.json
index 6a4fb5717bb..f874619efad 100644
--- a/CVE-2022/CVE-2022-357xx/CVE-2022-35755.json
+++ b/CVE-2022/CVE-2022-357xx/CVE-2022-35755.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-35755",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-31T19:15:17.000",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T20:23:36.523",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -34,10 +34,171 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.10240.19387",
+ "matchCriteriaId": "2EFA9C64-845A-4586-AC7E-40648401ABBA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.10240.19387",
+ "matchCriteriaId": "E6989C4C-9E9D-4E88-8DFF-FC45FF77B58C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.14393.5291",
+ "matchCriteriaId": "88477737-BB11-4827-8F46-4F3584294342"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.14393.5291",
+ "matchCriteriaId": "49F93CEE-F8F3-4748-8583-6508DD886571"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "897654D8-62FE-4791-92FD-9BB107818CB7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "8782B6CE-955B-4C27-AC23-89712AB0164C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "AA7ABB50-E9E2-492D-8C0E-6BDA4AAD519C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "A1086CAA-244A-4579-B0E6-8981C1A762F0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "23E66457-1CE9-445E-8698-54A754FA9169"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "FE64DCEC-7E9E-40EA-98C0-1BD90750B8F6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "CB0CF625-97ED-4985-AA28-9D3110AD9CFB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "3DF68BAC-5D09-4A1A-9971-CF49D7B4ACDD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "B5D590DA-9C8F-408D-8236-2F3F859BBF4B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.22000.856",
+ "matchCriteriaId": "5A6DF122-390D-4736-9225-B06888C1940E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.22000.856",
+ "matchCriteriaId": "16091D00-29E1-47CD-8C9D-336B453337A8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.3.9600.20520",
+ "matchCriteriaId": "BB297C81-A488-4C19-A036-70EDC8E40C5F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.3.9600.20520",
+ "matchCriteriaId": "1081F2CA-941D-4B7A-AC8D-A1223E2EDA1F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_20h2:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "84F9B6B1-4FEE-4D4B-B35F-B07822CCD669"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35755",
- "source": "secure@microsoft.com"
+ "source": "secure@microsoft.com",
+ "tags": [
+ "Mitigation",
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-357xx/CVE-2022-35756.json b/CVE-2022/CVE-2022-357xx/CVE-2022-35756.json
index c55c396d744..29ec51777f0 100644
--- a/CVE-2022/CVE-2022-357xx/CVE-2022-35756.json
+++ b/CVE-2022/CVE-2022-357xx/CVE-2022-35756.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-35756",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-31T19:15:17.063",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T19:57:41.927",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -34,10 +34,180 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.10240.19387",
+ "matchCriteriaId": "2EFA9C64-845A-4586-AC7E-40648401ABBA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.10240.19387",
+ "matchCriteriaId": "E6989C4C-9E9D-4E88-8DFF-FC45FF77B58C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.14393.5291",
+ "matchCriteriaId": "88477737-BB11-4827-8F46-4F3584294342"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.14393.5291",
+ "matchCriteriaId": "49F93CEE-F8F3-4748-8583-6508DD886571"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "897654D8-62FE-4791-92FD-9BB107818CB7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "8782B6CE-955B-4C27-AC23-89712AB0164C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "AA7ABB50-E9E2-492D-8C0E-6BDA4AAD519C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "A1086CAA-244A-4579-B0E6-8981C1A762F0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "23E66457-1CE9-445E-8698-54A754FA9169"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "FE64DCEC-7E9E-40EA-98C0-1BD90750B8F6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "CB0CF625-97ED-4985-AA28-9D3110AD9CFB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "3DF68BAC-5D09-4A1A-9971-CF49D7B4ACDD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "B5D590DA-9C8F-408D-8236-2F3F859BBF4B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.22000.856",
+ "matchCriteriaId": "5A6DF122-390D-4736-9225-B06888C1940E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.22000.856",
+ "matchCriteriaId": "16091D00-29E1-47CD-8C9D-336B453337A8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
+ "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.3.9600.20520",
+ "matchCriteriaId": "BB297C81-A488-4C19-A036-70EDC8E40C5F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.3.9600.20520",
+ "matchCriteriaId": "1081F2CA-941D-4B7A-AC8D-A1223E2EDA1F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
+ "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_20h2:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "84F9B6B1-4FEE-4D4B-B35F-B07822CCD669"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35756",
- "source": "secure@microsoft.com"
+ "source": "secure@microsoft.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-357xx/CVE-2022-35757.json b/CVE-2022/CVE-2022-357xx/CVE-2022-35757.json
index 70e0ca51277..8bdaa39c9ee 100644
--- a/CVE-2022/CVE-2022-357xx/CVE-2022-35757.json
+++ b/CVE-2022/CVE-2022-357xx/CVE-2022-35757.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-35757",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-31T19:15:17.123",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T19:59:53.807",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -34,10 +34,125 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "897654D8-62FE-4791-92FD-9BB107818CB7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "8782B6CE-955B-4C27-AC23-89712AB0164C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "AA7ABB50-E9E2-492D-8C0E-6BDA4AAD519C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "A1086CAA-244A-4579-B0E6-8981C1A762F0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "23E66457-1CE9-445E-8698-54A754FA9169"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "FE64DCEC-7E9E-40EA-98C0-1BD90750B8F6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "CB0CF625-97ED-4985-AA28-9D3110AD9CFB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "3DF68BAC-5D09-4A1A-9971-CF49D7B4ACDD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "A7074634-3E8A-46F3-A35B-A203020AFB3C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "67CFC65F-841B-4F8B-981D-A5F7F3413E69"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.22000.856",
+ "matchCriteriaId": "5A6DF122-390D-4736-9225-B06888C1940E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.22000.856",
+ "matchCriteriaId": "16091D00-29E1-47CD-8C9D-336B453337A8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_20h2:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "84F9B6B1-4FEE-4D4B-B35F-B07822CCD669"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35757",
- "source": "secure@microsoft.com"
+ "source": "secure@microsoft.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-357xx/CVE-2022-35758.json b/CVE-2022/CVE-2022-357xx/CVE-2022-35758.json
index 1273d0fa5fa..42ef7b566c4 100644
--- a/CVE-2022/CVE-2022-357xx/CVE-2022-35758.json
+++ b/CVE-2022/CVE-2022-357xx/CVE-2022-35758.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-35758",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-31T19:15:17.190",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T17:30:13.293",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -34,10 +34,190 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.10240.19387",
+ "matchCriteriaId": "2EFA9C64-845A-4586-AC7E-40648401ABBA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.10240.19387",
+ "matchCriteriaId": "E6989C4C-9E9D-4E88-8DFF-FC45FF77B58C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.14393.5291",
+ "matchCriteriaId": "88477737-BB11-4827-8F46-4F3584294342"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.14393.5291",
+ "matchCriteriaId": "49F93CEE-F8F3-4748-8583-6508DD886571"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "897654D8-62FE-4791-92FD-9BB107818CB7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "8782B6CE-955B-4C27-AC23-89712AB0164C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "AA7ABB50-E9E2-492D-8C0E-6BDA4AAD519C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "A1086CAA-244A-4579-B0E6-8981C1A762F0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "23E66457-1CE9-445E-8698-54A754FA9169"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "FE64DCEC-7E9E-40EA-98C0-1BD90750B8F6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "CB0CF625-97ED-4985-AA28-9D3110AD9CFB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "3DF68BAC-5D09-4A1A-9971-CF49D7B4ACDD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "B5D590DA-9C8F-408D-8236-2F3F859BBF4B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.22000.856",
+ "matchCriteriaId": "5A6DF122-390D-4736-9225-B06888C1940E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.22000.856",
+ "matchCriteriaId": "16091D00-29E1-47CD-8C9D-336B453337A8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
+ "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.3.9600.20520",
+ "matchCriteriaId": "BB297C81-A488-4C19-A036-70EDC8E40C5F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.3.9600.20520",
+ "matchCriteriaId": "1081F2CA-941D-4B7A-AC8D-A1223E2EDA1F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
+ "matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
+ "matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
+ "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_20h2:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "84F9B6B1-4FEE-4D4B-B35F-B07822CCD669"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35758",
- "source": "secure@microsoft.com"
+ "source": "secure@microsoft.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-357xx/CVE-2022-35759.json b/CVE-2022/CVE-2022-357xx/CVE-2022-35759.json
index 71a002fca4e..01d0d89be6a 100644
--- a/CVE-2022/CVE-2022-357xx/CVE-2022-35759.json
+++ b/CVE-2022/CVE-2022-357xx/CVE-2022-35759.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-35759",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-31T19:15:17.253",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T19:26:54.777",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -34,10 +34,190 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.10240.19387",
+ "matchCriteriaId": "2EFA9C64-845A-4586-AC7E-40648401ABBA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.10240.19387",
+ "matchCriteriaId": "E6989C4C-9E9D-4E88-8DFF-FC45FF77B58C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.14393.5291",
+ "matchCriteriaId": "88477737-BB11-4827-8F46-4F3584294342"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.14393.5291",
+ "matchCriteriaId": "49F93CEE-F8F3-4748-8583-6508DD886571"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "897654D8-62FE-4791-92FD-9BB107818CB7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "8782B6CE-955B-4C27-AC23-89712AB0164C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.17763.3287",
+ "matchCriteriaId": "AA7ABB50-E9E2-492D-8C0E-6BDA4AAD519C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "A1086CAA-244A-4579-B0E6-8981C1A762F0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "23E66457-1CE9-445E-8698-54A754FA9169"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.19042.1889",
+ "matchCriteriaId": "FE64DCEC-7E9E-40EA-98C0-1BD90750B8F6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "CB0CF625-97ED-4985-AA28-9D3110AD9CFB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "3DF68BAC-5D09-4A1A-9971-CF49D7B4ACDD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:x86:*",
+ "versionEndExcluding": "10.0.19043.1889",
+ "matchCriteriaId": "B5D590DA-9C8F-408D-8236-2F3F859BBF4B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
+ "versionEndExcluding": "10.0.22000.856",
+ "matchCriteriaId": "5A6DF122-390D-4736-9225-B06888C1940E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
+ "versionEndExcluding": "10.0.22000.856",
+ "matchCriteriaId": "16091D00-29E1-47CD-8C9D-336B453337A8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
+ "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.3.9600.20520",
+ "matchCriteriaId": "BB297C81-A488-4C19-A036-70EDC8E40C5F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.3.9600.20520",
+ "matchCriteriaId": "1081F2CA-941D-4B7A-AC8D-A1223E2EDA1F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
+ "matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
+ "matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
+ "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_server_20h2:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "84F9B6B1-4FEE-4D4B-B35F-B07822CCD669"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35759",
- "source": "secure@microsoft.com"
+ "source": "secure@microsoft.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-35xx/CVE-2022-3567.json b/CVE-2022/CVE-2022-35xx/CVE-2022-3567.json
index bc7902ceda9..9bb4d8f5c2a 100644
--- a/CVE-2022/CVE-2022-35xx/CVE-2022-3567.json
+++ b/CVE-2022/CVE-2022-35xx/CVE-2022-3567.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-3567",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-10-17T19:15:10.400",
- "lastModified": "2022-10-21T20:23:38.237",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-06-07T17:41:47.700",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -21,20 +21,20 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
- "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
- "privilegesRequired": "LOW",
+ "privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
- "confidentialityImpact": "HIGH",
- "integrityImpact": "HIGH",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
"availabilityImpact": "HIGH",
- "baseScore": 7.1,
- "baseSeverity": "HIGH"
+ "baseScore": 6.4,
+ "baseSeverity": "MEDIUM"
},
- "exploitabilityScore": 1.2,
- "impactScore": 5.9
+ "exploitabilityScore": 1.6,
+ "impactScore": 4.7
},
{
"source": "cna@vuldb.com",
diff --git a/CVE-2022/CVE-2022-377xx/CVE-2022-37704.json b/CVE-2022/CVE-2022-377xx/CVE-2022-37704.json
index 1d4c313c937..5defcbc4009 100644
--- a/CVE-2022/CVE-2022-377xx/CVE-2022-37704.json
+++ b/CVE-2022/CVE-2022-377xx/CVE-2022-37704.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-37704",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-16T01:15:06.823",
- "lastModified": "2023-05-30T12:15:09.477",
+ "lastModified": "2023-06-06T18:15:09.703",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -78,6 +78,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://github.com/zmanda/amanda/issues/192",
+ "source": "cve@mitre.org"
+ },
{
"url": "https://github.com/zmanda/amanda/pull/197",
"source": "cve@mitre.org",
@@ -95,6 +99,26 @@
{
"url": "https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3",
"source": "cve@mitre.org"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00025.html",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5DCLSX5YYTWMKSMDL67M5STZ5ZDSOXK/",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ATMGMVS3QDN6OMKMHGUTUTU7NS7HR3BZ/",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JYREA6LFXF5M7K4WLNJV5VNQPS4MTBW2/",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://marc.info/?l=amanda-hackers",
+ "source": "cve@mitre.org"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-377xx/CVE-2022-37705.json b/CVE-2022/CVE-2022-377xx/CVE-2022-37705.json
index 5ae347395cc..696efe65d0d 100644
--- a/CVE-2022/CVE-2022-377xx/CVE-2022-37705.json
+++ b/CVE-2022/CVE-2022-377xx/CVE-2022-37705.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-37705",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-16T01:15:06.867",
- "lastModified": "2023-05-30T12:15:09.590",
+ "lastModified": "2023-06-06T18:15:09.967",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -79,6 +79,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://github.com/zmanda/amanda/issues/192",
+ "source": "cve@mitre.org"
+ },
{
"url": "https://github.com/zmanda/amanda/pull/194",
"source": "cve@mitre.org",
@@ -103,6 +107,22 @@
{
"url": "https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3",
"source": "cve@mitre.org"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5DCLSX5YYTWMKSMDL67M5STZ5ZDSOXK/",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ATMGMVS3QDN6OMKMHGUTUTU7NS7HR3BZ/",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JYREA6LFXF5M7K4WLNJV5VNQPS4MTBW2/",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://marc.info/?l=amanda-hackers",
+ "source": "cve@mitre.org"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-390xx/CVE-2022-39071.json b/CVE-2022/CVE-2022-390xx/CVE-2022-39071.json
index 161188432d9..f5774febc3a 100644
--- a/CVE-2022/CVE-2022-390xx/CVE-2022-39071.json
+++ b/CVE-2022/CVE-2022-390xx/CVE-2022-39071.json
@@ -2,19 +2,535 @@
"id": "CVE-2022-39071",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2023-05-30T23:15:09.273",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T14:40:35.163",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could overwrite some system configuration files and user installers without user permission."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-Other"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_a52_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "m02",
+ "matchCriteriaId": "2DCC936C-DBBD-48AA-9137-F381048965E3"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_a52:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4375046D-68CA-46E5-969B-1285B69F0B7E"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_a51_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "m07",
+ "matchCriteriaId": "A7A6A9E2-8533-430C-97F4-8424C4D73869"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_a51:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F04649EA-CA70-464A-9757-F0C6AB4DE702"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_a3_lite_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "m09",
+ "matchCriteriaId": "C9597C54-7308-4B43-AF04-9E6A38022ABE"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_a3_lite:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5E58B690-37E5-4FC7-8E60-43B1E9246E24"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_a5_2020_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "m05",
+ "matchCriteriaId": "30C94446-4764-4FD7-9F67-15E3CD0D0D90"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_a5_2020:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0AF55F5F-0133-48D7-948B-C17713876B64"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_l210_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.14",
+ "matchCriteriaId": "4A78D396-C7E1-460A-9CD9-228D8A658DA5"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_l210:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "22FCAC68-6802-4F75-B74C-BF1A1027379E"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_a7s_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.2",
+ "matchCriteriaId": "1F0C095C-9442-43B6-8387-3FBBC1530834"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_a7s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "72824985-D247-42FD-830A-E14126BD9564"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_a31_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "m03",
+ "matchCriteriaId": "8A5A6D1A-B7C7-45C4-A804-23EDFF899C46"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_a31:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "28D8EE5A-2116-47C8-AB8C-C0E92B05A5CF"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_a31_plus_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "m04",
+ "matchCriteriaId": "7957E560-4710-444C-AE02-6D5B78FE2173"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_a31_plus:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "16A6D44D-8329-4184-9C96-125B1216A147"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_a5_2019_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "m13",
+ "matchCriteriaId": "8A2FA782-2B80-46C5-AA04-3B295A9F2FA1"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_a5_2019:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "603B4CB3-4820-4C52-8D7D-B6FA12986D69"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_a71_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.4",
+ "matchCriteriaId": "B0708E04-2747-4454-91A2-E6D4E8653330"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_a71:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D6A5874F-3ED4-43E9-A74C-46EE10A155FC"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_a72_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "11.0.3",
+ "matchCriteriaId": "4C68C556-C42D-4576-9D1C-659DCBFA6727"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_a72:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "61A5C21C-FF84-4F9D-AEB0-DF65BA7E95CC"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_v20_smart_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.14",
+ "matchCriteriaId": "0C2ABF13-488E-40EB-B38A-3952781584E9"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_v20_smart:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0D4B62DA-8444-4E2B-99EC-1E2C5D461884"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_v30_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.11",
+ "matchCriteriaId": "9D710F4D-160E-4EF7-9E14-DB191AF257DE"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_v30:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "96BA29D9-5F3B-4CED-9BB7-C592B96783E5"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_v30_vita_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.11",
+ "matchCriteriaId": "D0889637-EA9E-4246-ABC3-60EAEF5C83F2"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_v30_vita:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C8CD2AE-1E1A-4A7F-8EB4-2042B5133E1F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:v40_pro_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "11.0.4_9046",
+ "matchCriteriaId": "F23C14A8-9DC8-4F43-B33C-0CD1DDEF57B6"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:v40_pro:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FF7A3907-B6FE-404F-B88C-7534903D9821"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_v40_vita_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "11.0.2_8045",
+ "matchCriteriaId": "8198FF61-A3E0-4FB7-A44C-1A933E73F4F2"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_v40_vita:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2DFDF882-AA8A-4D2D-86C8-F91833E6A1C6"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:axon_40_ultra_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.0.0b26",
+ "matchCriteriaId": "8966DAC9-4EE0-41DE-988E-8D6E5F6A06E1"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:axon_40_ultra:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3C9F41AC-BCE6-416B-B11F-D86769525F9D"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664",
- "source": "psirt@zte.com.cn"
+ "source": "psirt@zte.com.cn",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-390xx/CVE-2022-39074.json b/CVE-2022/CVE-2022-390xx/CVE-2022-39074.json
index 597d60f2895..1fee905cc49 100644
--- a/CVE-2022/CVE-2022-390xx/CVE-2022-39074.json
+++ b/CVE-2022/CVE-2022-390xx/CVE-2022-39074.json
@@ -2,19 +2,535 @@
"id": "CVE-2022-39074",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2023-05-30T23:15:09.393",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T14:43:32.563",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.3,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-Other"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_a52_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "m02",
+ "matchCriteriaId": "2DCC936C-DBBD-48AA-9137-F381048965E3"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_a52:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4375046D-68CA-46E5-969B-1285B69F0B7E"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_a51_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "m07",
+ "matchCriteriaId": "A7A6A9E2-8533-430C-97F4-8424C4D73869"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_a51:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F04649EA-CA70-464A-9757-F0C6AB4DE702"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_a3_lite_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "m09",
+ "matchCriteriaId": "C9597C54-7308-4B43-AF04-9E6A38022ABE"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_a3_lite:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5E58B690-37E5-4FC7-8E60-43B1E9246E24"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_a5_2020_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "m05",
+ "matchCriteriaId": "30C94446-4764-4FD7-9F67-15E3CD0D0D90"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_a5_2020:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0AF55F5F-0133-48D7-948B-C17713876B64"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_l210_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.14",
+ "matchCriteriaId": "4A78D396-C7E1-460A-9CD9-228D8A658DA5"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_l210:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "22FCAC68-6802-4F75-B74C-BF1A1027379E"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_a7s_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.2",
+ "matchCriteriaId": "1F0C095C-9442-43B6-8387-3FBBC1530834"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_a7s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "72824985-D247-42FD-830A-E14126BD9564"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_a31_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "m03",
+ "matchCriteriaId": "8A5A6D1A-B7C7-45C4-A804-23EDFF899C46"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_a31:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "28D8EE5A-2116-47C8-AB8C-C0E92B05A5CF"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_a31_plus_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "m04",
+ "matchCriteriaId": "7957E560-4710-444C-AE02-6D5B78FE2173"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_a31_plus:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "16A6D44D-8329-4184-9C96-125B1216A147"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_a5_2019_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "m13",
+ "matchCriteriaId": "8A2FA782-2B80-46C5-AA04-3B295A9F2FA1"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_a5_2019:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "603B4CB3-4820-4C52-8D7D-B6FA12986D69"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_a71_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.4",
+ "matchCriteriaId": "B0708E04-2747-4454-91A2-E6D4E8653330"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_a71:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D6A5874F-3ED4-43E9-A74C-46EE10A155FC"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_a72_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "11.0.3",
+ "matchCriteriaId": "4C68C556-C42D-4576-9D1C-659DCBFA6727"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_a72:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "61A5C21C-FF84-4F9D-AEB0-DF65BA7E95CC"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_v20_smart_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.14",
+ "matchCriteriaId": "0C2ABF13-488E-40EB-B38A-3952781584E9"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_v20_smart:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0D4B62DA-8444-4E2B-99EC-1E2C5D461884"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_v30_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.11",
+ "matchCriteriaId": "9D710F4D-160E-4EF7-9E14-DB191AF257DE"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_v30:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "96BA29D9-5F3B-4CED-9BB7-C592B96783E5"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_v30_vita_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.11",
+ "matchCriteriaId": "D0889637-EA9E-4246-ABC3-60EAEF5C83F2"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_v30_vita:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C8CD2AE-1E1A-4A7F-8EB4-2042B5133E1F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:v40_pro_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "11.0.4_9046",
+ "matchCriteriaId": "F23C14A8-9DC8-4F43-B33C-0CD1DDEF57B6"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:v40_pro:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FF7A3907-B6FE-404F-B88C-7534903D9821"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_v40_vita_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "11.0.2_8045",
+ "matchCriteriaId": "8198FF61-A3E0-4FB7-A44C-1A933E73F4F2"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_v40_vita:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2DFDF882-AA8A-4D2D-86C8-F91833E6A1C6"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:axon_40_ultra_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.0.0b26",
+ "matchCriteriaId": "8966DAC9-4EE0-41DE-988E-8D6E5F6A06E1"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:axon_40_ultra:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3C9F41AC-BCE6-416B-B11F-D86769525F9D"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664",
- "source": "psirt@zte.com.cn"
+ "source": "psirt@zte.com.cn",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-390xx/CVE-2022-39075.json b/CVE-2022/CVE-2022-390xx/CVE-2022-39075.json
index beb7183d3cc..717b57000d2 100644
--- a/CVE-2022/CVE-2022-390xx/CVE-2022-39075.json
+++ b/CVE-2022/CVE-2022-390xx/CVE-2022-39075.json
@@ -2,19 +2,535 @@
"id": "CVE-2022-39075",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2023-05-30T23:15:09.447",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T14:47:22.173",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could delete some system files without user permission."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-Other"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_a52_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "m02",
+ "matchCriteriaId": "2DCC936C-DBBD-48AA-9137-F381048965E3"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_a52:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4375046D-68CA-46E5-969B-1285B69F0B7E"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_a51_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "m07",
+ "matchCriteriaId": "A7A6A9E2-8533-430C-97F4-8424C4D73869"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_a51:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F04649EA-CA70-464A-9757-F0C6AB4DE702"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_a3_lite_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "m09",
+ "matchCriteriaId": "C9597C54-7308-4B43-AF04-9E6A38022ABE"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_a3_lite:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5E58B690-37E5-4FC7-8E60-43B1E9246E24"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_a5_2020_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "m05",
+ "matchCriteriaId": "30C94446-4764-4FD7-9F67-15E3CD0D0D90"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_a5_2020:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0AF55F5F-0133-48D7-948B-C17713876B64"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_l210_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.14",
+ "matchCriteriaId": "4A78D396-C7E1-460A-9CD9-228D8A658DA5"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_l210:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "22FCAC68-6802-4F75-B74C-BF1A1027379E"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_a7s_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.2",
+ "matchCriteriaId": "1F0C095C-9442-43B6-8387-3FBBC1530834"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_a7s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "72824985-D247-42FD-830A-E14126BD9564"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_a31_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "m03",
+ "matchCriteriaId": "8A5A6D1A-B7C7-45C4-A804-23EDFF899C46"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_a31:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "28D8EE5A-2116-47C8-AB8C-C0E92B05A5CF"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_a31_plus_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "m04",
+ "matchCriteriaId": "7957E560-4710-444C-AE02-6D5B78FE2173"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_a31_plus:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "16A6D44D-8329-4184-9C96-125B1216A147"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_a5_2019_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "m13",
+ "matchCriteriaId": "8A2FA782-2B80-46C5-AA04-3B295A9F2FA1"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_a5_2019:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "603B4CB3-4820-4C52-8D7D-B6FA12986D69"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_a71_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.4",
+ "matchCriteriaId": "B0708E04-2747-4454-91A2-E6D4E8653330"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_a71:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D6A5874F-3ED4-43E9-A74C-46EE10A155FC"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_a72_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "11.0.3",
+ "matchCriteriaId": "4C68C556-C42D-4576-9D1C-659DCBFA6727"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_a72:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "61A5C21C-FF84-4F9D-AEB0-DF65BA7E95CC"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_v20_smart_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.14",
+ "matchCriteriaId": "0C2ABF13-488E-40EB-B38A-3952781584E9"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_v20_smart:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0D4B62DA-8444-4E2B-99EC-1E2C5D461884"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_v30_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.11",
+ "matchCriteriaId": "9D710F4D-160E-4EF7-9E14-DB191AF257DE"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_v30:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "96BA29D9-5F3B-4CED-9BB7-C592B96783E5"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_v30_vita_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.11",
+ "matchCriteriaId": "D0889637-EA9E-4246-ABC3-60EAEF5C83F2"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_v30_vita:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C8CD2AE-1E1A-4A7F-8EB4-2042B5133E1F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:v40_pro_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "11.0.4_9046",
+ "matchCriteriaId": "F23C14A8-9DC8-4F43-B33C-0CD1DDEF57B6"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:v40_pro:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FF7A3907-B6FE-404F-B88C-7534903D9821"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:blade_v40_vita_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "11.0.2_8045",
+ "matchCriteriaId": "8198FF61-A3E0-4FB7-A44C-1A933E73F4F2"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:blade_v40_vita:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2DFDF882-AA8A-4D2D-86C8-F91833E6A1C6"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zte:axon_40_ultra_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.0.0b26",
+ "matchCriteriaId": "8966DAC9-4EE0-41DE-988E-8D6E5F6A06E1"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zte:axon_40_ultra:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3C9F41AC-BCE6-416B-B11F-D86769525F9D"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664",
- "source": "psirt@zte.com.cn"
+ "source": "psirt@zte.com.cn",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-405xx/CVE-2022-40507.json b/CVE-2022/CVE-2022-405xx/CVE-2022-40507.json
new file mode 100644
index 00000000000..fd9589a2d62
--- /dev/null
+++ b/CVE-2022/CVE-2022-405xx/CVE-2022-40507.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2022-40507",
+ "sourceIdentifier": "product-security@qualcomm.com",
+ "published": "2023-06-06T08:15:11.097",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Memory corruption due to double free in Core while mapping HLOS address to the list."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "product-security@qualcomm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.4,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.5,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
+ "source": "product-security@qualcomm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-405xx/CVE-2022-40521.json b/CVE-2022/CVE-2022-405xx/CVE-2022-40521.json
new file mode 100644
index 00000000000..b3765e88a1c
--- /dev/null
+++ b/CVE-2022/CVE-2022-405xx/CVE-2022-40521.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2022-40521",
+ "sourceIdentifier": "product-security@qualcomm.com",
+ "published": "2023-06-06T08:15:11.180",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Transient DOS due to improper authorization in Modem"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "product-security@qualcomm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
+ "source": "product-security@qualcomm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-405xx/CVE-2022-40522.json b/CVE-2022/CVE-2022-405xx/CVE-2022-40522.json
new file mode 100644
index 00000000000..4b34f2f59b9
--- /dev/null
+++ b/CVE-2022/CVE-2022-405xx/CVE-2022-40522.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2022-40522",
+ "sourceIdentifier": "product-security@qualcomm.com",
+ "published": "2023-06-06T08:15:11.270",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Memory corruption in Linux Networking due to double free while handling a hyp-assign."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "product-security@qualcomm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.4,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.5,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
+ "source": "product-security@qualcomm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-405xx/CVE-2022-40523.json b/CVE-2022/CVE-2022-405xx/CVE-2022-40523.json
new file mode 100644
index 00000000000..2890fcf8e7c
--- /dev/null
+++ b/CVE-2022/CVE-2022-405xx/CVE-2022-40523.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2022-40523",
+ "sourceIdentifier": "product-security@qualcomm.com",
+ "published": "2023-06-06T08:15:11.357",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Information disclosure in Kernel due to indirect branch misprediction."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "product-security@qualcomm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.5,
+ "impactScore": 4.0
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
+ "source": "product-security@qualcomm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-405xx/CVE-2022-40525.json b/CVE-2022/CVE-2022-405xx/CVE-2022-40525.json
new file mode 100644
index 00000000000..318a808e834
--- /dev/null
+++ b/CVE-2022/CVE-2022-405xx/CVE-2022-40525.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2022-40525",
+ "sourceIdentifier": "product-security@qualcomm.com",
+ "published": "2023-06-06T08:15:11.447",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Information disclosure in Linux Networking Firmware due to unauthorized information leak during side channel analysis."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "product-security@qualcomm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.5,
+ "impactScore": 4.0
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
+ "source": "product-security@qualcomm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-405xx/CVE-2022-40529.json b/CVE-2022/CVE-2022-405xx/CVE-2022-40529.json
new file mode 100644
index 00000000000..60905913b5e
--- /dev/null
+++ b/CVE-2022/CVE-2022-405xx/CVE-2022-40529.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2022-40529",
+ "sourceIdentifier": "product-security@qualcomm.com",
+ "published": "2023-06-06T08:15:11.520",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Memory corruption due to improper access control in kernel while processing a mapping request from root process."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "product-security@qualcomm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
+ "source": "product-security@qualcomm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-405xx/CVE-2022-40533.json b/CVE-2022/CVE-2022-405xx/CVE-2022-40533.json
new file mode 100644
index 00000000000..ef30ec8450b
--- /dev/null
+++ b/CVE-2022/CVE-2022-405xx/CVE-2022-40533.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2022-40533",
+ "sourceIdentifier": "product-security@qualcomm.com",
+ "published": "2023-06-06T08:15:11.603",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Transient DOS due to untrusted Pointer Dereference in core while sending USB QMI request."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "product-security@qualcomm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.2,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.5,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
+ "source": "product-security@qualcomm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-405xx/CVE-2022-40536.json b/CVE-2022/CVE-2022-405xx/CVE-2022-40536.json
new file mode 100644
index 00000000000..4dd1bf1c469
--- /dev/null
+++ b/CVE-2022/CVE-2022-405xx/CVE-2022-40536.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2022-40536",
+ "sourceIdentifier": "product-security@qualcomm.com",
+ "published": "2023-06-06T08:15:11.680",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "product-security@qualcomm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
+ "source": "product-security@qualcomm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-405xx/CVE-2022-40538.json b/CVE-2022/CVE-2022-405xx/CVE-2022-40538.json
new file mode 100644
index 00000000000..5c5798d2b77
--- /dev/null
+++ b/CVE-2022/CVE-2022-405xx/CVE-2022-40538.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2022-40538",
+ "sourceIdentifier": "product-security@qualcomm.com",
+ "published": "2023-06-06T08:15:11.850",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Transient DOS due to reachable assertion in modem while processing sib with incorrect values from network."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "product-security@qualcomm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
+ "source": "product-security@qualcomm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-40xx/CVE-2022-4095.json b/CVE-2022/CVE-2022-40xx/CVE-2022-4095.json
index dd6bfa933f2..07c4a2a2ab8 100644
--- a/CVE-2022/CVE-2022-40xx/CVE-2022-4095.json
+++ b/CVE-2022/CVE-2022-40xx/CVE-2022-4095.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-4095",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-03-22T15:15:10.113",
- "lastModified": "2023-04-20T09:15:08.250",
- "vulnStatus": "Modified",
+ "lastModified": "2023-06-07T12:46:34.747",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -66,8 +66,51 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
- "versionEndExcluding": "6.0",
- "matchCriteriaId": "87B81C9D-7173-4FFB-97BC-9C41AB20A53C"
+ "versionStartIncluding": "2.6.37",
+ "versionEndExcluding": "4.9.328",
+ "matchCriteriaId": "9AC39563-8D49-42F4-952A-04264AAB2EF7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.10",
+ "versionEndExcluding": "4.14.293",
+ "matchCriteriaId": "5D9B742D-912D-4E0C-A42F-367086FDEA88"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.15",
+ "versionEndExcluding": "4.19.258",
+ "matchCriteriaId": "253D30F5-3734-4663-883A-288786D3B66E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.20",
+ "versionEndExcluding": "5.4.213",
+ "matchCriteriaId": "4C373116-9E23-44BA-A6B7-87C8BF5C3B85"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "5.5",
+ "versionEndExcluding": "5.10.142",
+ "matchCriteriaId": "D44AD643-5591-432E-BD41-C2C737F54AC0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "5.11",
+ "versionEndExcluding": "5.15.66",
+ "matchCriteriaId": "52AE7E2B-7BE3-4B8A-89CC-AB62434899A3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "5.16",
+ "versionEndExcluding": "5.19.8",
+ "matchCriteriaId": "7FEC7656-4CE2-424C-8830-EDB160E701C8"
},
{
"vulnerable": true,
@@ -94,12 +137,16 @@
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c53b3dcb9942b8ed7f81ee3921c4085d87070c73",
"source": "secalert@redhat.com",
"tags": [
- "Patch"
+ "Patch",
+ "Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230420-0005/",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-428xx/CVE-2022-42837.json b/CVE-2022/CVE-2022-428xx/CVE-2022-42837.json
index 827538f4644..2084dda9a52 100644
--- a/CVE-2022/CVE-2022-428xx/CVE-2022-42837.json
+++ b/CVE-2022/CVE-2022-428xx/CVE-2022-42837.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-42837",
"sourceIdentifier": "product-security@apple.com",
"published": "2022-12-15T19:15:23.220",
- "lastModified": "2023-01-09T17:00:11.030",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-08T00:15:09.373",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -122,6 +122,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "http://seclists.org/fulldisclosure/2022/Dec/27",
+ "source": "product-security@apple.com"
+ },
{
"url": "https://support.apple.com/en-us/HT213530",
"source": "product-security@apple.com",
@@ -153,6 +157,10 @@
"Release Notes",
"Vendor Advisory"
]
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213535",
+ "source": "product-security@apple.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-428xx/CVE-2022-42855.json b/CVE-2022/CVE-2022-428xx/CVE-2022-42855.json
index c0098858cde..db8f8fa5d17 100644
--- a/CVE-2022/CVE-2022-428xx/CVE-2022-42855.json
+++ b/CVE-2022/CVE-2022-428xx/CVE-2022-42855.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-42855",
"sourceIdentifier": "product-security@apple.com",
"published": "2022-12-15T19:15:25.067",
- "lastModified": "2023-01-23T19:04:26.753",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-06T23:15:08.950",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -189,6 +189,10 @@
"Release Notes",
"Vendor Advisory"
]
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213536",
+ "source": "product-security@apple.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-42xx/CVE-2022-4240.json b/CVE-2022/CVE-2022-42xx/CVE-2022-4240.json
index d23d11fb9ed..5c145ee9d1c 100644
--- a/CVE-2022/CVE-2022-42xx/CVE-2022-4240.json
+++ b/CVE-2022/CVE-2022-42xx/CVE-2022-4240.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-4240",
"sourceIdentifier": "psirt@honeywell.com",
"published": "2023-05-30T17:15:09.810",
- "lastModified": "2023-05-30T18:52:32.890",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T16:13:47.103",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
{
"source": "psirt@honeywell.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-306"
+ }
+ ]
+ },
{
"source": "psirt@honeywell.com",
"type": "Secondary",
@@ -46,10 +76,43 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:honeywell:onewireless_network_wireless_device_manager_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "r322.2",
+ "matchCriteriaId": "189C7318-C0AC-41A9-99AB-AB2BCB75E90B"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:honeywell:onewireless_network_wireless_device_manager:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "987B6E5F-C1B6-4764-A3B1-4AC7734B6D1D"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://process.honeywell.com/",
- "source": "psirt@honeywell.com"
+ "source": "psirt@honeywell.com",
+ "tags": [
+ "Product"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43485.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43485.json
index bb1a0282ec2..3e3cdf7a483 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43485.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43485.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43485",
"sourceIdentifier": "psirt@honeywell.com",
"published": "2023-05-30T17:15:09.573",
- "lastModified": "2023-05-30T18:52:32.890",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T14:20:30.337",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ },
{
"source": "psirt@honeywell.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-330"
+ }
+ ]
+ },
{
"source": "psirt@honeywell.com",
"type": "Secondary",
@@ -46,10 +76,43 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:honeywell:onewireless_network_wireless_device_manager_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "r322.2",
+ "matchCriteriaId": "189C7318-C0AC-41A9-99AB-AB2BCB75E90B"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:honeywell:onewireless_network_wireless_device_manager:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "987B6E5F-C1B6-4764-A3B1-4AC7734B6D1D"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://process.honeywell.com/",
- "source": "psirt@honeywell.com"
+ "source": "psirt@honeywell.com",
+ "tags": [
+ "Product"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-437xx/CVE-2022-43760.json b/CVE-2022/CVE-2022-437xx/CVE-2022-43760.json
index 0778d843955..70bfd863496 100644
--- a/CVE-2022/CVE-2022-437xx/CVE-2022-43760.json
+++ b/CVE-2022/CVE-2022-437xx/CVE-2022-43760.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43760",
"sourceIdentifier": "meissner@suse.de",
"published": "2023-06-01T13:15:10.373",
- "lastModified": "2023-06-01T14:01:50.967",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T18:35:26.330",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.4,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.7,
+ "impactScore": 6.0
+ },
{
"source": "meissner@suse.de",
"type": "Secondary",
@@ -46,14 +66,47 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "2.6.0",
+ "versionEndExcluding": "2.6.13",
+ "matchCriteriaId": "1E9E01CC-9BB4-4A69-8F2D-ECCA9CF59580"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "2.7.0",
+ "versionEndExcluding": "2.7.4",
+ "matchCriteriaId": "82B60ABA-3389-45F0-9F45-4D4D0D4738BC"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2022-43760",
- "source": "meissner@suse.de"
+ "source": "meissner@suse.de",
+ "tags": [
+ "Issue Tracking",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-46v3-ggjg-qq3x",
- "source": "meissner@suse.de"
+ "source": "meissner@suse.de",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-443xx/CVE-2022-44370.json b/CVE-2022/CVE-2022-443xx/CVE-2022-44370.json
index eccfdad917f..c759a9ea5d3 100644
--- a/CVE-2022/CVE-2022-443xx/CVE-2022-44370.json
+++ b/CVE-2022/CVE-2022-443xx/CVE-2022-44370.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-44370",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-29T20:15:07.250",
- "lastModified": "2023-04-05T14:28:05.013",
+ "lastModified": "2023-06-06T13:41:58.380",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -56,8 +56,13 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nasm:netwide_assembler:*:*:*:*:*:*:*:*",
- "versionEndExcluding": "2022-11-07",
- "matchCriteriaId": "48769528-531D-4DAB-B494-348ED7E0B507"
+ "versionEndExcluding": "2.16",
+ "matchCriteriaId": "01C54CD2-6751-42EC-AC5B-1BE49C020DA3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:nasm:netwide_assembler:2.16:rc1:*:*:*:*:*:*",
+ "matchCriteriaId": "33BF4907-64E2-409D-AA3F-14C1CE8690C7"
}
]
}
diff --git a/CVE-2022/CVE-2022-450xx/CVE-2022-45065.json b/CVE-2022/CVE-2022-450xx/CVE-2022-45065.json
index 7b5ae7a5df5..dcd7eb8479f 100644
--- a/CVE-2022/CVE-2022-450xx/CVE-2022-45065.json
+++ b/CVE-2022/CVE-2022-450xx/CVE-2022-45065.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-45065",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-08T15:15:09.580",
- "lastModified": "2023-05-11T18:29:25.107",
+ "lastModified": "2023-06-07T02:42:37.610",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -75,9 +75,9 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:squirrly:seo_plugin:*:*:*:*:*:wordpress:*:*",
+ "criteria": "cpe:2.3:a:squirrly:seo_plugin_by_squirrly_seo:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "12.1.20",
- "matchCriteriaId": "5A7AD543-276B-416C-B2F9-A8147196976E"
+ "matchCriteriaId": "6070CE1A-B01B-429E-8EED-763EDB2418B1"
}
]
}
diff --git a/CVE-2022/CVE-2022-458xx/CVE-2022-45853.json b/CVE-2022/CVE-2022-458xx/CVE-2022-45853.json
index eca5792316b..41e634ed67b 100644
--- a/CVE-2022/CVE-2022-458xx/CVE-2022-45853.json
+++ b/CVE-2022/CVE-2022-458xx/CVE-2022-45853.json
@@ -2,14 +2,359 @@
"id": "CVE-2022-45853",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-05-30T11:15:09.237",
- "lastModified": "2023-06-05T11:15:09.357",
- "vulnStatus": "Rejected",
+ "lastModified": "2023-06-06T21:08:54.183",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "** REJECT ** The privilege escalation vulnerability in the Zyxel GS1900-8HP firmware version\u00a0V2.70(AAHI.3) could allow an authenticated, local attacker with administrator privileges to execute some system commands as the \u201croot\u201d user on a vulnerable device via SSH."
+ "value": "The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version \n\nV2.70(AAHH.3)\u00a0and the GS1900-8HP firmware version\u00a0V2.70(AAHI.3) could allow an authenticated, local attacker with administrator privileges to execute some system commands as 'root' on a vulnerable device via SSH."
}
],
- "metrics": {},
- "references": []
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ },
+ {
+ "source": "security@zyxel.com.tw",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ },
+ {
+ "source": "security@zyxel.com.tw",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-269"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:gs1900-8_firmware:2.70\\(aahh.3\\):*:*:*:*:*:*:*",
+ "matchCriteriaId": "527D0BFB-F841-4DCE-8E00-16323FC46996"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "51D33F50-B5A4-4AEF-972C-7FF089C21D52"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:2.70\\(aahi.3\\):*:*:*:*:*:*:*",
+ "matchCriteriaId": "4AA6A7D0-96D8-4949-8DD8-47EE58E2ECE0"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "27602862-EFB7-402B-994E-254A0B210820"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:2.70\\(aazi.3\\):*:*:*:*:*:*:*",
+ "matchCriteriaId": "E2C468E7-4D3F-4BDB-9CAE-A63D2A931E04"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "89201505-07AF-4F9C-9304-46F2707DB9B4"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:gs1900-16_firmware:2.70\\(aahj.3\\):*:*:*:*:*:*:*",
+ "matchCriteriaId": "D131CC71-786E-435A-8D38-AEEEC2550EEF"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:gs1900-24_firmware:2.70\\(aahl.3\\):*:*:*:*:*:*:*",
+ "matchCriteriaId": "1A4D69A3-AD61-4FCA-B413-916ABFE1947E"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F4F55299-70D5-4CE1-A1EC-D79B469B94F7"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:gs1900-24e_firmware:2.70\\(aahk.3\\):*:*:*:*:*:*:*",
+ "matchCriteriaId": "2160CDCE-C645-4AEF-9197-54172C0BBE9A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:gs1900-24ep_firmware:2.70\\(abto.3\\):*:*:*:*:*:*:*",
+ "matchCriteriaId": "3DD99781-1BB0-40E0-A5AE-3529F2C47042"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:gs1900-24ep:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B22AA8B1-11E2-408F-A1F6-0F8AF32AB131"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:2.70\\(abtp.3\\):*:*:*:*:*:*:*",
+ "matchCriteriaId": "7B528417-3E19-4E00-A682-AFCD87D96D8B"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:gs1900-24hpv2:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "512D9A91-8DA7-47F1-AC77-AF743F99BFF3"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:gs1900-48_firmware:2.70\\(aahn.3\\):*:*:*:*:*:*:*",
+ "matchCriteriaId": "E4B3AE8C-CDC7-45F3-97CA-F5C2EE6B9D03"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CFB7D4BF-7D17-48D3-990D-4BADAC8BD868"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:2.70\\(abtq.3\\):*:*:*:*:*:*:*",
+ "matchCriteriaId": "309BFD9B-C152-4E8D-8E4A-FBDC65F17184"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:gs1900-48hpv2:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BC74C679-6D22-47E4-AE8A-2647B1AA4276"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-privilege-escalation-vulnerability-in-gs1900-series-switches",
+ "source": "security@zyxel.com.tw",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-458xx/CVE-2022-45869.json b/CVE-2022/CVE-2022-458xx/CVE-2022-45869.json
index eb8dda050ce..263ad2883df 100644
--- a/CVE-2022/CVE-2022-458xx/CVE-2022-45869.json
+++ b/CVE-2022/CVE-2022-458xx/CVE-2022-45869.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-45869",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-11-30T05:15:11.320",
- "lastModified": "2022-12-05T20:23:27.257",
+ "lastModified": "2023-06-06T13:59:04.920",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -53,41 +53,41 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:a:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*",
- "matchCriteriaId": "0D086F2E-A7D1-4174-9A52-4B0DBC9BCECF"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:a:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*",
- "matchCriteriaId": "2B95A00E-475B-4311-BA9E-9BB081F684D7"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:a:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*",
- "matchCriteriaId": "A737ED30-D70B-4B9E-9650-B08071A94F29"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:a:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*",
- "matchCriteriaId": "5C137C21-7E7A-421B-A8D2-80C64FCAA46A"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:a:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*",
- "matchCriteriaId": "3049B5AE-2CAB-48D3-98FB-0242F1995246"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:a:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*",
- "matchCriteriaId": "1A3419A9-F35F-4C62-8694-E741FAE26D93"
- },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
- "versionEndIncluding": "6.0",
- "matchCriteriaId": "C9220EF6-A3DD-43F1-9EAD-286CD7157F1C"
+ "versionEndExcluding": "6.1",
+ "matchCriteriaId": "9064B383-DD48-40A2-8947-F5BA6E6B6713"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*",
+ "matchCriteriaId": "E7E331DA-1FB0-4DEC-91AC-7DA69D461C11"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*",
+ "matchCriteriaId": "17F0B248-42CF-4AE6-A469-BB1BAE7F4705"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*",
+ "matchCriteriaId": "E2422816-0C14-4B5E-A1E6-A9D776E5C49B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*",
+ "matchCriteriaId": "1C6E00FE-5FB9-4D20-A1A1-5A32128F9B76"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*",
+ "matchCriteriaId": "35B26BE4-43A6-4A36-A7F6-5B3F572D9186"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*",
+ "matchCriteriaId": "3FFFB0B3-930D-408A-91E2-BAE0C2715D80"
}
]
}
diff --git a/CVE-2022/CVE-2022-45xx/CVE-2022-4569.json b/CVE-2022/CVE-2022-45xx/CVE-2022-4569.json
index 91225d2950c..b7b35288cd1 100644
--- a/CVE-2022/CVE-2022-45xx/CVE-2022-4569.json
+++ b/CVE-2022/CVE-2022-45xx/CVE-2022-4569.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-4569",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-06-05T21:15:10.413",
- "lastModified": "2023-06-05T21:15:10.413",
- "vulnStatus": "Received",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2022/CVE-2022-461xx/CVE-2022-46165.json b/CVE-2022/CVE-2022-461xx/CVE-2022-46165.json
new file mode 100644
index 00000000000..a04805f74b9
--- /dev/null
+++ b/CVE-2022/CVE-2022-461xx/CVE-2022-46165.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2022-46165",
+ "sourceIdentifier": "security-advisories@github.com",
+ "published": "2023-06-06T18:15:10.100",
+ "lastModified": "2023-06-06T18:33:59.493",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Syncthing is an open source, continuous file synchronization program. In versions prior to 1.23.5 a compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared folder settings and moves the mouse over the latest sync, a script could be executed to change settings for shared folders or add devices automatically. Additionally adding a new device with a malicious name could embed HTML or JavaScript inside parts of the page. As a result the webUI may be subject to a stored cross site scripting attack. This issue has been addressed in version 1.23.5. Users are advised to upgrade. Users unable to upgrade should avoid sharing folders with untrusted users."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.6,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 2.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/syncthing/syncthing/commit/73c52eafb6566435dffd979c3c49562b6d5a4238",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/syncthing/syncthing/security/advisories/GHSA-9rp6-23gf-4c3h",
+ "source": "security-advisories@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-463xx/CVE-2022-46361.json b/CVE-2022/CVE-2022-463xx/CVE-2022-46361.json
index 808caec9f8f..4093bf0d7ed 100644
--- a/CVE-2022/CVE-2022-463xx/CVE-2022-46361.json
+++ b/CVE-2022/CVE-2022-463xx/CVE-2022-46361.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-46361",
"sourceIdentifier": "psirt@honeywell.com",
"published": "2023-05-30T17:15:09.737",
- "lastModified": "2023-05-30T18:52:32.890",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T14:22:24.033",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "PHYSICAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.8,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.9,
+ "impactScore": 5.9
+ },
{
"source": "psirt@honeywell.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-78"
+ }
+ ]
+ },
{
"source": "psirt@honeywell.com",
"type": "Secondary",
@@ -46,10 +76,43 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:honeywell:onewireless_network_wireless_device_manager_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "r322.2",
+ "matchCriteriaId": "189C7318-C0AC-41A9-99AB-AB2BCB75E90B"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:honeywell:onewireless_network_wireless_device_manager:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "987B6E5F-C1B6-4764-A3B1-4AC7734B6D1D"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://process.honeywell.com/",
- "source": "psirt@honeywell.com"
+ "source": "psirt@honeywell.com",
+ "tags": [
+ "Product"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-467xx/CVE-2022-46703.json b/CVE-2022/CVE-2022-467xx/CVE-2022-46703.json
index 1eb4aef0ce6..72ca78a4444 100644
--- a/CVE-2022/CVE-2022-467xx/CVE-2022-46703.json
+++ b/CVE-2022/CVE-2022-467xx/CVE-2022-46703.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-46703",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-04-10T19:15:07.080",
- "lastModified": "2023-05-12T09:15:10.070",
+ "lastModified": "2023-06-06T23:15:09.300",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -118,6 +118,10 @@
{
"url": "https://support.apple.com/kb/HT213533",
"source": "product-security@apple.com"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213536",
+ "source": "product-security@apple.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-467xx/CVE-2022-46705.json b/CVE-2022/CVE-2022-467xx/CVE-2022-46705.json
index beaa4d122a0..e3785718a5c 100644
--- a/CVE-2022/CVE-2022-467xx/CVE-2022-46705.json
+++ b/CVE-2022/CVE-2022-467xx/CVE-2022-46705.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-46705",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-02-27T20:15:12.820",
- "lastModified": "2023-05-01T22:15:09.363",
+ "lastModified": "2023-06-08T00:15:09.470",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -111,6 +111,14 @@
"url": "https://support.apple.com/kb/HT213531",
"source": "product-security@apple.com"
},
+ {
+ "url": "https://support.apple.com/kb/HT213535",
+ "source": "product-security@apple.com"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213536",
+ "source": "product-security@apple.com"
+ },
{
"url": "https://support.apple.com/kb/HT213676",
"source": "product-security@apple.com"
diff --git a/CVE-2022/CVE-2022-467xx/CVE-2022-46717.json b/CVE-2022/CVE-2022-467xx/CVE-2022-46717.json
index 2dcf3a7e703..d952966ea2c 100644
--- a/CVE-2022/CVE-2022-467xx/CVE-2022-46717.json
+++ b/CVE-2022/CVE-2022-467xx/CVE-2022-46717.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-46717",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-04-10T19:15:07.200",
- "lastModified": "2023-04-14T22:49:39.843",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-06T23:15:09.547",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -78,6 +78,10 @@
"Release Notes",
"Vendor Advisory"
]
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213536",
+ "source": "product-security@apple.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-46xx/CVE-2022-4603.json b/CVE-2022/CVE-2022-46xx/CVE-2022-4603.json
index 912015ecba1..0e4dd10d742 100644
--- a/CVE-2022/CVE-2022-46xx/CVE-2022-4603.json
+++ b/CVE-2022/CVE-2022-46xx/CVE-2022-4603.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-4603",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-12-18T11:15:11.077",
- "lastModified": "2022-12-22T18:42:05.243",
+ "lastModified": "2023-06-06T13:40:00.710",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -80,14 +80,14 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samba:ppp:*:*:*:*:*:linux:*:*",
- "versionEndExcluding": "2022-08-03",
- "matchCriteriaId": "E3E80C5C-3986-4B09-B388-87B01C431D10"
+ "versionEndExcluding": "2.5.0",
+ "matchCriteriaId": "82258314-09F8-4FC4-AE29-9A2239BC1D4A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samba:ppp:*:*:*:*:*:solaris:*:*",
- "versionEndExcluding": "2022-08-03",
- "matchCriteriaId": "45AC70A7-9BA4-4711-9C17-DA577FF42DDF"
+ "versionEndExcluding": "2.5.0",
+ "matchCriteriaId": "37D1F089-E855-46FB-B784-B82019B1D02E"
}
]
}
diff --git a/CVE-2022/CVE-2022-470xx/CVE-2022-47028.json b/CVE-2022/CVE-2022-470xx/CVE-2022-47028.json
index 9e5d48ce573..5b17f07991d 100644
--- a/CVE-2022/CVE-2022-470xx/CVE-2022-47028.json
+++ b/CVE-2022/CVE-2022-470xx/CVE-2022-47028.json
@@ -2,19 +2,75 @@
"id": "CVE-2022-47028",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-30T20:15:09.947",
- "lastModified": "2023-05-30T21:10:02.053",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T17:45:08.877",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in Action Launcher for Android v50.5 allows an attacker to cause a denial of service via arbitary data injection to function insert."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-74"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:actionlauncher:action_launcher:50.5:*:*:*:*:android:*:*",
+ "matchCriteriaId": "3D8B2ED4-A4BC-4FBB-A19A-36A59D9FADD9"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2022-47028/CVE%20detailed.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-470xx/CVE-2022-47029.json b/CVE-2022/CVE-2022-470xx/CVE-2022-47029.json
index 71d97b711f7..63afd63b723 100644
--- a/CVE-2022/CVE-2022-470xx/CVE-2022-47029.json
+++ b/CVE-2022/CVE-2022-470xx/CVE-2022-47029.json
@@ -2,19 +2,75 @@
"id": "CVE-2022-47029",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-30T20:15:09.993",
- "lastModified": "2023-05-30T21:10:02.053",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T18:03:49.330",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was found in Action Launcher v50.5 allows an attacker to escalate privilege via modification of the intent string to function update."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:actionlauncher:action_launcher:50.5:*:*:*:*:android:*:*",
+ "matchCriteriaId": "3D8B2ED4-A4BC-4FBB-A19A-36A59D9FADD9"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2022-47029/CVE%20detailed.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-475xx/CVE-2022-47525.json b/CVE-2022/CVE-2022-475xx/CVE-2022-47525.json
index f3a0713dd00..faeff8c521b 100644
--- a/CVE-2022/CVE-2022-475xx/CVE-2022-47525.json
+++ b/CVE-2022/CVE-2022-475xx/CVE-2022-47525.json
@@ -2,23 +2,93 @@
"id": "CVE-2022-47525",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T00:15:09.600",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T14:55:36.280",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a Divide-by-Zero vulnerability in the packet parser. A remote attacker could leverage this vulnerability to cause a denial-of-service. Exploitation of this issue does not require user interaction."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-369"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fox-it:fox_datadiode_firmware:3.4.3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "40CFFED0-0DB1-465B-ACFB-200DF1142503"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:fox-it:fox_datadiode:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CCE8FA93-9DAE-42B4-ABB9-BB66CD95F921"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://www.fox-it.com/nl-en/fox-crypto/fox-datadiode/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
},
{
"url": "https://www.fox-it.com/nl-en/software-vulnerability-report/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-475xx/CVE-2022-47526.json b/CVE-2022/CVE-2022-475xx/CVE-2022-47526.json
index 7a432df55b4..e69cfc3f9bd 100644
--- a/CVE-2022/CVE-2022-475xx/CVE-2022-47526.json
+++ b/CVE-2022/CVE-2022-475xx/CVE-2022-47526.json
@@ -2,23 +2,93 @@
"id": "CVE-2022-47526",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T00:15:09.647",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T15:10:19.793",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a path traversal vulnerability with resultant arbitrary writing of files. A remote attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the downstream node user. Exploitation of this issue does not require user interaction."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fox-it:fox_datadiode_firmware:3.4.3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "40CFFED0-0DB1-465B-ACFB-200DF1142503"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:fox-it:fox_datadiode:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CCE8FA93-9DAE-42B4-ABB9-BB66CD95F921"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://www.fox-it.com/nl-en/fox-crypto/fox-datadiode/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
},
{
"url": "https://www.fox-it.com/nl-en/software-vulnerability-report/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-481xx/CVE-2022-48181.json b/CVE-2022/CVE-2022-481xx/CVE-2022-48181.json
new file mode 100644
index 00000000000..e86d93649b5
--- /dev/null
+++ b/CVE-2022/CVE-2022-481xx/CVE-2022-48181.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2022-48181",
+ "sourceIdentifier": "psirt@lenovo.com",
+ "published": "2023-06-05T22:15:11.383",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "psirt@lenovo.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "psirt@lenovo.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://support.lenovo.com/us/en/product_security/LEN-124495",
+ "source": "psirt@lenovo.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-481xx/CVE-2022-48188.json b/CVE-2022/CVE-2022-481xx/CVE-2022-48188.json
new file mode 100644
index 00000000000..b8f243eb87f
--- /dev/null
+++ b/CVE-2022/CVE-2022-481xx/CVE-2022-48188.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2022-48188",
+ "sourceIdentifier": "psirt@lenovo.com",
+ "published": "2023-06-05T22:15:11.563",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "psirt@lenovo.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "psirt@lenovo.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://support.lenovo.com/us/en/product_security/LEN-124495",
+ "source": "psirt@lenovo.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-483xx/CVE-2022-48390.json b/CVE-2022/CVE-2022-483xx/CVE-2022-48390.json
new file mode 100644
index 00000000000..8e4fe95ee9a
--- /dev/null
+++ b/CVE-2022/CVE-2022-483xx/CVE-2022-48390.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2022-48390",
+ "sourceIdentifier": "security@unisoc.com",
+ "published": "2023-06-06T06:15:48.860",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In telephony service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1664822361414762498",
+ "source": "security@unisoc.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-483xx/CVE-2022-48391.json b/CVE-2022/CVE-2022-483xx/CVE-2022-48391.json
new file mode 100644
index 00000000000..d2b534ea042
--- /dev/null
+++ b/CVE-2022/CVE-2022-483xx/CVE-2022-48391.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2022-48391",
+ "sourceIdentifier": "security@unisoc.com",
+ "published": "2023-06-06T06:15:49.483",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1664822361414762498",
+ "source": "security@unisoc.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-483xx/CVE-2022-48392.json b/CVE-2022/CVE-2022-483xx/CVE-2022-48392.json
new file mode 100644
index 00000000000..4508fd3028e
--- /dev/null
+++ b/CVE-2022/CVE-2022-483xx/CVE-2022-48392.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2022-48392",
+ "sourceIdentifier": "security@unisoc.com",
+ "published": "2023-06-06T06:15:49.687",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In dialer service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1664822361414762498",
+ "source": "security@unisoc.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-484xx/CVE-2022-48423.json b/CVE-2022/CVE-2022-484xx/CVE-2022-48423.json
index a1b90c8dc50..fff16a7bcd4 100644
--- a/CVE-2022/CVE-2022-484xx/CVE-2022-48423.json
+++ b/CVE-2022/CVE-2022-484xx/CVE-2022-48423.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-48423",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-19T03:15:11.087",
- "lastModified": "2023-05-05T20:15:09.720",
- "vulnStatus": "Modified",
+ "lastModified": "2023-06-07T12:46:40.667",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -71,19 +71,24 @@
"tags": [
"Mailing List",
"Patch",
- "Release Notes"
+ "Release Notes",
+ "Vendor Advisory"
]
},
{
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54e45702b648b7c0000e90b3e9b890e367e16ea8",
"source": "cve@mitre.org",
"tags": [
- "Patch"
+ "Patch",
+ "Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230505-0003/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-484xx/CVE-2022-48424.json b/CVE-2022/CVE-2022-484xx/CVE-2022-48424.json
index d533ae81108..5cf363f06cd 100644
--- a/CVE-2022/CVE-2022-484xx/CVE-2022-48424.json
+++ b/CVE-2022/CVE-2022-484xx/CVE-2022-48424.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-48424",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-19T03:15:11.560",
- "lastModified": "2023-05-05T20:15:09.813",
- "vulnStatus": "Modified",
+ "lastModified": "2023-06-07T12:47:03.713",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -56,8 +56,23 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "5.15",
+ "versionEndExcluding": "5.15.87",
+ "matchCriteriaId": "AF34DC7D-4D5D-4D9C-B1B4-FAE010E910F2"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "5.16",
+ "versionEndExcluding": "6.0.17",
+ "matchCriteriaId": "05B2AE8A-556C-47C1-9119-DBAC5EB60947"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "6.1",
"versionEndExcluding": "6.1.3",
- "matchCriteriaId": "47C59C1B-350F-4E76-8B04-2C936050A318"
+ "matchCriteriaId": "70594F60-3413-4969-AFD7-965266760EA6"
}
]
}
@@ -71,19 +86,24 @@
"tags": [
"Mailing List",
"Patch",
- "Release Notes"
+ "Release Notes",
+ "Vendor Advisory"
]
},
{
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4f1dc7d9756e66f3f876839ea174df2e656b7f79",
"source": "cve@mitre.org",
"tags": [
- "Patch"
+ "Patch",
+ "Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230505-0002/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-484xx/CVE-2022-48438.json b/CVE-2022/CVE-2022-484xx/CVE-2022-48438.json
new file mode 100644
index 00000000000..ab31c57211d
--- /dev/null
+++ b/CVE-2022/CVE-2022-484xx/CVE-2022-48438.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2022-48438",
+ "sourceIdentifier": "security@unisoc.com",
+ "published": "2023-06-06T06:15:49.810",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In cp_dump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1664822361414762498",
+ "source": "security@unisoc.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-484xx/CVE-2022-48439.json b/CVE-2022/CVE-2022-484xx/CVE-2022-48439.json
new file mode 100644
index 00000000000..600d8743c50
--- /dev/null
+++ b/CVE-2022/CVE-2022-484xx/CVE-2022-48439.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2022-48439",
+ "sourceIdentifier": "security@unisoc.com",
+ "published": "2023-06-06T06:15:49.933",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In cp_dump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1664822361414762498",
+ "source": "security@unisoc.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-484xx/CVE-2022-48440.json b/CVE-2022/CVE-2022-484xx/CVE-2022-48440.json
new file mode 100644
index 00000000000..480b11ecf32
--- /dev/null
+++ b/CVE-2022/CVE-2022-484xx/CVE-2022-48440.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2022-48440",
+ "sourceIdentifier": "security@unisoc.com",
+ "published": "2023-06-06T06:15:50.140",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1664822361414762498",
+ "source": "security@unisoc.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-484xx/CVE-2022-48441.json b/CVE-2022/CVE-2022-484xx/CVE-2022-48441.json
new file mode 100644
index 00000000000..5ea31e8e0db
--- /dev/null
+++ b/CVE-2022/CVE-2022-484xx/CVE-2022-48441.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2022-48441",
+ "sourceIdentifier": "security@unisoc.com",
+ "published": "2023-06-06T06:15:50.247",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1664822361414762498",
+ "source": "security@unisoc.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-484xx/CVE-2022-48442.json b/CVE-2022/CVE-2022-484xx/CVE-2022-48442.json
new file mode 100644
index 00000000000..f8ac2972761
--- /dev/null
+++ b/CVE-2022/CVE-2022-484xx/CVE-2022-48442.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2022-48442",
+ "sourceIdentifier": "security@unisoc.com",
+ "published": "2023-06-06T06:15:50.410",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1664822361414762498",
+ "source": "security@unisoc.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-484xx/CVE-2022-48443.json b/CVE-2022/CVE-2022-484xx/CVE-2022-48443.json
new file mode 100644
index 00000000000..1dbac0dcb8c
--- /dev/null
+++ b/CVE-2022/CVE-2022-484xx/CVE-2022-48443.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2022-48443",
+ "sourceIdentifier": "security@unisoc.com",
+ "published": "2023-06-06T06:15:50.607",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1664822361414762498",
+ "source": "security@unisoc.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-484xx/CVE-2022-48444.json b/CVE-2022/CVE-2022-484xx/CVE-2022-48444.json
new file mode 100644
index 00000000000..ad1cf1bec6f
--- /dev/null
+++ b/CVE-2022/CVE-2022-484xx/CVE-2022-48444.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2022-48444",
+ "sourceIdentifier": "security@unisoc.com",
+ "published": "2023-06-06T06:15:50.703",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1664822361414762498",
+ "source": "security@unisoc.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-484xx/CVE-2022-48445.json b/CVE-2022/CVE-2022-484xx/CVE-2022-48445.json
new file mode 100644
index 00000000000..b3b0cb630ae
--- /dev/null
+++ b/CVE-2022/CVE-2022-484xx/CVE-2022-48445.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2022-48445",
+ "sourceIdentifier": "security@unisoc.com",
+ "published": "2023-06-06T06:15:50.853",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1664822361414762498",
+ "source": "security@unisoc.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-484xx/CVE-2022-48446.json b/CVE-2022/CVE-2022-484xx/CVE-2022-48446.json
new file mode 100644
index 00000000000..1477a147f8f
--- /dev/null
+++ b/CVE-2022/CVE-2022-484xx/CVE-2022-48446.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2022-48446",
+ "sourceIdentifier": "security@unisoc.com",
+ "published": "2023-06-06T06:15:50.943",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1664822361414762498",
+ "source": "security@unisoc.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-484xx/CVE-2022-48447.json b/CVE-2022/CVE-2022-484xx/CVE-2022-48447.json
new file mode 100644
index 00000000000..3b1bb764342
--- /dev/null
+++ b/CVE-2022/CVE-2022-484xx/CVE-2022-48447.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2022-48447",
+ "sourceIdentifier": "security@unisoc.com",
+ "published": "2023-06-06T06:15:51.080",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1664822361414762498",
+ "source": "security@unisoc.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-484xx/CVE-2022-48448.json b/CVE-2022/CVE-2022-484xx/CVE-2022-48448.json
new file mode 100644
index 00000000000..4fb30e92f1d
--- /dev/null
+++ b/CVE-2022/CVE-2022-484xx/CVE-2022-48448.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2022-48448",
+ "sourceIdentifier": "security@unisoc.com",
+ "published": "2023-06-06T06:15:51.200",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1664822361414762498",
+ "source": "security@unisoc.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48502.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48502.json
index 225310ed901..46da2daef92 100644
--- a/CVE-2022/CVE-2022-485xx/CVE-2022-48502.json
+++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48502.json
@@ -2,27 +2,95 @@
"id": "CVE-2022-48502",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T20:15:10.303",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T01:35:45.527",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfs_set_ea in fs/ntfs3/xattr.c."
+ },
+ {
+ "lang": "es",
+ "value": "Se ha descubierto un problema en el kernel de Linux en las versiones anteriores a v6.2. El subsistema \"ntfs3\" no comprueba correctamente la correcci\u00f3n durante las lecturas de disco, lo que provoca una lectura fuera de los l\u00edmites en \"ntfs_set_ea\" en \"fs/ntfs3/xattr.c\". "
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.2",
+ "matchCriteriaId": "108695B6-7133-4B6C-80AF-0F66880FE858"
+ }
+ ]
+ }
+ ]
}
],
- "metrics": {},
"references": [
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Release Notes"
+ ]
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0e8235d28f3a0e9eda9f02ff67ee566d5f42b66b",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Patch"
+ ]
},
{
"url": "https://syzkaller.appspot.com/bug?extid=8778f030156c6cd16d72",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-48xx/CVE-2022-4829.json b/CVE-2022/CVE-2022-48xx/CVE-2022-4829.json
index ffaa3152101..d2a1958c045 100644
--- a/CVE-2022/CVE-2022-48xx/CVE-2022-4829.json
+++ b/CVE-2022/CVE-2022-48xx/CVE-2022-4829.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-4829",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-02-27T16:15:11.493",
- "lastModified": "2023-03-04T03:29:20.127",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-06T09:15:09.547",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "The Show-Hide / Collapse-Expand WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins."
+ "value": "The Show-Hide / Collapse-Expand WordPress plugin before 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins."
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-49xx/CVE-2022-4948.json b/CVE-2022/CVE-2022-49xx/CVE-2022-4948.json
new file mode 100644
index 00000000000..907b0a2af2f
--- /dev/null
+++ b/CVE-2022/CVE-2022-49xx/CVE-2022-4948.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2022-4948",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:15.687",
+ "lastModified": "2023-06-07T02:44:48.507",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 3.9.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to interact with the plugin in ways administrators are intended to. One action (save_config) allows for the configuration of an external CDN. This could be used to include malicious javascript from a source controlled by the attacker."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-flyingpress-plugin-fixed-broken-access-control-vulnerability/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d1d541b-7010-4dbf-9b1c-d59c84390065?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-49xx/CVE-2022-4949.json b/CVE-2022/CVE-2022-49xx/CVE-2022-4949.json
new file mode 100644
index 00000000000..2f8e618d7ca
--- /dev/null
+++ b/CVE-2022/CVE-2022-49xx/CVE-2022-4949.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2022-4949",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:15.750",
+ "lastModified": "2023-06-07T02:44:48.507",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_upload' function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers with Contributor+ level privileges to upload arbitrary files on the affected sites server which makes remote code execution possible."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-434"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/critical-vulnerability-in-wordpress-adsanity-plugin/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/effd72d2-876d-4f8d-b1e4-5ab38eab401b?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-49xx/CVE-2022-4950.json b/CVE-2022/CVE-2022-49xx/CVE-2022-4950.json
new file mode 100644
index 00000000000..1632afe83b7
--- /dev/null
+++ b/CVE-2022/CVE-2022-49xx/CVE-2022-4950.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2022-4950",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:15.813",
+ "lastModified": "2023-06-07T02:44:48.507",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerability/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2705076/cool-timeline/trunk/admin/timeline-addon-page/timeline-addon-page.php",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-01xx/CVE-2023-0121.json b/CVE-2023/CVE-2023-01xx/CVE-2023-0121.json
new file mode 100644
index 00000000000..43a1b931d05
--- /dev/null
+++ b/CVE-2023/CVE-2023-01xx/CVE-2023-0121.json
@@ -0,0 +1,51 @@
+{
+ "id": "CVE-2023-0121",
+ "sourceIdentifier": "cve@gitlab.com",
+ "published": "2023-06-07T17:15:09.727",
+ "lastModified": "2023-06-07T17:28:57.443",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test report artifacts."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "cve@gitlab.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0121.json",
+ "source": "cve@gitlab.com"
+ },
+ {
+ "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/387549",
+ "source": "cve@gitlab.com"
+ },
+ {
+ "url": "https://hackerone.com/reports/1774688",
+ "source": "cve@gitlab.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-02xx/CVE-2023-0291.json b/CVE-2023/CVE-2023-02xx/CVE-2023-0291.json
new file mode 100644
index 00000000000..7c4401810b8
--- /dev/null
+++ b/CVE-2023/CVE-2023-02xx/CVE-2023-0291.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2023-0291",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:15:48.630",
+ "lastModified": "2023-06-09T06:15:48.630",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsm_remove_file_fd_question AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrary media files."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://packetstormsecurity.com/files/171011/wpqsm808-xsrf.txt",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2834471/quiz-master-next",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wordpress.org/plugins/quiz-master-next/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/68110321-db1a-4634-98cd-0afd3ec933b8?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-02xx/CVE-2023-0292.json b/CVE-2023/CVE-2023-02xx/CVE-2023-0292.json
new file mode 100644
index 00000000000..b5ebceb5f89
--- /dev/null
+++ b/CVE-2023/CVE-2023-02xx/CVE-2023-0292.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2023-0292",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:15:49.860",
+ "lastModified": "2023-06-09T06:15:49.860",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. This is due to missing nonce validation on the function associated with the qsm_remove_file_fd_question AJAX action. This makes it possible for unauthenticated attackers to delete arbitrary media files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://packetstormsecurity.com/files/171011/wpqsm808-xsrf.txt",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2834471/quiz-master-next",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wordpress.org/plugins/quiz-master-next/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c75e6d27-7f6b-4bec-b653-c2024504f427?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-03xx/CVE-2023-0342.json b/CVE-2023/CVE-2023-03xx/CVE-2023-0342.json
new file mode 100644
index 00000000000..757136a116d
--- /dev/null
+++ b/CVE-2023/CVE-2023-03xx/CVE-2023-0342.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-0342",
+ "sourceIdentifier": "cna@mongodb.com",
+ "published": "2023-06-09T09:15:09.383",
+ "lastModified": "2023-06-09T09:15:09.383",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "cna@mongodb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.1,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 0.6,
+ "impactScore": 2.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "cna@mongodb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-497"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.mongodb.com/docs/ops-manager/current/release-notes/application/#onprem-server-5-0-21",
+ "source": "cna@mongodb.com"
+ },
+ {
+ "url": "https://www.mongodb.com/docs/ops-manager/current/release-notes/application/#onprem-server-6-0-12",
+ "source": "cna@mongodb.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-04xx/CVE-2023-0459.json b/CVE-2023/CVE-2023-04xx/CVE-2023-0459.json
index e3ff1fc21f0..15a9f83d00c 100644
--- a/CVE-2023/CVE-2023-04xx/CVE-2023-0459.json
+++ b/CVE-2023/CVE-2023-04xx/CVE-2023-0459.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-0459",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-05-25T14:15:09.603",
- "lastModified": "2023-06-01T16:45:44.930",
+ "lastModified": "2023-06-06T13:47:53.550",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -86,8 +86,50 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
- "versionEndExcluding": "2023-02-21",
- "matchCriteriaId": "A66F8B5E-1125-4D10-8708-CC0B90089A58"
+ "versionEndExcluding": "4.14.307",
+ "matchCriteriaId": "891AEAFE-6900-48E0-A0EA-B80FCE04588D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.19.0",
+ "versionEndExcluding": "4.19.274",
+ "matchCriteriaId": "2513393F-113F-40C1-828E-542A55286974"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "5.4.0",
+ "versionEndExcluding": "5.4.233",
+ "matchCriteriaId": "01D7B24C-ACBF-43E4-BA77-9FAF9ECD6941"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "5.10.0",
+ "versionEndExcluding": "5.10.170",
+ "matchCriteriaId": "A69105CF-22D5-4FE7-A3C6-C80D6CCD0E38"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "5.15.0",
+ "versionEndExcluding": "5.15.96",
+ "matchCriteriaId": "B5CC1A01-8B90-47FC-A28A-9F870D9F407E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "6.1.0",
+ "versionEndExcluding": "6.1.14",
+ "matchCriteriaId": "ACB5D831-9547-4DFD-866F-DFFC1E72C13E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "6.2.0",
+ "versionEndExcluding": "6.2.1",
+ "matchCriteriaId": "876A1437-FED6-4A5F-A74C-42B5ACC15BC7"
}
]
}
diff --git a/CVE-2023/CVE-2023-04xx/CVE-2023-0461.json b/CVE-2023/CVE-2023-04xx/CVE-2023-0461.json
index 2ad9ca1e194..fc51b4504ab 100644
--- a/CVE-2023/CVE-2023-04xx/CVE-2023-0461.json
+++ b/CVE-2023/CVE-2023-04xx/CVE-2023-0461.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0461",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-02-28T15:15:11.550",
- "lastModified": "2023-05-03T14:15:18.783",
- "vulnStatus": "Modified",
+ "lastModified": "2023-06-06T19:16:28.137",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -86,8 +86,51 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
- "versionEndExcluding": "6.2",
- "matchCriteriaId": "108695B6-7133-4B6C-80AF-0F66880FE858"
+ "versionStartIncluding": "4.13.0",
+ "versionEndExcluding": "4.14.303",
+ "matchCriteriaId": "D375FAEB-F480-4787-A5D8-E1012F3089DE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.19",
+ "versionEndExcluding": "4.19.270",
+ "matchCriteriaId": "E60D856E-8039-4750-B1B9-7A01D40BBCE6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "5.4",
+ "versionEndExcluding": "5.4.229",
+ "matchCriteriaId": "E4A27F20-0847-4A4D-8BF9-1EE6B2E80E41"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "5.10",
+ "versionEndExcluding": "5.10.163",
+ "matchCriteriaId": "CE4DEDD1-2BE5-40F9-8FBB-C0E7E01EF072"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "5.15",
+ "versionEndExcluding": "5.15.88",
+ "matchCriteriaId": "BEB9094F-84DB-4514-BCD4-B815185BBBF5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "6.0",
+ "versionEndExcluding": "6.0.19",
+ "matchCriteriaId": "7E070665-7647-450B-AB3D-C01637029C9D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "6.1",
+ "versionEndExcluding": "6.1.5",
+ "matchCriteriaId": "8C1E7766-4310-43F9-BAC4-3763A36C043A"
},
{
"vulnerable": true,
@@ -122,11 +165,17 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html",
- "source": "cve-coordination@google.com"
+ "source": "cve-coordination@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html",
- "source": "cve-coordination@google.com"
+ "source": "cve-coordination@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-04xx/CVE-2023-0464.json b/CVE-2023/CVE-2023-04xx/CVE-2023-0464.json
index facf24cccf8..2ccf1056c70 100644
--- a/CVE-2023/CVE-2023-04xx/CVE-2023-0464.json
+++ b/CVE-2023/CVE-2023-04xx/CVE-2023-0464.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-0464",
"sourceIdentifier": "openssl-security@openssl.org",
"published": "2023-03-22T17:15:13.130",
- "lastModified": "2023-06-01T00:15:09.373",
+ "lastModified": "2023-06-08T19:15:09.230",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -111,6 +111,10 @@
"Patch"
]
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html",
+ "source": "openssl-security@openssl.org"
+ },
{
"url": "https://www.debian.org/security/2023/dsa-5417",
"source": "openssl-security@openssl.org"
diff --git a/CVE-2023/CVE-2023-04xx/CVE-2023-0465.json b/CVE-2023/CVE-2023-04xx/CVE-2023-0465.json
index 349aa4c0e07..1350e486f31 100644
--- a/CVE-2023/CVE-2023-04xx/CVE-2023-0465.json
+++ b/CVE-2023/CVE-2023-04xx/CVE-2023-0465.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-0465",
"sourceIdentifier": "openssl-security@openssl.org",
"published": "2023-03-28T15:15:06.820",
- "lastModified": "2023-06-01T00:15:09.460",
+ "lastModified": "2023-06-08T19:15:09.407",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -111,6 +111,10 @@
"Patch"
]
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html",
+ "source": "openssl-security@openssl.org"
+ },
{
"url": "https://security.netapp.com/advisory/ntap-20230414-0001/",
"source": "openssl-security@openssl.org"
diff --git a/CVE-2023/CVE-2023-04xx/CVE-2023-0466.json b/CVE-2023/CVE-2023-04xx/CVE-2023-0466.json
index 38a5a6667bc..a79e111afbd 100644
--- a/CVE-2023/CVE-2023-04xx/CVE-2023-0466.json
+++ b/CVE-2023/CVE-2023-04xx/CVE-2023-0466.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-0466",
"sourceIdentifier": "openssl-security@openssl.org",
"published": "2023-03-28T15:15:06.880",
- "lastModified": "2023-06-01T00:15:09.533",
+ "lastModified": "2023-06-08T19:15:09.497",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -111,6 +111,10 @@
"Patch"
]
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html",
+ "source": "openssl-security@openssl.org"
+ },
{
"url": "https://security.netapp.com/advisory/ntap-20230414-0001/",
"source": "openssl-security@openssl.org"
diff --git a/CVE-2023/CVE-2023-05xx/CVE-2023-0508.json b/CVE-2023/CVE-2023-05xx/CVE-2023-0508.json
new file mode 100644
index 00000000000..ae6c193b20b
--- /dev/null
+++ b/CVE-2023/CVE-2023-05xx/CVE-2023-0508.json
@@ -0,0 +1,51 @@
+{
+ "id": "CVE-2023-0508",
+ "sourceIdentifier": "cve@gitlab.com",
+ "published": "2023-06-07T17:15:09.823",
+ "lastModified": "2023-06-07T17:28:57.443",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Open redirection was possible via HTTP response splitting in the NPM package API."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "cve@gitlab.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.1,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 1.6,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0508.json",
+ "source": "cve@gitlab.com"
+ },
+ {
+ "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/389328",
+ "source": "cve@gitlab.com"
+ },
+ {
+ "url": "https://hackerone.com/reports/1842314",
+ "source": "cve@gitlab.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0616.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0616.json
index 2139cdd786e..343b820363d 100644
--- a/CVE-2023/CVE-2023-06xx/CVE-2023-0616.json
+++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0616.json
@@ -2,23 +2,84 @@
"id": "CVE-2023-0616",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:10.383",
- "lastModified": "2023-06-02T18:10:24.877",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T19:35:29.557",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this structure to attempt a DoS attack. This vulnerability affects Thunderbird < 102.8."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-400"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.8",
+ "matchCriteriaId": "E7ED1B02-7653-4441-B4F4-980A86C4F170"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1806507",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-07/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0666.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0666.json
new file mode 100644
index 00000000000..aba213e42da
--- /dev/null
+++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0666.json
@@ -0,0 +1,44 @@
+{
+ "id": "CVE-2023-0666",
+ "sourceIdentifier": "cve@takeonme.org",
+ "published": "2023-06-07T03:15:09.000",
+ "lastModified": "2023-06-07T12:52:33.093",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark."
+ }
+ ],
+ "metrics": {},
+ "weaknesses": [
+ {
+ "source": "cve@takeonme.org",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-122"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://gitlab.com/wireshark/wireshark/-/issues/19085",
+ "source": "cve@takeonme.org"
+ },
+ {
+ "url": "https://takeonme.org/cves/CVE-2023-0666.html",
+ "source": "cve@takeonme.org"
+ },
+ {
+ "url": "https://www.wireshark.org/docs/relnotes/wireshark-4.0.6.html",
+ "source": "cve@takeonme.org"
+ },
+ {
+ "url": "https://www.wireshark.org/security/wnpa-sec-2023-18.html",
+ "source": "cve@takeonme.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0667.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0667.json
new file mode 100644
index 00000000000..27ec41d3beb
--- /dev/null
+++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0667.json
@@ -0,0 +1,36 @@
+{
+ "id": "CVE-2023-0667",
+ "sourceIdentifier": "cve@takeonme.org",
+ "published": "2023-06-07T03:15:09.117",
+ "lastModified": "2023-06-07T12:52:33.093",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark"
+ }
+ ],
+ "metrics": {},
+ "weaknesses": [
+ {
+ "source": "cve@takeonme.org",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-122"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://gitlab.com/wireshark/wireshark/-/issues/19086",
+ "source": "cve@takeonme.org"
+ },
+ {
+ "url": "https://takeonme.org/cves/CVE-2023-0667.html",
+ "source": "cve@takeonme.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0668.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0668.json
new file mode 100644
index 00000000000..75c38c393d1
--- /dev/null
+++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0668.json
@@ -0,0 +1,44 @@
+{
+ "id": "CVE-2023-0668",
+ "sourceIdentifier": "cve@takeonme.org",
+ "published": "2023-06-07T03:15:09.193",
+ "lastModified": "2023-06-07T12:52:33.093",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark."
+ }
+ ],
+ "metrics": {},
+ "weaknesses": [
+ {
+ "source": "cve@takeonme.org",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://gitlab.com/wireshark/wireshark/-/issues/19087",
+ "source": "cve@takeonme.org"
+ },
+ {
+ "url": "https://takeonme.org/cves/CVE-2023-0668.html",
+ "source": "cve@takeonme.org"
+ },
+ {
+ "url": "https://www.wireshark.org/docs/relnotes/wireshark-4.0.6.html",
+ "source": "cve@takeonme.org"
+ },
+ {
+ "url": "https://www.wireshark.org/security/wnpa-sec-2023-19.html",
+ "source": "cve@takeonme.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0688.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0688.json
new file mode 100644
index 00000000000..e62a47524a8
--- /dev/null
+++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0688.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-0688",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:15:50.387",
+ "lastModified": "2023-06-09T06:15:50.387",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_thankyou' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about form submissions, including payment status, and transaction ID."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-639"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/metform/trunk/base/shortcode.php?rev=2845078",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2910040/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/81fc41a4-9206-404c-bd5b-821c77ff3593?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0691.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0691.json
new file mode 100644
index 00000000000..03a60b0bfb1
--- /dev/null
+++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0691.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-0691",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:15:50.707",
+ "lastModified": "2023-06-09T06:15:50.707",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_last_name' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrary form submissions, specifically the submitter's last name."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-639"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/metform/trunk/base/shortcode.php?rev=2845078",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2910040/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8fc4b815-dc05-4270-bf7a-3b01622739d7?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0692.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0692.json
new file mode 100644
index 00000000000..de839a1e9d0
--- /dev/null
+++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0692.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-0692",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:15:51.070",
+ "lastModified": "2023-06-09T06:15:51.070",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_payment_status' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about the payment status of arbitrary form submissions."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-639"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/metform/trunk/base/shortcode.php?rev=2845078",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2910040/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ddd85ff2-6607-4ac8-b91c-88f6f2fa6c56?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0693.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0693.json
new file mode 100644
index 00000000000..faf9eb04366
--- /dev/null
+++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0693.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-0693",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:15:51.483",
+ "lastModified": "2023-06-09T06:15:51.483",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_transaction_id' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about the transaction ids of arbitrary form submissions that included payment."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-639"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/metform/trunk/base/shortcode.php?rev=2845078",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2910040/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1f33a8db-7cd0-4a53-b2c1-cd5b7cd16214?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0694.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0694.json
new file mode 100644
index 00000000000..00aa6877cfe
--- /dev/null
+++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0694.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-0694",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:15:51.780",
+ "lastModified": "2023-06-09T06:15:51.780",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about any standard form field of any form submission."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-639"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/metform/trunk/base/shortcode.php?rev=2845078",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2910040/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1a8b194c-371f-4adc-98fa-8f4e47a38ee7?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0695.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0695.json
new file mode 100644
index 00000000000..478011dac86
--- /dev/null
+++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0695.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-0695",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:15:52.043",
+ "lastModified": "2023-06-09T06:15:52.043",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a specific link. Note that getting the JavaScript to execute still requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/metform/trunk/base/shortcode.php?rev=2845078",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1c866d8d-399c-4bda-a3c9-17c7e5d2ffb8?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-07xx/CVE-2023-0708.json b/CVE-2023/CVE-2023-07xx/CVE-2023-0708.json
new file mode 100644
index 00000000000..9798131be80
--- /dev/null
+++ b/CVE-2023/CVE-2023-07xx/CVE-2023-0708.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-0708",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:15:52.557",
+ "lastModified": "2023-06-09T06:15:52.557",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_first_name' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a a page containing the shortcode when the submission id is present in the query string. Note that getting the JavaScript to execute requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/metform/trunk/base/shortcode.php?rev=2845078",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2907471/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ae7549db-9a4b-4dee-8023-d7863dc3b4c8?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-07xx/CVE-2023-0709.json b/CVE-2023/CVE-2023-07xx/CVE-2023-0709.json
new file mode 100644
index 00000000000..6c7f3592f42
--- /dev/null
+++ b/CVE-2023/CVE-2023-07xx/CVE-2023-0709.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-0709",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:15:52.820",
+ "lastModified": "2023-06-09T06:15:52.820",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_last_name' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a a page containing the shortcode when the submission id is present in the query string. Note that getting the JavaScript to execute requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/metform/trunk/base/shortcode.php?rev=2845078",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2907471/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/25200656-a6a2-42f2-a607-26d4ff502cbf?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-07xx/CVE-2023-0710.json b/CVE-2023/CVE-2023-07xx/CVE-2023-0710.json
new file mode 100644
index 00000000000..de99b50b7ad
--- /dev/null
+++ b/CVE-2023/CVE-2023-07xx/CVE-2023-0710.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-0710",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:15:53.053",
+ "lastModified": "2023-06-09T06:15:53.053",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'fname' attribute of the 'mf_thankyou' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a a page containing the shortcode when the submission id is present in the query string. Note that getting the JavaScript to execute requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database. Additionally this requires successful payment, increasing the complexity."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/metform/trunk/base/shortcode.php?rev=2845078",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/89a98053-33c7-4e75-87a1-0f483a990641?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-07xx/CVE-2023-0721.json b/CVE-2023/CVE-2023-07xx/CVE-2023-0721.json
new file mode 100644
index 00000000000..fa87bc44162
--- /dev/null
+++ b/CVE-2023/CVE-2023-07xx/CVE-2023-0721.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-0721",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:15:53.530",
+ "lastModified": "2023-06-09T06:15:53.530",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.3,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.6,
+ "impactScore": 6.0
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-1236"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/metform/trunk/core/entries/export.php?rev=2845078",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2907471/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ccd85a72-1872-4c4f-8ba7-7f91b0b37d4a?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-07xx/CVE-2023-0729.json b/CVE-2023/CVE-2023-07xx/CVE-2023-0729.json
new file mode 100644
index 00000000000..3e4f4469c01
--- /dev/null
+++ b/CVE-2023/CVE-2023-07xx/CVE-2023-0729.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-0729",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:15:53.810",
+ "lastModified": "2023-06-09T06:15:53.810",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_sort_order function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/wicked-folders/tags/2.18.16/lib/class-wicked-folders-ajax.php",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ae8dbf54-ea62-4901-b34f-079b708ca0b5?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-07xx/CVE-2023-0779.json b/CVE-2023/CVE-2023-07xx/CVE-2023-0779.json
index 27381659f62..b2f3628385e 100644
--- a/CVE-2023/CVE-2023-07xx/CVE-2023-0779.json
+++ b/CVE-2023/CVE-2023-07xx/CVE-2023-0779.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0779",
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"published": "2023-05-30T21:15:08.987",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T16:48:19.593",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.7,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.2,
+ "impactScore": 5.5
+ },
{
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-476"
+ }
+ ]
+ },
{
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary",
@@ -46,10 +76,31 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "3.2.0",
+ "matchCriteriaId": "A09B3C2A-EED0-4916-A4AF-9007C498B058"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-9xj8-6989-r549",
- "source": "vulnerabilities@zephyrproject.org"
+ "source": "vulnerabilities@zephyrproject.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-08xx/CVE-2023-0831.json b/CVE-2023/CVE-2023-08xx/CVE-2023-0831.json
new file mode 100644
index 00000000000..d31a79c7361
--- /dev/null
+++ b/CVE-2023/CVE-2023-08xx/CVE-2023-0831.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-0831",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:15:54.140",
+ "lastModified": "2023-06-09T06:15:54.140",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the dismiss_notice function called via the admin_action_ucp_dismiss_notice action. This makes it possible for unauthenticated attackers to dismiss plugin notifications via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/under-construction-page/trunk/under-construction.php?rev=2848705#L901",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/031a1203-6b0d-453b-be8a-12e7f55cb401?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-08xx/CVE-2023-0832.json b/CVE-2023/CVE-2023-08xx/CVE-2023-0832.json
new file mode 100644
index 00000000000..ae0c6463191
--- /dev/null
+++ b/CVE-2023/CVE-2023-08xx/CVE-2023-0832.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-0832",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:15:54.510",
+ "lastModified": "2023-06-09T06:15:54.510",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the install_weglot function called via the admin_action_install_weglot action. This makes it possible for unauthenticated attackers to perform an unauthorized install of the Weglot Translate plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/under-construction-page/trunk/under-construction.php?rev=2848705#L2389",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4fa84388-3597-4a54-9ae8-d6e04afe9061?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-09xx/CVE-2023-0921.json b/CVE-2023/CVE-2023-09xx/CVE-2023-0921.json
new file mode 100644
index 00000000000..8818b7ab49e
--- /dev/null
+++ b/CVE-2023/CVE-2023-09xx/CVE-2023-0921.json
@@ -0,0 +1,51 @@
+{
+ "id": "CVE-2023-0921",
+ "sourceIdentifier": "cve@gitlab.com",
+ "published": "2023-06-06T17:15:12.747",
+ "lastModified": "2023-06-06T18:33:59.493",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "cve@gitlab.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "LOW",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0921.json",
+ "source": "cve@gitlab.com"
+ },
+ {
+ "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/392433",
+ "source": "cve@gitlab.com"
+ },
+ {
+ "url": "https://hackerone.com/reports/1869839",
+ "source": "cve@gitlab.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-09xx/CVE-2023-0950.json b/CVE-2023/CVE-2023-09xx/CVE-2023-0950.json
index 2172f5711fa..35a1e14a38a 100644
--- a/CVE-2023/CVE-2023-09xx/CVE-2023-0950.json
+++ b/CVE-2023/CVE-2023-09xx/CVE-2023-0950.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-0950",
"sourceIdentifier": "security@documentfoundation.org",
"published": "2023-05-25T20:15:09.207",
- "lastModified": "2023-06-01T17:29:08.973",
+ "lastModified": "2023-06-07T17:42:02.760",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -17,19 +17,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "attackVector": "NETWORK",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
- "userInteraction": "NONE",
+ "userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
- "baseScore": 9.8,
- "baseSeverity": "CRITICAL"
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
},
- "exploitabilityScore": 3.9,
+ "exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
diff --git a/CVE-2023/CVE-2023-09xx/CVE-2023-0954.json b/CVE-2023/CVE-2023-09xx/CVE-2023-0954.json
new file mode 100644
index 00000000000..f5a7fa057a3
--- /dev/null
+++ b/CVE-2023/CVE-2023-09xx/CVE-2023-0954.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-0954",
+ "sourceIdentifier": "productsecurity@jci.com",
+ "published": "2023-06-08T21:15:16.183",
+ "lastModified": "2023-06-08T21:15:16.183",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and PTZ cameras allows a user to compromise credentials after a long period of sustained attack."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "productsecurity@jci.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.3,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.6,
+ "impactScore": 6.0
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "productsecurity@jci.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-489"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-159-02",
+ "source": "productsecurity@jci.com"
+ },
+ {
+ "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories",
+ "source": "productsecurity@jci.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-09xx/CVE-2023-0976.json b/CVE-2023/CVE-2023-09xx/CVE-2023-0976.json
new file mode 100644
index 00000000000..a6fd6fd4ebb
--- /dev/null
+++ b/CVE-2023/CVE-2023-09xx/CVE-2023-0976.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-0976",
+ "sourceIdentifier": "trellixpsirt@trellix.com",
+ "published": "2023-06-07T08:15:09.027",
+ "lastModified": "2023-06-08T05:15:08.900",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\nA command Injection Vulnerability in TA for mac-OS prior to version 5.7.9 allows local users to place an arbitrary file into the /Library/Trellix/Agent/bin/\u00a0folder. The malicious file is executed by running the TA deployment feature located in the System Tree. \n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "trellixpsirt@trellix.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "trellixpsirt@trellix.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-427"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10398",
+ "source": "trellixpsirt@trellix.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-09xx/CVE-2023-0985.json b/CVE-2023/CVE-2023-09xx/CVE-2023-0985.json
new file mode 100644
index 00000000000..853866be487
--- /dev/null
+++ b/CVE-2023/CVE-2023-09xx/CVE-2023-0985.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-0985",
+ "sourceIdentifier": "info@cert.vde.com",
+ "published": "2023-06-06T11:15:09.093",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An Authorization Bypass vulnerability was found in MB Connect Lines\u00a0mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual version <= 2.13.3.\u00a0An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin user and therefore fully compromise the account."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "info@cert.vde.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "info@cert.vde.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-639"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://cert.vde.com/en/advisories/VDE-2023-002/",
+ "source": "info@cert.vde.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-09xx/CVE-2023-0992.json b/CVE-2023/CVE-2023-09xx/CVE-2023-0992.json
new file mode 100644
index 00000000000..a143f643b73
--- /dev/null
+++ b/CVE-2023/CVE-2023-09xx/CVE-2023-0992.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-0992",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:15:54.777",
+ "lastModified": "2023-06-09T06:15:54.777",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Shield Security plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 17.0.17 via the 'User-Agent' header. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2883864%40wp-simple-firewall%2Ftrunk&old=2883536%40wp-simple-firewall%2Ftrunk&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wordpress.org/plugins/wp-simple-firewall/#developers",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/162dff28-94ea-4a47-a6cb-a13317cf1a04?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-09xx/CVE-2023-0993.json b/CVE-2023/CVE-2023-09xx/CVE-2023-0993.json
new file mode 100644
index 00000000000..ba023ba9c62
--- /dev/null
+++ b/CVE-2023/CVE-2023-09xx/CVE-2023-0993.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-0993",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:15:55.063",
+ "lastModified": "2023-06-09T06:15:55.063",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the 'theme-plugin-file' AJAX action in versions up to, and including, 17.0.17. This allows authenticated attackers to add arbitrary audit log entries indicating that a theme or plugin has been edited, and is also a vector for Cross-Site Scripting via CVE-2023-0992."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2883864%40wp-simple-firewall%2Ftrunk&old=2883536%40wp-simple-firewall%2Ftrunk&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wordpress.org/plugins/wp-simple-firewall/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/674461ad-9b61-48c4-af2a-5dfcaeb38215?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-10xx/CVE-2023-1016.json b/CVE-2023/CVE-2023-10xx/CVE-2023-1016.json
new file mode 100644
index 00000000000..d8030343b0d
--- /dev/null
+++ b/CVE-2023/CVE-2023-10xx/CVE-2023-1016.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-1016",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:15:55.447",
+ "lastModified": "2023-06-09T06:15:55.447",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Intuitive Custom Post Order plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.1.3, due to insufficient escaping on the user supplied 'objects' and 'tags' parameters and lack of sufficient preparation in the 'update_options' function as well as the 'refresh' function which runs queries on the same values. This allows authenticated attackers, with administrator permissions, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Note that this attack may only be practical on configurations where it is possible to bypass addslashes due to the database using a nonstandard character set such as GBK."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.6,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.7,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/intuitive-custom-post-order/trunk/intuitive-custom-post-order.php?rev=2530122",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc878508-200d-4bc7-aa99-c34e63cba4b3?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-11xx/CVE-2023-1133.json b/CVE-2023/CVE-2023-11xx/CVE-2023-1133.json
index f45975becb6..478d00cf2f3 100644
--- a/CVE-2023/CVE-2023-11xx/CVE-2023-1133.json
+++ b/CVE-2023/CVE-2023-11xx/CVE-2023-1133.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1133",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-03-27T15:15:07.293",
- "lastModified": "2023-03-30T19:45:08.757",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-08T17:15:09.637",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -56,7 +56,7 @@
},
"weaknesses": [
{
- "source": "nvd@nist.gov",
+ "source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
@@ -66,7 +66,7 @@
]
},
{
- "source": "ics-cert@hq.dhs.gov",
+ "source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
@@ -95,6 +95,10 @@
}
],
"references": [
+ {
+ "url": "http://packetstormsecurity.com/files/172799/Delta-Electronics-InfraSuite-Device-Master-Deserialization.html",
+ "source": "ics-cert@hq.dhs.gov"
+ },
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-02",
"source": "ics-cert@hq.dhs.gov",
diff --git a/CVE-2023/CVE-2023-11xx/CVE-2023-1169.json b/CVE-2023/CVE-2023-11xx/CVE-2023-1169.json
new file mode 100644
index 00000000000..aa221546a62
--- /dev/null
+++ b/CVE-2023/CVE-2023-11xx/CVE-2023-1169.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-1169",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:15:55.873",
+ "lastModified": "2023-06-09T06:15:55.873",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'file_uploader_callback' function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload image attachments to the site."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/ooohboi-steroids-for-elementor/tags/2.1.3/inc/exopite-simple-options/upload-class.php",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2888622/ooohboi-steroids-for-elementor/tags/2.1.5/inc/exopite-simple-options/upload-class.php?old=2874981&old_path=ooohboi-steroids-for-elementor%2Ftags%2F2.1.4%2Finc%2Fexopite-simple-options%2Fupload-class.php",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c56ed896-9267-49e6-a207-fe5362fe18cd?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-12xx/CVE-2023-1204.json b/CVE-2023/CVE-2023-12xx/CVE-2023-1204.json
index f07a50e06c4..d6130185e97 100644
--- a/CVE-2023/CVE-2023-12xx/CVE-2023-1204.json
+++ b/CVE-2023/CVE-2023-12xx/CVE-2023-1204.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-1204",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-05-03T21:15:16.707",
- "lastModified": "2023-05-09T20:40:07.673",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-06T20:15:09.283",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user could use an unverified email as a public email and commit email by sending a specifically crafted request on user update settings."
+ "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A user could use an unverified email as a public email and commit email by sending a specifically crafted request on user update settings."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-12xx/CVE-2023-1209.json b/CVE-2023/CVE-2023-12xx/CVE-2023-1209.json
index 672a3c8bd0a..988819b461f 100644
--- a/CVE-2023/CVE-2023-12xx/CVE-2023-1209.json
+++ b/CVE-2023/CVE-2023-12xx/CVE-2023-1209.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1209",
"sourceIdentifier": "psirt@servicenow.com",
"published": "2023-05-23T17:15:08.950",
- "lastModified": "2023-05-23T17:29:27.427",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T20:04:42.143",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ },
{
"source": "psirt@servicenow.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ },
{
"source": "psirt@servicenow.com",
"type": "Secondary",
@@ -46,14 +76,417 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:-:*:*:*:*:*:*",
+ "matchCriteriaId": "F59FAF00-135F-4AC1-B68E-B6F1ED98ACAD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_1:*:*:*:*:*:*",
+ "matchCriteriaId": "52C8A7D2-F930-4078-9E9D-E48782E46CBD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1:*:*:*:*:*:*",
+ "matchCriteriaId": "512C81E4-0C27-42EC-AD05-7563B50EF1DD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1a:*:*:*:*:*:*",
+ "matchCriteriaId": "2B403376-993D-404D-B75B-A2B634095DD9"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1b:*:*:*:*:*:*",
+ "matchCriteriaId": "A5BBA03C-2A2E-4259-9F8E-99622F6758B7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_2:*:*:*:*:*:*",
+ "matchCriteriaId": "D609B90C-E67E-461A-8756-36E06E265FF0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_10:*:*:*:*:*:*",
+ "matchCriteriaId": "5E3198D2-CC9C-46F7-A366-6C16F3F35439"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_1:*:*:*:*:*:*",
+ "matchCriteriaId": "DD0D5C00-C5D2-4E30-BEB7-AA2ACBE68CF3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_2:*:*:*:*:*:*",
+ "matchCriteriaId": "F5B1C958-54DF-45BE-BD2B-60A44B846971"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_2a:*:*:*:*:*:*",
+ "matchCriteriaId": "6BE785D2-A5C9-4ED7-968A-C01F257E8514"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_2b:*:*:*:*:*:*",
+ "matchCriteriaId": "2AE0A295-ECDE-4D0A-A104-F1E66F950915"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_3b:*:*:*:*:*:*",
+ "matchCriteriaId": "F2A509AC-A984-41D3-9F1D-03428344F1BB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_2:*:*:*:*:*:*",
+ "matchCriteriaId": "EAA82A56-93C2-47DC-92BA-D2EBF0C19EEC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_3:*:*:*:*:*:*",
+ "matchCriteriaId": "B053530E-1CB3-4A86-BD4B-569750776A53"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_3_hotfix_1:*:*:*:*:*:*",
+ "matchCriteriaId": "4CF1B2AB-D561-4396-AA99-71FCD55B5D3E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_4:*:*:*:*:*:*",
+ "matchCriteriaId": "00EE16EE-B759-4BD8-A30B-C952142C860E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1:*:*:*:*:*:*",
+ "matchCriteriaId": "1F157018-E6F2-45D1-8B54-68C051247798"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1a:*:*:*:*:*:*",
+ "matchCriteriaId": "88603AEF-0EC2-4006-B7F2-E5FFAC8F354C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1b:*:*:*:*:*:*",
+ "matchCriteriaId": "FB5BC2C0-A5CF-455F-A732-E49672B5682E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_5:*:*:*:*:*:*",
+ "matchCriteriaId": "66E9CCC4-7BC4-4FC2-8B54-B8746A83256C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_5_hotfix_1:*:*:*:*:*:*",
+ "matchCriteriaId": "56E7DB16-6ABC-4ED3-99C1-A33914242405"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_5_hotfix_2:*:*:*:*:*:*",
+ "matchCriteriaId": "55AC0E29-0F51-4D1D-A5EF-AECD29FAE417"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_6:*:*:*:*:*:*",
+ "matchCriteriaId": "5DCC0D37-6840-4882-84E1-AE1E83ABF31B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_6_hotfix_1:*:*:*:*:*:*",
+ "matchCriteriaId": "CF53F785-2D19-48FB-9D88-9817785E5082"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_6_hotfix_2:*:*:*:*:*:*",
+ "matchCriteriaId": "9EAAADE1-5804-44FB-BD9A-881BDA4FE1F0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_7_hotfix_1:*:*:*:*:*:*",
+ "matchCriteriaId": "DECC9979-3A0B-4F36-85D1-DD539A7D18C9"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_7a:*:*:*:*:*:*",
+ "matchCriteriaId": "563F3D85-A23A-453F-9932-3044F8B5566C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_7b:*:*:*:*:*:*",
+ "matchCriteriaId": "3C770579-EDDC-4F46-8288-33A13289A8A4"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_8:*:*:*:*:*:*",
+ "matchCriteriaId": "78447698-90FF-4010-BF0B-3294E2EBB69B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_8_hotfix_1:*:*:*:*:*:*",
+ "matchCriteriaId": "A32EF135-C229-49B1-8766-1ED6066C7CC8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_8_hotfix_2:*:*:*:*:*:*",
+ "matchCriteriaId": "22E5BA6F-6C66-4589-8AA9-C76776DCFCCB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_9:*:*:*:*:*:*",
+ "matchCriteriaId": "AE93BECE-CC4A-400A-9322-5E61DA5E6A75"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_9_hotfix_1:*:*:*:*:*:*",
+ "matchCriteriaId": "38D3CF30-CAC5-49B1-B527-9C9D24C28A54"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_9a:*:*:*:*:*:*",
+ "matchCriteriaId": "8C48A10D-0295-4023-AB20-0BE4D8AA582A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_9b:*:*:*:*:*:*",
+ "matchCriteriaId": "0F42AF52-C388-44BB-B328-5E77CF9E4622"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:-:*:*:*:*:*:*",
+ "matchCriteriaId": "F63300E0-AF0E-44DA-BEC4-D7F560DCE4C4"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1:*:*:*:*:*:*",
+ "matchCriteriaId": "71A44062-D94F-4246-A218-33AD4C43C7FF"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1:*:*:*:*:*:*",
+ "matchCriteriaId": "6A4ABAF4-C84B-4E7B-A156-24640B7D56EE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1a:*:*:*:*:*:*",
+ "matchCriteriaId": "2855AE65-1B96-4537-BB6E-7659114955EA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1b:*:*:*:*:*:*",
+ "matchCriteriaId": "63725CBE-34A5-4B9E-BA8E-32E66B89C646"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_2:*:*:*:*:*:*",
+ "matchCriteriaId": "8B2DC45C-17A0-4D92-AB29-3497DA43707E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_2_hotfix_1:*:*:*:*:*:*",
+ "matchCriteriaId": "F2822278-2089-4F78-86EE-D63A9516B5A5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3:*:*:*:*:*:*",
+ "matchCriteriaId": "49444E5E-0AB7-4083-8663-089955134AA7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_1:*:*:*:*:*:*",
+ "matchCriteriaId": "8B5E2C3D-F838-48E0-8135-455AF964221D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_2:*:*:*:*:*:*",
+ "matchCriteriaId": "2494C288-83E1-48DF-9661-540B26C9137E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_3:*:*:*:*:*:*",
+ "matchCriteriaId": "815997A7-39CB-4C78-B776-54DECE294AA1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_4:*:*:*:*:*:*",
+ "matchCriteriaId": "DE7FDD4B-163B-462A-A80C-454F5040FF90"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_4:*:*:*:*:*:*",
+ "matchCriteriaId": "FB55D9E6-FD9C-48A8-800D-10C665120792"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_4a:*:*:*:*:*:*",
+ "matchCriteriaId": "D481F300-EDF4-4E22-B865-F3AAFCE27692"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_6:*:*:*:*:*:*",
+ "matchCriteriaId": "5C99222F-B676-471F-8E44-707024B2B097"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_7:*:*:*:*:*:*",
+ "matchCriteriaId": "276A7ABE-2437-455C-9C5B-C05CAAC183A5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_7_hotfix_1:*:*:*:*:*:*",
+ "matchCriteriaId": "5719FE4C-B14A-4A68-8C0F-D9BBA8123056"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_7_hotfix_2:*:*:*:*:*:*",
+ "matchCriteriaId": "2FDD5B2E-8FFF-45A4-BAF4-2091F59ED199"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_7_hottix_3:*:*:*:*:*:*",
+ "matchCriteriaId": "6DA812CC-CF9F-4642-873F-8C0F8DEF9534"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_7a:*:*:*:*:*:*",
+ "matchCriteriaId": "05C37C8D-C08F-49E4-BD57-03B61DA4D3BD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_7b:*:*:*:*:*:*",
+ "matchCriteriaId": "F2371A53-1D57-4508-B18A-4FBA0288CF7B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_8:*:*:*:*:*:*",
+ "matchCriteriaId": "BB9E765B-C094-4FC4-B9E3-0732F24C10D8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_8_hotfix_1:*:*:*:*:*:*",
+ "matchCriteriaId": "406329D1-A894-4D98-BCC0-DFAF25B811DC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_8_hotfix_2:*:*:*:*:*:*",
+ "matchCriteriaId": "BD9DC522-29A8-457F-AC76-9DD53DCDE80E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_9:*:*:*:*:*:*",
+ "matchCriteriaId": "9D6F99C1-F264-4592-AD5F-9A7B04F9D7F3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:tokyo:-:*:*:*:*:*:*",
+ "matchCriteriaId": "4332BE18-DA60-4921-A9DF-C434AB32839B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:tokyo:patch_1:*:*:*:*:*:*",
+ "matchCriteriaId": "09179BB2-B8D4-4FF9-925E-B5B259EFDF4F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:tokyo:patch_1_hotfix_1:*:*:*:*:*:*",
+ "matchCriteriaId": "B328AB49-9C8F-4A0E-86C7-76071156EDAA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:tokyo:patch_1a:*:*:*:*:*:*",
+ "matchCriteriaId": "25F6EDF2-EC52-4821-80A7-1B7DB55CD5FC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:tokyo:patch_1b:*:*:*:*:*:*",
+ "matchCriteriaId": "634CC5CF-5883-44A9-86D9-7DFEADCB4AC0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:tokyo:patch_2:*:*:*:*:*:*",
+ "matchCriteriaId": "F5DD8964-4A2D-4CE8-9C45-58E20DB30964"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:tokyo:patch_2_hotfix_1:*:*:*:*:*:*",
+ "matchCriteriaId": "5A964834-0D6A-4E63-8A7A-F4B5DF2C1AAD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:tokyo:patch_2_hotfix_2:*:*:*:*:*:*",
+ "matchCriteriaId": "EFEE723D-8418-448A-9005-212B8BDB2C05"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:tokyo:patch_2_hotfix_3:*:*:*:*:*:*",
+ "matchCriteriaId": "487E9543-6417-4915-A884-20C4BF457543"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:tokyo:patch_2_hotfix_4:*:*:*:*:*:*",
+ "matchCriteriaId": "E9338643-E8E2-494E-841D-A2756A4A8EAB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:tokyo:patch_3:*:*:*:*:*:*",
+ "matchCriteriaId": "FDDF1F29-9BF2-4F82-B375-8BC4E38E6D2D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:tokyo:patch_3_hotfix_1:*:*:*:*:*:*",
+ "matchCriteriaId": "853308FF-6FE0-480E-8B7A-05C4723FB08A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:tokyo:patch_3_hotfix_2:*:*:*:*:*:*",
+ "matchCriteriaId": "2AE7A9ED-6C15-436D-8CB5-A557BE6064D0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:tokyo:patch_3_hotfix_3:*:*:*:*:*:*",
+ "matchCriteriaId": "9972BE30-D7DE-4687-BC1D-867790D281A8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:tokyo:patch_3_hotfix_4:*:*:*:*:*:*",
+ "matchCriteriaId": "E26FD8E6-C762-4CE1-8B90-7BCBBC372ADA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:tokyo:patch_4:*:*:*:*:*:*",
+ "matchCriteriaId": "F76C3CB6-D1DF-433B-ADA8-E1751DCA4FE7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:servicenow:servicenow:utah:-:*:*:*:*:*:*",
+ "matchCriteriaId": "69E0078E-1953-4F4F-9D5A-B1A140C4B310"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1262967",
- "source": "psirt@servicenow.com"
+ "source": "psirt@servicenow.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.linkedin.com/in/osamay/",
- "source": "psirt@servicenow.com"
+ "source": "psirt@servicenow.com",
+ "tags": [
+ "Permissions Required"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-12xx/CVE-2023-1252.json b/CVE-2023/CVE-2023-12xx/CVE-2023-1252.json
index 8ec2fa1124d..2d1f6cf16c5 100644
--- a/CVE-2023/CVE-2023-12xx/CVE-2023-1252.json
+++ b/CVE-2023/CVE-2023-12xx/CVE-2023-1252.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1252",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-03-23T21:15:19.287",
- "lastModified": "2023-05-05T20:15:09.963",
- "vulnStatus": "Modified",
+ "lastModified": "2023-06-07T12:47:07.337",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -66,8 +66,23 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
- "versionEndExcluding": "5.16",
- "matchCriteriaId": "D692A2AE-8E9E-46AE-8670-7E1284317A25"
+ "versionStartIncluding": "5.6",
+ "versionEndExcluding": "5.10.80",
+ "matchCriteriaId": "F33BDA1D-849E-4A10-BBF8-66BB9EA83D16"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "5.11",
+ "versionEndExcluding": "5.14.19",
+ "matchCriteriaId": "2CEA9E6D-0F19-4EA8-B4B7-0ACE5C0FC7DD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "5.15",
+ "versionEndExcluding": "5.15.3",
+ "matchCriteriaId": "83F73FEF-14B1-40D4-9A9D-2FCF409F26AE"
}
]
}
@@ -80,12 +95,16 @@
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
- "Patch"
+ "Patch",
+ "Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230505-0005/",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-13xx/CVE-2023-1375.json b/CVE-2023/CVE-2023-13xx/CVE-2023-1375.json
new file mode 100644
index 00000000000..43e7bf05d49
--- /dev/null
+++ b/CVE-2023/CVE-2023-13xx/CVE-2023-1375.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-1375",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:15:56.167",
+ "lastModified": "2023-06-09T06:15:56.167",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized cache deletion in versions up to, and including, 1.1.2 due to a missing capability check in the deleteCacheToolbar function . This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete the site's cache."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/wp-fastest-cache/trunk/wpFastestCache.php#L866",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2893158%40wp-fastest-cache&new=2893158%40wp-fastest-cache&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ae643666-70cb-4eb4-a183-e1649264ded4?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-13xx/CVE-2023-1387.json b/CVE-2023/CVE-2023-13xx/CVE-2023-1387.json
index 6de812cd4c9..c9cdeebb856 100644
--- a/CVE-2023/CVE-2023-13xx/CVE-2023-1387.json
+++ b/CVE-2023/CVE-2023-13xx/CVE-2023-1387.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1387",
"sourceIdentifier": "security@grafana.com",
"published": "2023-04-26T14:15:09.430",
- "lastModified": "2023-05-09T16:39:27.417",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-09T08:15:09.287",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -124,6 +124,10 @@
"tags": [
"Vendor Advisory"
]
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230609-0003/",
+ "source": "security@grafana.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-13xx/CVE-2023-1388.json b/CVE-2023/CVE-2023-13xx/CVE-2023-1388.json
new file mode 100644
index 00000000000..04027e6f1b0
--- /dev/null
+++ b/CVE-2023/CVE-2023-13xx/CVE-2023-1388.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2023-1388",
+ "sourceIdentifier": "trellixpsirt@trellix.com",
+ "published": "2023-06-07T08:15:10.143",
+ "lastModified": "2023-06-07T12:52:33.093",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\nA heap-based overflow vulnerability in TA prior to version 5.7.9 allows a remote user to alter the page heap in the macmnsvc process memory block, resulting in the service becoming unavailable.\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "trellixpsirt@trellix.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.4
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10398",
+ "source": "trellixpsirt@trellix.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-13xx/CVE-2023-1390.json b/CVE-2023/CVE-2023-13xx/CVE-2023-1390.json
index 6203c1d8006..d758b5f0686 100644
--- a/CVE-2023/CVE-2023-13xx/CVE-2023-1390.json
+++ b/CVE-2023/CVE-2023-13xx/CVE-2023-1390.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1390",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-03-16T21:15:11.447",
- "lastModified": "2023-04-20T09:15:08.903",
- "vulnStatus": "Modified",
+ "lastModified": "2023-06-07T12:46:27.957",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -66,8 +66,37 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
- "versionEndExcluding": "5.11",
- "matchCriteriaId": "89EC14A5-9B15-472C-A870-D93968B329AD"
+ "versionStartIncluding": "4.3",
+ "versionEndExcluding": "4.9.253",
+ "matchCriteriaId": "AF22C9B4-BCE0-4E42-8C4C-5DAE22C582DE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.10",
+ "versionEndExcluding": "4.14.217",
+ "matchCriteriaId": "D777E229-ADCF-4C7F-A9F7-B2382137F407"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.15",
+ "versionEndExcluding": "4.19.170",
+ "matchCriteriaId": "671B1493-DB61-421B-B0A9-893B3A862EB8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.20",
+ "versionEndExcluding": "5.4.92",
+ "matchCriteriaId": "2F6DB7A0-9052-479E-894D-15F862F4D3BF"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "5.5",
+ "versionEndExcluding": "5.10.10",
+ "matchCriteriaId": "AAA1C6A6-3B03-4EC3-935C-C9FA0B50DB70"
},
{
"vulnerable": true,
@@ -94,14 +123,15 @@
"url": "https://gist.github.com/netspooky/bee2d07022f6350bb88eaa48e571d9b5",
"source": "secalert@redhat.com",
"tags": [
- "Product"
+ "Third Party Advisory"
]
},
{
"url": "https://github.com/torvalds/linux/commit/b77413446408fdd256599daf00d5be72b5f3e7c6",
"source": "secalert@redhat.com",
"tags": [
- "Patch"
+ "Patch",
+ "Vendor Advisory"
]
},
{
@@ -115,7 +145,10 @@
},
{
"url": "https://security.netapp.com/advisory/ntap-20230420-0001/",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-14xx/CVE-2023-1403.json b/CVE-2023/CVE-2023-14xx/CVE-2023-1403.json
new file mode 100644
index 00000000000..1b7a71c927b
--- /dev/null
+++ b/CVE-2023/CVE-2023-14xx/CVE-2023-1403.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-1403",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:15:56.457",
+ "lastModified": "2023-06-09T06:15:56.457",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 5.0.7. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.1,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://themes.trac.wordpress.org/browser/weaver-xtreme/5.0.7/includes/lib-content.php#L1081",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5b2bef63-c871-45e4-bb05-12bbba20ca5e?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-14xx/CVE-2023-1404.json b/CVE-2023/CVE-2023-14xx/CVE-2023-1404.json
new file mode 100644
index 00000000000..933e94b7977
--- /dev/null
+++ b/CVE-2023/CVE-2023-14xx/CVE-2023-1404.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-1404",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:15:56.900",
+ "lastModified": "2023-06-09T06:15:56.900",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Weaver Show Posts Plugin for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 1.6. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.1,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/show-posts/tags/1.6/includes/atw-showposts-sc.php#L368",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c8647c44-4879-4895-bd07-19f7d62a7326?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-14xx/CVE-2023-1424.json b/CVE-2023/CVE-2023-14xx/CVE-2023-1424.json
index 30e81805b34..e3734f8c158 100644
--- a/CVE-2023/CVE-2023-14xx/CVE-2023-1424.json
+++ b/CVE-2023/CVE-2023-14xx/CVE-2023-1424.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1424",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2023-05-24T05:15:08.780",
- "lastModified": "2023-05-26T19:15:09.263",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T20:04:55.843",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.2,
+ "impactScore": 5.9
+ },
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-120"
+ }
+ ]
+ },
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"type": "Secondary",
@@ -46,22 +76,1093 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5u-32mr\\/ds_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9A78F481-0A1A-44B9-B7F7-14B3A3BED2DA"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5u-32mr\\/ds:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AA877E9F-6E21-4D0F-A46E-7E7CE860DA19"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5u-32mr\\/dss_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3D17A787-9609-4FFA-B160-C07A40406514"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5u-32mr\\/dss:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "811C01BB-09E6-4ADF-86F5-8484A5502077"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5u-32mr\\/es_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "434B82A3-B42F-4798-94D0-97B06B5C86A9"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5u-32mr\\/es:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "336ACF95-407C-4EEB-B0D0-A91CE3E80BF9"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5u-32mr\\/ess_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CBB9E685-FE8F-4DDA-9541-D8D570D9DDF6"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5u-32mr\\/ess:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1CB6554E-3962-4712-8E03-6AAB3ED90EE2"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5u-32mt\\/ds_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EDB1E6BA-12F5-48E2-8FB0-13A905240035"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5u-32mt\\/ds:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "72530D08-7969-42C8-9677-B0D281D05046"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5u-32mt\\/dss_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4A50F562-3E4B-45CC-B4C6-008E07A54832"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5u-32mt\\/dss:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0E48B78B-EB3F-4B37-A417-F8E021230A26"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5u-32mt\\/es_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "76BC6A1E-B0B2-4EC9-86AC-BEF184384634"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5u-32mt\\/es:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0D2C90C9-B448-4DB8-95BB-43FA8ACFA45D"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5u-32mt\\/ess_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C3620276-1A91-49A1-9903-42F6564D0B42"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5u-32mt\\/ess:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "ED62C9AA-FD0E-4F54-B5A2-3DF616E022DB"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5u-64mr\\/ds_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "99169D1E-D326-480B-A282-441E9D4EE73C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5u-64mr\\/ds:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C1FBE704-312F-4F1F-8CCB-4F3B1DA195D5"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5u-64mr\\/dss_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A0BBCE8A-3789-4439-8CAE-BE41F2941B87"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5u-64mr\\/dss:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3C002FE8-F90B-4357-A9DC-E8464EACE1BA"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5u-64mr\\/es_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FAF3A6A0-0CFD-4804-BD94-67F425CEA2DE"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5u-64mr\\/es:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FAA2ACC3-A707-46E8-891D-15A24900C659"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5u-64mr\\/ess_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CE39D7B6-5782-4F60-9B72-35EAEBC69341"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5u-64mr\\/ess:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0639FB73-EB71-4C80-8AF3-769F8937F592"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5u-64mt\\/ds_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CAE6E5B8-325F-49F6-B2FF-C9606C945B43"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5u-64mt\\/ds:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A5ADC97E-6479-4F4B-875F-F8F8D0146813"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5u-64mt\\/dss_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0B882EF2-12F3-4DCC-88DE-E7C2D4F4C090"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5u-64mt\\/dss:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E7F40EA1-241F-4F6D-9194-FA6DE51055E5"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5u-64mt\\/es_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2EB5881B-9851-4CF7-8CF2-8D58EEDCC6F8"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5u-64mt\\/es:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "12A419A0-9755-42CF-BBF4-A3EA192F177A"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5u-64mt\\/ess_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9039373D-235D-43F8-A835-836F925EF97F"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5u-64mt\\/ess:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A7A478DA-71CF-45D2-B570-E86E69FCA61C"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5u-80mr\\/ds_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3363A3E3-1133-46F4-A361-7908B6D0A687"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5u-80mr\\/ds:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AF471BBC-76A3-43C8-90DC-80343DE7CDE5"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5u-80mr\\/dss_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C301CB5A-D2CC-47A9-AD03-A2149A5CEF48"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5u-80mr\\/dss:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8D391BD4-D228-4157-97FC-D51C12C0FBB6"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5u-80mr\\/es_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AD882172-34AA-4381-A422-AD7018E43E79"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5u-80mr\\/es:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8DBF9A6F-360B-4B24-A65B-816C91571587"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5u-80mr\\/ess_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "16B6C910-2ADC-4383-9826-7233871DC5B8"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5u-80mr\\/ess:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7249D530-F13C-4E04-B6E9-D0653A132ACA"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5u-80mt\\/ds_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7A202065-DD69-43C7-932C-D3B1F0BE2782"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5u-80mt\\/ds:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "39276611-4856-4F8F-A0D8-4926678C4C32"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5u-80mt\\/dss_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9E6EE394-5B83-45F5-AEB3-51B2A58FEED2"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5u-80mt\\/dss:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7F7B6CE4-79E2-454C-B67F-0A30B4A878D1"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5u-80mt\\/es_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5D012D7E-2A83-4038-BAC6-9A6B472E6480"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5u-80mt\\/es:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "11C3318D-471E-486B-8B2A-F91E8E24020E"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5u-80mt\\/ess_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "986FBD4B-6309-44C3-9466-C279CE522C1C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5u-80mt\\/ess:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EF9382C7-5089-419F-9279-63B4BD4914D0"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5uc-32mr\\/dds_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B632ED85-BBB2-4362-B715-D5FCE0639CD3"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5uc-32mr\\/dds:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1989EBFB-3ED0-415B-B1C1-B20692CEE76F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5uc-32mr\\/ds_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "196F4EA9-C638-48F7-95DC-B9FEDA17164E"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5uc-32mr\\/ds:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "95E43EC2-08DC-4262-8CB7-9F2358D52270"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5uc-32mr\\/ds-ts_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C677AA78-D333-485F-A02C-C44E7B7CE1B9"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5uc-32mr\\/ds-ts:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8410DEF9-7ED9-4089-A3D0-E822128A4C54"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5uc-32mt\\/dds_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EC1A5AA0-18B8-41CB-896D-1D1614701B9E"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5uc-32mt\\/dds:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3DB03D99-F127-435E-A0C2-8D6DA77A535C"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5uc-32mt\\/ds_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5A4F4266-5FD1-4570-B48C-6B88B3CFB2D5"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5uc-32mt\\/ds:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AB580164-AA6E-416A-BC50-8B4626BC32A2"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5uc-32mt\\/dss-ts_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AA919E5A-20E1-41C2-A47F-B7A7D8DBEE67"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5uc-32mt\\/dss-ts:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "ECF6BD12-D666-487A-92B4-330FFEC49138"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5uc-32mt\\/ds-ts_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B47177C1-7646-4E24-9CDD-9FDB003B254C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5uc-32mt\\/ds-ts:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB2C1C2D-F7AE-4D68-A714-134AF52E04A6"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5uc-64mr\\/dds_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "483A2E84-496C-47FB-AFC1-E303B991E564"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5uc-64mr\\/dds:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4E9BCB2F-691F-40C6-82BD-CD5C8500CA02"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5uc-64mr\\/ds_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3DE728DE-ECDD-4685-B67C-F36EE9BF3587"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5uc-64mr\\/ds:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F15FA834-C66E-4062-B5C2-32D03E8DCB75"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5uc-64mt\\/dds_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "83D8976D-3844-4886-B958-63AEDAACACCF"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5uc-64mt\\/dds:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B058CE6F-FA03-4A28-9A33-912273B0070C"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5uc-64mt\\/ds_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "566D8523-4885-4317-9FB7-41C299B17F10"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5uc-64mt\\/ds:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "09427F8D-CD76-4F92-953D-9A721FCCAC63"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5uc-96mr\\/dds_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "029EA213-0115-46A5-88E6-AC2B363B7D12"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5uc-96mr\\/dds:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "777A4339-A5D2-4C1E-BE0B-92F659D6ACD3"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5uc-96mr\\/ds_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "885376E4-6D6F-4B07-9F22-ECF6B8F58EBE"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5uc-96mr\\/ds:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A1AADFA7-F38C-4901-B21F-9AB01A2B0AC0"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5uc-96mt\\/dds_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4BED7DB2-3022-458C-BE66-CC050D9895E4"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5uc-96mt\\/dds:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D868A6E0-B377-4EB8-9E36-A5AC1EC3C761"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:mitsubishielectric:melsec_iq-fx5uc-96mt\\/ds_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "98961CD4-F3DA-41C2-A9A4-4371FC197986"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mitsubishielectric:melsec_iq-fx5uc-96mt\\/ds:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5073046E-BFD5-437E-9738-1C2FE9BF4A76"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://jvn.jp/vu/JVNVU94650413",
- "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
+ "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-03",
- "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
+ "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
+ "tags": [
+ "Third Party Advisory",
+ "US Government Resource"
+ ]
},
{
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-003_en.pdf",
- "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
+ "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1727",
- "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
+ "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
+ "tags": [
+ "Exploit",
+ "Technical Description",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-14xx/CVE-2023-1428.json b/CVE-2023/CVE-2023-14xx/CVE-2023-1428.json
new file mode 100644
index 00000000000..cd27eb1d2cb
--- /dev/null
+++ b/CVE-2023/CVE-2023-14xx/CVE-2023-1428.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-1428",
+ "sourceIdentifier": "cve-coordination@google.com",
+ "published": "2023-06-09T11:15:09.200",
+ "lastModified": "2023-06-09T11:15:09.200",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "There exists an vulnerability causing an abort() to be called in gRPC.\u00a0\nThe following headers cause gRPC's C++ implementation to abort() when called via http2:\n\nte: x (x != trailers)\n\n:scheme: x (x != http, https)\n\ngrpclb_client_stats: x (x == anything)\n\nOn top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit\u00a02485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above.\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "cve-coordination@google.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "cve-coordination@google.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-617"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/grpc/grpc/commit/2485fa94bd8a723e5c977d55a3ce10b301b437f8",
+ "source": "cve-coordination@google.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-14xx/CVE-2023-1430.json b/CVE-2023/CVE-2023-14xx/CVE-2023-1430.json
new file mode 100644
index 00000000000..abc4309ab6a
--- /dev/null
+++ b/CVE-2023/CVE-2023-14xx/CVE-2023-1430.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-1430",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:15:57.320",
+ "lastModified": "2023-06-09T06:15:57.320",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The FluentCRM - Marketing Automation For WordPress plugin for WordPress is vulnerable to unauthorized modification of data in versions up to, and including, 2.7.40 due to the use of an MD5 hash without a salt to control subscriptions. This makes it possible for unauthenticated attackers to unsubscribe users from lists and manage subscriptions, granted they gain access to any targeted subscribers email address."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-759"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2899218/fluent-crm/tags/2.8.0/app/Hooks/Handlers/ExternalPages.php?old=2873074&old_path=fluent-crm%2Ftags%2F2.7.40%2Fapp%2FHooks%2FHandlers%2FExternalPages.php",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de6da87e-8f7d-4120-8a1b-390ef7733d84?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-16xx/CVE-2023-1615.json b/CVE-2023/CVE-2023-16xx/CVE-2023-1615.json
new file mode 100644
index 00000000000..f6f35dbf102
--- /dev/null
+++ b/CVE-2023/CVE-2023-16xx/CVE-2023-1615.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2023-1615",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:15:57.570",
+ "lastModified": "2023-06-09T06:15:57.570",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Ultimate Addons for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in versions up to, and including, 3.1.23. This makes it possible for authenticated attackers of any authorization level to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-contact-form-7/trunk/addons/database/database.php?rev=2897709#L255",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2901676/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://wordpress.org/plugins/ultimate-addons-for-contact-form-7/#developers",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/817ca119-ddaf-4525-beee-68c4e0aac544?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-16xx/CVE-2023-1621.json b/CVE-2023/CVE-2023-16xx/CVE-2023-1621.json
new file mode 100644
index 00000000000..77612bd9a96
--- /dev/null
+++ b/CVE-2023/CVE-2023-16xx/CVE-2023-1621.json
@@ -0,0 +1,51 @@
+{
+ "id": "CVE-2023-1621",
+ "sourceIdentifier": "cve@gitlab.com",
+ "published": "2023-06-06T20:15:10.227",
+ "lastModified": "2023-06-07T02:45:15.873",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to commit to projects even from a restricted IP address."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "cve@gitlab.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1621.json",
+ "source": "cve@gitlab.com"
+ },
+ {
+ "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/399774",
+ "source": "cve@gitlab.com"
+ },
+ {
+ "url": "https://hackerone.com/reports/1914049",
+ "source": "cve@gitlab.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-16xx/CVE-2023-1661.json b/CVE-2023/CVE-2023-16xx/CVE-2023-1661.json
index b114c4783a1..31a5fe487bd 100644
--- a/CVE-2023/CVE-2023-16xx/CVE-2023-1661.json
+++ b/CVE-2023/CVE-2023-16xx/CVE-2023-1661.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1661",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-05-31T04:15:09.893",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T16:33:50.117",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ },
{
"source": "security@wordfence.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ },
{
"source": "security@wordfence.com",
"type": "Secondary",
@@ -46,14 +76,39 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:display_post_meta\\,_term_meta\\,_comment_meta\\,_and_user_meta_project:display_post_meta\\,_term_meta\\,_comment_meta\\,_and_user_meta:*:*:*:*:*:wordpress:*:*",
+ "versionEndIncluding": "0.4.1",
+ "matchCriteriaId": "1E575973-69C6-4EA6-BB1E-8BC2219B08FD"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://wordpress.org/plugins/display-metadata/#developers",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Product",
+ "Release Notes"
+ ]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6f90c0d8-ede6-4f24-870f-19e888238e93?source=cve",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-16xx/CVE-2023-1667.json b/CVE-2023/CVE-2023-16xx/CVE-2023-1667.json
index 33fb4b39f1d..738cdec6270 100644
--- a/CVE-2023/CVE-2023-16xx/CVE-2023-1667.json
+++ b/CVE-2023/CVE-2023-16xx/CVE-2023-1667.json
@@ -2,16 +2,49 @@
"id": "CVE-2023-1667",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-05-26T18:15:10.740",
- "lastModified": "2023-05-30T00:15:09.613",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T15:02:27.610",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-476"
+ }
+ ]
+ },
{
"source": "secalert@redhat.com",
"type": "Secondary",
@@ -23,26 +56,120 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "0.9.1",
+ "versionEndIncluding": "0.9.6",
+ "matchCriteriaId": "4ABFA49F-EB6C-45E4-8347-1E0A0FD65908"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "0.10.0",
+ "versionEndIncluding": "0.10.4",
+ "matchCriteriaId": "B02C8B4E-0AD2-44B9-B32A-21986D00F9F5"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "http://www.libssh.org/security/advisories/CVE-2023-1667.txt",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-1667",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182199",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Issue Tracking",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00029.html",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27PD44ALQTZXX7K6JAM3BXBUHYA6DFFN/",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-17xx/CVE-2023-1709.json b/CVE-2023/CVE-2023-17xx/CVE-2023-1709.json
new file mode 100644
index 00000000000..72e27242c72
--- /dev/null
+++ b/CVE-2023/CVE-2023-17xx/CVE-2023-1709.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-1709",
+ "sourceIdentifier": "ics-cert@hq.dhs.gov",
+ "published": "2023-06-07T21:15:12.933",
+ "lastModified": "2023-06-07T21:36:36.773",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The APDFL.dll contains a memory corruption vulnerability while parsing \nspecially crafted PDF files. This could allow an attacker to execute \ncode in the context of the current process. \n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-121"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://cert-portal.siemens.com/productcert/html/ssa-629917.html",
+ "source": "ics-cert@hq.dhs.gov"
+ },
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-11",
+ "source": "ics-cert@hq.dhs.gov"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-17xx/CVE-2023-1711.json b/CVE-2023/CVE-2023-17xx/CVE-2023-1711.json
index 2b9f750b8b2..5ff61f7c20e 100644
--- a/CVE-2023/CVE-2023-17xx/CVE-2023-1711.json
+++ b/CVE-2023/CVE-2023-17xx/CVE-2023-1711.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1711",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2023-05-30T19:15:09.753",
- "lastModified": "2023-05-30T21:10:07.833",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T17:30:52.083",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 3.6
+ },
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-116"
+ }
+ ]
+ },
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
@@ -46,14 +76,122 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hitachienergy:foxman_un:r9c:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DEED4D7C-7B05-4344-8002-2F8FCE77AEC5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hitachienergy:foxman_un:r10c:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EFF43981-24F6-482E-8B52-DFFE7A50644B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hitachienergy:foxman_un:r11a:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0D867458-BC38-45D5-95A1-0270AD743913"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hitachienergy:foxman_un:r11b:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8C82E8B-578D-4DE2-A92A-D63815E23E54"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hitachienergy:foxman_un:r14a:*:*:*:*:*:*:*",
+ "matchCriteriaId": "555C826E-C454-41A8-99D0-81D2097E7382"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hitachienergy:foxman_un:r14b:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A9503866-5F47-499D-9C1A-39C668AEE5AA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hitachienergy:foxman_un:r15a:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DE718EB5-3F54-4CCB-A34E-5BA0DF87EEF0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hitachienergy:foxman_un:r15b:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EB17D0E8-A0AD-4B1B-A92B-110521975AE0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hitachienergy:foxman_un:r16a:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3ED924CD-4EBF-453E-BC07-40EB415F2585"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hitachienergy:unem:r9c:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8FB66BE3-1031-4315-AF85-309BE3C35D7D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hitachienergy:unem:r10c:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F6DF9081-1544-4A69-9D9E-80759289056B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hitachienergy:unem:r11a:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C50E14E9-D2BF-4B6C-BF87-C9E4233D3AD0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hitachienergy:unem:r11b:*:*:*:*:*:*:*",
+ "matchCriteriaId": "996564C6-8B44-4E89-A353-79B711A3DBBA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hitachienergy:unem:r14a:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6AB8CF64-17F7-488D-9763-A1487ECA405D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hitachienergy:unem:r14b:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6E96D583-2EBB-4AB2-A473-A0930E3B8D02"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hitachienergy:unem:r15a:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E78C9E5B-5876-4F15-A98A-359193287446"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hitachienergy:unem:r15b:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C3168F38-7B9E-4F4D-B6D0-1BAFB5FE05F5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hitachienergy:unem:r16a:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7ABB4A53-07A0-4F9A-824B-A1AC71CCB44E"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000155&LanguageCode=en&DocumentPartId=&Action=Launch",
- "source": "cybersecurity@hitachienergy.com"
+ "source": "cybersecurity@hitachienergy.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000166&LanguageCode=en&DocumentPartId=&Action=Launch",
- "source": "cybersecurity@hitachienergy.com"
+ "source": "cybersecurity@hitachienergy.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-17xx/CVE-2023-1763.json b/CVE-2023/CVE-2023-17xx/CVE-2023-1763.json
index 23fcc1987ea..5663beebc1b 100644
--- a/CVE-2023/CVE-2023-17xx/CVE-2023-1763.json
+++ b/CVE-2023/CVE-2023-17xx/CVE-2023-1763.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1763",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-17T01:15:09.833",
- "lastModified": "2023-05-17T12:46:46.567",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T14:03:25.437",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ },
{
"source": "cve@mitre.org",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-522"
+ }
+ ]
+ },
{
"source": "cve@mitre.org",
"type": "Secondary",
@@ -46,14 +76,89 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:canon:ij_network_tool:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "4.7.3",
+ "matchCriteriaId": "DC627799-7AAF-4E74-A613-C5EC58573C09"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "10.7.5",
+ "versionEndIncluding": "10.8.0",
+ "matchCriteriaId": "31B4A6B5-50CC-4B40-86F8-E2CF40C3582E"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:canon:ij_network_tool:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "4.7.5",
+ "matchCriteriaId": "0D45F7B8-4556-4318-8941-3D8CC44734C4"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "10.9.5",
+ "versionEndIncluding": "10.15",
+ "matchCriteriaId": "DF57DBD2-F98D-48A4-90AA-39986C963B04"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "11.0",
+ "versionEndIncluding": "13.0",
+ "matchCriteriaId": "13D9BE5E-15FA-45EF-8F21-EC2AE8B1F52F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://psirt.canon/advisory-information/cp2023-002/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://psirt.canon/hardening/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-17xx/CVE-2023-1764.json b/CVE-2023/CVE-2023-17xx/CVE-2023-1764.json
index 5c1b396ce67..56464ac35b3 100644
--- a/CVE-2023/CVE-2023-17xx/CVE-2023-1764.json
+++ b/CVE-2023/CVE-2023-17xx/CVE-2023-1764.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1764",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-17T01:15:09.920",
- "lastModified": "2023-05-17T12:46:46.567",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T14:01:36.060",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ },
{
"source": "cve@mitre.org",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-326"
+ }
+ ]
+ },
{
"source": "cve@mitre.org",
"type": "Secondary",
@@ -46,14 +76,89 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:canon:ij_network_tool:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "4.7.3",
+ "matchCriteriaId": "DC627799-7AAF-4E74-A613-C5EC58573C09"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "10.7.5",
+ "versionEndIncluding": "10.8.0",
+ "matchCriteriaId": "31B4A6B5-50CC-4B40-86F8-E2CF40C3582E"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:canon:ij_network_tool:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "4.7.5",
+ "matchCriteriaId": "0D45F7B8-4556-4318-8941-3D8CC44734C4"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "10.9.5",
+ "versionEndIncluding": "10.15",
+ "matchCriteriaId": "DF57DBD2-F98D-48A4-90AA-39986C963B04"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "11.0",
+ "versionEndIncluding": "13.0",
+ "matchCriteriaId": "13D9BE5E-15FA-45EF-8F21-EC2AE8B1F52F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://psirt.canon/advisory-information/cp2023-002/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://psirt.canon/hardening/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-17xx/CVE-2023-1779.json b/CVE-2023/CVE-2023-17xx/CVE-2023-1779.json
new file mode 100644
index 00000000000..87fd315159a
--- /dev/null
+++ b/CVE-2023/CVE-2023-17xx/CVE-2023-1779.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-1779",
+ "sourceIdentifier": "info@cert.vde.com",
+ "published": "2023-06-06T11:15:09.913",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Exposure of Sensitive Information to an unauthorized actor vulnerability\u00a0in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual in versions <=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "info@cert.vde.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "info@cert.vde.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-200"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://cert.vde.com/en/advisories/VDE-2023-008/",
+ "source": "info@cert.vde.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1807.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1807.json
new file mode 100644
index 00000000000..04040e2453b
--- /dev/null
+++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1807.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-1807",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:15:57.847",
+ "lastModified": "2023-06-09T06:15:57.847",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Elementor Addons, Widgets and Enhancements \u2013 Stax plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.3. This is due to missing or incorrect nonce validation on the toggle_widget function. This makes it possible for unauthenticated attackers to enable or disable Elementor widgets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/stax-addons-for-elementor/trunk/core/admin/pages/Widgets.php#L31",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c12094bd-aa23-4f9b-92e1-d1d4284fb2a0?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1825.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1825.json
new file mode 100644
index 00000000000..8cf6e39c3d6
--- /dev/null
+++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1825.json
@@ -0,0 +1,47 @@
+{
+ "id": "CVE-2023-1825",
+ "sourceIdentifier": "cve@gitlab.com",
+ "published": "2023-06-07T17:15:09.900",
+ "lastModified": "2023-06-07T17:28:57.443",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue has been discovered in GitLab EE affecting all versions starting from 15.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. It was possible to disclose issue notes to an unauthorized user at project export."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "cve@gitlab.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.1,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 1.6,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1825.json",
+ "source": "cve@gitlab.com"
+ },
+ {
+ "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/384035",
+ "source": "cve@gitlab.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1843.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1843.json
new file mode 100644
index 00000000000..b35a035d049
--- /dev/null
+++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1843.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-1843",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:15:58.037",
+ "lastModified": "2023-06-09T06:15:58.037",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to unauthorized permalink structure update due to a missing capability check on the permalink_setup function in versions up to, and including, 3.3.0. This makes it possible for unauthenticated attackers to change the permalink structure."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 2.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/metform/trunk/plugin.php#L544",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2907471/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5db00eb6-3e05-42fa-bb84-2df4bcae3955?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1864.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1864.json
new file mode 100644
index 00000000000..952880964c1
--- /dev/null
+++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1864.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-1864",
+ "sourceIdentifier": "ics-cert@hq.dhs.gov",
+ "published": "2023-06-07T21:15:13.037",
+ "lastModified": "2023-06-07T21:36:36.773",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable to\n a path traversal, which could allow an attacker to remotely read files \non the system running the affected software. \n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.8,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.2,
+ "impactScore": 4.0
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-101-01",
+ "source": "ics-cert@hq.dhs.gov"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1888.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1888.json
new file mode 100644
index 00000000000..6b84d1871f9
--- /dev/null
+++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1888.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-1888",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:15:58.410",
+ "lastModified": "2023-06-09T06:15:58.410",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including, 7.5.4. This is due to a lack of validation checks within login.php. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset the password of an arbitrary user and gain elevated (e.g., administrator) privileges."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-20"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2920100/directorist",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01943559-e05b-4dca-b322-d880b2729ee7?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1889.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1889.json
new file mode 100644
index 00000000000..356822f2550
--- /dev/null
+++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1889.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-1889",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:15:58.690",
+ "lastModified": "2023-06-09T06:15:58.690",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listing_task function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-639"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2920100/directorist",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b47edd57-cac7-463f-88cc-8922f1b34612?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1895.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1895.json
new file mode 100644
index 00000000000..19826f4a2f5
--- /dev/null
+++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1895.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-1895",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:15:58.997",
+ "lastModified": "2023-06-09T06:15:58.997",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 8.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.1,
+ "impactScore": 4.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-918"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/getwid/tags/1.8.3/includes/rest-api.php",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e9c2a942-c14c-4b59-92a7-6946b2e4731b?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-19xx/CVE-2023-1910.json b/CVE-2023/CVE-2023-19xx/CVE-2023-1910.json
new file mode 100644
index 00000000000..f9430aef40b
--- /dev/null
+++ b/CVE-2023/CVE-2023-19xx/CVE-2023-1910.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-1910",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:15:59.433",
+ "lastModified": "2023-06-09T06:15:59.433",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the get_remote_templates function in versions up to, and including, 1.8.3. This makes it possible for authenticated attackers with subscriber-level permissions or above to flush the remote template cache. Cached template information can also be accessed via this endpoint but these are not considered sensitive as they are publicly accessible from the developer's site."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-285"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/getwid/tags/1.8.3/includes/rest-api.php",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6cd64ab0-007b-4778-9d92-06e530638fad?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-19xx/CVE-2023-1917.json b/CVE-2023/CVE-2023-19xx/CVE-2023-1917.json
new file mode 100644
index 00000000000..d179fb4504d
--- /dev/null
+++ b/CVE-2023/CVE-2023-19xx/CVE-2023-1917.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2023-1917",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:15:59.717",
+ "lastModified": "2023-06-09T06:15:59.717",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: A partial fix for the issue was introduced in version 10.0.1, and an additional patch (version 10.0.2) was released to address a workaround."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/powerpress/trunk/powerpress-player.php#L102",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2896729/powerpress",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2899207/powerpress",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/44583cb7-bc32-4e62-8431-f5f1f6baeff2?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-19xx/CVE-2023-1945.json b/CVE-2023/CVE-2023-19xx/CVE-2023-1945.json
index aaeab19c348..ca4f30406c4 100644
--- a/CVE-2023/CVE-2023-19xx/CVE-2023-1945.json
+++ b/CVE-2023/CVE-2023-19xx/CVE-2023-1945.json
@@ -2,27 +2,97 @@
"id": "CVE-2023-1945",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:10.493",
- "lastModified": "2023-06-02T18:10:24.877",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T15:06:12.877",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 102.10 and Firefox ESR < 102.10."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.10",
+ "matchCriteriaId": "03736567-251A-4F75-992E-AB7C957FB587"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.10",
+ "matchCriteriaId": "7C8C9D9E-9BDA-475D-B7D6-10D1C6E9DD72"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1777588",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-14/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-15/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-19xx/CVE-2023-1978.json b/CVE-2023/CVE-2023-19xx/CVE-2023-1978.json
new file mode 100644
index 00000000000..518b48d0d20
--- /dev/null
+++ b/CVE-2023/CVE-2023-19xx/CVE-2023-1978.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-1978",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:00.060",
+ "lastModified": "2023-06-09T06:16:00.060",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the query string in versions up to, and including, 4.9.25 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2898274/shiftcontroller",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b5c61212-e68e-4198-b078-18121576b767?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20712.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20712.json
new file mode 100644
index 00000000000..dc82d35e3a3
--- /dev/null
+++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20712.json
@@ -0,0 +1,279 @@
+{
+ "id": "CVE-2023-20712",
+ "sourceIdentifier": "security@mediatek.com",
+ "published": "2023-06-06T13:15:10.897",
+ "lastModified": "2023-06-09T03:55:01.490",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07796914; Issue ID: ALPS07796914."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:iot-yocto:22.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B20DD930-83A1-4715-AD51-458ECA2578D8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt7663:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "10C79211-F064-499D-914E-0BACD038FBF4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt7668:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8E400AB9-B82A-4449-8789-35112940270F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt7902:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "91DEA745-47A8-43F1-A1B2-F53F651A99EF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt7921:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "32AFEA0A-FFE2-4EA9-8B51-7E3E75DE65CC"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8518:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EE5E73E0-EF8D-4659-B447-66474BC05708"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8532:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EE18D5C2-0423-4CE5-86E7-69E7BB131BBF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8695:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B5126E05-25DC-4EF7-8DDE-BBA38A7547FB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:iot-yocto:22.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B20DD930-83A1-4715-AD51-458ECA2578D8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:4.19:-:*:*:*:*:*:*",
+ "matchCriteriaId": "CFDAD450-8799-4C2D-80CE-2AA45DEC35CE"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt5521:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "924A5491-E491-4570-ACA5-75B1B2BB736D"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://corp.mediatek.com/product-security-bulletin/June-2023",
+ "source": "security@mediatek.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20715.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20715.json
new file mode 100644
index 00000000000..ec32473767c
--- /dev/null
+++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20715.json
@@ -0,0 +1,274 @@
+{
+ "id": "CVE-2023-20715",
+ "sourceIdentifier": "security@mediatek.com",
+ "published": "2023-06-06T13:15:11.397",
+ "lastModified": "2023-06-09T03:54:57.190",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07796900; Issue ID: ALPS07796900."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:iot-yocto:22.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B20DD930-83A1-4715-AD51-458ECA2578D8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt7663:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "10C79211-F064-499D-914E-0BACD038FBF4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt7668:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8E400AB9-B82A-4449-8789-35112940270F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt7902:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "91DEA745-47A8-43F1-A1B2-F53F651A99EF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt7921:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "32AFEA0A-FFE2-4EA9-8B51-7E3E75DE65CC"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8518:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EE5E73E0-EF8D-4659-B447-66474BC05708"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8532:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EE18D5C2-0423-4CE5-86E7-69E7BB131BBF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:iot-yocto:22.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B20DD930-83A1-4715-AD51-458ECA2578D8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:4.19:-:*:*:*:*:*:*",
+ "matchCriteriaId": "CFDAD450-8799-4C2D-80CE-2AA45DEC35CE"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt5521:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "924A5491-E491-4570-ACA5-75B1B2BB736D"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://corp.mediatek.com/product-security-bulletin/June-2023",
+ "source": "security@mediatek.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20716.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20716.json
new file mode 100644
index 00000000000..3c0b66f6ca0
--- /dev/null
+++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20716.json
@@ -0,0 +1,279 @@
+{
+ "id": "CVE-2023-20716",
+ "sourceIdentifier": "security@mediatek.com",
+ "published": "2023-06-06T13:15:11.557",
+ "lastModified": "2023-06-09T03:54:47.580",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07796883; Issue ID: ALPS07796883."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:iot-yocto:22.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B20DD930-83A1-4715-AD51-458ECA2578D8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt7663:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "10C79211-F064-499D-914E-0BACD038FBF4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt7668:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8E400AB9-B82A-4449-8789-35112940270F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt7902:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "91DEA745-47A8-43F1-A1B2-F53F651A99EF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt7921:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "32AFEA0A-FFE2-4EA9-8B51-7E3E75DE65CC"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8518:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EE5E73E0-EF8D-4659-B447-66474BC05708"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8532:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EE18D5C2-0423-4CE5-86E7-69E7BB131BBF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8695:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B5126E05-25DC-4EF7-8DDE-BBA38A7547FB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:iot-yocto:22.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B20DD930-83A1-4715-AD51-458ECA2578D8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:4.19:-:*:*:*:*:*:*",
+ "matchCriteriaId": "CFDAD450-8799-4C2D-80CE-2AA45DEC35CE"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt5221:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "518D4593-D5E2-489C-92C3-343716A621E9"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://corp.mediatek.com/product-security-bulletin/June-2023",
+ "source": "security@mediatek.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20723.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20723.json
new file mode 100644
index 00000000000..2a6bc6e1820
--- /dev/null
+++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20723.json
@@ -0,0 +1,107 @@
+{
+ "id": "CVE-2023-20723",
+ "sourceIdentifier": "security@mediatek.com",
+ "published": "2023-06-06T13:15:11.703",
+ "lastModified": "2023-06-09T03:51:32.767",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07843845; Issue ID: ALPS07843845."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://corp.mediatek.com/product-security-bulletin/June-2023",
+ "source": "security@mediatek.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20724.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20724.json
new file mode 100644
index 00000000000..0941b3e1b3f
--- /dev/null
+++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20724.json
@@ -0,0 +1,107 @@
+{
+ "id": "CVE-2023-20724",
+ "sourceIdentifier": "security@mediatek.com",
+ "published": "2023-06-06T13:15:11.823",
+ "lastModified": "2023-06-09T03:51:53.713",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07843845; Issue ID: ALPS07843841."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://corp.mediatek.com/product-security-bulletin/June-2023",
+ "source": "security@mediatek.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20725.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20725.json
new file mode 100644
index 00000000000..420d98b5ba8
--- /dev/null
+++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20725.json
@@ -0,0 +1,292 @@
+{
+ "id": "CVE-2023-20725",
+ "sourceIdentifier": "security@mediatek.com",
+ "published": "2023-06-06T13:15:11.937",
+ "lastModified": "2023-06-09T03:52:02.530",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734004 / ALPS07874358 (For MT6880, MT6890, MT6980, MT6990 only); Issue ID: ALPS07734004 / ALPS07874358 (For MT6880, MT6890, MT6980, MT6990 only)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A1488152-CC93-40DF-8D1F-BF33DC8444FF"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*",
+ "matchCriteriaId": "4FA469E2-9E63-4C9A-8EBA-10C8C870063A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*",
+ "matchCriteriaId": "F0133207-2EED-4625-854F-8DB7770D5BF7"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://corp.mediatek.com/product-security-bulletin/June-2023",
+ "source": "security@mediatek.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20727.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20727.json
new file mode 100644
index 00000000000..82f419e0dc1
--- /dev/null
+++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20727.json
@@ -0,0 +1,182 @@
+{
+ "id": "CVE-2023-20727",
+ "sourceIdentifier": "security@mediatek.com",
+ "published": "2023-06-06T09:15:11.160",
+ "lastModified": "2023-06-09T03:55:06.267",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588531; Issue ID: ALPS07588531."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8695:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B5126E05-25DC-4EF7-8DDE-BBA38A7547FB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://corp.mediatek.com/product-security-bulletin/June-2023",
+ "source": "security@mediatek.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20728.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20728.json
new file mode 100644
index 00000000000..0b9d26f5bc3
--- /dev/null
+++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20728.json
@@ -0,0 +1,292 @@
+{
+ "id": "CVE-2023-20728",
+ "sourceIdentifier": "security@mediatek.com",
+ "published": "2023-06-06T13:15:12.070",
+ "lastModified": "2023-06-09T03:54:51.930",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573603; Issue ID: ALPS07573603."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:3.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B2EECB3C-723A-492D-A6D7-6A1A73EDBFDF"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2385F2C9-3EA1-424B-AB8D-A672BF1CBE56"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt7663:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "10C79211-F064-499D-914E-0BACD038FBF4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt7668:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8E400AB9-B82A-4449-8789-35112940270F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt7902:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "91DEA745-47A8-43F1-A1B2-F53F651A99EF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt7921:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "32AFEA0A-FFE2-4EA9-8B51-7E3E75DE65CC"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8518:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EE5E73E0-EF8D-4659-B447-66474BC05708"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8532:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EE18D5C2-0423-4CE5-86E7-69E7BB131BBF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "03E6123A-7603-4EAB-AFFB-229E8A040709"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8695:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B5126E05-25DC-4EF7-8DDE-BBA38A7547FB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://corp.mediatek.com/product-security-bulletin/June-2023",
+ "source": "security@mediatek.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20729.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20729.json
new file mode 100644
index 00000000000..3850abe4437
--- /dev/null
+++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20729.json
@@ -0,0 +1,127 @@
+{
+ "id": "CVE-2023-20729",
+ "sourceIdentifier": "security@mediatek.com",
+ "published": "2023-06-06T13:15:12.193",
+ "lastModified": "2023-06-09T03:54:39.430",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573552; Issue ID: ALPS07573575."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:3.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B2EECB3C-723A-492D-A6D7-6A1A73EDBFDF"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2385F2C9-3EA1-424B-AB8D-A672BF1CBE56"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt7902:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "91DEA745-47A8-43F1-A1B2-F53F651A99EF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt7921:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "32AFEA0A-FFE2-4EA9-8B51-7E3E75DE65CC"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8518:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EE5E73E0-EF8D-4659-B447-66474BC05708"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8532:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EE18D5C2-0423-4CE5-86E7-69E7BB131BBF"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://corp.mediatek.com/product-security-bulletin/June-2023",
+ "source": "security@mediatek.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20730.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20730.json
new file mode 100644
index 00000000000..04b68d300be
--- /dev/null
+++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20730.json
@@ -0,0 +1,127 @@
+{
+ "id": "CVE-2023-20730",
+ "sourceIdentifier": "security@mediatek.com",
+ "published": "2023-06-06T13:15:12.307",
+ "lastModified": "2023-06-09T03:54:43.843",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573552; Issue ID: ALPS07573552."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:3.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B2EECB3C-723A-492D-A6D7-6A1A73EDBFDF"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2385F2C9-3EA1-424B-AB8D-A672BF1CBE56"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt7902:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "91DEA745-47A8-43F1-A1B2-F53F651A99EF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt7921:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "32AFEA0A-FFE2-4EA9-8B51-7E3E75DE65CC"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8518:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EE5E73E0-EF8D-4659-B447-66474BC05708"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8532:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EE18D5C2-0423-4CE5-86E7-69E7BB131BBF"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://corp.mediatek.com/product-security-bulletin/June-2023",
+ "source": "security@mediatek.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20731.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20731.json
new file mode 100644
index 00000000000..865cdb3ccca
--- /dev/null
+++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20731.json
@@ -0,0 +1,322 @@
+{
+ "id": "CVE-2023-20731",
+ "sourceIdentifier": "security@mediatek.com",
+ "published": "2023-06-06T13:15:12.413",
+ "lastModified": "2023-06-09T03:54:36.050",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573495; Issue ID: ALPS07573495."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:3.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B2EECB3C-723A-492D-A6D7-6A1A73EDBFDF"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2385F2C9-3EA1-424B-AB8D-A672BF1CBE56"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt7663:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "10C79211-F064-499D-914E-0BACD038FBF4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt7668:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8E400AB9-B82A-4449-8789-35112940270F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt7902:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "91DEA745-47A8-43F1-A1B2-F53F651A99EF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt7921:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "32AFEA0A-FFE2-4EA9-8B51-7E3E75DE65CC"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4452EFCF-5733-40A0-8726-F8E33E569411"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8518:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EE5E73E0-EF8D-4659-B447-66474BC05708"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8532:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EE18D5C2-0423-4CE5-86E7-69E7BB131BBF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8695:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B5126E05-25DC-4EF7-8DDE-BBA38A7547FB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://corp.mediatek.com/product-security-bulletin/June-2023",
+ "source": "security@mediatek.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20732.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20732.json
new file mode 100644
index 00000000000..b2d6aa039f5
--- /dev/null
+++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20732.json
@@ -0,0 +1,322 @@
+{
+ "id": "CVE-2023-20732",
+ "sourceIdentifier": "security@mediatek.com",
+ "published": "2023-06-06T13:15:12.563",
+ "lastModified": "2023-06-09T03:54:31.863",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573480; Issue ID: ALPS07573480."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:3.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B2EECB3C-723A-492D-A6D7-6A1A73EDBFDF"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2385F2C9-3EA1-424B-AB8D-A672BF1CBE56"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt7663:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "10C79211-F064-499D-914E-0BACD038FBF4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt7668:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8E400AB9-B82A-4449-8789-35112940270F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt7902:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "91DEA745-47A8-43F1-A1B2-F53F651A99EF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt7921:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "32AFEA0A-FFE2-4EA9-8B51-7E3E75DE65CC"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4452EFCF-5733-40A0-8726-F8E33E569411"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8518:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EE5E73E0-EF8D-4659-B447-66474BC05708"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8532:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EE18D5C2-0423-4CE5-86E7-69E7BB131BBF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8695:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B5126E05-25DC-4EF7-8DDE-BBA38A7547FB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://corp.mediatek.com/product-security-bulletin/June-2023",
+ "source": "security@mediatek.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20733.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20733.json
new file mode 100644
index 00000000000..60028352d01
--- /dev/null
+++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20733.json
@@ -0,0 +1,197 @@
+{
+ "id": "CVE-2023-20733",
+ "sourceIdentifier": "security@mediatek.com",
+ "published": "2023-06-06T13:15:12.680",
+ "lastModified": "2023-06-09T03:54:28.583",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In vcu, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645149."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-667"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:iot-yocto:22.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B20DD930-83A1-4715-AD51-458ECA2578D8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://corp.mediatek.com/product-security-bulletin/June-2023",
+ "source": "security@mediatek.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20734.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20734.json
new file mode 100644
index 00000000000..b2c6a5ceee5
--- /dev/null
+++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20734.json
@@ -0,0 +1,287 @@
+{
+ "id": "CVE-2023-20734",
+ "sourceIdentifier": "security@mediatek.com",
+ "published": "2023-06-06T13:15:12.800",
+ "lastModified": "2023-06-09T03:52:19.610",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645184."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:iot-yocto:22.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B20DD930-83A1-4715-AD51-458ECA2578D8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt5696:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8A07610A-173B-4DF2-8DAD-D2FF07EB9A17"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt5836:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "222E4ECD-459A-4422-947F-FF26E026BC56"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt5838:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E72667B1-71C3-4DB5-A5E4-BC8212B1B00B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9000:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F0200228-E2A8-4DBE-A4DA-7AC7D4B9DE99"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9015:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "354492FD-4052-41F8-805E-55F387AF8F17"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9023:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "591A2A8B-DB5D-42BC-99A6-0D0DAB45C645"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9025:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A6133E43-E032-4334-88C7-116B27B3090D"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9618:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "311AFBA9-A0AD-4638-ACFF-0D4AC12FA127"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9649:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C1C6E88C-46DD-45AB-88C1-B69FC0E25056"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9653:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "63BC3AE7-4180-4B8C-AB69-8AC4F502700D"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9679:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "717AE700-78CC-4750-92CB-C9293571EC7D"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9687:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0BC2011E-7629-477E-A898-9748119F7A23"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9689:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B84CEB95-BF9E-42E3-90F4-70B1C7EE41A6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9902:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A42C58EE-7A5A-42BE-9C64-1A0F3657AA05"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9932:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DDB40D8E-E934-47B1-A3A9-102F39C2FF21"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9952:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0407203F-F9DE-4899-B0E6-226A7E9952CA"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9972:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0C76B993-B660-41EB-A66A-96011A044BF6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9982:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5F8F0452-97F5-4BC6-AC85-42A24721F7CB"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://corp.mediatek.com/product-security-bulletin/June-2023",
+ "source": "security@mediatek.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20735.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20735.json
new file mode 100644
index 00000000000..de1f5fceb6d
--- /dev/null
+++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20735.json
@@ -0,0 +1,327 @@
+{
+ "id": "CVE-2023-20735",
+ "sourceIdentifier": "security@mediatek.com",
+ "published": "2023-06-06T13:15:12.910",
+ "lastModified": "2023-06-09T03:54:24.753",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645178."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:iot-yocto:22.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B20DD930-83A1-4715-AD51-458ECA2578D8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt5696:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8A07610A-173B-4DF2-8DAD-D2FF07EB9A17"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt5836:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "222E4ECD-459A-4422-947F-FF26E026BC56"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt5838:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E72667B1-71C3-4DB5-A5E4-BC8212B1B00B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9000:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F0200228-E2A8-4DBE-A4DA-7AC7D4B9DE99"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9015:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "354492FD-4052-41F8-805E-55F387AF8F17"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9023:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "591A2A8B-DB5D-42BC-99A6-0D0DAB45C645"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9025:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A6133E43-E032-4334-88C7-116B27B3090D"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9618:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "311AFBA9-A0AD-4638-ACFF-0D4AC12FA127"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9649:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C1C6E88C-46DD-45AB-88C1-B69FC0E25056"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9653:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "63BC3AE7-4180-4B8C-AB69-8AC4F502700D"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9679:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "717AE700-78CC-4750-92CB-C9293571EC7D"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9687:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0BC2011E-7629-477E-A898-9748119F7A23"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9689:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B84CEB95-BF9E-42E3-90F4-70B1C7EE41A6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9902:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A42C58EE-7A5A-42BE-9C64-1A0F3657AA05"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9932:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DDB40D8E-E934-47B1-A3A9-102F39C2FF21"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9952:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0407203F-F9DE-4899-B0E6-226A7E9952CA"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9972:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0C76B993-B660-41EB-A66A-96011A044BF6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9982:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5F8F0452-97F5-4BC6-AC85-42A24721F7CB"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://corp.mediatek.com/product-security-bulletin/June-2023",
+ "source": "security@mediatek.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20736.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20736.json
new file mode 100644
index 00000000000..70a673839b2
--- /dev/null
+++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20736.json
@@ -0,0 +1,201 @@
+{
+ "id": "CVE-2023-20736",
+ "sourceIdentifier": "security@mediatek.com",
+ "published": "2023-06-06T13:15:13.083",
+ "lastModified": "2023-06-09T03:53:52.827",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In vcu, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645189."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.5,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-362"
+ },
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:iot-yocto:22.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B20DD930-83A1-4715-AD51-458ECA2578D8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://corp.mediatek.com/product-security-bulletin/June-2023",
+ "source": "security@mediatek.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20737.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20737.json
new file mode 100644
index 00000000000..c09c6409396
--- /dev/null
+++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20737.json
@@ -0,0 +1,197 @@
+{
+ "id": "CVE-2023-20737",
+ "sourceIdentifier": "security@mediatek.com",
+ "published": "2023-06-06T13:15:13.230",
+ "lastModified": "2023-06-09T03:52:13.303",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In vcu, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645167."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-667"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:iot-yocto:22.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B20DD930-83A1-4715-AD51-458ECA2578D8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://corp.mediatek.com/product-security-bulletin/June-2023",
+ "source": "security@mediatek.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20738.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20738.json
new file mode 100644
index 00000000000..febbe372dea
--- /dev/null
+++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20738.json
@@ -0,0 +1,327 @@
+{
+ "id": "CVE-2023-20738",
+ "sourceIdentifier": "security@mediatek.com",
+ "published": "2023-06-06T13:15:13.430",
+ "lastModified": "2023-06-09T03:54:20.640",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645173."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:iot-yocto:22.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B20DD930-83A1-4715-AD51-458ECA2578D8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt5696:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8A07610A-173B-4DF2-8DAD-D2FF07EB9A17"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt5836:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "222E4ECD-459A-4422-947F-FF26E026BC56"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt5838:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E72667B1-71C3-4DB5-A5E4-BC8212B1B00B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9000:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F0200228-E2A8-4DBE-A4DA-7AC7D4B9DE99"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9015:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "354492FD-4052-41F8-805E-55F387AF8F17"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9023:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "591A2A8B-DB5D-42BC-99A6-0D0DAB45C645"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9025:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A6133E43-E032-4334-88C7-116B27B3090D"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9618:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "311AFBA9-A0AD-4638-ACFF-0D4AC12FA127"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9649:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C1C6E88C-46DD-45AB-88C1-B69FC0E25056"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9653:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "63BC3AE7-4180-4B8C-AB69-8AC4F502700D"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9679:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "717AE700-78CC-4750-92CB-C9293571EC7D"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9687:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0BC2011E-7629-477E-A898-9748119F7A23"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9689:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B84CEB95-BF9E-42E3-90F4-70B1C7EE41A6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9902:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A42C58EE-7A5A-42BE-9C64-1A0F3657AA05"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9932:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DDB40D8E-E934-47B1-A3A9-102F39C2FF21"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9952:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0407203F-F9DE-4899-B0E6-226A7E9952CA"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9972:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0C76B993-B660-41EB-A66A-96011A044BF6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9982:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5F8F0452-97F5-4BC6-AC85-42A24721F7CB"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://corp.mediatek.com/product-security-bulletin/June-2023",
+ "source": "security@mediatek.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20739.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20739.json
new file mode 100644
index 00000000000..bb73edd06db
--- /dev/null
+++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20739.json
@@ -0,0 +1,322 @@
+{
+ "id": "CVE-2023-20739",
+ "sourceIdentifier": "security@mediatek.com",
+ "published": "2023-06-06T13:15:13.590",
+ "lastModified": "2023-06-09T03:53:03.250",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In vcu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07559819; Issue ID: ALPS07559819."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C82E144B-0BAD-47E1-A657-3A5880988FE2"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4E76B29F-007E-4445-B3F3-3FDC054FEB84"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7362AED0-47F2-4D48-A292-89F717F0697E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B4C27948-65A7-4B1E-9F10-6744D176A5C3"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6757c:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D808EF4D-0A54-4324-8341-240F7AFABC40"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6757cd:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "64EDB89E-8140-4202-97B3-9D7337E90FDE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6757ch:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D2C5CC4F-DA66-4980-A4BB-693987431A38"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2F19C76A-50DF-4ACA-BACA-07157B4D838B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BE4D2AED-C713-407F-A34A-52C3D8F65835"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://corp.mediatek.com/product-security-bulletin/June-2023",
+ "source": "security@mediatek.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20740.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20740.json
new file mode 100644
index 00000000000..3e9ad1a79d6
--- /dev/null
+++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20740.json
@@ -0,0 +1,272 @@
+{
+ "id": "CVE-2023-20740",
+ "sourceIdentifier": "security@mediatek.com",
+ "published": "2023-06-06T13:15:13.727",
+ "lastModified": "2023-06-09T03:53:38.163",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In vcu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07559819; Issue ID: ALPS07559840."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:iot-yocto:22.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B20DD930-83A1-4715-AD51-458ECA2578D8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4452EFCF-5733-40A0-8726-F8E33E569411"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://corp.mediatek.com/product-security-bulletin/June-2023",
+ "source": "security@mediatek.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20741.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20741.json
new file mode 100644
index 00000000000..1de52a0f649
--- /dev/null
+++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20741.json
@@ -0,0 +1,322 @@
+{
+ "id": "CVE-2023-20741",
+ "sourceIdentifier": "security@mediatek.com",
+ "published": "2023-06-06T13:15:13.873",
+ "lastModified": "2023-06-09T03:53:58.487",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628591; Issue ID: ALPS07628606."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C82E144B-0BAD-47E1-A657-3A5880988FE2"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4E76B29F-007E-4445-B3F3-3FDC054FEB84"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7362AED0-47F2-4D48-A292-89F717F0697E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B4C27948-65A7-4B1E-9F10-6744D176A5C3"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6757c:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D808EF4D-0A54-4324-8341-240F7AFABC40"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6757cd:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "64EDB89E-8140-4202-97B3-9D7337E90FDE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6757ch:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D2C5CC4F-DA66-4980-A4BB-693987431A38"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2F19C76A-50DF-4ACA-BACA-07157B4D838B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BE4D2AED-C713-407F-A34A-52C3D8F65835"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://corp.mediatek.com/product-security-bulletin/June-2023",
+ "source": "security@mediatek.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20742.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20742.json
new file mode 100644
index 00000000000..888a806606d
--- /dev/null
+++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20742.json
@@ -0,0 +1,322 @@
+{
+ "id": "CVE-2023-20742",
+ "sourceIdentifier": "security@mediatek.com",
+ "published": "2023-06-06T13:15:14.033",
+ "lastModified": "2023-06-09T03:53:33.333",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628591; Issue ID: ALPS07628540."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C82E144B-0BAD-47E1-A657-3A5880988FE2"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4E76B29F-007E-4445-B3F3-3FDC054FEB84"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7362AED0-47F2-4D48-A292-89F717F0697E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B4C27948-65A7-4B1E-9F10-6744D176A5C3"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6757c:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D808EF4D-0A54-4324-8341-240F7AFABC40"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6757cd:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "64EDB89E-8140-4202-97B3-9D7337E90FDE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6757ch:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D2C5CC4F-DA66-4980-A4BB-693987431A38"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2F19C76A-50DF-4ACA-BACA-07157B4D838B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BE4D2AED-C713-407F-A34A-52C3D8F65835"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://corp.mediatek.com/product-security-bulletin/June-2023",
+ "source": "security@mediatek.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20743.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20743.json
new file mode 100644
index 00000000000..5341184235e
--- /dev/null
+++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20743.json
@@ -0,0 +1,152 @@
+{
+ "id": "CVE-2023-20743",
+ "sourceIdentifier": "security@mediatek.com",
+ "published": "2023-06-06T13:15:14.163",
+ "lastModified": "2023-06-09T03:53:45.083",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519142."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-667"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:iot-yocto:22.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B20DD930-83A1-4715-AD51-458ECA2578D8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://corp.mediatek.com/product-security-bulletin/June-2023",
+ "source": "security@mediatek.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20744.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20744.json
new file mode 100644
index 00000000000..580ef9e0887
--- /dev/null
+++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20744.json
@@ -0,0 +1,152 @@
+{
+ "id": "CVE-2023-20744",
+ "sourceIdentifier": "security@mediatek.com",
+ "published": "2023-06-06T13:15:14.370",
+ "lastModified": "2023-06-09T03:54:13.877",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In vcu, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519200."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-416"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:iot-yocto:22.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B20DD930-83A1-4715-AD51-458ECA2578D8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://corp.mediatek.com/product-security-bulletin/June-2023",
+ "source": "security@mediatek.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20745.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20745.json
new file mode 100644
index 00000000000..5cd12ce1399
--- /dev/null
+++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20745.json
@@ -0,0 +1,152 @@
+{
+ "id": "CVE-2023-20745",
+ "sourceIdentifier": "security@mediatek.com",
+ "published": "2023-06-06T13:15:14.563",
+ "lastModified": "2023-06-09T03:53:07.380",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07560694."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-667"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:iot-yocto:22.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B20DD930-83A1-4715-AD51-458ECA2578D8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://corp.mediatek.com/product-security-bulletin/June-2023",
+ "source": "security@mediatek.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20746.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20746.json
new file mode 100644
index 00000000000..a7c14624652
--- /dev/null
+++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20746.json
@@ -0,0 +1,197 @@
+{
+ "id": "CVE-2023-20746",
+ "sourceIdentifier": "security@mediatek.com",
+ "published": "2023-06-06T13:15:14.723",
+ "lastModified": "2023-06-09T03:54:17.320",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519217."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-667"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:iot-yocto:22.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B20DD930-83A1-4715-AD51-458ECA2578D8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4452EFCF-5733-40A0-8726-F8E33E569411"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://corp.mediatek.com/product-security-bulletin/June-2023",
+ "source": "security@mediatek.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20747.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20747.json
new file mode 100644
index 00000000000..b6647059495
--- /dev/null
+++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20747.json
@@ -0,0 +1,322 @@
+{
+ "id": "CVE-2023-20747",
+ "sourceIdentifier": "security@mediatek.com",
+ "published": "2023-06-06T13:15:14.887",
+ "lastModified": "2023-06-09T03:52:38.977",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In vcu, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519121."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 4.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-843"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:iot-yocto:22.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B20DD930-83A1-4715-AD51-458ECA2578D8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt5696:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8A07610A-173B-4DF2-8DAD-D2FF07EB9A17"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt5836:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "222E4ECD-459A-4422-947F-FF26E026BC56"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt5838:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E72667B1-71C3-4DB5-A5E4-BC8212B1B00B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9000:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F0200228-E2A8-4DBE-A4DA-7AC7D4B9DE99"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9015:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "354492FD-4052-41F8-805E-55F387AF8F17"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9023:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "591A2A8B-DB5D-42BC-99A6-0D0DAB45C645"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9025:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A6133E43-E032-4334-88C7-116B27B3090D"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9618:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "311AFBA9-A0AD-4638-ACFF-0D4AC12FA127"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9649:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C1C6E88C-46DD-45AB-88C1-B69FC0E25056"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9653:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "63BC3AE7-4180-4B8C-AB69-8AC4F502700D"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9679:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "717AE700-78CC-4750-92CB-C9293571EC7D"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9687:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0BC2011E-7629-477E-A898-9748119F7A23"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9689:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B84CEB95-BF9E-42E3-90F4-70B1C7EE41A6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9902:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A42C58EE-7A5A-42BE-9C64-1A0F3657AA05"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9932:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DDB40D8E-E934-47B1-A3A9-102F39C2FF21"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9952:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0407203F-F9DE-4899-B0E6-226A7E9952CA"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9972:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0C76B993-B660-41EB-A66A-96011A044BF6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt9982:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5F8F0452-97F5-4BC6-AC85-42A24721F7CB"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://corp.mediatek.com/product-security-bulletin/June-2023",
+ "source": "security@mediatek.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20749.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20749.json
new file mode 100644
index 00000000000..6cc0f77f019
--- /dev/null
+++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20749.json
@@ -0,0 +1,217 @@
+{
+ "id": "CVE-2023-20749",
+ "sourceIdentifier": "security@mediatek.com",
+ "published": "2023-06-06T13:15:15.023",
+ "lastModified": "2023-06-09T03:54:02.757",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In swpm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780926; Issue ID: ALPS07780926."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://corp.mediatek.com/product-security-bulletin/June-2023",
+ "source": "security@mediatek.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20750.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20750.json
new file mode 100644
index 00000000000..62a754ef217
--- /dev/null
+++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20750.json
@@ -0,0 +1,196 @@
+{
+ "id": "CVE-2023-20750",
+ "sourceIdentifier": "security@mediatek.com",
+ "published": "2023-06-06T13:15:15.233",
+ "lastModified": "2023-06-09T03:52:47.223",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In swpm, there is a possible out of bounds write due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780926; Issue ID: ALPS07780928."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.5,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-362"
+ },
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://corp.mediatek.com/product-security-bulletin/June-2023",
+ "source": "security@mediatek.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20751.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20751.json
new file mode 100644
index 00000000000..86429890d1b
--- /dev/null
+++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20751.json
@@ -0,0 +1,122 @@
+{
+ "id": "CVE-2023-20751",
+ "sourceIdentifier": "security@mediatek.com",
+ "published": "2023-06-06T13:15:15.433",
+ "lastModified": "2023-06-09T03:54:10.377",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In keymange, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07825502; Issue ID: ALPS07825502."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://corp.mediatek.com/product-security-bulletin/June-2023",
+ "source": "security@mediatek.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-207xx/CVE-2023-20752.json b/CVE-2023/CVE-2023-207xx/CVE-2023-20752.json
new file mode 100644
index 00000000000..eedd30ff4dc
--- /dev/null
+++ b/CVE-2023/CVE-2023-207xx/CVE-2023-20752.json
@@ -0,0 +1,122 @@
+{
+ "id": "CVE-2023-20752",
+ "sourceIdentifier": "security@mediatek.com",
+ "published": "2023-06-06T13:15:15.653",
+ "lastModified": "2023-06-09T03:53:11.670",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In keymange, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07826586; Issue ID: ALPS07826586."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://corp.mediatek.com/product-security-bulletin/June-2023",
+ "source": "security@mediatek.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20883.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20883.json
index 0dd7ff50fb1..e41a9371986 100644
--- a/CVE-2023/CVE-2023-208xx/CVE-2023-20883.json
+++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20883.json
@@ -2,16 +2,49 @@
"id": "CVE-2023-20883",
"sourceIdentifier": "security@vmware.com",
"published": "2023-05-26T17:15:14.047",
- "lastModified": "2023-05-26T17:15:14.047",
- "vulnStatus": "Received",
+ "lastModified": "2023-06-08T14:40:02.913",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-400"
+ }
+ ]
+ },
{
"source": "security@vmware.com",
"type": "Secondary",
@@ -23,10 +56,52 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:vmware:spring_boot:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.5.14",
+ "matchCriteriaId": "A242EC56-26CE-48EA-8EF1-2A2E5D9E1239"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:vmware:spring_boot:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "2.6.0",
+ "versionEndIncluding": "2.6.14",
+ "matchCriteriaId": "EE1DE1AC-8AF5-4ED1-98F2-5D6328391FBA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:vmware:spring_boot:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "2.7.0",
+ "versionEndIncluding": "2.7.11",
+ "matchCriteriaId": "36E37F7B-89F0-4153-9914-FC55098E8D37"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:vmware:spring_boot:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.0.0",
+ "versionEndIncluding": "3.0.6",
+ "matchCriteriaId": "373CD749-82CC-4E59-A1A5-D6EF29B32F35"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://spring.io/security/cve-2023-20883",
- "source": "security@vmware.com"
+ "source": "security@vmware.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20887.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20887.json
new file mode 100644
index 00000000000..6b8c4317ce9
--- /dev/null
+++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20887.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-20887",
+ "sourceIdentifier": "security@vmware.com",
+ "published": "2023-06-07T15:15:09.190",
+ "lastModified": "2023-06-07T16:18:07.597",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.vmware.com/security/advisories/VMSA-2023-0012.html",
+ "source": "security@vmware.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20888.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20888.json
new file mode 100644
index 00000000000..3253051b500
--- /dev/null
+++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20888.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-20888",
+ "sourceIdentifier": "security@vmware.com",
+ "published": "2023-06-07T15:15:09.263",
+ "lastModified": "2023-06-07T16:18:07.597",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Aria Operations for Networks contains an authenticated deserialization vulnerability.\u00a0A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.vmware.com/security/advisories/VMSA-2023-0012.html",
+ "source": "security@vmware.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20889.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20889.json
new file mode 100644
index 00000000000..f5d2103c6ca
--- /dev/null
+++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20889.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-20889",
+ "sourceIdentifier": "security@vmware.com",
+ "published": "2023-06-07T15:15:09.317",
+ "lastModified": "2023-06-07T16:18:07.597",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Aria Operations for Networks contains an information disclosure vulnerability.\u00a0A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.vmware.com/security/advisories/VMSA-2023-0012.html",
+ "source": "security@vmware.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2001.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2001.json
new file mode 100644
index 00000000000..d211b81cc52
--- /dev/null
+++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2001.json
@@ -0,0 +1,51 @@
+{
+ "id": "CVE-2023-2001",
+ "sourceIdentifier": "cve@gitlab.com",
+ "published": "2023-06-07T17:15:09.967",
+ "lastModified": "2023-06-07T17:28:57.443",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker was able to spoof protected tags, which could potentially lead a victim to download malicious code."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "cve@gitlab.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2001.json",
+ "source": "cve@gitlab.com"
+ },
+ {
+ "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/406764",
+ "source": "cve@gitlab.com"
+ },
+ {
+ "url": "https://hackerone.com/reports/1908423",
+ "source": "cve@gitlab.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2002.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2002.json
index 3815c660485..427ec536269 100644
--- a/CVE-2023/CVE-2023-20xx/CVE-2023-2002.json
+++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2002.json
@@ -2,16 +2,49 @@
"id": "CVE-2023-2002",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-05-26T17:15:14.113",
- "lastModified": "2023-05-26T17:15:14.113",
- "vulnStatus": "Received",
+ "lastModified": "2023-06-08T14:43:55.723",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.8,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 4.7
+ }
+ ]
+ },
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-863"
+ }
+ ]
+ },
{
"source": "secalert@redhat.com",
"type": "Secondary",
@@ -23,10 +56,33 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.4",
+ "matchCriteriaId": "18D12E25-2947-44E7-989D-24450E013A1F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://www.openwall.com/lists/oss-security/2023/04/16/3",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Exploit",
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2006.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2006.json
index 55357877cfa..bd0db66bfa5 100644
--- a/CVE-2023/CVE-2023-20xx/CVE-2023-2006.json
+++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2006.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2006",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-04-24T21:15:09.283",
- "lastModified": "2023-05-04T14:42:56.097",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-09T08:15:10.170",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -121,6 +121,10 @@
"Patch"
]
},
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230609-0004/",
+ "source": "secalert@redhat.com"
+ },
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-439/",
"source": "secalert@redhat.com",
diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2013.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2013.json
new file mode 100644
index 00000000000..3f749ec1c0f
--- /dev/null
+++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2013.json
@@ -0,0 +1,51 @@
+{
+ "id": "CVE-2023-2013",
+ "sourceIdentifier": "cve@gitlab.com",
+ "published": "2023-06-07T17:15:10.030",
+ "lastModified": "2023-06-07T17:28:57.443",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "cve@gitlab.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 2.6,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2013.json",
+ "source": "cve@gitlab.com"
+ },
+ {
+ "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/406844",
+ "source": "cve@gitlab.com"
+ },
+ {
+ "url": "https://hackerone.com/reports/1940441",
+ "source": "cve@gitlab.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2015.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2015.json
new file mode 100644
index 00000000000..5a1df37c0f9
--- /dev/null
+++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2015.json
@@ -0,0 +1,51 @@
+{
+ "id": "CVE-2023-2015",
+ "sourceIdentifier": "cve@gitlab.com",
+ "published": "2023-06-07T17:15:10.087",
+ "lastModified": "2023-06-07T17:28:57.443",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.8 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A reflected XSS was possible when creating new abuse reports which allows attackers to perform arbitrary actions on behalf of victims."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "cve@gitlab.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.3,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2015.json",
+ "source": "cve@gitlab.com"
+ },
+ {
+ "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/407137",
+ "source": "cve@gitlab.com"
+ },
+ {
+ "url": "https://hackerone.com/reports/1941091",
+ "source": "cve@gitlab.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2031.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2031.json
new file mode 100644
index 00000000000..71fb091c88d
--- /dev/null
+++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2031.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-2031",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:01.410",
+ "lastModified": "2023-06-09T06:16:01.410",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Locatoraid Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/locatoraid/trunk/modules/front/view_shortcode.php#L4",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2900106/locatoraid",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dba0a90b-f13c-4914-b6b7-278227ffc122?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2066.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2066.json
new file mode 100644
index 00000000000..638c2cd2d49
--- /dev/null
+++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2066.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-2066",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:01.693",
+ "lastModified": "2023-06-09T06:16:01.693",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Announcement & Notification Banner \u2013 Bulletin plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'bulletinwp_update_bulletin_status', 'bulletinwp_update_bulletin', 'bulletinwp_update_settings', 'bulletinwp_update_status', 'bulletinwp_export_bulletins', and 'bulletinwp_import_bulletins' functions functions in versions up to, and including, 3.6.0. This makes it possible for authenticated attackers with subscriber-level access, and above, to modify the plugin's settings, modify bulletins, create new bulletins, and more."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/bulletin-announcements/trunk/classes/class-bulletinwp-ajax.php",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2906036/bulletin-announcements/trunk/classes/class-bulletinwp-ajax.php",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d242a466-0611-4e64-8145-29f64100e62b?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2067.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2067.json
new file mode 100644
index 00000000000..b62c75d4940
--- /dev/null
+++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2067.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-2067",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:02.050",
+ "lastModified": "2023-06-09T06:16:02.050",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Announcement & Notification Banner \u2013 Bulletin plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce validation on the 'bulletinwp_update_bulletin_status', 'bulletinwp_update_bulletin', 'bulletinwp_update_settings', 'bulletinwp_update_status', 'bulletinwp_export_bulletins', and 'bulletinwp_import_bulletins' functions in versions up to, and including, 3.7.0. This makes it possible for unauthenticated attackers to modify the plugin's settings, modify bulletins, create new bulletins, and more, via a forged request granted they can trick a site's user into performing an action such as clicking on a link."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/bulletin-announcements/trunk/classes/class-bulletinwp-ajax.php",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2910991/bulletin-announcements/trunk/classes/class-bulletinwp-ajax.php",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b808450f-0ebf-4c49-a9e3-f1c1f2b1f632?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2083.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2083.json
new file mode 100644
index 00000000000..405402f6617
--- /dev/null
+++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2083.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-2083",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:02.497",
+ "lastModified": "2023-06-09T06:16:02.497",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to save plugin settings. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/tags/4.0.6/includes/Admin/Admin.php",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2900595%40essential-blocks%2Ftrunk&old=2900029%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=#file2",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f8bf0933-1c97-4374-b323-c55b91fe4d27?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2084.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2084.json
new file mode 100644
index 00000000000..c8511e59380
--- /dev/null
+++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2084.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-2084",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:02.727",
+ "lastModified": "2023-06-09T06:16:02.727",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the get function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin settings. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/tags/4.0.6/includes/Admin/Admin.php",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0be8c668-0f1c-4f83-8a71-49c8bb9b67ae?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2085.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2085.json
new file mode 100644
index 00000000000..69a01ded948
--- /dev/null
+++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2085.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-2085",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:03.203",
+ "lastModified": "2023-06-09T06:16:03.203",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templates function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/tags/4.0.6/includes/Admin/Admin.php",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2900595%40essential-blocks%2Ftrunk&old=2900029%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=#file2",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ad2c1ab6-5c78-4317-b5e7-c86e2eebeb4f?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2086.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2086.json
new file mode 100644
index 00000000000..659779375f9
--- /dev/null
+++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2086.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-2086",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:03.550",
+ "lastModified": "2023-06-09T06:16:03.550",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the template_count function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/tags/4.0.6/includes/Admin/Admin.php",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2900595%40essential-blocks%2Ftrunk&old=2900029%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=#file2",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9efc782a-ec61-4741-81fd-a263a2739e16?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2087.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2087.json
new file mode 100644
index 00000000000..3ff7945ce8b
--- /dev/null
+++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2087.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-2087",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:03.890",
+ "lastModified": "2023-06-09T06:16:03.890",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Essential Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.6. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to change plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/tags/4.0.6/includes/Admin/Admin.php",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2900595%40essential-blocks%2Ftrunk&old=2900029%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=#file2",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d38d41c7-8786-4145-9591-3e24eff3b79c?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-216xx/CVE-2023-21628.json b/CVE-2023/CVE-2023-216xx/CVE-2023-21628.json
new file mode 100644
index 00000000000..6551a465ecc
--- /dev/null
+++ b/CVE-2023/CVE-2023-216xx/CVE-2023-21628.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2023-21628",
+ "sourceIdentifier": "product-security@qualcomm.com",
+ "published": "2023-06-06T08:15:11.963",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "product-security@qualcomm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.4,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.5,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
+ "source": "product-security@qualcomm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-216xx/CVE-2023-21632.json b/CVE-2023/CVE-2023-216xx/CVE-2023-21632.json
new file mode 100644
index 00000000000..1ef4ed29399
--- /dev/null
+++ b/CVE-2023/CVE-2023-216xx/CVE-2023-21632.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2023-21632",
+ "sourceIdentifier": "product-security@qualcomm.com",
+ "published": "2023-06-06T08:15:12.037",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Memory corruption in Automotive GPU while querying a gsl memory node."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "product-security@qualcomm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.4,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.5,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
+ "source": "product-security@qualcomm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-216xx/CVE-2023-21656.json b/CVE-2023/CVE-2023-216xx/CVE-2023-21656.json
new file mode 100644
index 00000000000..e0d19080ec9
--- /dev/null
+++ b/CVE-2023/CVE-2023-216xx/CVE-2023-21656.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2023-21656",
+ "sourceIdentifier": "product-security@qualcomm.com",
+ "published": "2023-06-06T08:15:12.103",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Memory corruption in WLAN HOST while receiving an WMI event from firmware."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "product-security@qualcomm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
+ "source": "product-security@qualcomm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-216xx/CVE-2023-21657.json b/CVE-2023/CVE-2023-216xx/CVE-2023-21657.json
new file mode 100644
index 00000000000..9a456b5ef0d
--- /dev/null
+++ b/CVE-2023/CVE-2023-216xx/CVE-2023-21657.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2023-21657",
+ "sourceIdentifier": "product-security@qualcomm.com",
+ "published": "2023-06-06T08:15:12.180",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Memoru corruption in Audio when ADSP sends input during record use case."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "product-security@qualcomm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
+ "source": "product-security@qualcomm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-216xx/CVE-2023-21658.json b/CVE-2023/CVE-2023-216xx/CVE-2023-21658.json
new file mode 100644
index 00000000000..8ad47521dd8
--- /dev/null
+++ b/CVE-2023/CVE-2023-216xx/CVE-2023-21658.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2023-21658",
+ "sourceIdentifier": "product-security@qualcomm.com",
+ "published": "2023-06-06T08:15:12.253",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Transient DOS in WLAN Firmware while processing the received beacon or probe response frame."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "product-security@qualcomm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
+ "source": "product-security@qualcomm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-216xx/CVE-2023-21659.json b/CVE-2023/CVE-2023-216xx/CVE-2023-21659.json
new file mode 100644
index 00000000000..c02e289d833
--- /dev/null
+++ b/CVE-2023/CVE-2023-216xx/CVE-2023-21659.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2023-21659",
+ "sourceIdentifier": "product-security@qualcomm.com",
+ "published": "2023-06-06T08:15:12.333",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Transient DOS in WLAN Firmware while processing frames with missing header fields."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "product-security@qualcomm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
+ "source": "product-security@qualcomm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-216xx/CVE-2023-21660.json b/CVE-2023/CVE-2023-216xx/CVE-2023-21660.json
new file mode 100644
index 00000000000..d8f01672b7a
--- /dev/null
+++ b/CVE-2023/CVE-2023-216xx/CVE-2023-21660.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2023-21660",
+ "sourceIdentifier": "product-security@qualcomm.com",
+ "published": "2023-06-06T08:15:12.413",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Transient DOS in WLAN Firmware while parsing FT Information Elements."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "product-security@qualcomm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
+ "source": "product-security@qualcomm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-216xx/CVE-2023-21661.json b/CVE-2023/CVE-2023-216xx/CVE-2023-21661.json
new file mode 100644
index 00000000000..3c887903f62
--- /dev/null
+++ b/CVE-2023/CVE-2023-216xx/CVE-2023-21661.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2023-21661",
+ "sourceIdentifier": "product-security@qualcomm.com",
+ "published": "2023-06-06T08:15:12.507",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Transient DOS while parsing WLAN beacon or probe-response frame."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "product-security@qualcomm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
+ "source": "product-security@qualcomm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-216xx/CVE-2023-21669.json b/CVE-2023/CVE-2023-216xx/CVE-2023-21669.json
new file mode 100644
index 00000000000..089434f40a7
--- /dev/null
+++ b/CVE-2023/CVE-2023-216xx/CVE-2023-21669.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2023-21669",
+ "sourceIdentifier": "product-security@qualcomm.com",
+ "published": "2023-06-06T08:15:12.590",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Information Disclosure in WLAN HOST while sending DPP action frame to peer with an invalid source address."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "product-security@qualcomm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "LOW",
+ "baseScore": 8.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 4.2
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
+ "source": "product-security@qualcomm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-216xx/CVE-2023-21670.json b/CVE-2023/CVE-2023-216xx/CVE-2023-21670.json
new file mode 100644
index 00000000000..11f220f7ed5
--- /dev/null
+++ b/CVE-2023/CVE-2023-216xx/CVE-2023-21670.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2023-21670",
+ "sourceIdentifier": "product-security@qualcomm.com",
+ "published": "2023-06-06T08:15:12.663",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "product-security@qualcomm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
+ "source": "product-security@qualcomm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-21xx/CVE-2023-2132.json b/CVE-2023/CVE-2023-21xx/CVE-2023-2132.json
new file mode 100644
index 00000000000..600c6194178
--- /dev/null
+++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2132.json
@@ -0,0 +1,51 @@
+{
+ "id": "CVE-2023-2132",
+ "sourceIdentifier": "cve@gitlab.com",
+ "published": "2023-06-06T17:15:14.090",
+ "lastModified": "2023-06-06T18:33:59.493",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A DollarMathPostFilter Regular Expression Denial of Service in was possible by sending crafted payloads to the preview_markdown endpoint."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "cve@gitlab.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2132.json",
+ "source": "cve@gitlab.com"
+ },
+ {
+ "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/407586",
+ "source": "cve@gitlab.com"
+ },
+ {
+ "url": "https://hackerone.com/reports/1934711",
+ "source": "cve@gitlab.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-21xx/CVE-2023-2157.json b/CVE-2023/CVE-2023-21xx/CVE-2023-2157.json
new file mode 100644
index 00000000000..3eb9aedaac2
--- /dev/null
+++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2157.json
@@ -0,0 +1,32 @@
+{
+ "id": "CVE-2023-2157",
+ "sourceIdentifier": "secalert@redhat.com",
+ "published": "2023-06-06T20:15:12.120",
+ "lastModified": "2023-06-07T02:45:15.873",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing."
+ }
+ ],
+ "metrics": {},
+ "weaknesses": [
+ {
+ "source": "secalert@redhat.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-122"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2208537",
+ "source": "secalert@redhat.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-21xx/CVE-2023-2159.json b/CVE-2023/CVE-2023-21xx/CVE-2023-2159.json
new file mode 100644
index 00000000000..cdac778524e
--- /dev/null
+++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2159.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-2159",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:04.290",
+ "lastModified": "2023-06-09T06:16:04.290",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The CMP \u2013 Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmp_bypass GET parameter in the URL (equal to the md5-hashed home_url in the default setting) allows users to visit a site placed in maintenance mode thus bypassing the plugin's provided feature."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-284"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/cmp-coming-soon-maintenance/tags/4.1.6/niteo-cmp.php#L808",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2900571/cmp-coming-soon-maintenance/tags/4.1.8/cmp-advanced.php?old=2873620&old_path=cmp-coming-soon-maintenance%2Ftags%2F4.1.7%2Fcmp-advanced.php",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/af955f69-b18c-446e-b05e-6a57a5f16dfa?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-21xx/CVE-2023-2176.json b/CVE-2023/CVE-2023-21xx/CVE-2023-2176.json
index e79316d335d..5f8105ea434 100644
--- a/CVE-2023/CVE-2023-21xx/CVE-2023-2176.json
+++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2176.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2176",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-04-20T21:15:08.937",
- "lastModified": "2023-05-01T14:26:28.220",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-09T08:15:10.317",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -74,6 +74,10 @@
}
],
"references": [
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230609-0005/",
+ "source": "secalert@redhat.com"
+ },
{
"url": "https://www.spinics.net/lists/linux-rdma/msg114749.html",
"source": "secalert@redhat.com",
diff --git a/CVE-2023/CVE-2023-21xx/CVE-2023-2183.json b/CVE-2023/CVE-2023-21xx/CVE-2023-2183.json
new file mode 100644
index 00000000000..d7272f84924
--- /dev/null
+++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2183.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-2183",
+ "sourceIdentifier": "security@grafana.com",
+ "published": "2023-06-06T19:15:11.277",
+ "lastModified": "2023-06-07T02:45:20.120",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Grafana is an open-source platform for monitoring and observability. \n\nThe option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access to this function.\n\nThis might enable malicious users to abuse the functionality by sending multiple alert messages to e-mail and Slack, spamming users, prepare Phishing attack or block SMTP server.\n\nUsers may upgrade to version 9.5.3, 9.4.12, 9.3.15, 9.2.19 and 8.5.26 to receive a fix.\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@grafana.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@grafana.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-284"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-cvm3-pp2j-chr3",
+ "source": "security@grafana.com"
+ },
+ {
+ "url": "https://grafana.com/security/security-advisories/cve-2023-2183/",
+ "source": "security@grafana.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-21xx/CVE-2023-2184.json b/CVE-2023/CVE-2023-21xx/CVE-2023-2184.json
new file mode 100644
index 00000000000..c7e3ba35a46
--- /dev/null
+++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2184.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-2184",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:04.503",
+ "lastModified": "2023-06-09T06:16:04.503",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WP Responsive Tabs horizontal vertical and accordion Tabs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.1.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2825016%40responsive-horizontal-vertical-and-accordion-tabs%2Ftags%2F1.1.15&new=2900990%40responsive-horizontal-vertical-and-accordion-tabs%2Ftags%2F1.1.16",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fe54c37f-1421-48aa-b502-045847d13ae3?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-21xx/CVE-2023-2186.json b/CVE-2023/CVE-2023-21xx/CVE-2023-2186.json
new file mode 100644
index 00000000000..5d7b34d1e78
--- /dev/null
+++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2186.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-2186",
+ "sourceIdentifier": "trellixpsirt@trellix.com",
+ "published": "2023-06-07T07:15:08.490",
+ "lastModified": "2023-06-07T12:52:33.093",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send a specially crafted broadcast message including format string characters to the SCADA Data Gateway to perform unrestricted memory reads.An unauthenticated user can use this format string vulnerability to repeatedly crash the GTWWebMonitor.exe process to DoS the Web Monitor. Furthermore, an authenticated user can leverage this vulnerability to leak memory from the GTWWebMonitor.exe process. This could be leveraged in an exploit chain to gain code execution."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "trellixpsirt@trellix.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 4.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "trellixpsirt@trellix.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-134"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.trellix.com/en-us/about/newsroom/stories/research/industrial-and-manufacturing-cves.html",
+ "source": "trellixpsirt@trellix.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-21xx/CVE-2023-2187.json b/CVE-2023/CVE-2023-21xx/CVE-2023-2187.json
new file mode 100644
index 00000000000..dc4e6296454
--- /dev/null
+++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2187.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-2187",
+ "sourceIdentifier": "trellixpsirt@trellix.com",
+ "published": "2023-06-07T07:15:08.740",
+ "lastModified": "2023-06-07T12:52:33.093",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send broadcast events to any user via the WebMonitor.An unauthenticated user can use this vulnerability to forcefully log out of any currently logged-in user by sending a \"password change event\". Furthermore, an attacker could use this vulnerability to spam the logged-in user with false events."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "trellixpsirt@trellix.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "LOW",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "trellixpsirt@trellix.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-306"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.trellix.com/en-us/about/newsroom/stories/research/industrial-and-manufacturing-cves.html",
+ "source": "trellixpsirt@trellix.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-21xx/CVE-2023-2189.json b/CVE-2023/CVE-2023-21xx/CVE-2023-2189.json
new file mode 100644
index 00000000000..1e65dcb2aa7
--- /dev/null
+++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2189.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-2189",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:04.750",
+ "lastModified": "2023-06-09T06:16:04.750",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Elementor Addons, Widgets and Enhancements \u2013 Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_widget function in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to enable or disable Elementor widgets."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/stax-addons-for-elementor/trunk/core/admin/pages/Widgets.php#L31",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/926550bb-265d-4811-a375-10c47e9fb4d6?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-21xx/CVE-2023-2197.json b/CVE-2023/CVE-2023-21xx/CVE-2023-2197.json
index 6408cd4b3f7..172ecd54dba 100644
--- a/CVE-2023/CVE-2023-21xx/CVE-2023-2197.json
+++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2197.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2197",
"sourceIdentifier": "security@hashicorp.com",
"published": "2023-05-01T20:15:14.597",
- "lastModified": "2023-05-06T03:12:45.393",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-09T08:15:10.823",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -103,6 +103,10 @@
"Mitigation",
"Vendor Advisory"
]
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230609-0007/",
+ "source": "security@hashicorp.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-21xx/CVE-2023-2198.json b/CVE-2023/CVE-2023-21xx/CVE-2023-2198.json
new file mode 100644
index 00000000000..f5eb8f79212
--- /dev/null
+++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2198.json
@@ -0,0 +1,51 @@
+{
+ "id": "CVE-2023-2198",
+ "sourceIdentifier": "cve@gitlab.com",
+ "published": "2023-06-07T17:15:10.150",
+ "lastModified": "2023-06-07T17:28:57.443",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "cve@gitlab.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2198.json",
+ "source": "cve@gitlab.com"
+ },
+ {
+ "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/408273",
+ "source": "cve@gitlab.com"
+ },
+ {
+ "url": "https://hackerone.com/reports/1947187",
+ "source": "cve@gitlab.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-21xx/CVE-2023-2199.json b/CVE-2023/CVE-2023-21xx/CVE-2023-2199.json
new file mode 100644
index 00000000000..0a4d99b1e70
--- /dev/null
+++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2199.json
@@ -0,0 +1,51 @@
+{
+ "id": "CVE-2023-2199",
+ "sourceIdentifier": "cve@gitlab.com",
+ "published": "2023-06-07T17:15:10.207",
+ "lastModified": "2023-06-07T17:28:57.443",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "cve@gitlab.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2199.json",
+ "source": "cve@gitlab.com"
+ },
+ {
+ "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/408272",
+ "source": "cve@gitlab.com"
+ },
+ {
+ "url": "https://hackerone.com/reports/1943819",
+ "source": "cve@gitlab.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-224xx/CVE-2023-22450.json b/CVE-2023/CVE-2023-224xx/CVE-2023-22450.json
new file mode 100644
index 00000000000..4c1b6acc1d9
--- /dev/null
+++ b/CVE-2023/CVE-2023-224xx/CVE-2023-22450.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-22450",
+ "sourceIdentifier": "ics-cert@hq.dhs.gov",
+ "published": "2023-06-06T00:15:09.310",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\n\n\nIn Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution.\n\n\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-434"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-01",
+ "source": "ics-cert@hq.dhs.gov"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-225xx/CVE-2023-22504.json b/CVE-2023/CVE-2023-225xx/CVE-2023-22504.json
index bd3ed413125..717aaaac29e 100644
--- a/CVE-2023/CVE-2023-225xx/CVE-2023-22504.json
+++ b/CVE-2023/CVE-2023-225xx/CVE-2023-22504.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-22504",
"sourceIdentifier": "security@atlassian.com",
"published": "2023-05-25T14:15:09.877",
- "lastModified": "2023-06-01T16:41:22.320",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-07T14:15:09.810",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature.\n\nThe affected versions are before version 7.19.9.\n\nThis vulnerability was discovered by Rojan Rijal of the Tinder Security Engineering Team."
+ "value": "Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-226xx/CVE-2023-22652.json b/CVE-2023/CVE-2023-226xx/CVE-2023-22652.json
index 70afb63d9c4..5abeec13f96 100644
--- a/CVE-2023/CVE-2023-226xx/CVE-2023-22652.json
+++ b/CVE-2023/CVE-2023-226xx/CVE-2023-22652.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-22652",
"sourceIdentifier": "meissner@suse.de",
"published": "2023-06-01T12:15:09.557",
- "lastModified": "2023-06-01T13:00:30.717",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T18:29:14.603",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ },
{
"source": "meissner@suse.de",
"type": "Secondary",
@@ -46,14 +66,39 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:opensuse:libeconf:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "0.5.2",
+ "matchCriteriaId": "346C0440-B422-4C32-B61E-09467A38DF0B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22652",
- "source": "meissner@suse.de"
+ "source": "meissner@suse.de",
+ "tags": [
+ "Issue Tracking",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://https://github.com/openSUSE/libeconf/issues/177",
- "source": "meissner@suse.de"
+ "source": "meissner@suse.de",
+ "tags": [
+ "Broken Link"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-228xx/CVE-2023-22833.json b/CVE-2023/CVE-2023-228xx/CVE-2023-22833.json
new file mode 100644
index 00000000000..3a8927f52e2
--- /dev/null
+++ b/CVE-2023/CVE-2023-228xx/CVE-2023-22833.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2023-22833",
+ "sourceIdentifier": "cve-coordination@palantir.com",
+ "published": "2023-06-06T19:15:10.213",
+ "lastModified": "2023-06-08T17:15:09.743",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authenticated users within a Foundry organization to bypass discretionary or mandatory access controls under certain circumstances."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "cve-coordination@palantir.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 7.6,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 4.7
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://palantir.safebase.us/?tcuUid=7f1fd834-805d-4679-85d0-9d779fa064ae",
+ "source": "cve-coordination@palantir.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-229xx/CVE-2023-22918.json b/CVE-2023/CVE-2023-229xx/CVE-2023-22918.json
index 0ca2fa71981..9aca9a693ed 100644
--- a/CVE-2023/CVE-2023-229xx/CVE-2023-22918.json
+++ b/CVE-2023/CVE-2023-229xx/CVE-2023-22918.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-22918",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-04-24T18:15:09.027",
- "lastModified": "2023-05-03T16:58:15.893",
+ "lastModified": "2023-06-07T18:20:46.193",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -285,16 +285,7 @@
"nodes": [
{
"operator": "OR",
- "negate": false,
- "cpeMatch": [
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*",
- "versionStartIncluding": "4.50",
- "versionEndExcluding": "5.36",
- "matchCriteriaId": "07895A23-2B15-4631-A55A-798B35A63E2D"
- }
- ]
+ "negate": false
},
{
"operator": "OR",
@@ -430,16 +421,7 @@
"nodes": [
{
"operator": "OR",
- "negate": false,
- "cpeMatch": [
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*",
- "versionStartIncluding": "4.16",
- "versionEndExcluding": "5.36",
- "matchCriteriaId": "224300FB-2462-4E88-A41E-E9E8EAE9CF48"
- }
- ]
+ "negate": false
},
{
"operator": "OR",
diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2235.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2235.json
index 9cf482de233..194e0f1a0cf 100644
--- a/CVE-2023/CVE-2023-22xx/CVE-2023-2235.json
+++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2235.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2235",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-05-01T13:15:44.713",
- "lastModified": "2023-05-06T03:05:04.167",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-09T08:15:10.990",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -120,6 +120,10 @@
"tags": [
"Patch"
]
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230609-0002/",
+ "source": "cve-coordination@google.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2237.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2237.json
new file mode 100644
index 00000000000..a1f94243ddf
--- /dev/null
+++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2237.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-2237",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:05.110",
+ "lastModified": "2023-06-09T06:16:05.110",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WP Replicate Post plugin for WordPress is vulnerable to SQL Injection via the post_id parameter in versions up to, and including, 4.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for contributor-level attackers or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/wp-replicate-post/trunk/init/functions.php#L81",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2910474%40wp-replicate-post%2Ftrunk&old=2896518%40wp-replicate-post%2Ftrunk&sfp_email=&sfph_mail=#file3",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/916e6f8b-cb29-4062-9a05-0337cfdb382a?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2249.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2249.json
new file mode 100644
index 00000000000..7a44358c006
--- /dev/null
+++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2249.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-2249",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:05.470",
+ "lastModified": "2023-06-09T06:16:05.470",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of file_get_contents without appropriate verification of the data being supplied to the function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to retrieve the contents of files like wp-config.php hosted on the system, perform a deserialization attack and possibly achieve remote code execution, and make requests to internal services."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-98"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/wpforo/tags/2.1.7/classes/Actions.php#L444",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/wpforo/tags/2.1.8/classes/Actions.php#L437",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/800fa098-b29f-4979-b7bd-b1186a4dafcb?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2253.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2253.json
new file mode 100644
index 00000000000..0ad588ac6e0
--- /dev/null
+++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2253.json
@@ -0,0 +1,32 @@
+{
+ "id": "CVE-2023-2253",
+ "sourceIdentifier": "secalert@redhat.com",
+ "published": "2023-06-06T20:15:12.493",
+ "lastModified": "2023-06-07T02:45:15.873",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory."
+ }
+ ],
+ "metrics": {},
+ "weaknesses": [
+ {
+ "source": "secalert@redhat.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-475"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189886",
+ "source": "secalert@redhat.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2275.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2275.json
new file mode 100644
index 00000000000..2f76405f7da
--- /dev/null
+++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2275.json
@@ -0,0 +1,71 @@
+{
+ "id": "CVE-2023-2275",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:05.777",
+ "lastModified": "2023-06-09T06:16:05.777",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WooCommerce Multivendor Marketplace \u2013 REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'get_item', 'get_order_notes' and 'add_order_note' functions in versions up to, and including, 1.5.3. This makes it possible for authenticated attackers with subscriber privileges or above, to view the order details and order notes, and add order notes."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "LOW",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/wcfm-marketplace-rest-api/tags/1.5.3/includes/api/class-api-order-controller.php#L151",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/wcfm-marketplace-rest-api/tags/1.5.3/includes/api/class-api-order-controller.php#L167",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/wcfm-marketplace-rest-api/tags/1.5.3/includes/api/class-api-order-controller.php#L175",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2904331/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b0520601-7e5c-412d-a8da-df1bf8ce28df?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2280.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2280.json
new file mode 100644
index 00000000000..3fb31c5e840
--- /dev/null
+++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2280.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-2280",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:06.027",
+ "lastModified": "2023-06-09T06:16:06.027",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_public' function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to delete or change plugin settings, import demo data, delete Directory Kit related posts and terms, and install arbitrary plugins. A partial patch was introduced in version 1.2.0 and an additional partial patch was introduced in version 1.2.2, but the issue was not fully patched until 1.2.3."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 2.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/wpdirectorykit/tags/1.1.8/public/class-wpdirectorykit-public.php#L249",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2907164/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/abb1a758-5c16-4841-b1c7-0705ab16b328?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2283.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2283.json
index 3983775aa87..8e3343b597a 100644
--- a/CVE-2023/CVE-2023-22xx/CVE-2023-2283.json
+++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2283.json
@@ -2,16 +2,49 @@
"id": "CVE-2023-2283",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-05-26T18:15:13.770",
- "lastModified": "2023-05-28T06:15:12.627",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T14:54:27.843",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 2.5
+ }
+ ]
+ },
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-287"
+ }
+ ]
+ },
{
"source": "secalert@redhat.com",
"type": "Secondary",
@@ -23,22 +56,97 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "0.9.1",
+ "versionEndIncluding": "0.9.6",
+ "matchCriteriaId": "4ABFA49F-EB6C-45E4-8347-1E0A0FD65908"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "0.10.0",
+ "versionEndIncluding": "0.10.4",
+ "matchCriteriaId": "B02C8B4E-0AD2-44B9-B32A-21986D00F9F5"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-2283",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189736",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Issue Tracking",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27PD44ALQTZXX7K6JAM3BXBUHYA6DFFN/",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.libssh.org/security/advisories/CVE-2023-2283.txt",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2289.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2289.json
new file mode 100644
index 00000000000..1e6434b192d
--- /dev/null
+++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2289.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-2289",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:06.170",
+ "lastModified": "2023-06-09T06:16:06.170",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The wordpress vertical image slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018search_term\u2019 parameter in versions up to, and including, 1.2.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2824902%40wp-vertical-image-slider%2Ftags%2F1.2.16&new=2902084%40wp-vertical-image-slider%2Ftags%2F1.2.17",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c9983364-9b52-4acc-91d4-b352c6d24d52?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23480.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23480.json
new file mode 100644
index 00000000000..c705bc92bff
--- /dev/null
+++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23480.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-23480",
+ "sourceIdentifier": "psirt@us.ibm.com",
+ "published": "2023-06-08T02:15:09.020",
+ "lastModified": "2023-06-08T02:44:28.663",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245885."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "psirt@us.ibm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "psirt@us.ibm.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/245885",
+ "source": "psirt@us.ibm.com"
+ },
+ {
+ "url": "https://www.ibm.com/support/pages/node/7001563",
+ "source": "psirt@us.ibm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23481.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23481.json
new file mode 100644
index 00000000000..77fbb083eec
--- /dev/null
+++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23481.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-23481",
+ "sourceIdentifier": "psirt@us.ibm.com",
+ "published": "2023-06-08T02:15:09.093",
+ "lastModified": "2023-06-08T02:44:28.663",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245889."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "psirt@us.ibm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.1,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "psirt@us.ibm.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/245889",
+ "source": "psirt@us.ibm.com"
+ },
+ {
+ "url": "https://www.ibm.com/support/pages/node/7001561",
+ "source": "psirt@us.ibm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23482.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23482.json
new file mode 100644
index 00000000000..6b798f082a6
--- /dev/null
+++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23482.json
@@ -0,0 +1,47 @@
+{
+ "id": "CVE-2023-23482",
+ "sourceIdentifier": "psirt@us.ibm.com",
+ "published": "2023-06-08T02:15:09.157",
+ "lastModified": "2023-06-08T02:44:28.663",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 245891."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "psirt@us.ibm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/245891",
+ "source": "psirt@us.ibm.com"
+ },
+ {
+ "url": "https://www.ibm.com/support/pages/node/7001569",
+ "source": "psirt@us.ibm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-235xx/CVE-2023-23520.json b/CVE-2023/CVE-2023-235xx/CVE-2023-23520.json
index 7dcb40f5c18..99ddcf1caf6 100644
--- a/CVE-2023/CVE-2023-235xx/CVE-2023-23520.json
+++ b/CVE-2023/CVE-2023-235xx/CVE-2023-23520.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-23520",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-02-27T20:15:14.517",
- "lastModified": "2023-03-08T16:40:20.153",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-08T00:15:09.570",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -90,6 +90,14 @@
"tags": [
"Vendor Advisory"
]
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213599",
+ "source": "product-security@apple.com"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213601",
+ "source": "product-security@apple.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-235xx/CVE-2023-23536.json b/CVE-2023/CVE-2023-235xx/CVE-2023-23536.json
index a0fb20e82cb..0a877c1fc96 100644
--- a/CVE-2023/CVE-2023-235xx/CVE-2023-23536.json
+++ b/CVE-2023/CVE-2023-235xx/CVE-2023-23536.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-23536",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:16.630",
- "lastModified": "2023-05-19T16:15:11.323",
+ "lastModified": "2023-06-09T00:15:09.630",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -111,6 +111,18 @@
"Release Notes",
"Vendor Advisory"
]
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213674",
+ "source": "product-security@apple.com"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213677",
+ "source": "product-security@apple.com"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213678",
+ "source": "product-security@apple.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-235xx/CVE-2023-23543.json b/CVE-2023/CVE-2023-235xx/CVE-2023-23543.json
index ecaf24a4455..51265294fdf 100644
--- a/CVE-2023/CVE-2023-235xx/CVE-2023-23543.json
+++ b/CVE-2023/CVE-2023-235xx/CVE-2023-23543.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-23543",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:17.003",
- "lastModified": "2023-05-30T05:15:10.487",
+ "lastModified": "2023-06-09T00:15:09.710",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -118,6 +118,10 @@
"Release Notes",
"Vendor Advisory"
]
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213678",
+ "source": "product-security@apple.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-235xx/CVE-2023-23561.json b/CVE-2023/CVE-2023-235xx/CVE-2023-23561.json
index 28f70384aee..cee20af859f 100644
--- a/CVE-2023/CVE-2023-235xx/CVE-2023-23561.json
+++ b/CVE-2023/CVE-2023-235xx/CVE-2023-23561.json
@@ -2,23 +2,83 @@
"id": "CVE-2023-23561",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-30T20:15:10.130",
- "lastModified": "2023-05-30T21:10:02.053",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T18:14:07.027",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control: authenticated users can read sensitive information."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-Other"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:stormshield:endpoint_security:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "2.3.0",
+ "versionEndExcluding": "2.4.1",
+ "matchCriteriaId": "E1F16AFF-A52B-42DE-A4D5-7C4CC7F32C90"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://advisories.stormshield.eu",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://advisories.stormshield.eu/2023-001/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-235xx/CVE-2023-23562.json b/CVE-2023/CVE-2023-235xx/CVE-2023-23562.json
index a6b0378a185..e40125ea825 100644
--- a/CVE-2023/CVE-2023-235xx/CVE-2023-23562.json
+++ b/CVE-2023/CVE-2023-235xx/CVE-2023-23562.json
@@ -2,23 +2,83 @@
"id": "CVE-2023-23562",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T01:15:43.057",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T15:24:09.757",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control that allows an authenticated user can update global parameters."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-Other"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:stormshield:endpoint_security:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "2.3.0",
+ "versionEndExcluding": "2.4.1",
+ "matchCriteriaId": "E1F16AFF-A52B-42DE-A4D5-7C4CC7F32C90"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://advisories.stormshield.eu",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://advisories.stormshield.eu/2023-002/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-235xx/CVE-2023-23597.json b/CVE-2023/CVE-2023-235xx/CVE-2023-23597.json
index 9a4f2fb6dda..382b6856d0f 100644
--- a/CVE-2023/CVE-2023-235xx/CVE-2023-23597.json
+++ b/CVE-2023/CVE-2023-235xx/CVE-2023-23597.json
@@ -2,23 +2,84 @@
"id": "CVE-2023-23597",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:10.537",
- "lastModified": "2023-06-02T18:10:24.877",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T17:53:40.493",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefox < 109."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-326"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "109.0",
+ "matchCriteriaId": "2809632C-444A-49A3-A7E7-D3BB027A91B8"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1538028",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-01/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-235xx/CVE-2023-23598.json b/CVE-2023/CVE-2023-235xx/CVE-2023-23598.json
index 1f494b68f57..ba45399531b 100644
--- a/CVE-2023/CVE-2023-235xx/CVE-2023-23598.json
+++ b/CVE-2023/CVE-2023-235xx/CVE-2023-23598.json
@@ -2,31 +2,110 @@
"id": "CVE-2023-23598",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:10.580",
- "lastModified": "2023-06-02T18:10:24.877",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T15:01:05.280",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to DataTransfer.setData. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "109.0",
+ "matchCriteriaId": "2809632C-444A-49A3-A7E7-D3BB027A91B8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.7",
+ "matchCriteriaId": "1D5D3545-44B1-4576-B1BA-C461D4DC09A3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.7",
+ "matchCriteriaId": "E73E816A-885B-49D4-BB52-220D30866D7C"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1800425",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-01/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-02/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-03/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-236xx/CVE-2023-23600.json b/CVE-2023/CVE-2023-236xx/CVE-2023-23600.json
index 18f1bf0ad51..d5a4dc26610 100644
--- a/CVE-2023/CVE-2023-236xx/CVE-2023-23600.json
+++ b/CVE-2023/CVE-2023-236xx/CVE-2023-23600.json
@@ -2,23 +2,84 @@
"id": "CVE-2023-23600",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:10.673",
- "lastModified": "2023-06-02T18:10:24.877",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T19:53:54.453",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Per origin notification permissions were being stored in a way that didn't take into account what browsing context the permission was granted in. This lead to the possibility of notifications to be displayed during different browsing sessions.
*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 109."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*",
+ "versionEndExcluding": "109.0",
+ "matchCriteriaId": "9AC422B8-F61F-472D-A9CB-AA4B464E3500"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1787034",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-01/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-236xx/CVE-2023-23601.json b/CVE-2023/CVE-2023-236xx/CVE-2023-23601.json
index 35b934aaa40..f0382ab929f 100644
--- a/CVE-2023/CVE-2023-236xx/CVE-2023-23601.json
+++ b/CVE-2023/CVE-2023-236xx/CVE-2023-23601.json
@@ -2,31 +2,110 @@
"id": "CVE-2023-23601",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:10.727",
- "lastModified": "2023-06-02T18:10:24.877",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T18:55:24.397",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-346"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "109.0",
+ "matchCriteriaId": "2809632C-444A-49A3-A7E7-D3BB027A91B8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.7",
+ "matchCriteriaId": "1D5D3545-44B1-4576-B1BA-C461D4DC09A3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.7",
+ "matchCriteriaId": "E73E816A-885B-49D4-BB52-220D30866D7C"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1794268",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-01/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-02/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-03/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-236xx/CVE-2023-23602.json b/CVE-2023/CVE-2023-236xx/CVE-2023-23602.json
index 8dfb70b2272..3ca803d9931 100644
--- a/CVE-2023/CVE-2023-236xx/CVE-2023-23602.json
+++ b/CVE-2023/CVE-2023-236xx/CVE-2023-23602.json
@@ -2,31 +2,110 @@
"id": "CVE-2023-23602",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:10.777",
- "lastModified": "2023-06-02T18:10:16.907",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T16:34:02.743",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-754"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "109.0",
+ "matchCriteriaId": "2809632C-444A-49A3-A7E7-D3BB027A91B8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.7",
+ "matchCriteriaId": "1D5D3545-44B1-4576-B1BA-C461D4DC09A3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.7",
+ "matchCriteriaId": "E73E816A-885B-49D4-BB52-220D30866D7C"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1800890",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-01/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-02/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-03/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-236xx/CVE-2023-23603.json b/CVE-2023/CVE-2023-236xx/CVE-2023-23603.json
index c7395764809..788a184511b 100644
--- a/CVE-2023/CVE-2023-236xx/CVE-2023-23603.json
+++ b/CVE-2023/CVE-2023-236xx/CVE-2023-23603.json
@@ -2,31 +2,110 @@
"id": "CVE-2023-23603",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:10.823",
- "lastModified": "2023-06-02T18:10:16.907",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T13:40:57.200",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "109.0",
+ "matchCriteriaId": "2809632C-444A-49A3-A7E7-D3BB027A91B8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.7",
+ "matchCriteriaId": "1D5D3545-44B1-4576-B1BA-C461D4DC09A3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.7",
+ "matchCriteriaId": "E73E816A-885B-49D4-BB52-220D30866D7C"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1800832",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-01/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-02/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-03/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-236xx/CVE-2023-23604.json b/CVE-2023/CVE-2023-236xx/CVE-2023-23604.json
index 30e1586694c..a476bfefc00 100644
--- a/CVE-2023/CVE-2023-236xx/CVE-2023-23604.json
+++ b/CVE-2023/CVE-2023-236xx/CVE-2023-23604.json
@@ -2,23 +2,84 @@
"id": "CVE-2023-23604",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:10.867",
- "lastModified": "2023-06-02T18:10:16.907",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T12:47:26.003",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A duplicate SystemPrincipal object could be created when parsing a non-system html document via DOMParser::ParseFromSafeString. This could have lead to bypassing web security checks. This vulnerability affects Firefox < 109."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "109.0",
+ "matchCriteriaId": "2809632C-444A-49A3-A7E7-D3BB027A91B8"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1802346",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-01/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-236xx/CVE-2023-23605.json b/CVE-2023/CVE-2023-236xx/CVE-2023-23605.json
index 4701cb2cafb..7cd95f5501e 100644
--- a/CVE-2023/CVE-2023-236xx/CVE-2023-23605.json
+++ b/CVE-2023/CVE-2023-236xx/CVE-2023-23605.json
@@ -2,31 +2,110 @@
"id": "CVE-2023-23605",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:10.907",
- "lastModified": "2023-06-02T18:10:16.907",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T13:46:44.010",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "109.0",
+ "matchCriteriaId": "2809632C-444A-49A3-A7E7-D3BB027A91B8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.7",
+ "matchCriteriaId": "1D5D3545-44B1-4576-B1BA-C461D4DC09A3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.7",
+ "matchCriteriaId": "E73E816A-885B-49D4-BB52-220D30866D7C"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1764921%2C1802690%2C1806974",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Broken Link",
+ "Issue Tracking",
+ "Not Applicable"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-01/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-02/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-03/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-236xx/CVE-2023-23606.json b/CVE-2023/CVE-2023-236xx/CVE-2023-23606.json
index b21e48b05f2..88d79c6ac8e 100644
--- a/CVE-2023/CVE-2023-236xx/CVE-2023-23606.json
+++ b/CVE-2023/CVE-2023-236xx/CVE-2023-23606.json
@@ -2,23 +2,83 @@
"id": "CVE-2023-23606",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:10.957",
- "lastModified": "2023-06-02T18:10:16.907",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T13:51:09.697",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "109.0",
+ "matchCriteriaId": "2809632C-444A-49A3-A7E7-D3BB027A91B8"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1764974%2C1798591%2C1799201%2C1800446%2C1801248%2C1802100%2C1803393%2C1804626%2C1804971%2C1807004",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-01/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-237xx/CVE-2023-23754.json b/CVE-2023/CVE-2023-237xx/CVE-2023-23754.json
index f049beffeda..4acc16381db 100644
--- a/CVE-2023/CVE-2023-237xx/CVE-2023-23754.json
+++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23754.json
@@ -2,19 +2,80 @@
"id": "CVE-2023-23754",
"sourceIdentifier": "security@joomla.org",
"published": "2023-05-30T17:15:09.887",
- "lastModified": "2023-05-30T18:52:32.890",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T18:07:07.163",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-20"
+ },
+ {
+ "lang": "en",
+ "value": "CWE-601"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.2.0",
+ "versionEndExcluding": "4.3.2",
+ "matchCriteriaId": "B00742BA-8B37-499D-A1FD-AE3D144AAF3E"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://developer.joomla.org/security-centre/899-20230501-core-open-redirects-and-xss-within-the-mfa-selection.html",
- "source": "security@joomla.org"
+ "source": "security@joomla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-237xx/CVE-2023-23755.json b/CVE-2023/CVE-2023-237xx/CVE-2023-23755.json
index a55771bd95a..30f6221d313 100644
--- a/CVE-2023/CVE-2023-237xx/CVE-2023-23755.json
+++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23755.json
@@ -2,19 +2,76 @@
"id": "CVE-2023-23755",
"sourceIdentifier": "security@joomla.org",
"published": "2023-05-30T17:15:09.937",
- "lastModified": "2023-05-30T18:52:32.890",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T18:12:24.850",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-307"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.2.0",
+ "versionEndExcluding": "4.3.2",
+ "matchCriteriaId": "B00742BA-8B37-499D-A1FD-AE3D144AAF3E"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://developer.joomla.org/security-centre/900-20230502-core-bruteforce-prevention-within-the-mfa-screen.html",
- "source": "security@joomla.org"
+ "source": "security@joomla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-239xx/CVE-2023-23952.json b/CVE-2023/CVE-2023-239xx/CVE-2023-23952.json
index f8384fe28f2..fefc1345358 100644
--- a/CVE-2023/CVE-2023-239xx/CVE-2023-23952.json
+++ b/CVE-2023/CVE-2023-239xx/CVE-2023-23952.json
@@ -2,19 +2,81 @@
"id": "CVE-2023-23952",
"sourceIdentifier": "secure@symantec.com",
"published": "2023-06-01T01:15:17.687",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T14:30:45.323",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-77"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "7.3.13.1",
+ "matchCriteriaId": "A058898B-5F76-45F6-AF68-327DA0D5C625"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:broadcom:content_analysis:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "3.1.6.0",
+ "matchCriteriaId": "D0911167-CBE1-4F52-B29F-0B5B6538F3A0"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22217",
- "source": "secure@symantec.com"
+ "source": "secure@symantec.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-239xx/CVE-2023-23953.json b/CVE-2023/CVE-2023-239xx/CVE-2023-23953.json
index 48c759186ea..a00510beb90 100644
--- a/CVE-2023/CVE-2023-239xx/CVE-2023-23953.json
+++ b/CVE-2023/CVE-2023-239xx/CVE-2023-23953.json
@@ -2,19 +2,81 @@
"id": "CVE-2023-23953",
"sourceIdentifier": "secure@symantec.com",
"published": "2023-06-01T01:15:17.747",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T14:31:18.003",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to an Elevation of Privilege vulnerability."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "7.3.13.1",
+ "matchCriteriaId": "A058898B-5F76-45F6-AF68-327DA0D5C625"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:broadcom:content_analysis:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "3.1.6.0",
+ "matchCriteriaId": "D0911167-CBE1-4F52-B29F-0B5B6538F3A0"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22217",
- "source": "secure@symantec.com"
+ "source": "secure@symantec.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-239xx/CVE-2023-23954.json b/CVE-2023/CVE-2023-239xx/CVE-2023-23954.json
index e7db8ea2e40..190d77d22ff 100644
--- a/CVE-2023/CVE-2023-239xx/CVE-2023-23954.json
+++ b/CVE-2023/CVE-2023-239xx/CVE-2023-23954.json
@@ -2,19 +2,81 @@
"id": "CVE-2023-23954",
"sourceIdentifier": "secure@symantec.com",
"published": "2023-06-01T01:15:17.783",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T14:10:30.527",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "7.3.13.1",
+ "matchCriteriaId": "A058898B-5F76-45F6-AF68-327DA0D5C625"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:broadcom:content_analysis:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "3.1.6.0",
+ "matchCriteriaId": "D0911167-CBE1-4F52-B29F-0B5B6538F3A0"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22217",
- "source": "secure@symantec.com"
+ "source": "secure@symantec.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-239xx/CVE-2023-23955.json b/CVE-2023/CVE-2023-239xx/CVE-2023-23955.json
index 4f38a2e34f7..f15abb9c6d7 100644
--- a/CVE-2023/CVE-2023-239xx/CVE-2023-23955.json
+++ b/CVE-2023/CVE-2023-239xx/CVE-2023-23955.json
@@ -2,19 +2,81 @@
"id": "CVE-2023-23955",
"sourceIdentifier": "secure@symantec.com",
"published": "2023-06-01T01:15:17.820",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T14:22:56.373",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 8.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-918"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "7.3.13.1",
+ "matchCriteriaId": "A058898B-5F76-45F6-AF68-327DA0D5C625"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:broadcom:content_analysis:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "3.1.6.0",
+ "matchCriteriaId": "D0911167-CBE1-4F52-B29F-0B5B6538F3A0"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22217",
- "source": "secure@symantec.com"
+ "source": "secure@symantec.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-239xx/CVE-2023-23956.json b/CVE-2023/CVE-2023-239xx/CVE-2023-23956.json
index e4ea3d756d6..1ae5a1edbd6 100644
--- a/CVE-2023/CVE-2023-239xx/CVE-2023-23956.json
+++ b/CVE-2023/CVE-2023-239xx/CVE-2023-23956.json
@@ -2,19 +2,74 @@
"id": "CVE-2023-23956",
"sourceIdentifier": "secure@symantec.com",
"published": "2023-05-30T20:15:10.173",
- "lastModified": "2023-05-30T21:10:02.053",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T18:15:36.460",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A user can supply malicious HTML and JavaScript code that will be executed in the client browser"
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:broadcom:symantec_siteminder_webagent:12.52:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C96420C-FE9A-441E-B460-371470464F1D"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/22221",
- "source": "secure@symantec.com"
+ "source": "secure@symantec.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2304.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2304.json
index 3950f305814..4092d68047b 100644
--- a/CVE-2023/CVE-2023-23xx/CVE-2023-2304.json
+++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2304.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2304",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-05-31T05:15:10.260",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T16:30:51.470",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ },
{
"source": "security@wordfence.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ },
{
"source": "security@wordfence.com",
"type": "Secondary",
@@ -46,22 +76,52 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:favorites_project:favorites:*:*:*:*:*:wordpress:*:*",
+ "versionEndIncluding": "2.3.2",
+ "matchCriteriaId": "49BA0846-B425-47AD-A312-DCB78754D70A"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/favorites/tags/2.3.2/app/API/Shortcodes/UserFavoritesShortcode.php#L57",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://plugins.trac.wordpress.org/browser/favorites/tags/2.3.2/assets/js/favorites.js#L421",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2919192%40favorites&old=2805323%40favorites&sfp_email=&sfph_mail=",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5bd03cd0-34f0-491c-8247-79656eba32a8?source=cve",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2305.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2305.json
new file mode 100644
index 00000000000..1d15085f26f
--- /dev/null
+++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2305.json
@@ -0,0 +1,71 @@
+{
+ "id": "CVE-2023-2305",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:06.493",
+ "lastModified": "2023-06-09T06:16:06.493",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdm_members', 'wpdm_login_form', 'wpdm_reg_form' shortcodes in versions up to, and including, 3.2.70 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.1,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.70/src/User/views/login-form.php#L10",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.70/src/User/views/members.php#L10",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/download-manager/tags/3.2.70/src/User/views/reg-form.php#L11",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2906403%40download-manager&new=2906403%40download-manager&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a66bc196-e5f8-46b4-a81c-c888eb64021c?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-240xx/CVE-2023-24014.json b/CVE-2023/CVE-2023-240xx/CVE-2023-24014.json
new file mode 100644
index 00000000000..a80564f736f
--- /dev/null
+++ b/CVE-2023/CVE-2023-240xx/CVE-2023-24014.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-24014",
+ "sourceIdentifier": "ics-cert@hq.dhs.gov",
+ "published": "2023-06-07T21:15:13.120",
+ "lastModified": "2023-06-07T21:36:36.773",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are \nvulnerable to heap-based buffer overflow, which could allow an attacker \nto execute arbitrary code.\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-122"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-157-01",
+ "source": "ics-cert@hq.dhs.gov"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-243xx/CVE-2023-24329.json b/CVE-2023/CVE-2023-243xx/CVE-2023-24329.json
index 53f6bb20733..44475867bdf 100644
--- a/CVE-2023/CVE-2023-243xx/CVE-2023-24329.json
+++ b/CVE-2023/CVE-2023-243xx/CVE-2023-24329.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-24329",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-17T15:15:12.243",
- "lastModified": "2023-06-04T03:15:09.297",
+ "lastModified": "2023-06-08T04:15:10.057",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters."
+ "value": "An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters."
}
],
"metrics": {
@@ -65,6 +65,10 @@
}
],
"references": [
+ {
+ "url": "https://github.com/python/cpython/issues/102153",
+ "source": "cve@mitre.org"
+ },
{
"url": "https://github.com/python/cpython/pull/99421",
"source": "cve@mitre.org",
@@ -76,6 +80,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PEVICI7YNGGMSL3UCMWGE66QFLATH72/",
"source": "cve@mitre.org"
},
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSL6NSOAXWBJJ67XPLSSC74MNKZF3BBO/",
+ "source": "cve@mitre.org"
+ },
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EM2XLZSTXG44TMFXF4E6VTGKR2MQCW3G/",
"source": "cve@mitre.org"
@@ -84,6 +92,14 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2NY75GFDZ5T6YPN44D3VMFT5SUVTOTG/",
"source": "cve@mitre.org"
},
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H23OSKC6UG6IWOQAUPW74YUHWRWVXJP7/",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZTLGV2HYFF4AMYJL25VDIGAIHCU7UPA/",
+ "source": "cve@mitre.org"
+ },
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LWC4WGXER5P6Q75RFGL7QUTPP3N5JR7T/",
"source": "cve@mitre.org"
@@ -104,6 +120,22 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PURM5CFDABEWAIWZFD2MQ7ZJGCPYSQ44/",
"source": "cve@mitre.org"
},
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q3J5N24ECS4B6MJDRO6UAYU6GPLYBDCL/",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRQHN7RWJQJHYP6E5EKESOYP5VDSHZG4/",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RA2MBEEES6L46OD64OBSVUUMGKNGMOWW/",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4IDB5OAR5Y4UK3HLMZBW4WEL2B7YFMJ/",
+ "source": "cve@mitre.org"
+ },
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZH26JGNZ5XYPZ5SAU3NKSBSPRE5OHTG/",
"source": "cve@mitre.org"
diff --git a/CVE-2023/CVE-2023-244xx/CVE-2023-24476.json b/CVE-2023/CVE-2023-244xx/CVE-2023-24476.json
new file mode 100644
index 00000000000..1ee440d1463
--- /dev/null
+++ b/CVE-2023/CVE-2023-244xx/CVE-2023-24476.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-24476",
+ "sourceIdentifier": "ics-cert@hq.dhs.gov",
+ "published": "2023-06-07T22:15:09.553",
+ "lastModified": "2023-06-08T02:44:28.663",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\nAn attacker with local access to the machine could record the traffic, \nwhich could allow them to resend requests without the server \nauthenticating that the user or session are valid.\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 1.8,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 0.3,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-285"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13",
+ "source": "ics-cert@hq.dhs.gov"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-245xx/CVE-2023-24510.json b/CVE-2023/CVE-2023-245xx/CVE-2023-24510.json
new file mode 100644
index 00000000000..f0fa8a90eaf
--- /dev/null
+++ b/CVE-2023/CVE-2023-245xx/CVE-2023-24510.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-24510",
+ "sourceIdentifier": "psirt@arista.com",
+ "published": "2023-06-05T22:15:11.717",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "psirt@arista.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "psirt@arista.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-755"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17445-security-advisory-0087",
+ "source": "psirt@arista.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-245xx/CVE-2023-24535.json b/CVE-2023/CVE-2023-245xx/CVE-2023-24535.json
new file mode 100644
index 00000000000..2127d4f5292
--- /dev/null
+++ b/CVE-2023/CVE-2023-245xx/CVE-2023-24535.json
@@ -0,0 +1,40 @@
+{
+ "id": "CVE-2023-24535",
+ "sourceIdentifier": "security@golang.org",
+ "published": "2023-06-08T21:15:16.420",
+ "lastModified": "2023-06-08T21:15:16.420",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic."
+ }
+ ],
+ "metrics": {},
+ "weaknesses": [
+ {
+ "source": "security@golang.org",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/golang/protobuf/issues/1530",
+ "source": "security@golang.org"
+ },
+ {
+ "url": "https://go.dev/cl/475995",
+ "source": "security@golang.org"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2023-1631",
+ "source": "security@golang.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-245xx/CVE-2023-24568.json b/CVE-2023/CVE-2023-245xx/CVE-2023-24568.json
index 5072bd13eb9..c36cf77ea1b 100644
--- a/CVE-2023/CVE-2023-245xx/CVE-2023-24568.json
+++ b/CVE-2023/CVE-2023-245xx/CVE-2023-24568.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-24568",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-05-30T16:15:09.533",
- "lastModified": "2023-05-30T16:36:55.623",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T15:23:11.223",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ },
{
"source": "security_alert@emc.com",
"type": "Secondary",
@@ -36,8 +56,18 @@
},
"weaknesses": [
{
- "source": "security_alert@emc.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-295"
+ }
+ ]
+ },
+ {
+ "source": "security_alert@emc.com",
+ "type": "Secondary",
"description": [
{
"lang": "en",
@@ -46,10 +76,41 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:dell:networker:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "19.7.0.3",
+ "matchCriteriaId": "999374BE-F3FE-486F-B766-4DDF34B7E906"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:dell:networker:19.7.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "880E3083-10D9-451F-A21B-91D36570596A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:dell:networker:19.8.0.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "83E8C92E-963F-4855-AFF3-C508E26DB43E"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000210963/dsa-2023-059-dell-networker-security-update-for-a-rabbitmq-vulnerability-related-to-improper-validation-of-hostname-in-rabbitmq-startup-script-which-fails-to-replace-ca-signed-certificates",
- "source": "security_alert@emc.com"
+ "source": "security_alert@emc.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-245xx/CVE-2023-24584.json b/CVE-2023/CVE-2023-245xx/CVE-2023-24584.json
index f1901da1e1b..3f63a863523 100644
--- a/CVE-2023/CVE-2023-245xx/CVE-2023-24584.json
+++ b/CVE-2023/CVE-2023-245xx/CVE-2023-24584.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-24584",
"sourceIdentifier": "disclosures@gallagher.com",
"published": "2023-06-01T05:15:09.767",
- "lastModified": "2023-06-01T13:00:30.717",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T15:54:51.820",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ },
{
"source": "disclosures@gallagher.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-120"
+ }
+ ]
+ },
{
"source": "disclosures@gallagher.com",
"type": "Secondary",
@@ -46,10 +76,64 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "8.50.230201a",
+ "matchCriteriaId": "D2145115-B3C0-450E-B8E4-F9E0CA60E532"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.60",
+ "versionEndExcluding": "8.60.230201b",
+ "matchCriteriaId": "1C59CC87-0F34-4B34-A8E9-4A8EC922067F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.70",
+ "versionEndExcluding": "8.70.230201a",
+ "matchCriteriaId": "33EB0365-40C7-4750-A013-37B655A24FE4"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.80",
+ "versionEndExcluding": "8.80.230201a",
+ "matchCriteriaId": "3F952C1B-EA21-4179-A8CF-84952EBE2478"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:gallagher:controller_6000:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5AF2B03B-B033-439F-8CEE-334FA8053278"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-24584",
- "source": "disclosures@gallagher.com"
+ "source": "disclosures@gallagher.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-248xx/CVE-2023-24817.json b/CVE-2023/CVE-2023-248xx/CVE-2023-24817.json
index bc06d36bacb..1aebcffb361 100644
--- a/CVE-2023/CVE-2023-248xx/CVE-2023-24817.json
+++ b/CVE-2023/CVE-2023-248xx/CVE-2023-24817.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-24817",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-30T16:15:09.607",
- "lastModified": "2023-05-30T16:36:55.623",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T19:10:07.593",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -35,6 +55,20 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-191"
+ },
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -50,14 +84,39 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:riot-os:riot:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2023.04",
+ "matchCriteriaId": "3563E17A-D38F-412B-8C65-733C4439DE19"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/RIOT-OS/RIOT/commit/34dc1757f5621be48e226cfebb2f4c63505b5360",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-xjgw-7638-29g5",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-248xx/CVE-2023-24825.json b/CVE-2023/CVE-2023-248xx/CVE-2023-24825.json
index cded989e198..fd2c7259a70 100644
--- a/CVE-2023/CVE-2023-248xx/CVE-2023-24825.json
+++ b/CVE-2023/CVE-2023-248xx/CVE-2023-24825.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-24825",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-30T16:15:09.687",
- "lastModified": "2023-05-30T16:36:55.623",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T14:53:24.207",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -35,6 +55,20 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-252"
+ },
+ {
+ "lang": "en",
+ "value": "CWE-476"
+ }
+ ]
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -50,34 +84,74 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:riot-os:riot:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2023.04",
+ "matchCriteriaId": "3563E17A-D38F-412B-8C65-733C4439DE19"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/RIOT-OS/RIOT/blob/2022.10-branch/sys/net/gnrc/network_layer/sixlowpan/frag/rb/gnrc_sixlowpan_frag_rb.c#L416",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://github.com/RIOT-OS/RIOT/blob/2022.10-branch/sys/net/gnrc/network_layer/sixlowpan/frag/rb/gnrc_sixlowpan_frag_rb.c#L429",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://github.com/RIOT-OS/RIOT/blob/2022.10-branch/sys/net/gnrc/network_layer/sixlowpan/iphc/gnrc_sixlowpan_iphc.c#L729",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://github.com/RIOT-OS/RIOT/blob/2022.10-branch/sys/net/gnrc/network_layer/sixlowpan/iphc/gnrc_sixlowpan_iphc.c#L761",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://github.com/RIOT-OS/RIOT/blob/ccbb304eae7b59e8aca24a6ffd095b5b3f7720ee/sys/net/gnrc/pktbuf_static/gnrc_pktbuf_static.c#L169",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://github.com/RIOT-OS/RIOT/commit/0c522075445a62ce3102e141573ecc2788521897",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-xqm8-xj74-fjw2",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-248xx/CVE-2023-24826.json b/CVE-2023/CVE-2023-248xx/CVE-2023-24826.json
index abf5a21c8f8..3563abd0329 100644
--- a/CVE-2023/CVE-2023-248xx/CVE-2023-24826.json
+++ b/CVE-2023/CVE-2023-248xx/CVE-2023-24826.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-24826",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-30T17:15:09.983",
- "lastModified": "2023-05-30T18:52:32.890",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T16:15:39.177",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-824"
+ }
+ ]
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -46,22 +76,52 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:riot-os:riot:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2023.04",
+ "matchCriteriaId": "3563E17A-D38F-412B-8C65-733C4439DE19"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/RIOT-OS/RIOT/blob/ccbb304eae7b59e8aca24a6ffd095b5b3f7720ee/sys/net/gnrc/network_layer/sixlowpan/frag/sfr/gnrc_sixlowpan_frag_sfr.c#L402",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Product"
+ ]
},
{
"url": "https://github.com/RIOT-OS/RIOT/blob/ccbb304eae7b59e8aca24a6ffd095b5b3f7720ee/sys/net/gnrc/network_layer/sixlowpan/frag/sfr/gnrc_sixlowpan_frag_sfr.c#L420",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Product"
+ ]
},
{
"url": "https://github.com/RIOT-OS/RIOT/commit/287f030af20e829469cdf740606148018a5a220d",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-xfj4-9g7w-f4gh",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2402.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2402.json
new file mode 100644
index 00000000000..b5c893462f7
--- /dev/null
+++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2402.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-2402",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:06.847",
+ "lastModified": "2023-06-09T06:16:06.847",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2808029%40wp-responsive-photo-gallery%2Ftags%2F1.0.13&new=2905480%40wp-responsive-photo-gallery%2Ftags%2F1.0.14",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/51a1c2de-56be-4487-874a-a916e8a6992a?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2414.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2414.json
new file mode 100644
index 00000000000..9b9a57ca08b
--- /dev/null
+++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2414.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-2414",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:07.127",
+ "lastModified": "2023-06-09T06:16:07.127",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_settings_callback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to modify the plugins settings, upload media files, and inject malicious JavaScript."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/meeting-scheduler-by-vcita/trunk/vcita-ajax-function.php#L88",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c99aab5-a995-44ae-bc14-09f73e6b22c5?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2434.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2434.json
index d6bd3d3b837..8533142cc28 100644
--- a/CVE-2023/CVE-2023-24xx/CVE-2023-2434.json
+++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2434.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2434",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-05-31T04:15:10.070",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T16:27:06.360",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 3.8,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 2.5
+ },
{
"source": "security@wordfence.com",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ },
{
"source": "security@wordfence.com",
"type": "Secondary",
@@ -50,18 +80,45 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:nested_pages_project:nested_pages:*:*:*:*:*:wordpress:*:*",
+ "versionEndIncluding": "3.2.3",
+ "matchCriteriaId": "F288252B-FB7B-41FB-9F17-6846B325433F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wp-nested-pages/tags/3.2.3/app/Form/Listeners/ResetSettings.php#L12",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2919175%40wp-nested-pages&old=2814681%40wp-nested-pages&sfp_email=&sfph_mail=",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8c3e61e9-3610-41b5-9820-28012dc657fd?source=cve",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2435.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2435.json
index 2331a0ea007..75267ed89bf 100644
--- a/CVE-2023/CVE-2023-24xx/CVE-2023-2435.json
+++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2435.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2435",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-05-31T03:15:09.313",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T16:09:25.807",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 5.9
+ },
{
"source": "security@wordfence.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ }
+ ]
+ },
{
"source": "security@wordfence.com",
"type": "Secondary",
@@ -46,14 +76,38 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:blog-in-blog_project:blog-in-blog:*:*:*:*:*:wordpress:*:*",
+ "versionEndIncluding": "1.1.1",
+ "matchCriteriaId": "3534CB1A-4763-4835-A036-C9EB5557BCD6"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/blog-in-blog/tags/1.1.1/blog-in-blog.php#L153",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d53161ad-cc5f-4433-b288-a8095cdfd7db?source=cve",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2436.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2436.json
index 8a2e9649ed6..c182b2fc507 100644
--- a/CVE-2023/CVE-2023-24xx/CVE-2023-2436.json
+++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2436.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2436",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-05-31T03:15:09.380",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T16:09:48.983",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.8,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.7,
+ "impactScore": 2.7
+ },
{
"source": "security@wordfence.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ },
{
"source": "security@wordfence.com",
"type": "Secondary",
@@ -46,14 +76,38 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:blog-in-blog_project:blog-in-blog:*:*:*:*:*:wordpress:*:*",
+ "versionEndIncluding": "1.1.1",
+ "matchCriteriaId": "3534CB1A-4763-4835-A036-C9EB5557BCD6"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/blog-in-blog/tags/1.1.1/blog-in-blog.php#L257",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5c6a88c3-18b7-470f-8014-373ead66dcfa?source=cve",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2442.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2442.json
new file mode 100644
index 00000000000..a0d194afcb3
--- /dev/null
+++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2442.json
@@ -0,0 +1,51 @@
+{
+ "id": "CVE-2023-2442",
+ "sourceIdentifier": "cve@gitlab.com",
+ "published": "2023-06-07T16:15:09.403",
+ "lastModified": "2023-06-07T16:18:07.597",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A specially crafted merge request could lead to a stored XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "cve@gitlab.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 8.7,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 5.8
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2442.json",
+ "source": "cve@gitlab.com"
+ },
+ {
+ "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/409346",
+ "source": "cve@gitlab.com"
+ },
+ {
+ "url": "https://hackerone.com/reports/1965750",
+ "source": "cve@gitlab.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2450.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2450.json
new file mode 100644
index 00000000000..d4e84d8336b
--- /dev/null
+++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2450.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-2450",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:07.427",
+ "lastModified": "2023-06-09T06:16:07.427",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The FiboSearch - AJAX Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.23.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.3,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/ajax-search-for-woocommerce/tags/1.23.0/includes/Helpers.php#L1229",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fajax-search-for-woocommerce%2Ftags%2F1.23.0&old=2917453&new_path=%2Fajax-search-for-woocommerce%2Ftags%2F1.24.0&new=2917453&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/880573d8-6dad-4a1b-a5db-33e1dc243062?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2452.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2452.json
new file mode 100644
index 00000000000..103a418c0d4
--- /dev/null
+++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2452.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-2452",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:07.850",
+ "lastModified": "2023-06-09T06:16:07.850",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.3,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.77/includes/admin/class-aws-admin-options.php#L473",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.77/includes/admin/class-aws-admin-options.php#L481",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4278e9d7-aa1e-47a5-b715-09dae5156303?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2484.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2484.json
new file mode 100644
index 00000000000..9a3fc5b5fff
--- /dev/null
+++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2484.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-2484",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:08.247",
+ "lastModified": "2023-06-09T06:16:08.247",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Active Directory Integration plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/ldap-login-for-intranet-sites/trunk/class-mo-ldap-user-auth-reports.php?rev=2859403#L64",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2910898%40ldap-login-for-intranet-sites%2Ftrunk&old=2903294%40ldap-login-for-intranet-sites%2Ftrunk&sfp_email=&sfph_mail=#file5",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3eedc57b-79cc-4569-b6d6-676a22aa1e06?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2485.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2485.json
new file mode 100644
index 00000000000..b29008964cc
--- /dev/null
+++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2485.json
@@ -0,0 +1,51 @@
+{
+ "id": "CVE-2023-2485",
+ "sourceIdentifier": "cve@gitlab.com",
+ "published": "2023-06-07T17:15:10.270",
+ "lastModified": "2023-06-07T17:28:57.443",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A malicious maintainer in a project can escalate other users to Owners in that project if they import members from another project that those other users are Owners of."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "cve@gitlab.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.7,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2485.json",
+ "source": "cve@gitlab.com"
+ },
+ {
+ "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/407830",
+ "source": "cve@gitlab.com"
+ },
+ {
+ "url": "https://hackerone.com/reports/1934811",
+ "source": "cve@gitlab.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-251xx/CVE-2023-25177.json b/CVE-2023/CVE-2023-251xx/CVE-2023-25177.json
new file mode 100644
index 00000000000..c1f06ae4907
--- /dev/null
+++ b/CVE-2023/CVE-2023-251xx/CVE-2023-25177.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-25177",
+ "sourceIdentifier": "ics-cert@hq.dhs.gov",
+ "published": "2023-06-07T21:15:13.193",
+ "lastModified": "2023-06-07T21:36:36.773",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\nDelta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are \nvulnerable to stack-based buffer overflow, which could allow an attacker\n to execute arbitrary code.\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-121"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-157-01",
+ "source": "ics-cert@hq.dhs.gov"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-255xx/CVE-2023-25539.json b/CVE-2023/CVE-2023-255xx/CVE-2023-25539.json
index 96a242f3c0a..dd2cdda3092 100644
--- a/CVE-2023/CVE-2023-255xx/CVE-2023-25539.json
+++ b/CVE-2023/CVE-2023-255xx/CVE-2023-25539.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-25539",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-05-31T05:15:09.537",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T13:45:01.660",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ },
{
"source": "security_alert@emc.com",
"type": "Secondary",
@@ -40,8 +60,18 @@
},
"weaknesses": [
{
- "source": "security_alert@emc.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-78"
+ }
+ ]
+ },
+ {
+ "source": "security_alert@emc.com",
+ "type": "Secondary",
"description": [
{
"lang": "en",
@@ -50,10 +80,48 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:dell:networker:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "19.7.0.4",
+ "matchCriteriaId": "9522AD40-F1B1-471B-9FB9-71258D20BEB5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:dell:networker:19.7.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "880E3083-10D9-451F-A21B-91D36570596A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000211267/dsa-2023-060-dell-networker-security-update-for-an-nsrcapinfo-vulnerability",
- "source": "security_alert@emc.com"
+ "source": "security_alert@emc.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-255xx/CVE-2023-25542.json b/CVE-2023/CVE-2023-255xx/CVE-2023-25542.json
index 6dad518ca9a..0fdf12e1c14 100644
--- a/CVE-2023/CVE-2023-255xx/CVE-2023-25542.json
+++ b/CVE-2023/CVE-2023-255xx/CVE-2023-25542.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-25542",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-04-06T07:15:06.777",
- "lastModified": "2023-04-17T13:17:13.397",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-06T07:15:08.807",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to escalated privileges."
+ "value": "\nDell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to escalated privileges.\n\n"
}
],
"metrics": {
@@ -56,7 +56,7 @@
},
"weaknesses": [
{
- "source": "nvd@nist.gov",
+ "source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
@@ -66,12 +66,12 @@
]
},
{
- "source": "security_alert@emc.com",
+ "source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
- "value": "CWE-284"
+ "value": "CWE-276"
}
]
}
diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25728.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25728.json
index 75f17bcbb84..a75e2a2933f 100644
--- a/CVE-2023/CVE-2023-257xx/CVE-2023-25728.json
+++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25728.json
@@ -2,31 +2,109 @@
"id": "CVE-2023-25728",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:11.003",
- "lastModified": "2023-06-02T18:10:16.907",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T14:01:25.977",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "110.0",
+ "matchCriteriaId": "811EBB2F-0FAA-49DB-8B16-99341814C3D1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.8",
+ "matchCriteriaId": "731649BC-CBBC-4423-93E1-577EF7A17DBD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.8",
+ "matchCriteriaId": "E7ED1B02-7653-4441-B4F4-980A86C4F170"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1790345",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-05/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-06/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-07/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25729.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25729.json
index 789953247e6..da320951f77 100644
--- a/CVE-2023/CVE-2023-257xx/CVE-2023-25729.json
+++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25729.json
@@ -2,31 +2,109 @@
"id": "CVE-2023-25729",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:11.050",
- "lastModified": "2023-06-02T18:10:16.907",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T14:03:14.853",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Permission prompts for opening external schemes were only shown for ContentPrincipals resulting in extensions being able to open them without user interaction via ExpandedPrincipals. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "110.0",
+ "matchCriteriaId": "811EBB2F-0FAA-49DB-8B16-99341814C3D1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.8",
+ "matchCriteriaId": "731649BC-CBBC-4423-93E1-577EF7A17DBD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.8",
+ "matchCriteriaId": "E7ED1B02-7653-4441-B4F4-980A86C4F170"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1792138",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-05/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-06/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-07/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25730.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25730.json
index 31a8f54acfe..0a877cc2c3e 100644
--- a/CVE-2023/CVE-2023-257xx/CVE-2023-25730.json
+++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25730.json
@@ -2,31 +2,110 @@
"id": "CVE-2023-25730",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:11.097",
- "lastModified": "2023-06-02T18:10:16.907",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T17:16:10.957",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "110.0",
+ "matchCriteriaId": "811EBB2F-0FAA-49DB-8B16-99341814C3D1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.8",
+ "matchCriteriaId": "731649BC-CBBC-4423-93E1-577EF7A17DBD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.8",
+ "matchCriteriaId": "E7ED1B02-7653-4441-B4F4-980A86C4F170"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1794622",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-05/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-06/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-07/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25731.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25731.json
index 2a08f190c08..fa4583cfabe 100644
--- a/CVE-2023/CVE-2023-257xx/CVE-2023-25731.json
+++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25731.json
@@ -2,23 +2,83 @@
"id": "CVE-2023-25731",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:11.147",
- "lastModified": "2023-06-02T18:10:16.907",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T15:47:20.800",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox < 110."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "110.0",
+ "matchCriteriaId": "811EBB2F-0FAA-49DB-8B16-99341814C3D1"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1801542",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-05/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25732.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25732.json
index 9f951bec2f6..ed1939d9324 100644
--- a/CVE-2023/CVE-2023-257xx/CVE-2023-25732.json
+++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25732.json
@@ -2,31 +2,109 @@
"id": "CVE-2023-25732",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:11.193",
- "lastModified": "2023-06-02T18:10:16.907",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T15:52:08.203",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "110.0",
+ "matchCriteriaId": "811EBB2F-0FAA-49DB-8B16-99341814C3D1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.8",
+ "matchCriteriaId": "731649BC-CBBC-4423-93E1-577EF7A17DBD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.8",
+ "matchCriteriaId": "E7ED1B02-7653-4441-B4F4-980A86C4F170"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1804564",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-05/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-06/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-07/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25734.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25734.json
index 561557783c7..79f6cbd7122 100644
--- a/CVE-2023/CVE-2023-257xx/CVE-2023-25734.json
+++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25734.json
@@ -2,43 +2,146 @@
"id": "CVE-2023-25734",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:11.237",
- "lastModified": "2023-06-02T18:10:16.907",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T15:57:02.770",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "After downloading a Windows .url shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.
*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 8.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "110.0",
+ "matchCriteriaId": "811EBB2F-0FAA-49DB-8B16-99341814C3D1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.8",
+ "matchCriteriaId": "731649BC-CBBC-4423-93E1-577EF7A17DBD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.8",
+ "matchCriteriaId": "E7ED1B02-7653-4441-B4F4-980A86C4F170"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1784451",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Exploit",
+ "Issue Tracking",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1809923",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required"
+ ]
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1810143",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required"
+ ]
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1812338",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-05/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-06/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-07/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25735.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25735.json
index 5c803f49bd8..b26217ce663 100644
--- a/CVE-2023/CVE-2023-257xx/CVE-2023-25735.json
+++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25735.json
@@ -2,31 +2,109 @@
"id": "CVE-2023-25735",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:11.280",
- "lastModified": "2023-06-02T18:10:16.907",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T16:05:41.207",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-416"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "110.0",
+ "matchCriteriaId": "811EBB2F-0FAA-49DB-8B16-99341814C3D1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.8",
+ "matchCriteriaId": "731649BC-CBBC-4423-93E1-577EF7A17DBD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.8",
+ "matchCriteriaId": "E7ED1B02-7653-4441-B4F4-980A86C4F170"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1810711",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-05/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-06/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-07/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25737.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25737.json
index 0e8a8d548d4..9cfff4a8b19 100644
--- a/CVE-2023/CVE-2023-257xx/CVE-2023-25737.json
+++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25737.json
@@ -2,31 +2,109 @@
"id": "CVE-2023-25737",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:11.323",
- "lastModified": "2023-06-02T18:10:16.907",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T16:09:39.830",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "110.0",
+ "matchCriteriaId": "811EBB2F-0FAA-49DB-8B16-99341814C3D1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.8",
+ "matchCriteriaId": "731649BC-CBBC-4423-93E1-577EF7A17DBD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.8",
+ "matchCriteriaId": "E7ED1B02-7653-4441-B4F4-980A86C4F170"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1811464",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-05/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-06/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-07/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25738.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25738.json
index 38f80764d4e..e4205fb9392 100644
--- a/CVE-2023/CVE-2023-257xx/CVE-2023-25738.json
+++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25738.json
@@ -2,31 +2,121 @@
"id": "CVE-2023-25738",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:11.367",
- "lastModified": "2023-06-02T18:10:16.907",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T16:10:29.437",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Members of the DEVMODEW struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables.
*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "110.0",
+ "matchCriteriaId": "811EBB2F-0FAA-49DB-8B16-99341814C3D1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.8",
+ "matchCriteriaId": "731649BC-CBBC-4423-93E1-577EF7A17DBD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.8",
+ "matchCriteriaId": "E7ED1B02-7653-4441-B4F4-980A86C4F170"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1811852",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-05/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-06/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-07/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25739.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25739.json
index 78380cffdc3..3a55499d3e5 100644
--- a/CVE-2023/CVE-2023-257xx/CVE-2023-25739.json
+++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25739.json
@@ -2,31 +2,109 @@
"id": "CVE-2023-25739",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:11.417",
- "lastModified": "2023-06-02T18:10:16.907",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T16:15:27.837",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in ScriptLoadContext. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-416"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "110.0",
+ "matchCriteriaId": "811EBB2F-0FAA-49DB-8B16-99341814C3D1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.8",
+ "matchCriteriaId": "731649BC-CBBC-4423-93E1-577EF7A17DBD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.8",
+ "matchCriteriaId": "E7ED1B02-7653-4441-B4F4-980A86C4F170"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1811939",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-05/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-06/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-07/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25740.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25740.json
index a60949e2047..8f9c7c24dac 100644
--- a/CVE-2023/CVE-2023-257xx/CVE-2023-25740.json
+++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25740.json
@@ -2,23 +2,83 @@
"id": "CVE-2023-25740",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:11.480",
- "lastModified": "2023-06-02T18:10:16.907",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T16:33:12.093",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "After downloading a Windows .scf script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.
*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "110.0",
+ "matchCriteriaId": "811EBB2F-0FAA-49DB-8B16-99341814C3D1"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1812354",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-05/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25741.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25741.json
index 88b1d2b12d3..23b93c786ac 100644
--- a/CVE-2023/CVE-2023-257xx/CVE-2023-25741.json
+++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25741.json
@@ -2,31 +2,100 @@
"id": "CVE-2023-25741",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:11.537",
- "lastModified": "2023-06-02T18:10:16.907",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T16:36:10.880",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "When dragging and dropping an image cross-origin, the image's size could potentially be leaked. This behavior was shipped in 109 and caused web compatibility problems as well as this security concern, so the behavior was disabled until further review. This vulnerability affects Firefox < 110."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "110.0",
+ "matchCriteriaId": "811EBB2F-0FAA-49DB-8B16-99341814C3D1"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1437126",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1812611",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Exploit",
+ "Issue Tracking",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1813376",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-05/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25742.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25742.json
index 1b59802d707..aef52011af1 100644
--- a/CVE-2023/CVE-2023-257xx/CVE-2023-25742.json
+++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25742.json
@@ -2,31 +2,109 @@
"id": "CVE-2023-25742",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:11.583",
- "lastModified": "2023-06-02T18:10:16.907",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T16:36:54.367",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "110.0",
+ "matchCriteriaId": "811EBB2F-0FAA-49DB-8B16-99341814C3D1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.8",
+ "matchCriteriaId": "731649BC-CBBC-4423-93E1-577EF7A17DBD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.8",
+ "matchCriteriaId": "E7ED1B02-7653-4441-B4F4-980A86C4F170"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1813424",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-05/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-06/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-07/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25744.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25744.json
index 1a8f379e701..03f3d1723d5 100644
--- a/CVE-2023/CVE-2023-257xx/CVE-2023-25744.json
+++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25744.json
@@ -2,27 +2,96 @@
"id": "CVE-2023-25744",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:11.677",
- "lastModified": "2023-06-02T18:10:16.907",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T17:09:57.160",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Mozilla developers Kershaw Chang and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "110.0",
+ "matchCriteriaId": "811EBB2F-0FAA-49DB-8B16-99341814C3D1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.8",
+ "matchCriteriaId": "731649BC-CBBC-4423-93E1-577EF7A17DBD"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1789449%2C1803628%2C1810536",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Broken Link",
+ "Issue Tracking"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-05/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-06/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25745.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25745.json
index 7a3f402401c..b05e8e38b2b 100644
--- a/CVE-2023/CVE-2023-257xx/CVE-2023-25745.json
+++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25745.json
@@ -2,23 +2,83 @@
"id": "CVE-2023-25745",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:11.723",
- "lastModified": "2023-06-02T18:10:11.837",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T17:10:54.727",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Mozilla developers Timothy Nikkel, Gabriele Svelto, Jeff Muizelaar and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 109. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "110.0",
+ "matchCriteriaId": "811EBB2F-0FAA-49DB-8B16-99341814C3D1"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1688592%2C1797186%2C1804998%2C1806521%2C1813284",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-05/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25746.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25746.json
index 71f0be1f7dd..3fd2667b556 100644
--- a/CVE-2023/CVE-2023-257xx/CVE-2023-25746.json
+++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25746.json
@@ -2,27 +2,97 @@
"id": "CVE-2023-25746",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:11.767",
- "lastModified": "2023-06-02T18:10:11.837",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T17:11:46.547",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Mozilla developers Philipp and Gabriele Svelto reported memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.8 and Firefox ESR < 102.8."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.8",
+ "matchCriteriaId": "731649BC-CBBC-4423-93E1-577EF7A17DBD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.8",
+ "matchCriteriaId": "E7ED1B02-7653-4441-B4F4-980A86C4F170"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1544127%2C1762368",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Broken Link",
+ "Issue Tracking",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-06/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-07/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25748.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25748.json
index af3f78a8f0a..147e466c48f 100644
--- a/CVE-2023/CVE-2023-257xx/CVE-2023-25748.json
+++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25748.json
@@ -2,23 +2,84 @@
"id": "CVE-2023-25748",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:11.817",
- "lastModified": "2023-06-02T18:10:11.837",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T17:12:18.370",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "By displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user confusion or spoofing attacks.
*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 111."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*",
+ "versionEndExcluding": "111.0",
+ "matchCriteriaId": "15D61809-2D26-4664-9034-0504D0183F60"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1798798",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-09/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25749.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25749.json
index d6b8f1e7985..62524e54b5c 100644
--- a/CVE-2023/CVE-2023-257xx/CVE-2023-25749.json
+++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25749.json
@@ -2,23 +2,84 @@
"id": "CVE-2023-25749",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:11.860",
- "lastModified": "2023-06-02T18:10:11.837",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T17:13:04.373",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Firefox will now confirm with users that they want to launch an external application before doing so.
*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 111."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*",
+ "versionEndExcluding": "111.0",
+ "matchCriteriaId": "15D61809-2D26-4664-9034-0504D0183F60"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1810705",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-09/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25750.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25750.json
index bedac0ef3a4..f670e13f8df 100644
--- a/CVE-2023/CVE-2023-257xx/CVE-2023-25750.json
+++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25750.json
@@ -2,23 +2,84 @@
"id": "CVE-2023-25750",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:11.903",
- "lastModified": "2023-06-02T18:10:11.837",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T17:13:45.550",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Under certain circumstances, a ServiceWorker's offline cache may have leaked to the file system when using private browsing mode. This vulnerability affects Firefox < 111."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-668"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "111.0",
+ "matchCriteriaId": "4C92D5DB-CF3B-4C0C-918A-D2DE67B898F8"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1814733",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-09/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25751.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25751.json
index c0112e65d34..fbbeece141f 100644
--- a/CVE-2023/CVE-2023-257xx/CVE-2023-25751.json
+++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25751.json
@@ -2,31 +2,110 @@
"id": "CVE-2023-25751",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:11.947",
- "lastModified": "2023-06-02T18:10:11.837",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T17:14:09.333",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "111.0",
+ "matchCriteriaId": "4C92D5DB-CF3B-4C0C-918A-D2DE67B898F8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.9",
+ "matchCriteriaId": "58A3D950-1352-42E9-9EB7-2093771B3C43"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.9",
+ "matchCriteriaId": "240CD7F0-941B-4C7D-8AAE-E0E65D014D7A"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1814899",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-09/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-10/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-11/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2526.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2526.json
new file mode 100644
index 00000000000..c48eeb3f585
--- /dev/null
+++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2526.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2023-2526",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:08.387",
+ "lastModified": "2023-06-09T06:16:08.387",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.7. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to executes AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/google-maps-easy/trunk/classes/frame.php?rev=2777743#L246",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2916430/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2916430/google-maps-easy/trunk/classes/frame.php?contextall=1",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4ea4ca00-185b-4f5d-9c5c-f81ba4edad05?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2530.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2530.json
new file mode 100644
index 00000000000..d3fb178a4fa
--- /dev/null
+++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2530.json
@@ -0,0 +1,32 @@
+{
+ "id": "CVE-2023-2530",
+ "sourceIdentifier": "security@puppet.com",
+ "published": "2023-06-07T20:15:09.557",
+ "lastModified": "2023-06-07T20:24:12.193",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A privilege escalation allowing remote code execution was discovered in the orchestration service."
+ }
+ ],
+ "metrics": {},
+ "weaknesses": [
+ {
+ "source": "security@puppet.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-284"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.puppet.com/security/cve/cve-2023-2530-remote-code-execution-orchestrator",
+ "source": "security@puppet.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2541.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2541.json
new file mode 100644
index 00000000000..fbdbae4e834
--- /dev/null
+++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2541.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-2541",
+ "sourceIdentifier": "security@knime.com",
+ "published": "2023-06-07T09:15:09.267",
+ "lastModified": "2023-06-07T12:52:33.093",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Web Frontend of KNIME Business Hub before 1.4.0 allows an unauthenticated remote attacker to access internals about the application such as versions, host names, or IP addresses. No personal information or application data was exposed.\n\n\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@knime.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@knime.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-200"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.knime.com/security/advisories#CVE-2023-2541",
+ "source": "security@knime.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2545.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2545.json
index e2e2d706c79..520cfdad714 100644
--- a/CVE-2023/CVE-2023-25xx/CVE-2023-2545.json
+++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2545.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2545",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-05-31T03:15:09.443",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T16:11:21.833",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
{
"source": "security@wordfence.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ },
{
"source": "security@wordfence.com",
"type": "Secondary",
@@ -46,14 +76,39 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:featherplugins:feather_login_page:*:*:*:*:*:wordpress:*:*",
+ "versionStartIncluding": "1.0.7",
+ "versionEndIncluding": "1.1.1",
+ "matchCriteriaId": "AA391D7D-4261-4641-8555-9A5DA018C628"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/feather-login-page/trunk/features/inc/admin/expirable-login-link.php?rev=2612332#L85",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b2ab2178-7438-43ef-961e-b54d0d230f4a?source=cve",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2546.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2546.json
new file mode 100644
index 00000000000..519ea646c8a
--- /dev/null
+++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2546.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-2546",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-06T02:15:09.943",
+ "lastModified": "2023-06-07T20:15:09.643",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpus_allow_user_to_admin_bar_menu' function with the 'wpus_who_switch' cookie value. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator, if they have access to the username."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-288"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/wp-user-switch/trunk/inc/functions.php?rev=2237142#L33",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2921182/wp-user-switch/trunk/inc/functions.php",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e89d912d-fa7a-4fb1-8872-95fa861c21ca?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2547.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2547.json
index 30a545ee032..e6bb19381fb 100644
--- a/CVE-2023/CVE-2023-25xx/CVE-2023-2547.json
+++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2547.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2547",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-05-31T03:15:09.510",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T16:11:51.877",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.5
+ },
{
"source": "security@wordfence.com",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ },
{
"source": "security@wordfence.com",
"type": "Secondary",
@@ -50,14 +80,39 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:featherplugins:feather_login_page:*:*:*:*:*:wordpress:*:*",
+ "versionStartIncluding": "1.0.7",
+ "versionEndIncluding": "1.1.1",
+ "matchCriteriaId": "AA391D7D-4261-4641-8555-9A5DA018C628"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/feather-login-page/trunk/features/inc/admin/expirable-login-link.php?rev=2612332#L71",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d58a6a4-de2c-485f-a8b0-7a7d144fbf3c?source=cve",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2549.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2549.json
index fbc25b5ea82..de85f406aec 100644
--- a/CVE-2023/CVE-2023-25xx/CVE-2023-2549.json
+++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2549.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2549",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-05-31T03:15:09.577",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T16:12:25.313",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
{
"source": "security@wordfence.com",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ },
{
"source": "security@wordfence.com",
"type": "Secondary",
@@ -50,14 +80,39 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:featherplugins:feather_login_page:*:*:*:*:*:wordpress:*:*",
+ "versionStartIncluding": "1.0.7",
+ "versionEndIncluding": "1.1.1",
+ "matchCriteriaId": "AA391D7D-4261-4641-8555-9A5DA018C628"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/feather-login-page/trunk/features/inc/admin/expirable-login-link.php?rev=2612332#L206",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/12560b8e-9c47-4f7f-ac9c-d86f17914ba3?source=cve",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2555.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2555.json
new file mode 100644
index 00000000000..e6be66cccd2
--- /dev/null
+++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2555.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-2555",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:08.673",
+ "lastModified": "2023-06-09T06:16:08.673",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WPCS \u2013 WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to create a custom drop-down currency switcher."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2911049/currency-switcher",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dd6b5d6d-5f5b-4b38-a25a-02cc1c041d37?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2556.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2556.json
new file mode 100644
index 00000000000..8acd0cf002e
--- /dev/null
+++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2556.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-2556",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:08.960",
+ "lastModified": "2023-06-09T06:16:08.960",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WPCS \u2013 WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the anonymous function for the wpcs_sd_delete action in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete an arbitrary custom drop-down currency switcher."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2911049/currency-switcher",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bc44c95e-9ca0-46d0-8315-72612ef3f855?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2557.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2557.json
new file mode 100644
index 00000000000..118f7a14ac7
--- /dev/null
+++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2557.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-2557",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:09.247",
+ "lastModified": "2023-06-09T06:16:09.247",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WPCS \u2013 WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to edit an arbitrary custom drop-down currency switcher."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2911049/currency-switcher",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d4c79242-5c89-40c0-abcc-c112f7a64a74?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2558.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2558.json
new file mode 100644
index 00000000000..498b8039694
--- /dev/null
+++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2558.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-2558",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:09.583",
+ "lastModified": "2023-06-09T06:16:09.583",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WPCS \u2013 WordPress Currency Switcher Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcs_current_currency shortcode in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.1,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2911049/currency-switcher",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/be054481-89b4-47d8-ad06-8622edea367f?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2584.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2584.json
new file mode 100644
index 00000000000..ee67d13ef75
--- /dev/null
+++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2584.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-2584",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:09.897",
+ "lastModified": "2023-06-09T06:16:09.897",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.3.6 (9.6.1 in the Pro version) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.3,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/pixelyoursite/trunk/modules/head_footer/head_footer.php?rev=2773949#L73",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2912301%40pixelyoursite%2Ftrunk&old=2897911%40pixelyoursite%2Ftrunk&sfp_email=&sfph_mail=#file2",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5ebf1e83-50b8-4f56-ba76-10100375edda?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2589.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2589.json
new file mode 100644
index 00000000000..c2256e04b7e
--- /dev/null
+++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2589.json
@@ -0,0 +1,51 @@
+{
+ "id": "CVE-2023-2589",
+ "sourceIdentifier": "cve@gitlab.com",
+ "published": "2023-06-07T17:15:10.330",
+ "lastModified": "2023-06-07T17:28:57.443",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker can clone a repository from a public project, from a disallowed IP, even after the top-level group has enabled IP restrictions on the group."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "cve@gitlab.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.2,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2589.json",
+ "source": "cve@gitlab.com"
+ },
+ {
+ "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/407891",
+ "source": "cve@gitlab.com"
+ },
+ {
+ "url": "https://hackerone.com/reports/1941803",
+ "source": "cve@gitlab.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2598.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2598.json
index e62d0568a81..053949b3828 100644
--- a/CVE-2023/CVE-2023-25xx/CVE-2023-2598.json
+++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2598.json
@@ -2,16 +2,49 @@
"id": "CVE-2023-2598",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-06-01T01:15:17.867",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T19:10:18.870",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ },
{
"source": "secalert@redhat.com",
"type": "Secondary",
@@ -23,10 +56,32 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "6.3.6",
+ "matchCriteriaId": "814AA173-DDB0-493E-BE24-195CE4D2B8E9"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://www.openwall.com/lists/oss-security/2023/05/08/3",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2599.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2599.json
new file mode 100644
index 00000000000..5d6ba9e7697
--- /dev/null
+++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2599.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-2599",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:10.247",
+ "lastModified": "2023-06-09T06:16:10.247",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to missing nonce verification on the get_users function and insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to cause resource exhaustion via a forged request granted they can trick an administrator into performing an action such as clicking on a link."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "LOW",
+ "baseScore": 3.1,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 1.6,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/ldap-login-for-intranet-sites/trunk/class-mo-ldap-user-auth-reports.php?rev=2859403#L64",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2910898%40ldap-login-for-intranet-sites%2Ftrunk&old=2903294%40ldap-login-for-intranet-sites%2Ftrunk&sfp_email=&sfph_mail=#file5",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/74089b16-76fa-4654-9007-3f0c2e894894?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-261xx/CVE-2023-26131.json b/CVE-2023/CVE-2023-261xx/CVE-2023-26131.json
index 56f5cd40404..04f29a28d62 100644
--- a/CVE-2023/CVE-2023-261xx/CVE-2023-26131.json
+++ b/CVE-2023/CVE-2023-261xx/CVE-2023-26131.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-26131",
"sourceIdentifier": "report@snyk.io",
"published": "2023-05-31T05:15:10.180",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T14:08:43.840",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ },
{
"source": "report@snyk.io",
"type": "Secondary",
@@ -34,26 +54,51 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:algernon_project:algernon:*:*:*:*:*:*:*:*",
+ "matchCriteriaId": "77A5FA41-AD35-486A-9F8D-729A5FDDE458"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
- {
- "url": "https://github.com/xyproto/algernon/blob/aab484608651852d02a8a93f40baf53ed93e639a/engine/handlers.go%23L512",
- "source": "report@snyk.io"
- },
- {
- "url": "https://github.com/xyproto/algernon/blob/aab484608651852d02a8a93f40baf53ed93e639a/engine/handlers.go%23L514",
- "source": "report@snyk.io"
- },
- {
- "url": "https://github.com/xyproto/algernon/blob/aab484608651852d02a8a93f40baf53ed93e639a/themes/html.go%23L145",
- "source": "report@snyk.io"
- },
{
"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMXYPROTOALGERNONENGINE-3312111",
- "source": "report@snyk.io"
+ "source": "report@snyk.io",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMXYPROTOALGERNONTHEMES-3312112",
- "source": "report@snyk.io"
+ "source": "report@snyk.io",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-262xx/CVE-2023-26277.json b/CVE-2023/CVE-2023-262xx/CVE-2023-26277.json
index 2aa62298c93..9c3169616b3 100644
--- a/CVE-2023/CVE-2023-262xx/CVE-2023-26277.json
+++ b/CVE-2023/CVE-2023-262xx/CVE-2023-26277.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-26277",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-05-31T19:15:26.677",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T17:23:07.940",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -34,14 +54,51 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:qradar_wincollect:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "10.0",
+ "versionEndIncluding": "10.1.3",
+ "matchCriteriaId": "8C5FEF8C-12FE-4ECF-BC19-224EE9553205"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/248156",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/6999343",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-262xx/CVE-2023-26278.json b/CVE-2023/CVE-2023-262xx/CVE-2023-26278.json
index e05fa5cbcd6..6ca6583f868 100644
--- a/CVE-2023/CVE-2023-262xx/CVE-2023-26278.json
+++ b/CVE-2023/CVE-2023-262xx/CVE-2023-26278.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-26278",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-05-31T20:15:10.427",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T18:12:56.727",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -34,14 +54,52 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:qradar_wincollect:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "10.0",
+ "versionEndIncluding": "10.1.3",
+ "matchCriteriaId": "8C5FEF8C-12FE-4ECF-BC19-224EE9553205"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/248158",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/6999341",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-268xx/CVE-2023-26842.json b/CVE-2023/CVE-2023-268xx/CVE-2023-26842.json
index c524f6bad45..1b93ae56bfe 100644
--- a/CVE-2023/CVE-2023-268xx/CVE-2023-26842.json
+++ b/CVE-2023/CVE-2023-268xx/CVE-2023-26842.json
@@ -2,19 +2,74 @@
"id": "CVE-2023-26842",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T14:15:10.067",
- "lastModified": "2023-05-31T14:22:04.583",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T19:59:55.357",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:churchcrm:churchcrm:4.5.3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C5A21E4C-1CE8-4C97-9374-DD8EBDB942D5"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/10splayaSec/CVE-Disclosures/tree/main/ChurchCRM/CVE-2023-26842",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-26xx/CVE-2023-2602.json b/CVE-2023/CVE-2023-26xx/CVE-2023-2602.json
new file mode 100644
index 00000000000..72dae5392a2
--- /dev/null
+++ b/CVE-2023/CVE-2023-26xx/CVE-2023-2602.json
@@ -0,0 +1,36 @@
+{
+ "id": "CVE-2023-2602",
+ "sourceIdentifier": "secalert@redhat.com",
+ "published": "2023-06-06T20:15:12.760",
+ "lastModified": "2023-06-07T02:45:15.873",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory."
+ }
+ ],
+ "metrics": {},
+ "weaknesses": [
+ {
+ "source": "secalert@redhat.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-401"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209114",
+ "source": "secalert@redhat.com"
+ },
+ {
+ "url": "https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf",
+ "source": "secalert@redhat.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-26xx/CVE-2023-2603.json b/CVE-2023/CVE-2023-26xx/CVE-2023-2603.json
new file mode 100644
index 00000000000..21f08e85127
--- /dev/null
+++ b/CVE-2023/CVE-2023-26xx/CVE-2023-2603.json
@@ -0,0 +1,36 @@
+{
+ "id": "CVE-2023-2603",
+ "sourceIdentifier": "secalert@redhat.com",
+ "published": "2023-06-06T20:15:13.187",
+ "lastModified": "2023-06-07T02:45:15.873",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB."
+ }
+ ],
+ "metrics": {},
+ "weaknesses": [
+ {
+ "source": "secalert@redhat.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-190"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209113",
+ "source": "secalert@redhat.com"
+ },
+ {
+ "url": "https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf",
+ "source": "secalert@redhat.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-26xx/CVE-2023-2604.json b/CVE-2023/CVE-2023-26xx/CVE-2023-2604.json
new file mode 100644
index 00000000000..2d5f5a79653
--- /dev/null
+++ b/CVE-2023/CVE-2023-26xx/CVE-2023-2604.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-2604",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:10.567",
+ "lastModified": "2023-06-09T06:16:10.567",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018search_term\u2019 parameter in versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fcircle-image-slider-with-lightbox%2Ftags%2F1.0.17&old=2910236&new_path=%2Fcircle-image-slider-with-lightbox%2Ftags%2F1.0.18&new=2910236&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2627ac2b-25a8-480d-ac83-ee0ca323b3a1?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-26xx/CVE-2023-2607.json b/CVE-2023/CVE-2023-26xx/CVE-2023-2607.json
new file mode 100644
index 00000000000..c2364778dba
--- /dev/null
+++ b/CVE-2023/CVE-2023-26xx/CVE-2023-2607.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-2607",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:10.967",
+ "lastModified": "2023-06-09T06:16:10.967",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Multiple Page Generator Plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/multiple-pages-generator-by-porthas/trunk/controllers/ProjectsListManage.php#L40",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2910686%40multiple-pages-generator-by-porthas%2Ftrunk&old=2905353%40multiple-pages-generator-by-porthas%2Ftrunk&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1575f0ad-0a77-4047-844c-48db4c8b4e91?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-26xx/CVE-2023-2612.json b/CVE-2023/CVE-2023-26xx/CVE-2023-2612.json
index 7e3764d0a39..755687963fa 100644
--- a/CVE-2023/CVE-2023-26xx/CVE-2023-2612.json
+++ b/CVE-2023/CVE-2023-26xx/CVE-2023-2612.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2612",
"sourceIdentifier": "security@ubuntu.com",
"published": "2023-05-31T00:15:10.257",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T15:29:37.327",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 4.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.0,
+ "impactScore": 3.6
+ },
{
"source": "security@ubuntu.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-667"
+ }
+ ]
+ },
{
"source": "security@ubuntu.com",
"type": "Secondary",
@@ -46,14 +76,76 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
+ "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*",
+ "matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.10:*:*:*:-:*:*:*",
+ "matchCriteriaId": "47842532-D2B6-44CB-ADE2-4AC8630A4D8C"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/kinetic/commit/?id=02b47547824b1cd0d55c6744f91886f04de8947e",
- "source": "security@ubuntu.com"
+ "source": "security@ubuntu.com",
+ "tags": [
+ "Mailing List",
+ "Patch"
+ ]
},
{
"url": "https://ubuntu.com/security/CVE-2023-2612",
- "source": "security@ubuntu.com"
+ "source": "security@ubuntu.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6122-1",
+ "source": "security@ubuntu.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6123-1",
+ "source": "security@ubuntu.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6124-1",
+ "source": "security@ubuntu.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6127-1",
+ "source": "security@ubuntu.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-26xx/CVE-2023-2650.json b/CVE-2023/CVE-2023-26xx/CVE-2023-2650.json
index e245594f9e4..dbfa99c1d15 100644
--- a/CVE-2023/CVE-2023-26xx/CVE-2023-2650.json
+++ b/CVE-2023/CVE-2023-26xx/CVE-2023-2650.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2650",
"sourceIdentifier": "openssl-security@openssl.org",
"published": "2023-05-30T14:15:09.683",
- "lastModified": "2023-06-05T17:42:12.797",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-09T00:15:10.360",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -133,6 +133,14 @@
"Patch"
]
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html",
+ "source": "openssl-security@openssl.org"
+ },
+ {
+ "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009",
+ "source": "openssl-security@openssl.org"
+ },
{
"url": "https://www.debian.org/security/2023/dsa-5417",
"source": "openssl-security@openssl.org",
diff --git a/CVE-2023/CVE-2023-26xx/CVE-2023-2688.json b/CVE-2023/CVE-2023-26xx/CVE-2023-2688.json
new file mode 100644
index 00000000000..db9e9db74a9
--- /dev/null
+++ b/CVE-2023/CVE-2023-26xx/CVE-2023-2688.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-2688",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:11.217",
+ "lastModified": "2023-06-09T06:16:11.217",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfu_newpath. This allows administrator-level attackers to move files uploaded with the plugin (located in wp-content/uploads by default) outside of the web root."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2915978%40wp-file-upload%2Ftrunk&old=2909107%40wp-file-upload%2Ftrunk&sfp_email=&sfph_mail=#file2",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/abd6eeac-0a7e-4762-809f-593cd85f303d?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-271xx/CVE-2023-27126.json b/CVE-2023/CVE-2023-271xx/CVE-2023-27126.json
new file mode 100644
index 00000000000..1f56c1660f6
--- /dev/null
+++ b/CVE-2023/CVE-2023-271xx/CVE-2023-27126.json
@@ -0,0 +1,28 @@
+{
+ "id": "CVE-2023-27126",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-06T18:15:10.343",
+ "lastModified": "2023-06-06T18:33:59.493",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "http://tapo.com",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "http://tp-link.com",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://www.claranet.fr/blog/dans-les-entrailles-dune-camera-connectee-tp-link-14",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-273xx/CVE-2023-27350.json b/CVE-2023/CVE-2023-273xx/CVE-2023-27350.json
index 9c410a20d41..74618a7b4b8 100644
--- a/CVE-2023/CVE-2023-273xx/CVE-2023-27350.json
+++ b/CVE-2023/CVE-2023-273xx/CVE-2023-27350.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-27350",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2023-04-20T16:15:07.653",
- "lastModified": "2023-05-24T18:15:09.980",
+ "lastModified": "2023-06-07T18:15:09.540",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-04-21",
"cisaActionDue": "2023-05-12",
@@ -158,6 +158,10 @@
"url": "http://packetstormsecurity.com/files/172512/PaperCut-NG-MG-22.0.4-Remote-Code-Execution.html",
"source": "zdi-disclosures@trendmicro.com"
},
+ {
+ "url": "http://packetstormsecurity.com/files/172780/PaperCut-PaperCutNG-Authentication-Bypass.html",
+ "source": "zdi-disclosures@trendmicro.com"
+ },
{
"url": "https://news.sophos.com/en-us/2023/04/27/increased-exploitation-of-papercut-drawing-blood-around-the-internet/",
"source": "zdi-disclosures@trendmicro.com",
diff --git a/CVE-2023/CVE-2023-275xx/CVE-2023-27536.json b/CVE-2023/CVE-2023-275xx/CVE-2023-27536.json
index 02e41d5b44b..efda38a29bc 100644
--- a/CVE-2023/CVE-2023-275xx/CVE-2023-27536.json
+++ b/CVE-2023/CVE-2023-275xx/CVE-2023-27536.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-27536",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-03-30T20:15:07.547",
- "lastModified": "2023-05-31T17:58:07.353",
+ "lastModified": "2023-06-06T20:34:24.683",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -17,19 +17,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
- "attackComplexity": "LOW",
+ "attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
- "baseScore": 7.5,
- "baseSeverity": "HIGH"
+ "baseScore": 5.9,
+ "baseSeverity": "MEDIUM"
},
- "exploitabilityScore": 3.9,
+ "exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
diff --git a/CVE-2023/CVE-2023-278xx/CVE-2023-27881.json b/CVE-2023/CVE-2023-278xx/CVE-2023-27881.json
new file mode 100644
index 00000000000..1fd92a55ccf
--- /dev/null
+++ b/CVE-2023/CVE-2023-278xx/CVE-2023-27881.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-27881",
+ "sourceIdentifier": "ics-cert@hq.dhs.gov",
+ "published": "2023-06-07T22:15:09.657",
+ "lastModified": "2023-06-08T02:44:28.663",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\n\n\nA user could use the \u201cUpload Resource\u201d functionality to upload files to any location on the disk.\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.0,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.3,
+ "impactScore": 6.0
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-434"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13",
+ "source": "ics-cert@hq.dhs.gov"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-279xx/CVE-2023-27916.json b/CVE-2023/CVE-2023-279xx/CVE-2023-27916.json
new file mode 100644
index 00000000000..bce9164b888
--- /dev/null
+++ b/CVE-2023/CVE-2023-279xx/CVE-2023-27916.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-27916",
+ "sourceIdentifier": "ics-cert@hq.dhs.gov",
+ "published": "2023-06-06T17:15:13.200",
+ "lastModified": "2023-06-06T18:33:59.493",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nThe affected application lacks proper validation of user-supplied data when parsing font files (e.g., FNT). This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process. \n\n \n\n \n\n\n\n \n\n\n\n\n\n\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04",
+ "source": "ics-cert@hq.dhs.gov"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-279xx/CVE-2023-27934.json b/CVE-2023/CVE-2023-279xx/CVE-2023-27934.json
index 7605ea163d0..54e9c2cfee5 100644
--- a/CVE-2023/CVE-2023-279xx/CVE-2023-27934.json
+++ b/CVE-2023/CVE-2023-279xx/CVE-2023-27934.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-27934",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:17.367",
- "lastModified": "2023-05-11T20:35:24.627",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-09T00:15:09.777",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -72,6 +72,10 @@
"Release Notes",
"Vendor Advisory"
]
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213677",
+ "source": "product-security@apple.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-279xx/CVE-2023-27941.json b/CVE-2023/CVE-2023-279xx/CVE-2023-27941.json
index 77020c67dfd..285bac3c2f5 100644
--- a/CVE-2023/CVE-2023-279xx/CVE-2023-27941.json
+++ b/CVE-2023/CVE-2023-279xx/CVE-2023-27941.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-27941",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:17.670",
- "lastModified": "2023-05-30T05:15:10.907",
+ "lastModified": "2023-06-09T00:15:09.853",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -100,6 +100,10 @@
{
"url": "https://support.apple.com/en-us/HT213675",
"source": "product-security@apple.com"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213677",
+ "source": "product-security@apple.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-279xx/CVE-2023-27955.json b/CVE-2023/CVE-2023-279xx/CVE-2023-27955.json
index 60df79bfab9..9376ba70a0e 100644
--- a/CVE-2023/CVE-2023-279xx/CVE-2023-27955.json
+++ b/CVE-2023/CVE-2023-279xx/CVE-2023-27955.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-27955",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:18.317",
- "lastModified": "2023-05-19T16:15:12.967",
+ "lastModified": "2023-06-09T00:15:09.920",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -119,6 +119,10 @@
"tags": [
"Vendor Advisory"
]
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213674",
+ "source": "product-security@apple.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-279xx/CVE-2023-27963.json b/CVE-2023/CVE-2023-279xx/CVE-2023-27963.json
index 3bb1a609225..71ec4f13173 100644
--- a/CVE-2023/CVE-2023-279xx/CVE-2023-27963.json
+++ b/CVE-2023/CVE-2023-279xx/CVE-2023-27963.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-27963",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:18.773",
- "lastModified": "2023-05-30T05:15:11.463",
+ "lastModified": "2023-06-09T00:15:10.003",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -143,6 +143,10 @@
"tags": [
"Vendor Advisory"
]
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213674",
+ "source": "product-security@apple.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-279xx/CVE-2023-27985.json b/CVE-2023/CVE-2023-279xx/CVE-2023-27985.json
index 5c83827624d..44ca132f6f5 100644
--- a/CVE-2023/CVE-2023-279xx/CVE-2023-27985.json
+++ b/CVE-2023/CVE-2023-279xx/CVE-2023-27985.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-27985",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-09T06:15:32.987",
- "lastModified": "2023-03-21T17:52:13.250",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-09T07:15:09.753",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification."
+ "value": "emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90"
}
],
"metrics": {
@@ -90,6 +90,10 @@
"Patch"
]
},
+ {
+ "url": "https://www.gabriel.urdhr.fr/2023/06/08/emacsclient-mail-shell-elisp-injections/",
+ "source": "cve@mitre.org"
+ },
{
"url": "https://www.openwall.com/lists/oss-security/2023/03/08/2",
"source": "cve@mitre.org",
diff --git a/CVE-2023/CVE-2023-279xx/CVE-2023-27986.json b/CVE-2023/CVE-2023-279xx/CVE-2023-27986.json
index 8a86ae2e389..50412706369 100644
--- a/CVE-2023/CVE-2023-279xx/CVE-2023-27986.json
+++ b/CVE-2023/CVE-2023-279xx/CVE-2023-27986.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-27986",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-09T06:15:33.187",
- "lastModified": "2023-03-21T17:52:36.217",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-09T06:16:00.423",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters."
+ "value": "emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90."
}
],
"metrics": {
@@ -82,6 +82,10 @@
"Patch"
]
},
+ {
+ "url": "https://www.gabriel.urdhr.fr/2023/06/08/emacsclient-mail-shell-elisp-injections/",
+ "source": "cve@mitre.org"
+ },
{
"url": "https://www.openwall.com/lists/oss-security/2023/03/08/2",
"source": "cve@mitre.org",
diff --git a/CVE-2023/CVE-2023-279xx/CVE-2023-27990.json b/CVE-2023/CVE-2023-279xx/CVE-2023-27990.json
index 09771697c4f..4abcbd51f54 100644
--- a/CVE-2023/CVE-2023-279xx/CVE-2023-27990.json
+++ b/CVE-2023/CVE-2023-279xx/CVE-2023-27990.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-27990",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-04-24T18:15:09.440",
- "lastModified": "2023-05-03T15:01:39.687",
+ "lastModified": "2023-06-07T18:20:46.193",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -285,16 +285,7 @@
"nodes": [
{
"operator": "OR",
- "negate": false,
- "cpeMatch": [
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*",
- "versionStartIncluding": "4.50",
- "versionEndExcluding": "5.36",
- "matchCriteriaId": "07895A23-2B15-4631-A55A-798B35A63E2D"
- }
- ]
+ "negate": false
},
{
"operator": "OR",
@@ -430,16 +421,7 @@
"nodes": [
{
"operator": "OR",
- "negate": false,
- "cpeMatch": [
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*",
- "versionStartIncluding": "4.16",
- "versionEndExcluding": "5.36",
- "matchCriteriaId": "224300FB-2462-4E88-A41E-E9E8EAE9CF48"
- }
- ]
+ "negate": false
},
{
"operator": "OR",
diff --git a/CVE-2023/CVE-2023-279xx/CVE-2023-27991.json b/CVE-2023/CVE-2023-279xx/CVE-2023-27991.json
index 8857c67bbe9..4c3b8fc6099 100644
--- a/CVE-2023/CVE-2023-279xx/CVE-2023-27991.json
+++ b/CVE-2023/CVE-2023-279xx/CVE-2023-27991.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-27991",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-04-24T18:15:09.497",
- "lastModified": "2023-05-03T15:04:37.820",
+ "lastModified": "2023-06-07T18:20:46.193",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -285,16 +285,7 @@
"nodes": [
{
"operator": "OR",
- "negate": false,
- "cpeMatch": [
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*",
- "versionStartIncluding": "4.50",
- "versionEndExcluding": "5.36",
- "matchCriteriaId": "07895A23-2B15-4631-A55A-798B35A63E2D"
- }
- ]
+ "negate": false
},
{
"operator": "OR",
@@ -430,16 +421,7 @@
"nodes": [
{
"operator": "OR",
- "negate": false,
- "cpeMatch": [
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*",
- "versionStartIncluding": "4.16",
- "versionEndExcluding": "5.36",
- "matchCriteriaId": "224300FB-2462-4E88-A41E-E9E8EAE9CF48"
- }
- ]
+ "negate": false
},
{
"operator": "OR",
diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2704.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2704.json
index bc25b5dc547..74951ffaf6c 100644
--- a/CVE-2023/CVE-2023-27xx/CVE-2023-2704.json
+++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2704.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2704",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-05-19T03:15:08.840",
- "lastModified": "2023-05-26T18:22:07.733",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-05T22:15:11.877",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -95,6 +95,10 @@
}
],
"references": [
+ {
+ "url": "https://lana.codes/lanavdb/1bd0dfd9-ffec-4d69-bc55-286751300cab/",
+ "source": "security@wordfence.com"
+ },
{
"url": "https://plugins.trac.wordpress.org/browser/bp-social-connect/tags/1.5/includes/social/facebook/class.facebook.php#L138",
"source": "security@wordfence.com",
diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2706.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2706.json
index 472b6d3f60b..9e0ea30ddeb 100644
--- a/CVE-2023/CVE-2023-27xx/CVE-2023-2706.json
+++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2706.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2706",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-05-17T02:15:11.953",
- "lastModified": "2023-05-25T19:08:24.450",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-05T22:15:12.110",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -95,6 +95,10 @@
}
],
"references": [
+ {
+ "url": "https://lana.codes/lanavdb/87b5e80e-fd5b-47c3-bf82-088bdf4573b5/",
+ "source": "security@wordfence.com"
+ },
{
"url": "https://plugins.trac.wordpress.org/browser/mobile-login-woocommerce/tags/2.2/includes/class-xoo-ml-verification.php#L362",
"source": "security@wordfence.com",
diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2749.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2749.json
index 0a02ec634a3..4f4a8a322af 100644
--- a/CVE-2023/CVE-2023-27xx/CVE-2023-2749.json
+++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2749.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2749",
"sourceIdentifier": "security@asustor.com",
"published": "2023-05-31T09:15:10.490",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T14:07:01.237",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
{
"source": "security@asustor.com",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-276"
+ }
+ ]
+ },
{
"source": "security@asustor.com",
"type": "Secondary",
@@ -50,10 +80,49 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:asustor:download_center:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "1.1.5",
+ "versionEndExcluding": "1.1.5.r1298",
+ "matchCriteriaId": "503AD2F7-FD3C-4BFE-976A-B10AEB7B02B1"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:a:asustor:adm:4.1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "63289DB6-E94A-4542-A9EA-1E560CCC9D30"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:a:asustor:adm:4.2.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "44D051A3-DC4D-404C-9D4B-31461265BA6C"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://www.asustor.com/security/security_advisory_detail?id=24",
- "source": "security@asustor.com"
+ "source": "security@asustor.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2758.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2758.json
index 1301f145fdd..4b06ee4c9f8 100644
--- a/CVE-2023/CVE-2023-27xx/CVE-2023-2758.json
+++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2758.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2758",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2023-05-31T15:15:09.473",
- "lastModified": "2023-05-31T17:37:09.913",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T14:35:41.433",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "LOW",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ },
{
"source": "vulnreport@tenable.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-Other"
+ }
+ ]
+ },
{
"source": "vulnreport@tenable.com",
"type": "Secondary",
@@ -46,14 +76,39 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:contec:conprosys_hmi_system:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "3.5.3",
+ "matchCriteriaId": "E75EB317-708F-4E02-B521-C788934DFB97"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU93372935/index.html",
- "source": "vulnreport@tenable.com"
+ "source": "vulnreport@tenable.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.tenable.com/security/research/tra-2023-21",
- "source": "vulnreport@tenable.com"
+ "source": "vulnreport@tenable.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2764.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2764.json
new file mode 100644
index 00000000000..9cad20afc86
--- /dev/null
+++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2764.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-2764",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:11.573",
+ "lastModified": "2023-06-09T06:16:11.573",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_set_featured_image function in versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the featured image of arbitrary posts with an image that exists in the media library."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/draw-attention/trunk/public/includes/lib/drag-drop-featured-image/index.php#L500",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2917528/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/18530601-a294-448c-a1b2-c3995f9042ac?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2767.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2767.json
new file mode 100644
index 00000000000..76dc33a7639
--- /dev/null
+++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2767.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-2767",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:11.867",
+ "lastModified": "2023-06-09T06:16:11.867",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.19.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.3,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2915978%40wp-file-upload%2Ftrunk&old=2909107%40wp-file-upload%2Ftrunk&sfp_email=&sfph_mail=#file2",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/23334d94-e5b8-4c88-8765-02ad19e17248?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-280xx/CVE-2023-28079.json b/CVE-2023/CVE-2023-280xx/CVE-2023-28079.json
index 8f1c8285f4f..cd16e9c1e86 100644
--- a/CVE-2023/CVE-2023-280xx/CVE-2023-28079.json
+++ b/CVE-2023/CVE-2023-280xx/CVE-2023-28079.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-28079",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-05-30T16:15:09.763",
- "lastModified": "2023-05-30T16:36:55.623",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T14:23:31.040",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ },
{
"source": "security_alert@emc.com",
"type": "Secondary",
@@ -46,10 +66,41 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:dell:powerpath:7.0:*:*:*:*:windows:*:*",
+ "matchCriteriaId": "381F7BE1-3FD4-48C4-9A80-687C2BBFA7AD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:dell:powerpath:7.1:*:*:*:*:windows:*:*",
+ "matchCriteriaId": "2877B661-722E-46EB-B396-024B7B7D2A02"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:dell:powerpath:7.2:*:*:*:*:windows:*:*",
+ "matchCriteriaId": "41D40F07-86F1-4466-90CE-13CE744A0BCB"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000214248/dsa-2023-154-powerpath-windows-security-update-for-security-update-for-multiple-vulnerabilities",
- "source": "security_alert@emc.com"
+ "source": "security_alert@emc.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-280xx/CVE-2023-28080.json b/CVE-2023/CVE-2023-280xx/CVE-2023-28080.json
index 191f96f4aba..c8429058b03 100644
--- a/CVE-2023/CVE-2023-280xx/CVE-2023-28080.json
+++ b/CVE-2023/CVE-2023-280xx/CVE-2023-28080.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-28080",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-05-30T16:15:09.837",
- "lastModified": "2023-05-30T16:36:55.623",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T14:23:10.780",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.3,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.3,
+ "impactScore": 5.9
+ },
{
"source": "security_alert@emc.com",
"type": "Secondary",
@@ -46,10 +66,41 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:dell:powerpath:7.0:*:*:*:*:windows:*:*",
+ "matchCriteriaId": "381F7BE1-3FD4-48C4-9A80-687C2BBFA7AD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:dell:powerpath:7.1:*:*:*:*:windows:*:*",
+ "matchCriteriaId": "2877B661-722E-46EB-B396-024B7B7D2A02"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:dell:powerpath:7.2:*:*:*:*:windows:*:*",
+ "matchCriteriaId": "41D40F07-86F1-4466-90CE-13CE744A0BCB"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000214248/dsa-2023-154-powerpath-windows-security-update-for-security-update-for-multiple-vulnerabilities",
- "source": "security_alert@emc.com"
+ "source": "security_alert@emc.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-281xx/CVE-2023-28159.json b/CVE-2023/CVE-2023-281xx/CVE-2023-28159.json
index ebd1a3f9983..4c71549c303 100644
--- a/CVE-2023/CVE-2023-281xx/CVE-2023-28159.json
+++ b/CVE-2023/CVE-2023-281xx/CVE-2023-28159.json
@@ -2,23 +2,90 @@
"id": "CVE-2023-28159",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:12.033",
- "lastModified": "2023-06-02T18:10:11.837",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T20:00:27.803",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion or spoofing attacks.
*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 111."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "111.0",
+ "matchCriteriaId": "4C92D5DB-CF3B-4C0C-918A-D2DE67B898F8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*",
+ "versionEndExcluding": "111.0",
+ "matchCriteriaId": "15D61809-2D26-4664-9034-0504D0183F60"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1783561",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-09/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-281xx/CVE-2023-28160.json b/CVE-2023/CVE-2023-281xx/CVE-2023-28160.json
index 69d9cc64204..2184f27b3a0 100644
--- a/CVE-2023/CVE-2023-281xx/CVE-2023-28160.json
+++ b/CVE-2023/CVE-2023-281xx/CVE-2023-28160.json
@@ -2,23 +2,84 @@
"id": "CVE-2023-28160",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:12.077",
- "lastModified": "2023-06-02T18:10:11.837",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T20:07:46.400",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "When following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking potentially sensitive information. This vulnerability affects Firefox < 111."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "111.0",
+ "matchCriteriaId": "4C92D5DB-CF3B-4C0C-918A-D2DE67B898F8"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1802385",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-09/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-281xx/CVE-2023-28163.json b/CVE-2023/CVE-2023-281xx/CVE-2023-28163.json
index dc4349b2cf9..421a0714b33 100644
--- a/CVE-2023/CVE-2023-281xx/CVE-2023-28163.json
+++ b/CVE-2023/CVE-2023-281xx/CVE-2023-28163.json
@@ -2,31 +2,110 @@
"id": "CVE-2023-28163",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:12.207",
- "lastModified": "2023-06-02T18:10:11.837",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T20:21:53.720",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user.
*This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "111.0",
+ "matchCriteriaId": "4C92D5DB-CF3B-4C0C-918A-D2DE67B898F8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.9",
+ "matchCriteriaId": "58A3D950-1352-42E9-9EB7-2093771B3C43"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.9",
+ "matchCriteriaId": "240CD7F0-941B-4C7D-8AAE-E0E65D014D7A"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1817768",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-09/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-10/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-11/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-281xx/CVE-2023-28164.json b/CVE-2023/CVE-2023-281xx/CVE-2023-28164.json
index 1309e47e0e2..1b79ba85336 100644
--- a/CVE-2023/CVE-2023-281xx/CVE-2023-28164.json
+++ b/CVE-2023/CVE-2023-281xx/CVE-2023-28164.json
@@ -2,31 +2,110 @@
"id": "CVE-2023-28164",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:12.253",
- "lastModified": "2023-06-02T18:10:11.837",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-09T03:57:13.657",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1110",
+ "matchCriteriaId": "F7AA4D22-C19E-4E2E-8C2E-50C5C97D451F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.9",
+ "matchCriteriaId": "58A3D950-1352-42E9-9EB7-2093771B3C43"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.9",
+ "matchCriteriaId": "240CD7F0-941B-4C7D-8AAE-E0E65D014D7A"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1809122",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-09/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-10/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-11/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-281xx/CVE-2023-28176.json b/CVE-2023/CVE-2023-281xx/CVE-2023-28176.json
index 5bba603f6f5..193c6bb1a95 100644
--- a/CVE-2023/CVE-2023-281xx/CVE-2023-28176.json
+++ b/CVE-2023/CVE-2023-281xx/CVE-2023-28176.json
@@ -2,31 +2,109 @@
"id": "CVE-2023-28176",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:12.297",
- "lastModified": "2023-06-02T18:10:11.837",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-09T03:57:11.497",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Mozilla developers Timothy Nikkel, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "111.0",
+ "matchCriteriaId": "4C92D5DB-CF3B-4C0C-918A-D2DE67B898F8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.9",
+ "matchCriteriaId": "58A3D950-1352-42E9-9EB7-2093771B3C43"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.9",
+ "matchCriteriaId": "240CD7F0-941B-4C7D-8AAE-E0E65D014D7A"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1808352%2C1811637%2C1815904%2C1817442%2C1818674",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Not Applicable",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-09/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-10/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-11/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-281xx/CVE-2023-28177.json b/CVE-2023/CVE-2023-281xx/CVE-2023-28177.json
index e17ad9f13a0..6d2a43f5fd6 100644
--- a/CVE-2023/CVE-2023-281xx/CVE-2023-28177.json
+++ b/CVE-2023/CVE-2023-281xx/CVE-2023-28177.json
@@ -2,23 +2,83 @@
"id": "CVE-2023-28177",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:12.347",
- "lastModified": "2023-06-02T18:10:11.837",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-09T03:57:08.567",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Mozilla developers and community members Calixte Denizet, Gabriele Svelto, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 110. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "111.0",
+ "matchCriteriaId": "4C92D5DB-CF3B-4C0C-918A-D2DE67B898F8"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1803109%2C1808832%2C1809542%2C1817336",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Not Applicable",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-09/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-281xx/CVE-2023-28178.json b/CVE-2023/CVE-2023-281xx/CVE-2023-28178.json
index 97d82080cf6..968e099fce2 100644
--- a/CVE-2023/CVE-2023-281xx/CVE-2023-28178.json
+++ b/CVE-2023/CVE-2023-281xx/CVE-2023-28178.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-28178",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:19.163",
- "lastModified": "2023-05-19T16:15:13.567",
+ "lastModified": "2023-06-09T00:15:10.073",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -105,6 +105,14 @@
"tags": [
"Vendor Advisory"
]
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213674",
+ "source": "product-security@apple.com"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213678",
+ "source": "product-security@apple.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-281xx/CVE-2023-28181.json b/CVE-2023/CVE-2023-281xx/CVE-2023-28181.json
index ff5510607eb..3e8eae894e9 100644
--- a/CVE-2023/CVE-2023-281xx/CVE-2023-28181.json
+++ b/CVE-2023/CVE-2023-281xx/CVE-2023-28181.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-28181",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:19.273",
- "lastModified": "2023-05-30T06:16:27.220",
+ "lastModified": "2023-06-09T00:15:10.140",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -132,6 +132,10 @@
{
"url": "https://support.apple.com/en-us/HT213765",
"source": "product-security@apple.com"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213677",
+ "source": "product-security@apple.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-281xx/CVE-2023-28189.json b/CVE-2023/CVE-2023-281xx/CVE-2023-28189.json
index a9b3dfa2139..a4ce258651b 100644
--- a/CVE-2023/CVE-2023-281xx/CVE-2023-28189.json
+++ b/CVE-2023/CVE-2023-281xx/CVE-2023-28189.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-28189",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:19.417",
- "lastModified": "2023-05-19T16:15:13.793",
+ "lastModified": "2023-06-09T00:15:10.210",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -82,6 +82,10 @@
{
"url": "https://support.apple.com/en-us/HT213675",
"source": "product-security@apple.com"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213677",
+ "source": "product-security@apple.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-282xx/CVE-2023-28201.json b/CVE-2023/CVE-2023-282xx/CVE-2023-28201.json
index fde2d6d4e78..fa6a3b422b6 100644
--- a/CVE-2023/CVE-2023-282xx/CVE-2023-28201.json
+++ b/CVE-2023/CVE-2023-282xx/CVE-2023-28201.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-28201",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:19.747",
- "lastModified": "2023-05-19T16:15:13.973",
+ "lastModified": "2023-06-09T00:15:10.297",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -125,6 +125,10 @@
"tags": [
"Vendor Advisory"
]
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213674",
+ "source": "product-security@apple.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28319.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28319.json
index 2e0d937b706..63095cc5413 100644
--- a/CVE-2023/CVE-2023-283xx/CVE-2023-28319.json
+++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28319.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-28319",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-05-26T21:15:10.020",
- "lastModified": "2023-06-02T18:19:19.607",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-09T08:15:09.393",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -83,6 +83,10 @@
"Patch",
"Third Party Advisory"
]
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230609-0009/",
+ "source": "support@hackerone.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28320.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28320.json
index 1e568317eef..964ee9876bb 100644
--- a/CVE-2023/CVE-2023-283xx/CVE-2023-28320.json
+++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28320.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-28320",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-05-26T21:15:15.937",
- "lastModified": "2023-06-02T18:21:09.173",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-09T08:15:09.493",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -87,6 +87,10 @@
"Patch",
"Third Party Advisory"
]
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230609-0009/",
+ "source": "support@hackerone.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28321.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28321.json
index c54291e127d..c023ee7f5a3 100644
--- a/CVE-2023/CVE-2023-283xx/CVE-2023-28321.json
+++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28321.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-28321",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-05-26T21:15:16.020",
- "lastModified": "2023-06-02T18:23:04.057",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-09T08:15:09.617",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -83,6 +83,18 @@
"Patch",
"Third Party Advisory"
]
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/",
+ "source": "support@hackerone.com"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/",
+ "source": "support@hackerone.com"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230609-0009/",
+ "source": "support@hackerone.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28322.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28322.json
index d0752a130fb..e71a8baa932 100644
--- a/CVE-2023/CVE-2023-283xx/CVE-2023-28322.json
+++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28322.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-28322",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-05-26T21:15:16.153",
- "lastModified": "2023-06-02T18:25:22.687",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-09T08:15:09.730",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -83,6 +83,18 @@
"Patch",
"Third Party Advisory"
]
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/",
+ "source": "support@hackerone.com"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/",
+ "source": "support@hackerone.com"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230609-0009/",
+ "source": "support@hackerone.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28344.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28344.json
index 21df48e96da..80d2b43b666 100644
--- a/CVE-2023/CVE-2023-283xx/CVE-2023-28344.json
+++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28344.json
@@ -2,23 +2,96 @@
"id": "CVE-2023-28344",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T00:15:09.697",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T18:18:18.793",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application allows unauthenticated attackers to view constantly updated screenshots of student desktops and to submit falsified screenshots on behalf of students. Attackers are able to view screenshots of student desktops without their consent. These screenshots may potentially contain sensitive/personal data. Attackers can also rapidly submit falsified images, hiding the actual contents of student desktops from the Teacher Console."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 4.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-668"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:faronics:insight:10.0.19045:*:*:*:*:*:*:*",
+ "matchCriteriaId": "492CED5D-9EF5-4D18-BD58-60EE07CB06C2"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Mitigation",
+ "Release Notes",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://research.nccgroup.com/?research=Technical%20advisories",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28345.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28345.json
index bcebe3ca196..bdd9eb4e2d6 100644
--- a/CVE-2023/CVE-2023-283xx/CVE-2023-28345.json
+++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28345.json
@@ -2,23 +2,96 @@
"id": "CVE-2023-28345",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T00:15:09.747",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T18:31:21.130",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application exposes the teacher's Console password in cleartext via an API endpoint accessible from localhost. Attackers with physical access to the Teacher Console can open a web browser, navigate to the affected endpoint and obtain the teacher's password. This enables them to log into the Teacher Console and begin trivially attacking student machines."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "PHYSICAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.6,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-312"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:faronics:insight:10.0.19045:*:*:*:*:*:*:*",
+ "matchCriteriaId": "492CED5D-9EF5-4D18-BD58-60EE07CB06C2"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Mitigation",
+ "Release Notes",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://research.nccgroup.com/?research=Technical%20advisories",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28346.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28346.json
index ef904a7d8f6..d3e19a39690 100644
--- a/CVE-2023/CVE-2023-283xx/CVE-2023-28346.json
+++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28346.json
@@ -2,23 +2,96 @@
"id": "CVE-2023-28346",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T00:15:09.793",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T18:32:37.623",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for a remote attacker to communicate with the private API endpoints exposed at /login, /consoleSettings, /console, etc. despite Virtual Host Routing being used to block this access. Remote attackers can interact with private pages on the web server, enabling them to perform privileged actions such as logging into the console and changing console settings if they have valid credentials."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.3,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-732"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:faronics:insight:10.0.19045:*:*:*:*:*:*:*",
+ "matchCriteriaId": "492CED5D-9EF5-4D18-BD58-60EE07CB06C2"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Mitigation",
+ "Release Notes",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://research.nccgroup.com/?research=Technical%20advisories",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28347.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28347.json
index 19204803664..7b2f5f34e89 100644
--- a/CVE-2023/CVE-2023-283xx/CVE-2023-28347.json
+++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28347.json
@@ -2,23 +2,96 @@
"id": "CVE-2023-28347",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T00:15:09.840",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T18:33:13.453",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a proof-of-concept script that functions similarly to a Student Console, providing unauthenticated attackers with the ability to exploit XSS vulnerabilities within the Teacher Console application and achieve remote code execution as NT AUTHORITY/SYSTEM on all connected Student Consoles and the Teacher Console in a Zero Click manner."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.6,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 6.0
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:faronics:insight:10.0.19045:*:*:*:*:*:*:*",
+ "matchCriteriaId": "492CED5D-9EF5-4D18-BD58-60EE07CB06C2"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Mitigation",
+ "Release Notes",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://research.nccgroup.com/?research=Technical%20advisories",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28348.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28348.json
index b3386cbd2c7..3f0057be408 100644
--- a/CVE-2023/CVE-2023-283xx/CVE-2023-28348.json
+++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28348.json
@@ -2,23 +2,96 @@
"id": "CVE-2023-28348",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T00:15:09.887",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T18:33:49.077",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Faronics Insight 10.0.19045 on Windows. A suitably positioned attacker could perform a man-in-the-middle attack on either a connected student or teacher, enabling them to intercept student keystrokes or modify executable files being sent from teachers to students."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.4,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.2,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-319"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:faronics:insight:10.0.19045:*:*:*:*:*:*:*",
+ "matchCriteriaId": "492CED5D-9EF5-4D18-BD58-60EE07CB06C2"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Mitigation",
+ "Release Notes",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://research.nccgroup.com/?research=Technical%20advisories",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28349.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28349.json
index 24c113fb7e0..f459273ce50 100644
--- a/CVE-2023/CVE-2023-283xx/CVE-2023-28349.json
+++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28349.json
@@ -2,23 +2,96 @@
"id": "CVE-2023-28349",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T00:15:09.933",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T15:51:22.353",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a crafted program that functions similarly to the Teacher Console. This can compel Student Consoles to connect and put themselves at risk automatically. Connected Student Consoles can be compelled to write arbitrary files to arbitrary locations on disk with NT AUTHORITY/SYSTEM level permissions, enabling remote code execution."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-346"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:faronics:insight:10.0.19045:*:*:*:*:*:*:*",
+ "matchCriteriaId": "492CED5D-9EF5-4D18-BD58-60EE07CB06C2"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Mitigation",
+ "Release Notes",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://research.nccgroup.com/?research=Technical%20advisories",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28392.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28392.json
index 022a0fdc595..4400953154d 100644
--- a/CVE-2023/CVE-2023-283xx/CVE-2023-28392.json
+++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28392.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-28392",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-05-23T02:15:10.140",
- "lastModified": "2023-05-30T16:58:18.333",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-09T06:16:00.853",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "Wi-Fi AP UNIT AC-WAPU-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B08P and earlier, AC-WAPUM-300 v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B08P and earlier allow a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command."
+ "value": "Wi-Fi AP UNIT AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM v1.05_B04 and earlier, AC-PD-WAPU-P v1.05_B04P and earlier, AC-PD-WAPUM-P v1.05_B04P and earlier, AC-WAPU-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B08P and earlier, AC-WAPUM-300 v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B08P and earlier allow an authenticated user with an administrative privilege to execute an arbitrary OS command."
}
],
"metrics": {
@@ -161,6 +161,10 @@
}
],
"references": [
+ {
+ "url": "https://jvn.jp/en/jp/JVN28412757/",
+ "source": "vultures@jpcert.or.jp"
+ },
{
"url": "https://jvn.jp/en/vu/JVNVU98968780/",
"source": "vultures@jpcert.or.jp",
diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28399.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28399.json
index b85c8264be4..3576a636a03 100644
--- a/CVE-2023/CVE-2023-283xx/CVE-2023-28399.json
+++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28399.json
@@ -2,27 +2,89 @@
"id": "CVE-2023-28399",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-01T02:15:09.497",
- "lastModified": "2023-06-01T13:00:35.567",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T13:55:19.647",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Incorrect permission assignment for critical resource exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. ACL (Access Control List) is not appropriately set to the local folder where the affected product is installed, therefore a wide range of privileges is permitted to a user of the PC where the affected product is installed. As a result, the user may be able to destroy the system and/or execute a malicious program."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-732"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:contec:conprosys_hmi_system:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "3.5.3",
+ "matchCriteriaId": "E75EB317-708F-4E02-B521-C788934DFB97"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU93372935/",
- "source": "vultures@jpcert.or.jp"
+ "source": "vultures@jpcert.or.jp",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdf",
- "source": "vultures@jpcert.or.jp"
+ "source": "vultures@jpcert.or.jp",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdf",
- "source": "vultures@jpcert.or.jp"
+ "source": "vultures@jpcert.or.jp",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-286xx/CVE-2023-28651.json b/CVE-2023/CVE-2023-286xx/CVE-2023-28651.json
index a8fe1f9d989..c38380f6dfb 100644
--- a/CVE-2023/CVE-2023-286xx/CVE-2023-28651.json
+++ b/CVE-2023/CVE-2023-286xx/CVE-2023-28651.json
@@ -2,27 +2,89 @@
"id": "CVE-2023-28651",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-01T02:15:09.550",
- "lastModified": "2023-06-01T13:00:35.567",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T13:55:00.913",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. If a user who can access the affected product with an administrative privilege configures specially crafted settings, an arbitrary script may be executed on the web browser of the other user who is accessing the affected product with an administrative privilege."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.8,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.7,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:contec:conprosys_hmi_system:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "3.5.3",
+ "matchCriteriaId": "E75EB317-708F-4E02-B521-C788934DFB97"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU93372935/",
- "source": "vultures@jpcert.or.jp"
+ "source": "vultures@jpcert.or.jp",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdf",
- "source": "vultures@jpcert.or.jp"
+ "source": "vultures@jpcert.or.jp",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdf",
- "source": "vultures@jpcert.or.jp"
+ "source": "vultures@jpcert.or.jp",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-286xx/CVE-2023-28653.json b/CVE-2023/CVE-2023-286xx/CVE-2023-28653.json
new file mode 100644
index 00000000000..7f53444fe5e
--- /dev/null
+++ b/CVE-2023/CVE-2023-286xx/CVE-2023-28653.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-28653",
+ "sourceIdentifier": "ics-cert@hq.dhs.gov",
+ "published": "2023-06-06T17:15:13.543",
+ "lastModified": "2023-06-06T18:33:59.493",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nThe affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to a use-after-free vulnerability. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. \n\n \n\n \n\n \n\n\n\n \n\n\n\n\n\n\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-416"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04",
+ "source": "ics-cert@hq.dhs.gov"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-286xx/CVE-2023-28656.json b/CVE-2023/CVE-2023-286xx/CVE-2023-28656.json
index f1a0f48b7ae..58b25e2d4e2 100644
--- a/CVE-2023/CVE-2023-286xx/CVE-2023-28656.json
+++ b/CVE-2023/CVE-2023-286xx/CVE-2023-28656.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-28656",
"sourceIdentifier": "f5sirt@f5.com",
"published": "2023-05-03T15:15:12.860",
- "lastModified": "2023-05-10T18:56:49.780",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-09T08:15:09.817",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -36,7 +36,7 @@
},
"weaknesses": [
{
- "source": "nvd@nist.gov",
+ "source": "f5sirt@f5.com",
"type": "Primary",
"description": [
{
@@ -46,7 +46,7 @@
]
},
{
- "source": "f5sirt@f5.com",
+ "source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
@@ -96,6 +96,10 @@
"tags": [
"Vendor Advisory"
]
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230609-0006/",
+ "source": "f5sirt@f5.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-286xx/CVE-2023-28657.json b/CVE-2023/CVE-2023-286xx/CVE-2023-28657.json
index 4669b2e7995..2da6c351c12 100644
--- a/CVE-2023/CVE-2023-286xx/CVE-2023-28657.json
+++ b/CVE-2023/CVE-2023-286xx/CVE-2023-28657.json
@@ -2,27 +2,89 @@
"id": "CVE-2023-28657",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-01T02:15:09.597",
- "lastModified": "2023-06-01T13:00:35.567",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T13:53:45.030",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user of the PC where the affected product is installed may gain an administrative privilege. As a result, information regarding the product may be obtained and/or altered by the user."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-Other"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:contec:conprosys_hmi_system:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "3.5.3",
+ "matchCriteriaId": "E75EB317-708F-4E02-B521-C788934DFB97"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU93372935/",
- "source": "vultures@jpcert.or.jp"
+ "source": "vultures@jpcert.or.jp",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdf",
- "source": "vultures@jpcert.or.jp"
+ "source": "vultures@jpcert.or.jp",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdf",
- "source": "vultures@jpcert.or.jp"
+ "source": "vultures@jpcert.or.jp",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28713.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28713.json
index b5239ecb0a4..3a18b0a46b7 100644
--- a/CVE-2023/CVE-2023-287xx/CVE-2023-28713.json
+++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28713.json
@@ -2,27 +2,89 @@
"id": "CVE-2023-28713",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-01T02:15:09.637",
- "lastModified": "2023-06-01T13:00:35.567",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T13:48:05.117",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Plaintext storage of a password exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. Because account information of the database is saved in a local file in plaintext, a user who can access the PC where the affected product is installed can obtain the information. As a result, information in the database may be obtained and/or altered by the user."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 8.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-312"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:contec:conprosys_hmi_system:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "3.5.3",
+ "matchCriteriaId": "E75EB317-708F-4E02-B521-C788934DFB97"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU93372935/",
- "source": "vultures@jpcert.or.jp"
+ "source": "vultures@jpcert.or.jp",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdf",
- "source": "vultures@jpcert.or.jp"
+ "source": "vultures@jpcert.or.jp",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdf",
- "source": "vultures@jpcert.or.jp"
+ "source": "vultures@jpcert.or.jp",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28724.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28724.json
index 4513c3c536c..f57d7793f7f 100644
--- a/CVE-2023/CVE-2023-287xx/CVE-2023-28724.json
+++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28724.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-28724",
"sourceIdentifier": "f5sirt@f5.com",
"published": "2023-05-03T15:15:13.020",
- "lastModified": "2023-05-10T18:53:37.480",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-09T08:15:10.027",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -86,6 +86,10 @@
"tags": [
"Vendor Advisory"
]
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230609-0006/",
+ "source": "f5sirt@f5.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28771.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28771.json
index 560f2d9ba94..3d5a6b849ad 100644
--- a/CVE-2023/CVE-2023-287xx/CVE-2023-28771.json
+++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28771.json
@@ -2,8 +2,12 @@
"id": "CVE-2023-28771",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-04-25T02:15:08.743",
- "lastModified": "2023-05-04T18:46:01.730",
+ "lastModified": "2023-06-07T18:20:46.193",
"vulnStatus": "Analyzed",
+ "cisaExploitAdd": "2023-05-31",
+ "cisaActionDue": "2023-06-21",
+ "cisaRequiredAction": "Apply updates per vendor instructions.",
+ "cisaVulnerabilityName": "Zyxel Multiple Firewalls OS Command Injection Vulnerability",
"descriptions": [
{
"lang": "en",
@@ -343,16 +347,7 @@
"nodes": [
{
"operator": "OR",
- "negate": false,
- "cpeMatch": [
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*",
- "versionStartIncluding": "4.60",
- "versionEndExcluding": "5.36",
- "matchCriteriaId": "3CF08551-BA8E-47BC-985D-D5ED76A46793"
- }
- ]
+ "negate": false
},
{
"operator": "OR",
diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28772.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28772.json
index 4fa679c1266..13bfb741c2f 100644
--- a/CVE-2023/CVE-2023-287xx/CVE-2023-28772.json
+++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28772.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-28772",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-23T15:15:12.177",
- "lastModified": "2023-04-27T15:15:12.957",
- "vulnStatus": "Modified",
+ "lastModified": "2023-06-06T18:34:31.300",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -17,19 +17,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
- "privilegesRequired": "LOW",
+ "privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
- "baseScore": 7.8,
- "baseSeverity": "HIGH"
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
},
- "exploitabilityScore": 1.8,
+ "exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
@@ -56,8 +56,58 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "2.6.27",
+ "versionEndExcluding": "4.4.276",
+ "matchCriteriaId": "AC46ADF4-F65E-4A9C-8AFA-1C349FACCCC1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.5",
+ "versionEndExcluding": "4.9.276",
+ "matchCriteriaId": "C79FFC06-9530-4CD7-B651-01D786CC925E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.10",
+ "versionEndExcluding": "4.14.240",
+ "matchCriteriaId": "FB359B2E-773D-4D52-9915-E07A47ABE72B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.15",
+ "versionEndExcluding": "4.19.198",
+ "matchCriteriaId": "B93AEDB9-C52B-4222-8F9A-882DAD9EF5B2"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.20",
+ "versionEndExcluding": "5.4.133",
+ "matchCriteriaId": "65A8F1FF-5639-455A-8BF4-9FF529240505"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "5.5",
+ "versionEndExcluding": "5.10.51",
+ "matchCriteriaId": "93289127-DFB3-4515-89DD-50521FF8B7FF"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "5.11",
+ "versionEndExcluding": "5.12.18",
+ "matchCriteriaId": "79D13C82-E06F-4A70-A3D1-C09494FBC94D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "5.13",
"versionEndExcluding": "5.13.3",
- "matchCriteriaId": "DD89F539-A702-48B0-BFD3-7AC4E4A0A41C"
+ "matchCriteriaId": "853187F6-707A-487B-95C0-621B5211B43C"
}
]
}
@@ -69,14 +119,16 @@
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3",
"source": "cve@mitre.org",
"tags": [
- "Release Notes"
+ "Release Notes",
+ "Vendor Advisory"
]
},
{
"url": "https://github.com/torvalds/linux/commit/d3b16034a24a112bb83aeb669ac5b9b01f744bb7",
"source": "cve@mitre.org",
"tags": [
- "Patch"
+ "Patch",
+ "Vendor Advisory"
]
},
{
@@ -84,7 +136,8 @@
"source": "cve@mitre.org",
"tags": [
"Mailing List",
- "Patch"
+ "Patch",
+ "Vendor Advisory"
]
},
{
@@ -92,12 +145,16 @@
"source": "cve@mitre.org",
"tags": [
"Mailing List",
- "Patch"
+ "Patch",
+ "Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230427-0005/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-288xx/CVE-2023-28824.json b/CVE-2023/CVE-2023-288xx/CVE-2023-28824.json
index 63cfdc2363d..726a8a20e31 100644
--- a/CVE-2023/CVE-2023-288xx/CVE-2023-28824.json
+++ b/CVE-2023/CVE-2023-288xx/CVE-2023-28824.json
@@ -2,27 +2,89 @@
"id": "CVE-2023-28824",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-01T02:15:09.673",
- "lastModified": "2023-06-01T13:00:30.717",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T13:47:32.470",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Server-side request forgery vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may bypass the database restriction set on the query setting page, and connect to a user unintended database."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-918"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:contec:conprosys_hmi_system:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "3.5.3",
+ "matchCriteriaId": "E75EB317-708F-4E02-B521-C788934DFB97"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU93372935/",
- "source": "vultures@jpcert.or.jp"
+ "source": "vultures@jpcert.or.jp",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdf",
- "source": "vultures@jpcert.or.jp"
+ "source": "vultures@jpcert.or.jp",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdf",
- "source": "vultures@jpcert.or.jp"
+ "source": "vultures@jpcert.or.jp",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-289xx/CVE-2023-28937.json b/CVE-2023/CVE-2023-289xx/CVE-2023-28937.json
index c734d88df09..2ee9d0468e8 100644
--- a/CVE-2023/CVE-2023-289xx/CVE-2023-28937.json
+++ b/CVE-2023/CVE-2023-289xx/CVE-2023-28937.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-28937",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-01T02:15:09.717",
- "lastModified": "2023-06-01T13:00:30.717",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T13:45:18.817",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -14,15 +14,84 @@
"value": "DataSpider Servista versi\u00f3n 4.4 y anteriores utilizan una clave criptogr\u00e1fica embebida. DataSpider Servista es un software de integraci\u00f3n de datos.\"ScriptRunner\" y \"ScriptRunner para Amazon SQS\" se utilizan para iniciar los procesos configurados en DataSpider Servista. La clave criptogr\u00e1fica embebida se encuentra en estos dos archivos, que es com\u00fan a todos los usuarios. Si un atacante que puede tener acceso a una instancia de DataSpider Servista objetivo y obtener un archivo de configuraci\u00f3n de inicio de \"ScriptRunner\" y/o \"ScriptRunner para Amazon SQS\", podr\u00eda realizar operaciones con el privilegio de usuario cifrado en el archivo. "
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-798"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:saison:dataspider_servista:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "4.2",
+ "matchCriteriaId": "33FB0D5A-84F0-43D5-B885-787989EEE357"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:saison:dataspider_servista:4.3:-:*:*:*:*:*:*",
+ "matchCriteriaId": "738C021A-536E-4B73-A7F5-B8265A8294FB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:saison:dataspider_servista:4.4:-:*:*:*:*:*:*",
+ "matchCriteriaId": "E3F54C40-361D-47ED-82C1-661049D67D8A"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN38222042/",
- "source": "vultures@jpcert.or.jp"
+ "source": "vultures@jpcert.or.jp",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.hulft.com/download_file/18675",
- "source": "vultures@jpcert.or.jp"
+ "source": "vultures@jpcert.or.jp",
+ "tags": [
+ "Product"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2801.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2801.json
new file mode 100644
index 00000000000..2072de715f6
--- /dev/null
+++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2801.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-2801",
+ "sourceIdentifier": "security@grafana.com",
+ "published": "2023-06-06T19:15:11.413",
+ "lastModified": "2023-06-07T02:45:20.120",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Grafana is an open-source platform for monitoring and observability. \n\nUsing public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance.\n\nThe only feature that uses mixed queries at the moment is public dashboards, but it's also possible to cause this by calling the query API directly.\n\nThis might enable malicious users to crash Grafana instances through that endpoint.\n\nUsers may upgrade to version 9.4.12 and 9.5.3 to receive a fix.\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@grafana.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@grafana.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-820"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://grafana.com/security/security-advisories/cve-2023-2801/",
+ "source": "security@grafana.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2804.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2804.json
index e18e64be479..f1644b21e96 100644
--- a/CVE-2023/CVE-2023-28xx/CVE-2023-2804.json
+++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2804.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-2804",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-05-25T22:15:09.443",
- "lastModified": "2023-06-01T19:13:31.813",
+ "lastModified": "2023-06-06T13:40:34.820",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -66,8 +66,7 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:*",
- "versionEndExcluding": "2.1.91",
- "matchCriteriaId": "232A4BE1-12D3-4E93-B773-BBBE27CE8554"
+ "matchCriteriaId": "23781DDB-5526-45A4-974B-6ED459FCC816"
}
]
}
diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2833.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2833.json
new file mode 100644
index 00000000000..cb74d95af26
--- /dev/null
+++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2833.json
@@ -0,0 +1,71 @@
+{
+ "id": "CVE-2023-2833",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-06T10:15:09.953",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_screen_options[option]' and 'wp_screen_options[value]' parameters during a screen option update."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-269"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://lana.codes/lanavdb/a889c3ff-5df0-4d7e-951f-0b0406468efa/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/reviewx/tags/1.6.13/includes/rx-functions.php#L972",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2916148%40reviewx&old=2912114%40reviewx&sfp_email=&sfph_mail=#file472",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/blog/2023/05/wpdeveloper-addresses-privilege-escalation-vulnerability-in-reviewx-wordpress-plugin/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/70e1d701-2cff-4793-9e4c-5b16a4038e8d?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2836.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2836.json
index dd91ea70b44..35799124b43 100644
--- a/CVE-2023/CVE-2023-28xx/CVE-2023-2836.json
+++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2836.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2836",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-05-31T04:15:10.200",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T16:33:29.050",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.8,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.7,
+ "impactScore": 2.7
+ },
{
"source": "security@wordfence.com",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ },
{
"source": "security@wordfence.com",
"type": "Secondary",
@@ -50,18 +80,46 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:crmperks:crm_perks_forms:*:*:*:*:*:wordpress:*:*",
+ "versionEndIncluding": "1.1.1",
+ "matchCriteriaId": "D91E5E06-32E2-4A81-8759-7CBFD63ECFD7"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/Don-H50/wp-vul/blob/main/CPF-xss-exploit.md",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2917582/",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de11636b-a051-4e76-bc26-ed76f66fe0df?source=cve",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2866.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2866.json
new file mode 100644
index 00000000000..6a70888fa1f
--- /dev/null
+++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2866.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-2866",
+ "sourceIdentifier": "ics-cert@hq.dhs.gov",
+ "published": "2023-06-07T21:15:13.277",
+ "lastModified": "2023-06-07T21:36:36.773",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\nIf an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server. \n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.3,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.3,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-351"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-150-01",
+ "source": "ics-cert@hq.dhs.gov"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2878.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2878.json
new file mode 100644
index 00000000000..9fa6bec66fa
--- /dev/null
+++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2878.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-2878",
+ "sourceIdentifier": "jordan@liggitt.net",
+ "published": "2023-06-07T15:15:09.377",
+ "lastModified": "2023-06-07T16:18:07.597",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "jordan@liggitt.net",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.0,
+ "impactScore": 4.0
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "jordan@liggitt.net",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-532"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/kubernetes/kubernetes/issues/118419",
+ "source": "jordan@liggitt.net"
+ },
+ {
+ "url": "https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ",
+ "source": "jordan@liggitt.net"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2891.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2891.json
new file mode 100644
index 00000000000..d61a20de4b7
--- /dev/null
+++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2891.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-2891",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T06:16:12.163",
+ "lastModified": "2023-06-09T06:16:12.163",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_delete_product function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2917958/wp-easycart",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bcca7ade-8b35-4ba1-a8b4-b1e815b025e3?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2892.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2892.json
new file mode 100644
index 00000000000..7c9c36e33b8
--- /dev/null
+++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2892.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-2892",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T07:15:09.987",
+ "lastModified": "2023-06-09T07:15:09.987",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_delete_product function. This makes it possible for unauthenticated attackers to bulk delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2917958/wp-easycart",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b36e94e4-b1e8-4803-9377-c4d710b029de?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2893.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2893.json
new file mode 100644
index 00000000000..54afbeaa27b
--- /dev/null
+++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2893.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-2893",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T07:15:10.110",
+ "lastModified": "2023-06-09T07:15:10.110",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_deactivate_product function. This makes it possible for unauthenticated attackers to deactivate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2917958/wp-easycart",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1268604c-08eb-4d86-8e97-9cdaa3e19c1f?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2894.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2894.json
new file mode 100644
index 00000000000..b7e1f713b1c
--- /dev/null
+++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2894.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-2894",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T07:15:10.193",
+ "lastModified": "2023-06-09T07:15:10.193",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_deactivate_product function. This makes it possible for unauthenticated attackers to bulk deactivate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2917958/wp-easycart",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a68b8df9-9b50-4617-9308-76a2a9036d7a?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2895.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2895.json
new file mode 100644
index 00000000000..2787b5a0721
--- /dev/null
+++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2895.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-2895",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T07:15:10.273",
+ "lastModified": "2023-06-09T07:15:10.273",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_activate_product function. This makes it possible for unauthenticated attackers to bulk activate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2917958/wp-easycart",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/02fd8469-cd99-42dc-9a28-c0ea08512bb0?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2896.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2896.json
new file mode 100644
index 00000000000..a004862c483
--- /dev/null
+++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2896.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-2896",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T07:15:10.347",
+ "lastModified": "2023-06-09T07:15:10.347",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_duplicate_product function. This makes it possible for unauthenticated attackers to duplicate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2917958/wp-easycart",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/041830b8-f059-46f5-961b-3ba908d161f9?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2897.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2897.json
new file mode 100644
index 00000000000..18191f17042
--- /dev/null
+++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2897.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-2897",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-09T07:15:10.423",
+ "lastModified": "2023-06-09T07:15:10.423",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.4.18. This is due to an implicit trust of user-supplied IP addresses in an 'X-Forwarded-For' HTTP header for the purpose of validating allowed IP addresses against a Maintenance Mode whitelist. Supplying a whitelisted IP address within the 'X-Forwarded-For' header allows maintenance mode to be bypassed and may result in the disclosure of potentially sensitive information or allow access to restricted functionality."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.7,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 2.2,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-348"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2919443/brizy",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ae342dd9-2f5f-4356-8fb4-9a3e5f4f8316?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29084.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29084.json
index 5f9a1db548b..d65f9146df1 100644
--- a/CVE-2023/CVE-2023-290xx/CVE-2023-29084.json
+++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29084.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-29084",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-13T19:15:11.680",
- "lastModified": "2023-04-21T13:19:28.817",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-06T19:15:10.913",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -225,6 +225,10 @@
}
],
"references": [
+ {
+ "url": "http://packetstormsecurity.com/files/172755/ManageEngine-ADManager-Plus-Command-Injection.html",
+ "source": "cve@mitre.org"
+ },
{
"url": "https://manageengine.com",
"source": "cve@mitre.org",
diff --git a/CVE-2023/CVE-2023-291xx/CVE-2023-29152.json b/CVE-2023/CVE-2023-291xx/CVE-2023-29152.json
new file mode 100644
index 00000000000..0686e372293
--- /dev/null
+++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29152.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-29152",
+ "sourceIdentifier": "ics-cert@hq.dhs.gov",
+ "published": "2023-06-07T22:15:09.737",
+ "lastModified": "2023-06-08T02:44:28.663",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\n\nBy changing the filename parameter in the request, an attacker could \ndelete any file with the permissions of the Vuforia server account.\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.2,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.7,
+ "impactScore": 4.0
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-285"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13",
+ "source": "ics-cert@hq.dhs.gov"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-291xx/CVE-2023-29154.json b/CVE-2023/CVE-2023-291xx/CVE-2023-29154.json
index f598442afb7..f49e102a844 100644
--- a/CVE-2023/CVE-2023-291xx/CVE-2023-29154.json
+++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29154.json
@@ -2,27 +2,89 @@
"id": "CVE-2023-29154",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-01T02:15:09.760",
- "lastModified": "2023-06-01T13:00:30.717",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T01:53:05.697",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability exists in the CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may execute an arbitrary SQL command via specially crafted input to the query setting page."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:contec:conprosys_hmi_system:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "3.5.3",
+ "matchCriteriaId": "E75EB317-708F-4E02-B521-C788934DFB97"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU93372935/",
- "source": "vultures@jpcert.or.jp"
+ "source": "vultures@jpcert.or.jp",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_en.pdf",
- "source": "vultures@jpcert.or.jp"
+ "source": "vultures@jpcert.or.jp",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230531_jp.pdf",
- "source": "vultures@jpcert.or.jp"
+ "source": "vultures@jpcert.or.jp",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-291xx/CVE-2023-29159.json b/CVE-2023/CVE-2023-291xx/CVE-2023-29159.json
index 9b637093fec..07da8f6010d 100644
--- a/CVE-2023/CVE-2023-291xx/CVE-2023-29159.json
+++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29159.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-29159",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-01T02:15:09.803",
- "lastModified": "2023-06-01T13:00:30.717",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T01:59:38.140",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -14,19 +14,83 @@
"value": "La vulnerabilidad de salto de directorios en Starlette v0.13.5 y posteriores y anteriores a 0.27.0 permite a un atacante remoto no autenticado ver archivos en un servicio web que fue creado usando Starlette. "
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:encode:starlette:*:*:*:*:*:python:*:*",
+ "versionStartIncluding": "0.13.5",
+ "versionEndExcluding": "0.27.0",
+ "matchCriteriaId": "4AD6432E-5F9B-4A84-A978-5AD14E90C5E9"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/encode/starlette/releases/tag/0.27.0",
- "source": "vultures@jpcert.or.jp"
+ "source": "vultures@jpcert.or.jp",
+ "tags": [
+ "Release Notes"
+ ]
},
{
"url": "https://github.com/encode/starlette/security/advisories/GHSA-v5gw-mw7f-84px",
- "source": "vultures@jpcert.or.jp"
+ "source": "vultures@jpcert.or.jp",
+ "tags": [
+ "Exploit",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://jvn.jp/en/jp/JVN95981715/",
- "source": "vultures@jpcert.or.jp"
+ "source": "vultures@jpcert.or.jp",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-291xx/CVE-2023-29168.json b/CVE-2023/CVE-2023-291xx/CVE-2023-29168.json
new file mode 100644
index 00000000000..f9e6c6b38fd
--- /dev/null
+++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29168.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-29168",
+ "sourceIdentifier": "ics-cert@hq.dhs.gov",
+ "published": "2023-06-07T22:15:09.807",
+ "lastModified": "2023-06-08T02:44:28.663",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication.\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.7,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 2.2,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-522"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13",
+ "source": "ics-cert@hq.dhs.gov"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-293xx/CVE-2023-29344.json b/CVE-2023/CVE-2023-293xx/CVE-2023-29344.json
index 198e68f9652..93a3a5712a3 100644
--- a/CVE-2023/CVE-2023-293xx/CVE-2023-29344.json
+++ b/CVE-2023/CVE-2023-293xx/CVE-2023-29344.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-29344",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-06-05T19:15:10.190",
- "lastModified": "2023-06-05T19:15:10.190",
- "vulnStatus": "Received",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-293xx/CVE-2023-29345.json b/CVE-2023/CVE-2023-293xx/CVE-2023-29345.json
new file mode 100644
index 00000000000..bb3e0085ab8
--- /dev/null
+++ b/CVE-2023/CVE-2023-293xx/CVE-2023-29345.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2023-29345",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2023-06-07T18:15:09.673",
+ "lastModified": "2023-06-07T20:24:12.193",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29345",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29401.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29401.json
new file mode 100644
index 00000000000..f3a63456c38
--- /dev/null
+++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29401.json
@@ -0,0 +1,32 @@
+{
+ "id": "CVE-2023-29401",
+ "sourceIdentifier": "security@golang.org",
+ "published": "2023-06-08T21:15:16.620",
+ "lastModified": "2023-06-08T21:15:16.620",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of \"setup.bat";x=.txt\" will be sent as a file named \"setup.bat\". If the FileAttachment function is called with names provided by an untrusted source, this may permit an attacker to cause a file to be served with a name different than provided. Maliciously crafted attachment file name can modify the Content-Disposition header."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/gin-gonic/gin/issues/3555",
+ "source": "security@golang.org"
+ },
+ {
+ "url": "https://github.com/gin-gonic/gin/pull/3556",
+ "source": "security@golang.org"
+ },
+ {
+ "url": "https://github.com/gin-gonic/gin/releases/tag/v1.9.1",
+ "source": "security@golang.org"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2023-1737",
+ "source": "security@golang.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29402.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29402.json
new file mode 100644
index 00000000000..f9e1b3687d4
--- /dev/null
+++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29402.json
@@ -0,0 +1,44 @@
+{
+ "id": "CVE-2023-29402",
+ "sourceIdentifier": "security@golang.org",
+ "published": "2023-06-08T21:15:16.770",
+ "lastModified": "2023-06-08T21:15:16.770",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via \"go get\", are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be affected)."
+ }
+ ],
+ "metrics": {},
+ "weaknesses": [
+ {
+ "source": "security@golang.org",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-94"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://go.dev/cl/501226",
+ "source": "security@golang.org"
+ },
+ {
+ "url": "https://go.dev/issue/60167",
+ "source": "security@golang.org"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ",
+ "source": "security@golang.org"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2023-1839",
+ "source": "security@golang.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29403.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29403.json
new file mode 100644
index 00000000000..c712f16946a
--- /dev/null
+++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29403.json
@@ -0,0 +1,44 @@
+{
+ "id": "CVE-2023-29403",
+ "sourceIdentifier": "security@golang.org",
+ "published": "2023-06-08T21:15:16.927",
+ "lastModified": "2023-06-08T21:15:16.927",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers."
+ }
+ ],
+ "metrics": {},
+ "weaknesses": [
+ {
+ "source": "security@golang.org",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-642"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://go.dev/cl/501223",
+ "source": "security@golang.org"
+ },
+ {
+ "url": "https://go.dev/issue/60272",
+ "source": "security@golang.org"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ",
+ "source": "security@golang.org"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2023-1840",
+ "source": "security@golang.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29404.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29404.json
new file mode 100644
index 00000000000..7ef4b2985f1
--- /dev/null
+++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29404.json
@@ -0,0 +1,44 @@
+{
+ "id": "CVE-2023-29404",
+ "sourceIdentifier": "security@golang.org",
+ "published": "2023-06-08T21:15:17.077",
+ "lastModified": "2023-06-08T21:15:17.077",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The go command may execute arbitrary code at build time when using cgo. This may occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers."
+ }
+ ],
+ "metrics": {},
+ "weaknesses": [
+ {
+ "source": "security@golang.org",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-94"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://go.dev/cl/501225",
+ "source": "security@golang.org"
+ },
+ {
+ "url": "https://go.dev/issue/60305",
+ "source": "security@golang.org"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ",
+ "source": "security@golang.org"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2023-1841",
+ "source": "security@golang.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29405.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29405.json
new file mode 100644
index 00000000000..8b7abe93b61
--- /dev/null
+++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29405.json
@@ -0,0 +1,44 @@
+{
+ "id": "CVE-2023-29405",
+ "sourceIdentifier": "security@golang.org",
+ "published": "2023-06-08T21:15:17.197",
+ "lastModified": "2023-06-08T21:15:17.197",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The go command may execute arbitrary code at build time when using cgo. This may occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler."
+ }
+ ],
+ "metrics": {},
+ "weaknesses": [
+ {
+ "source": "security@golang.org",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-88"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://go.dev/cl/501224",
+ "source": "security@golang.org"
+ },
+ {
+ "url": "https://go.dev/issue/60306",
+ "source": "security@golang.org"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ",
+ "source": "security@golang.org"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2023-1842",
+ "source": "security@golang.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29502.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29502.json
new file mode 100644
index 00000000000..16aeaa86a57
--- /dev/null
+++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29502.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-29502",
+ "sourceIdentifier": "ics-cert@hq.dhs.gov",
+ "published": "2023-06-07T22:15:09.890",
+ "lastModified": "2023-06-08T02:44:28.663",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\n\n\n\nBefore importing a project into Vuforia, a user could modify the \n\u201cresourceDirectory\u201d attribute in the appConfig.json file to be a \ndifferent path.\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.2,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.7,
+ "impactScore": 4.0
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13",
+ "source": "ics-cert@hq.dhs.gov"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29503.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29503.json
new file mode 100644
index 00000000000..041c1dd5314
--- /dev/null
+++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29503.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-29503",
+ "sourceIdentifier": "ics-cert@hq.dhs.gov",
+ "published": "2023-06-06T17:15:13.777",
+ "lastModified": "2023-06-06T18:33:59.493",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\n\n\n\n\n\n\nThe affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. \n\n\n\n\n\n\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-121"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04",
+ "source": "ics-cert@hq.dhs.gov"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29533.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29533.json
index 96f151662dd..b5d75ad0d40 100644
--- a/CVE-2023/CVE-2023-295xx/CVE-2023-29533.json
+++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29533.json
@@ -2,35 +2,131 @@
"id": "CVE-2023-29533",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:12.387",
- "lastModified": "2023-06-02T18:10:11.837",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-09T03:57:05.667",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A website could have obscured the fullscreen notification by using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "8C6578F4-B46C-473F-8A17-CA6026C32FBE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "216F0EFA-865A-45F5-B50F-B734312ED45D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.10",
+ "matchCriteriaId": "03736567-251A-4F75-992E-AB7C957FB587"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:focus:*:*:*:*:*:android:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "296D52A2-6FE3-4667-AC75-D01A0043776F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.10",
+ "matchCriteriaId": "7C8C9D9E-9BDA-475D-B7D6-10D1C6E9DD72"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1798219",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1814597",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-13/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-14/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-15/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29535.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29535.json
index 6bae8b32ea6..ed10284caee 100644
--- a/CVE-2023/CVE-2023-295xx/CVE-2023-29535.json
+++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29535.json
@@ -2,31 +2,120 @@
"id": "CVE-2023-29535",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:12.433",
- "lastModified": "2023-06-02T18:10:11.837",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-09T03:57:03.400",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "8C6578F4-B46C-473F-8A17-CA6026C32FBE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "216F0EFA-865A-45F5-B50F-B734312ED45D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.10",
+ "matchCriteriaId": "03736567-251A-4F75-992E-AB7C957FB587"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:focus:*:*:*:*:*:android:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "296D52A2-6FE3-4667-AC75-D01A0043776F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.10",
+ "matchCriteriaId": "7C8C9D9E-9BDA-475D-B7D6-10D1C6E9DD72"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1820543",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-13/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-14/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-15/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29536.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29536.json
index bbc893e42a4..c13f86f4e56 100644
--- a/CVE-2023/CVE-2023-295xx/CVE-2023-29536.json
+++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29536.json
@@ -2,31 +2,122 @@
"id": "CVE-2023-29536",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:12.477",
- "lastModified": "2023-06-02T18:10:11.837",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-09T03:57:01.487",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-416"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "8C6578F4-B46C-473F-8A17-CA6026C32FBE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "216F0EFA-865A-45F5-B50F-B734312ED45D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.10",
+ "matchCriteriaId": "03736567-251A-4F75-992E-AB7C957FB587"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:focus:*:*:*:*:*:android:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "296D52A2-6FE3-4667-AC75-D01A0043776F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.10",
+ "matchCriteriaId": "7C8C9D9E-9BDA-475D-B7D6-10D1C6E9DD72"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1821959",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-13/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-14/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-15/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29537.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29537.json
index 986e0e2515e..7d1948e1822 100644
--- a/CVE-2023/CVE-2023-295xx/CVE-2023-29537.json
+++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29537.json
@@ -2,31 +2,108 @@
"id": "CVE-2023-29537",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:12.520",
- "lastModified": "2023-06-02T18:10:11.837",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-09T03:56:59.427",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.6,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-362"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "8C6578F4-B46C-473F-8A17-CA6026C32FBE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "216F0EFA-865A-45F5-B50F-B734312ED45D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:focus:*:*:*:*:*:android:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "296D52A2-6FE3-4667-AC75-D01A0043776F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1823365",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking"
+ ]
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1824200",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking"
+ ]
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1825569",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-13/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29538.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29538.json
index bd53e34fe10..7c60d874183 100644
--- a/CVE-2023/CVE-2023-295xx/CVE-2023-29538.json
+++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29538.json
@@ -2,23 +2,94 @@
"id": "CVE-2023-29538",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:12.567",
- "lastModified": "2023-06-02T18:10:11.837",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-09T03:56:56.727",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Under specific circumstances a WebExtension may have received a jar:file:/// URI instead of a moz-extension:/// URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.6,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-668"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "8C6578F4-B46C-473F-8A17-CA6026C32FBE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "216F0EFA-865A-45F5-B50F-B734312ED45D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:focus:*:*:*:*:*:android:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "296D52A2-6FE3-4667-AC75-D01A0043776F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1685403",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-13/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29539.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29539.json
index 17734348f75..137b992a07e 100644
--- a/CVE-2023/CVE-2023-295xx/CVE-2023-29539.json
+++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29539.json
@@ -2,31 +2,120 @@
"id": "CVE-2023-29539",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:12.607",
- "lastModified": "2023-06-02T18:10:03.083",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-09T03:56:54.370",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-476"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "8C6578F4-B46C-473F-8A17-CA6026C32FBE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "216F0EFA-865A-45F5-B50F-B734312ED45D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.10",
+ "matchCriteriaId": "03736567-251A-4F75-992E-AB7C957FB587"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:focus:*:*:*:*:*:android:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "296D52A2-6FE3-4667-AC75-D01A0043776F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.10",
+ "matchCriteriaId": "7C8C9D9E-9BDA-475D-B7D6-10D1C6E9DD72"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1784348",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-13/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-14/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-15/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29540.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29540.json
index 0db3affee59..b25f4aaf66e 100644
--- a/CVE-2023/CVE-2023-295xx/CVE-2023-29540.json
+++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29540.json
@@ -2,23 +2,96 @@
"id": "CVE-2023-29540",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:12.653",
- "lastModified": "2023-06-02T18:10:03.083",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-09T03:56:51.630",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Using a redirect embedded into sourceMappingUrls could allow for navigation to external protocol links in sandboxed iframes without allow-top-navigation-to-custom-protocols. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-601"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "8C6578F4-B46C-473F-8A17-CA6026C32FBE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "216F0EFA-865A-45F5-B50F-B734312ED45D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:focus:*:*:*:*:*:android:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "296D52A2-6FE3-4667-AC75-D01A0043776F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1790542",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-13/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29541.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29541.json
index 31e7d4484c2..b0c10f9d1a0 100644
--- a/CVE-2023/CVE-2023-295xx/CVE-2023-29541.json
+++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29541.json
@@ -2,31 +2,122 @@
"id": "CVE-2023-29541",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:12.697",
- "lastModified": "2023-06-02T18:10:03.083",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-09T03:56:16.603",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands.
*This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.*. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-116"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "8C6578F4-B46C-473F-8A17-CA6026C32FBE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "216F0EFA-865A-45F5-B50F-B734312ED45D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.10",
+ "matchCriteriaId": "03736567-251A-4F75-992E-AB7C957FB587"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:focus:*:*:*:*:*:android:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "296D52A2-6FE3-4667-AC75-D01A0043776F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.10",
+ "matchCriteriaId": "7C8C9D9E-9BDA-475D-B7D6-10D1C6E9DD72"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1810191",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-13/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-14/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-15/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29543.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29543.json
index d1becf08317..826d8934dfb 100644
--- a/CVE-2023/CVE-2023-295xx/CVE-2023-29543.json
+++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29543.json
@@ -2,23 +2,94 @@
"id": "CVE-2023-29543",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:12.743",
- "lastModified": "2023-06-02T18:10:03.083",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-09T03:56:14.570",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-416"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "8C6578F4-B46C-473F-8A17-CA6026C32FBE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "216F0EFA-865A-45F5-B50F-B734312ED45D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:focus:*:*:*:*:*:android:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "296D52A2-6FE3-4667-AC75-D01A0043776F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1816158",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-13/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29544.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29544.json
index 07072343a3f..e459edbe74f 100644
--- a/CVE-2023/CVE-2023-295xx/CVE-2023-29544.json
+++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29544.json
@@ -2,23 +2,94 @@
"id": "CVE-2023-29544",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:12.790",
- "lastModified": "2023-06-02T18:10:03.083",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-09T03:56:11.800",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-400"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "8C6578F4-B46C-473F-8A17-CA6026C32FBE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "216F0EFA-865A-45F5-B50F-B734312ED45D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:focus:*:*:*:*:*:android:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "296D52A2-6FE3-4667-AC75-D01A0043776F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1818781",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-13/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29547.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29547.json
index de199e943b4..2e9d1878f48 100644
--- a/CVE-2023/CVE-2023-295xx/CVE-2023-29547.json
+++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29547.json
@@ -2,23 +2,94 @@
"id": "CVE-2023-29547",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:12.837",
- "lastModified": "2023-06-02T18:10:03.083",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-09T03:56:09.760",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "8C6578F4-B46C-473F-8A17-CA6026C32FBE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.10",
+ "matchCriteriaId": "03736567-251A-4F75-992E-AB7C957FB587"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:focus:*:*:*:*:*:android:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "296D52A2-6FE3-4667-AC75-D01A0043776F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1783536",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-13/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29548.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29548.json
index 4ebb0469018..cca5687e8d1 100644
--- a/CVE-2023/CVE-2023-295xx/CVE-2023-29548.json
+++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29548.json
@@ -2,31 +2,122 @@
"id": "CVE-2023-29548",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:12.880",
- "lastModified": "2023-06-02T18:10:03.083",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-09T03:56:07.827",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "8C6578F4-B46C-473F-8A17-CA6026C32FBE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "216F0EFA-865A-45F5-B50F-B734312ED45D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.10",
+ "matchCriteriaId": "03736567-251A-4F75-992E-AB7C957FB587"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:focus:*:*:*:*:*:android:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "296D52A2-6FE3-4667-AC75-D01A0043776F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.10",
+ "matchCriteriaId": "7C8C9D9E-9BDA-475D-B7D6-10D1C6E9DD72"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1822754",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-13/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-14/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-15/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29549.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29549.json
index 24f28579ded..2ff7df98a4a 100644
--- a/CVE-2023/CVE-2023-295xx/CVE-2023-29549.json
+++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29549.json
@@ -2,23 +2,94 @@
"id": "CVE-2023-29549",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:12.927",
- "lastModified": "2023-06-02T18:10:03.083",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-09T03:56:06.077",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Under certain circumstances, a call to the bind function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-326"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "8C6578F4-B46C-473F-8A17-CA6026C32FBE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "216F0EFA-865A-45F5-B50F-B734312ED45D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:focus:*:*:*:*:*:android:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "296D52A2-6FE3-4667-AC75-D01A0043776F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1823042",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-13/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29550.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29550.json
index 0d16175ec96..9ff1fac1ad3 100644
--- a/CVE-2023/CVE-2023-295xx/CVE-2023-29550.json
+++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29550.json
@@ -2,31 +2,121 @@
"id": "CVE-2023-29550",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:12.967",
- "lastModified": "2023-06-02T20:15:09.367",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-09T03:56:03.877",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Mozilla developers Randell Jesup, Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "8C6578F4-B46C-473F-8A17-CA6026C32FBE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "216F0EFA-865A-45F5-B50F-B734312ED45D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.10",
+ "matchCriteriaId": "03736567-251A-4F75-992E-AB7C957FB587"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:focus:*:*:*:*:*:android:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "296D52A2-6FE3-4667-AC75-D01A0043776F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.10",
+ "matchCriteriaId": "7C8C9D9E-9BDA-475D-B7D6-10D1C6E9DD72"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1720594%2C1812498%2C1814217%2C1818357%2C1751945%2C1818762%2C1819493%2C1820389%2C1820602%2C1821448%2C1822413%2C1824828",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Not Applicable"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-13/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-14/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-15/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29551.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29551.json
index ca98d6a7ae4..5927da2ebdd 100644
--- a/CVE-2023/CVE-2023-295xx/CVE-2023-29551.json
+++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29551.json
@@ -2,23 +2,95 @@
"id": "CVE-2023-29551",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:13.010",
- "lastModified": "2023-06-02T20:15:09.423",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-09T03:56:02.220",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Mozilla developers Randell Jesup, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "8C6578F4-B46C-473F-8A17-CA6026C32FBE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "216F0EFA-865A-45F5-B50F-B734312ED45D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:focus:*:*:*:*:*:android:*:*",
+ "versionEndExcluding": "112.0",
+ "matchCriteriaId": "296D52A2-6FE3-4667-AC75-D01A0043776F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1763625%2C1814314%2C1815798%2C1815890%2C1819239%2C1819465%2C1819486%2C1819492%2C1819957%2C1820514%2C1820776%2C1821838%2C1822175%2C1823547",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Not Applicable"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-13/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-296xx/CVE-2023-29629.json b/CVE-2023/CVE-2023-296xx/CVE-2023-29629.json
index 0445c8a8eab..e004f446ce0 100644
--- a/CVE-2023/CVE-2023-296xx/CVE-2023-29629.json
+++ b/CVE-2023/CVE-2023-296xx/CVE-2023-29629.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-29629",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-05T21:15:10.687",
- "lastModified": "2023-06-05T21:15:10.687",
- "vulnStatus": "Received",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-296xx/CVE-2023-29630.json b/CVE-2023/CVE-2023-296xx/CVE-2023-29630.json
index 16005cea467..13aac5e4510 100644
--- a/CVE-2023/CVE-2023-296xx/CVE-2023-29630.json
+++ b/CVE-2023/CVE-2023-296xx/CVE-2023-29630.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-29630",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-05T21:15:10.760",
- "lastModified": "2023-06-05T21:15:10.760",
- "vulnStatus": "Received",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-296xx/CVE-2023-29631.json b/CVE-2023/CVE-2023-296xx/CVE-2023-29631.json
index dafd1a7c369..7530eea525d 100644
--- a/CVE-2023/CVE-2023-296xx/CVE-2023-29631.json
+++ b/CVE-2023/CVE-2023-296xx/CVE-2023-29631.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-29631",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-05T21:15:10.827",
- "lastModified": "2023-06-05T21:15:10.827",
- "vulnStatus": "Received",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-296xx/CVE-2023-29632.json b/CVE-2023/CVE-2023-296xx/CVE-2023-29632.json
new file mode 100644
index 00000000000..12c2da778d9
--- /dev/null
+++ b/CVE-2023/CVE-2023-296xx/CVE-2023-29632.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2023-29632",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-06T20:15:11.683",
+ "lastModified": "2023-06-07T02:45:15.873",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_jmspagebuilder.php."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "cve@mitre.org",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://friends-of-presta.github.io/security-advisories/modules/2023/03/13/jmspagebuilder.html",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-297xx/CVE-2023-29722.json b/CVE-2023/CVE-2023-297xx/CVE-2023-29722.json
index f530ab04b26..49d76e1bd39 100644
--- a/CVE-2023/CVE-2023-297xx/CVE-2023-29722.json
+++ b/CVE-2023/CVE-2023-297xx/CVE-2023-29722.json
@@ -2,19 +2,81 @@
"id": "CVE-2023-29722",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-01T21:15:09.360",
- "lastModified": "2023-06-02T00:07:04.253",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T02:19:29.840",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker could tamper with this data to cause an escalation of privilege attack."
+ },
+ {
+ "lang": "es",
+ "value": "La aplicaci\u00f3n Glitter Unicorn Wallpaper para Android 7.0 a 8.0 permite a aplicaciones no autorizadas solicitar activamente permiso para modificar datos en la base de datos que registra informaci\u00f3n sobre las preferencias personales de un usuario y que se cargar\u00e1 en la memoria para ser le\u00edda y utilizada cuando se abra la aplicaci\u00f3n. Un atacante podr\u00eda manipular estos datos para provocar un ataque de escalada de privilegios. "
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 9.1,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:glitter_unicorn_wallpaper_project:glitter_unicorn_wallpaper:*:*:*:*:*:android:*:*",
+ "versionStartIncluding": "7.0",
+ "versionEndIncluding": "8.0",
+ "matchCriteriaId": "FC799109-5C8E-47F4-94E4-F2F26DC99AD7"
+ }
+ ]
+ }
+ ]
}
],
- "metrics": {},
"references": [
{
"url": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29722/CVE%20detail.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-297xx/CVE-2023-29723.json b/CVE-2023/CVE-2023-297xx/CVE-2023-29723.json
index 0bb67cfcced..2462657474a 100644
--- a/CVE-2023/CVE-2023-297xx/CVE-2023-29723.json
+++ b/CVE-2023/CVE-2023-297xx/CVE-2023-29723.json
@@ -2,19 +2,77 @@
"id": "CVE-2023-29723",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-01T21:15:09.407",
- "lastModified": "2023-06-02T00:07:04.253",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T02:06:29.613",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting data, the attacker can force the application to load malicious image URLs and display them in the UI. As the amount of data increases, it will eventually cause the application to trigger an OOM error and crash, resulting in a persistent denial of service attack."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:glitter_unicorn_wallpaper_project:glitter_unicorn_wallpaper:*:*:*:*:*:android:*:*",
+ "versionStartIncluding": "7.0",
+ "versionEndIncluding": "8.0",
+ "matchCriteriaId": "FC799109-5C8E-47F4-94E4-F2F26DC99AD7"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29723/CVE%20detail.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-297xx/CVE-2023-29726.json b/CVE-2023/CVE-2023-297xx/CVE-2023-29726.json
index a8a05f403cf..aeb68080ac8 100644
--- a/CVE-2023/CVE-2023-297xx/CVE-2023-29726.json
+++ b/CVE-2023/CVE-2023-297xx/CVE-2023-29726.json
@@ -2,27 +2,89 @@
"id": "CVE-2023-29726",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-30T23:15:09.513",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T02:39:01.227",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Call Blocker application 6.6.3 for Android incorrectly opens a key component that an attacker can use to inject large amounts of dirty data into the application's database. When the application starts, it loads the data from the database into memory. Once the attacker injects too much data, the application triggers an OOM error and crashes, resulting in a persistent denial of service."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-404"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:applika:call_blocker:6.6.3:*:*:*:*:android:*:*",
+ "matchCriteriaId": "77AB3E3E-9647-4731-80A9-C31D381CDEFD"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29726/CVE%20detail.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://play.google.com/store/apps/details?id=com.cuiet.blockCalls",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
},
{
"url": "https://www.call-blocker.info/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-297xx/CVE-2023-29727.json b/CVE-2023/CVE-2023-297xx/CVE-2023-29727.json
index d47196f7bf6..0c2cd38b52d 100644
--- a/CVE-2023/CVE-2023-297xx/CVE-2023-29727.json
+++ b/CVE-2023/CVE-2023-297xx/CVE-2023-29727.json
@@ -2,27 +2,89 @@
"id": "CVE-2023-29727",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-30T23:15:09.563",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T02:19:08.223",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Call Blocker application 6.6.3 for Android allows unauthorized applications to use exposed components to delete data stored in its database that is related to user privacy settings and affects the implementation of the normal functionality of the application. An attacker can use this to cause an escalation of privilege attack."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:applika:call_blocker:6.6.3:*:*:*:*:android:*:*",
+ "matchCriteriaId": "77AB3E3E-9647-4731-80A9-C31D381CDEFD"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29727/CVE%20detail.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://play.google.com/store/apps/details?id=com.cuiet.blockCalls",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
},
{
"url": "https://www.call-blocker.info/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-297xx/CVE-2023-29728.json b/CVE-2023/CVE-2023-297xx/CVE-2023-29728.json
index 160a5f073b3..62ee533181c 100644
--- a/CVE-2023/CVE-2023-297xx/CVE-2023-29728.json
+++ b/CVE-2023/CVE-2023-297xx/CVE-2023-29728.json
@@ -2,27 +2,89 @@
"id": "CVE-2023-29728",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-30T23:15:09.607",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T02:41:22.783",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Call Blocker application 6.6.3 for Android allows attackers to tamper with feature-related data, resulting in a severe elevation of privilege attack."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:applika:call_blocker:6.6.3:*:*:*:*:android:*:*",
+ "matchCriteriaId": "77AB3E3E-9647-4731-80A9-C31D381CDEFD"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29728/CVE%20detail.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://play.google.com/store/apps/details?id=com.cuiet.blockCalls",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
},
{
"url": "https://www.call-blocker.info/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-297xx/CVE-2023-29731.json b/CVE-2023/CVE-2023-297xx/CVE-2023-29731.json
index 095a3ff780e..feef65edc14 100644
--- a/CVE-2023/CVE-2023-297xx/CVE-2023-29731.json
+++ b/CVE-2023/CVE-2023-297xx/CVE-2023-29731.json
@@ -2,19 +2,77 @@
"id": "CVE-2023-29731",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-30T20:15:10.227",
- "lastModified": "2023-05-30T21:10:02.053",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T16:20:39.680",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SoLive 1.6.14 thru 1.6.20 for Android has an exposed component that provides a method to modify the SharedPreference file. An attacker can leverage this method to inject a large amount of data into any SharedPreference file, which will be loaded into memory when the application is opened. When an attacker injects too much data, the application will trigger an OOM error and crash at startup, resulting in a persistent denial of service."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-276"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:loka:solive:*:*:*:*:*:android:*:*",
+ "versionStartIncluding": "1.6.14",
+ "versionEndIncluding": "1.6.20",
+ "matchCriteriaId": "5CFDEFD4-C1A7-479B-9719-DE821A02E689"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29731/CVE%20detail.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-297xx/CVE-2023-29732.json b/CVE-2023/CVE-2023-297xx/CVE-2023-29732.json
index f251e7c3ce3..f01897f5e14 100644
--- a/CVE-2023/CVE-2023-297xx/CVE-2023-29732.json
+++ b/CVE-2023/CVE-2023-297xx/CVE-2023-29732.json
@@ -2,19 +2,77 @@
"id": "CVE-2023-29732",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-30T20:15:10.273",
- "lastModified": "2023-05-30T21:10:02.053",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T17:14:20.340",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SoLive 1.6.14 thru 1.6.20 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memory when the application is opened. Depending on how the data is used, this can result in various attack consequences, such as ad display exceptions."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-276"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:loka:solive:*:*:*:*:*:android:*:*",
+ "versionStartIncluding": "1.6.14",
+ "versionEndIncluding": "1.6.20",
+ "matchCriteriaId": "5CFDEFD4-C1A7-479B-9719-DE821A02E689"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29732/CVE%20detail.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-297xx/CVE-2023-29733.json b/CVE-2023/CVE-2023-297xx/CVE-2023-29733.json
index 2d31a20a32f..e634fb794cb 100644
--- a/CVE-2023/CVE-2023-297xx/CVE-2023-29733.json
+++ b/CVE-2023/CVE-2023-297xx/CVE-2023-29733.json
@@ -2,19 +2,75 @@
"id": "CVE-2023-29733",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-30T20:15:10.327",
- "lastModified": "2023-05-30T21:10:02.053",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T16:17:51.147",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Lock Master app 2.2.4 for Android allows unauthorized apps to modify the values in its SharedPreference files. These files hold data that affects many app functions. Malicious modifications by unauthorized apps can cause security issues, such as functionality manipulation, resulting in a severe escalation of privilege attack."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:dualspace:lock_master:2.2.4:*:*:*:*:android:*:*",
+ "matchCriteriaId": "7D692B4D-E923-4BD3-8AC2-EF706D12D288"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29733/CVE%20detail.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-297xx/CVE-2023-29734.json b/CVE-2023/CVE-2023-297xx/CVE-2023-29734.json
index f83b2630633..d95b741e4c9 100644
--- a/CVE-2023/CVE-2023-297xx/CVE-2023-29734.json
+++ b/CVE-2023/CVE-2023-297xx/CVE-2023-29734.json
@@ -2,19 +2,75 @@
"id": "CVE-2023-29734",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-30T20:15:10.373",
- "lastModified": "2023-05-30T21:10:02.053",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T16:54:40.997",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue found in edjing Mix v.7.09.01 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the database."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-269"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mwm:edjing_mix:7.09.01:*:*:*:*:android:*:*",
+ "matchCriteriaId": "32DF51F4-AC46-4F3A-A446-3D95DBF4829F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29734/CVE%20detail.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-297xx/CVE-2023-29735.json b/CVE-2023/CVE-2023-297xx/CVE-2023-29735.json
index 9047feb132c..9cda5d78a00 100644
--- a/CVE-2023/CVE-2023-297xx/CVE-2023-29735.json
+++ b/CVE-2023/CVE-2023-297xx/CVE-2023-29735.json
@@ -2,19 +2,75 @@
"id": "CVE-2023-29735",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-30T20:15:10.420",
- "lastModified": "2023-05-30T21:10:02.053",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T17:09:06.290",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue found in edjing Mix v.7.09.01 for Android allows a local attacker to cause a denial of service via the database files."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-400"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mwm:edjing_mix:7.09.01:*:*:*:*:android:*:*",
+ "matchCriteriaId": "32DF51F4-AC46-4F3A-A446-3D95DBF4829F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29735/CVE%20detail.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-297xx/CVE-2023-29736.json b/CVE-2023/CVE-2023-297xx/CVE-2023-29736.json
index 6a814a8ef50..b52944e4272 100644
--- a/CVE-2023/CVE-2023-297xx/CVE-2023-29736.json
+++ b/CVE-2023/CVE-2023-297xx/CVE-2023-29736.json
@@ -2,19 +2,75 @@
"id": "CVE-2023-29736",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-01T21:15:09.450",
- "lastModified": "2023-06-02T00:07:04.253",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T14:48:57.690",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Keyboard Themes 1.275.1.164 for Android contains a dictionary traversal vulnerability that allows unauthorized apps to overwrite arbitrary files in its internal storage and achieve arbitrary code execution."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:timmystudios:keyboard_themes:1.275.1.164:*:*:*:*:android:*:*",
+ "matchCriteriaId": "CE446ED1-FF28-4071-8C60-70FF461A789A"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29736/CVE%20detail.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-297xx/CVE-2023-29737.json b/CVE-2023/CVE-2023-297xx/CVE-2023-29737.json
index b0451d9d9bc..ba10d163c84 100644
--- a/CVE-2023/CVE-2023-297xx/CVE-2023-29737.json
+++ b/CVE-2023/CVE-2023-297xx/CVE-2023-29737.json
@@ -2,27 +2,89 @@
"id": "CVE-2023-29737",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-30T17:15:10.067",
- "lastModified": "2023-05-30T18:52:32.890",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T16:34:41.783",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android allows a local attacker to cause a denial of service via the database files."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:wavekeyboard:wave_animated_keyboard_emoji:1.70.7:*:*:*:*:android:*:*",
+ "matchCriteriaId": "637163ED-995F-4889-B9F4-59F8C609DABC"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "http://www.wavekeyboard.com/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
},
{
"url": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29737/CVE%20detail.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://play.google.com/store/apps/details?id=com.wave.keyboard",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-297xx/CVE-2023-29738.json b/CVE-2023/CVE-2023-297xx/CVE-2023-29738.json
index ed842d9267e..94dcb5de24a 100644
--- a/CVE-2023/CVE-2023-297xx/CVE-2023-29738.json
+++ b/CVE-2023/CVE-2023-297xx/CVE-2023-29738.json
@@ -2,31 +2,96 @@
"id": "CVE-2023-29738",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-30T23:15:09.653",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T20:52:47.427",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android allows a local attacker to cause code execution and escalation of Privileges via the database files."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:wavekeyboard:wave_animated_keyboard_emoji:1.70.7:*:*:*:*:android:*:*",
+ "matchCriteriaId": "637163ED-995F-4889-B9F4-59F8C609DABC"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "http://www.wavekeyboard.com/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
},
{
"url": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29738/CVE%20detail.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://play.google.com/store/apps/details?id=com.amdroidalarmclock.amdroid",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
},
{
"url": "https://play.google.com/store/apps/details?id=com.wave.keyboard",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-297xx/CVE-2023-29739.json b/CVE-2023/CVE-2023-297xx/CVE-2023-29739.json
index 782625dbd7f..e8dad036ae4 100644
--- a/CVE-2023/CVE-2023-297xx/CVE-2023-29739.json
+++ b/CVE-2023/CVE-2023-297xx/CVE-2023-29739.json
@@ -2,27 +2,89 @@
"id": "CVE-2023-29739",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-30T23:15:09.700",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T20:47:25.873",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:amdroidapp:alarm_clock_for_heavy_sleepers:5.3.2:*:*:*:*:android:*:*",
+ "matchCriteriaId": "50F4521A-9CDC-4EDD-89BE-CF6736D8B88F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "http://amdroidapp.com/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
},
{
"url": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29739/CVE%20detail.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://play.google.com/store/apps/details?id=com.amdroidalarmclock.amdroid",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-297xx/CVE-2023-29740.json b/CVE-2023/CVE-2023-297xx/CVE-2023-29740.json
index ddc0bfe606d..29b26f17d80 100644
--- a/CVE-2023/CVE-2023-297xx/CVE-2023-29740.json
+++ b/CVE-2023/CVE-2023-297xx/CVE-2023-29740.json
@@ -2,31 +2,96 @@
"id": "CVE-2023-29740",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-30T23:15:09.750",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T20:47:41.763",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unauthorized apps to cause a denial of service attack by manipulating the database."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:amdroidapp:alarm_clock_for_heavy_sleepers:5.3.2:*:*:*:*:android:*:*",
+ "matchCriteriaId": "50F4521A-9CDC-4EDD-89BE-CF6736D8B88F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "http://amdroidapp.com/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
},
{
"url": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29740/CVE%20detail.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://play.google.com/store/apps/details?id=com.amdroidalarmclock.amdroid",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
},
{
"url": "https://play.google.com/store/apps/details?id=com.icoolme.android.weather",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Not Applicable"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-297xx/CVE-2023-29741.json b/CVE-2023/CVE-2023-297xx/CVE-2023-29741.json
index 9f4314e0bc3..5f3fecdba64 100644
--- a/CVE-2023/CVE-2023-297xx/CVE-2023-29741.json
+++ b/CVE-2023/CVE-2023-297xx/CVE-2023-29741.json
@@ -2,27 +2,89 @@
"id": "CVE-2023-29741",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-30T23:15:09.793",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T20:38:34.487",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause an escalation of privileges attack by manipulating the database."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:bestweather_project:bestweather:7.3.1:*:*:*:*:android:*:*",
+ "matchCriteriaId": "D833F103-F2C2-405C-9031-1062FF5A0391"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "http://www.zmtqsh.com/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Broken Link"
+ ]
},
{
"url": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29741/CVE%20detail.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://play.google.com/store/apps/details?id=com.icoolme.android.weather",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-297xx/CVE-2023-29742.json b/CVE-2023/CVE-2023-297xx/CVE-2023-29742.json
index ab5aa609d16..86f385da96b 100644
--- a/CVE-2023/CVE-2023-297xx/CVE-2023-29742.json
+++ b/CVE-2023/CVE-2023-297xx/CVE-2023-29742.json
@@ -2,27 +2,82 @@
"id": "CVE-2023-29742",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T00:15:10.153",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T17:07:25.310",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a code execution attack by manipulating the database."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:bestweather_project:bestweather:7.3.1:*:*:*:*:android:*:*",
+ "matchCriteriaId": "D833F103-F2C2-405C-9031-1062FF5A0391"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
- {
- "url": "http://www.zmtqsh.com/",
- "source": "cve@mitre.org"
- },
{
"url": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29742/CVE%20detail.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://play.google.com/store/apps/details?id=com.icoolme.android.weather",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-297xx/CVE-2023-29743.json b/CVE-2023/CVE-2023-297xx/CVE-2023-29743.json
index 3a0712be0dc..0d296a1bf32 100644
--- a/CVE-2023/CVE-2023-297xx/CVE-2023-29743.json
+++ b/CVE-2023/CVE-2023-297xx/CVE-2023-29743.json
@@ -2,27 +2,89 @@
"id": "CVE-2023-29743",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-30T23:15:09.840",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T20:39:57.370",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating the database."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:bestweather_project:bestweather:7.3.1:*:*:*:*:android:*:*",
+ "matchCriteriaId": "D833F103-F2C2-405C-9031-1062FF5A0391"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "http://www.zmtqsh.com/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Broken Link"
+ ]
},
{
"url": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29743/CVE%20detail.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://play.google.com/store/apps/details?id=com.icoolme.android.weather",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-297xx/CVE-2023-29745.json b/CVE-2023/CVE-2023-297xx/CVE-2023-29745.json
index 290c14b1758..1166671da5f 100644
--- a/CVE-2023/CVE-2023-297xx/CVE-2023-29745.json
+++ b/CVE-2023/CVE-2023-297xx/CVE-2023-29745.json
@@ -2,31 +2,89 @@
"id": "CVE-2023-29745",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T00:15:10.200",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T17:11:55.933",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating the database."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:bestweather_project:bestweather:7.3.1:*:*:*:*:android:*:*",
+ "matchCriteriaId": "D833F103-F2C2-405C-9031-1062FF5A0391"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "http://www.zmtqsh.com/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Broken Link"
+ ]
},
{
"url": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29745/CVE%20detail.md",
- "source": "cve@mitre.org"
- },
- {
- "url": "https://play.google.com/store/apps/details?id=com.TheThaiger.android",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://play.google.com/store/apps/details?id=com.icoolme.android.weather",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-297xx/CVE-2023-29747.json b/CVE-2023/CVE-2023-297xx/CVE-2023-29747.json
index ca0227b090b..9a073a311bb 100644
--- a/CVE-2023/CVE-2023-297xx/CVE-2023-29747.json
+++ b/CVE-2023/CVE-2023-297xx/CVE-2023-29747.json
@@ -2,27 +2,90 @@
"id": "CVE-2023-29747",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T16:15:09.573",
- "lastModified": "2023-05-31T17:37:09.913",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T14:34:15.043",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Story Saver for Instragram - Video Downloader 1.0.6 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memory when the application is opened. Depending on how the data is used, this can result in various attack consequences, such as ad display exceptions."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:story_saver_for_instagram_-_video_downloader_project:story_saver_for_instagram_-_video_downloader:1.0.6:*:*:*:*:android:*:*",
+ "matchCriteriaId": "348BBEC0-3036-4545-8724-CB46795AD49D"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://apksos.com/app/story.saver.downloader.photo.video.repost.byrk",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
},
{
"url": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29747/CVE%20detail.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.instagram.com/nihans_macrame/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Broken Link",
+ "Not Applicable"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-297xx/CVE-2023-29748.json b/CVE-2023/CVE-2023-297xx/CVE-2023-29748.json
index c16ab042a71..eecf39de225 100644
--- a/CVE-2023/CVE-2023-297xx/CVE-2023-29748.json
+++ b/CVE-2023/CVE-2023-297xx/CVE-2023-29748.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-29748",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-01T03:15:20.500",
- "lastModified": "2023-06-01T13:00:30.717",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T16:08:01.943",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -14,23 +14,88 @@
"value": "Story Saver para Instagram - V\u00eddeo Downloader v1.0.6 para Android tiene un componente expuesto que proporciona un m\u00e9todo para modificar el archivo \"SharedPreference\". Un atacante puede aprovechar este m\u00e9todo para inyectar una gran cantidad de datos en cualquier archivo \"SharedPreference\", que se cargar\u00e1 en la memoria cuando se abra la aplicaci\u00f3n. Cuando un atacante inyecta demasiados datos, la aplicaci\u00f3n desencadenar\u00e1 un error \"OOM\" y se bloquear\u00e1 al iniciarse, lo que provocar\u00e1 una denegaci\u00f3n de servicio persistente."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:story_saver_for_instagram_-_video_downloader_project:story_saver_for_instagram_-_video_downloader:1.0.6:*:*:*:*:android:*:*",
+ "matchCriteriaId": "348BBEC0-3036-4545-8724-CB46795AD49D"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://apksos.com/app/story.saver.downloader.photo.video.repost.byrk",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
},
{
"url": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29748/CVE%20detail.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://play.google.com/store/apps/details?id=ru.yandex.yandexnavi",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Not Applicable"
+ ]
},
{
"url": "https://www.instagram.com/nihans_macrame/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Not Applicable"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2904.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2904.json
new file mode 100644
index 00000000000..e6ee4b8f1f4
--- /dev/null
+++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2904.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-2904",
+ "sourceIdentifier": "ics-cert@hq.dhs.gov",
+ "published": "2023-06-07T22:15:09.963",
+ "lastModified": "2023-06-08T02:44:28.663",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The External Visitor Manager portal of HID\u2019s SAFE versions 5.8.0 through\n 5.11.3 are vulnerable to manipulation within web fields in the \napplication programmable interface (API). An attacker could log in using\n account credentials available through a request generated by an \ninternal user and then manipulate the visitor-id within the web API to \naccess the personal data of other users. There is no limit on the number\n of requests that can be made to the HID SAFE Web Server, so an attacker\n could also exploit this vulnerability to create a denial-of-service \ncondition.\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.3,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-471"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-02",
+ "source": "ics-cert@hq.dhs.gov"
+ },
+ {
+ "url": "https://www.hidglobal.com/security-center",
+ "source": "ics-cert@hq.dhs.gov"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2909.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2909.json
index 2b6c6e94889..ac0a8d15dbb 100644
--- a/CVE-2023/CVE-2023-29xx/CVE-2023-2909.json
+++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2909.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2909",
"sourceIdentifier": "security@asustor.com",
"published": "2023-05-31T10:15:09.577",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T14:04:32.317",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,29 +12,59 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 10.0,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 6.0
+ },
{
"source": "security@asustor.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
- "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
- "confidentialityImpact": "LOW",
- "integrityImpact": "LOW",
- "availabilityImpact": "LOW",
- "baseScore": 6.0,
- "baseSeverity": "MEDIUM"
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.5,
+ "baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
- "impactScore": 3.7
+ "impactScore": 6.0
}
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ }
+ ]
+ },
{
"source": "security@asustor.com",
"type": "Secondary",
@@ -46,10 +76,46 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:asustor:adm:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.0.0",
+ "versionEndIncluding": "4.0.6.reg2",
+ "matchCriteriaId": "E1E548E7-6905-4F55-A71A-50EC37223D6A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:asustor:adm:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.1.0",
+ "versionEndIncluding": "4.1.0rlq1",
+ "matchCriteriaId": "1DCF070D-E211-47B4-9BB4-1623173DF027"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:asustor:adm:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.2.0",
+ "versionEndIncluding": "4.2.1.rge2",
+ "matchCriteriaId": "A584E04F-E349-4F7C-86B4-093271659313"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://www.asustor.com/security/security_advisory_detail?id=25",
- "source": "security@asustor.com"
+ "source": "security@asustor.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2952.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2952.json
index 781d91a9d9e..130131d833b 100644
--- a/CVE-2023/CVE-2023-29xx/CVE-2023-2952.json
+++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2952.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2952",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-05-30T23:15:09.887",
- "lastModified": "2023-06-03T19:15:09.303",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T20:18:04.490",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ },
{
"source": "cve@gitlab.com",
"type": "Secondary",
@@ -34,22 +54,87 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-835"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.6.0",
+ "versionEndExcluding": "3.6.14",
+ "matchCriteriaId": "CED49BFD-0350-4790-9D15-35875AEE4F00"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.0.0",
+ "versionEndExcluding": "4.0.6",
+ "matchCriteriaId": "FBA0E5F8-10A3-4294-95A8-6CB594C4DADE"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2952.json",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19100",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Exploit"
+ ]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00004.html",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-20.html",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2953.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2953.json
index 9e886c67ab1..bb5c55c51c3 100644
--- a/CVE-2023/CVE-2023-29xx/CVE-2023-2953.json
+++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2953.json
@@ -2,16 +2,49 @@
"id": "CVE-2023-2953",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-05-30T22:15:10.613",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T17:17:39.860",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-476"
+ }
+ ]
+ },
{
"source": "secalert@redhat.com",
"type": "Secondary",
@@ -23,14 +56,58 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:openldap:openldap:2.4:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AF7B8F72-1490-482D-80EB-D08637F2E037"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-2953",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://bugs.openldap.org/show_bug.cgi?id=9904",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Issue Tracking",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2961.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2961.json
new file mode 100644
index 00000000000..a3598457a84
--- /dev/null
+++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2961.json
@@ -0,0 +1,32 @@
+{
+ "id": "CVE-2023-2961",
+ "sourceIdentifier": "secalert@redhat.com",
+ "published": "2023-06-06T20:15:13.523",
+ "lastModified": "2023-06-07T02:45:15.873",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A segmentation fault flaw was found in the Advancecomp package. This may lead to decreased availability."
+ }
+ ],
+ "metrics": {},
+ "weaknesses": [
+ {
+ "source": "secalert@redhat.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-20"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210768",
+ "source": "secalert@redhat.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2968.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2968.json
index 7205bd21710..f02d42ae54f 100644
--- a/CVE-2023/CVE-2023-29xx/CVE-2023-2968.json
+++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2968.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2968",
"sourceIdentifier": "reefs@jfrog.com",
"published": "2023-05-30T18:15:09.997",
- "lastModified": "2023-05-30T18:52:32.890",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T14:38:15.320",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
{
"source": "reefs@jfrog.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ },
{
"source": "reefs@jfrog.com",
"type": "Secondary",
@@ -46,10 +76,36 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:proxy_project:proxy:2.0.0:*:*:*:*:node.js:*:*",
+ "matchCriteriaId": "EA869EEF-BBAA-4023-AC46-1319DE4B47D4"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:proxy_project:proxy:2.1.1:*:*:*:*:node.js:*:*",
+ "matchCriteriaId": "5BDB97E8-1821-449C-B357-C3BB730D9061"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://research.jfrog.com/vulnerabilities/undefined-variable-usage-in-proxy-leads-to-remote-denial-of-service-xray-520917",
- "source": "reefs@jfrog.com"
+ "source": "reefs@jfrog.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2977.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2977.json
index 04df29cf726..0766112925b 100644
--- a/CVE-2023/CVE-2023-29xx/CVE-2023-2977.json
+++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2977.json
@@ -2,16 +2,49 @@
"id": "CVE-2023-2977",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-06-01T01:15:17.917",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T18:45:22.567",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.2
+ }
+ ]
+ },
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
+ },
{
"source": "secalert@redhat.com",
"type": "Secondary",
@@ -23,22 +56,73 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:opensc_project:opensc:0.23.0:-:*:*:*:*:*:*",
+ "matchCriteriaId": "5359CB94-DE52-425E-AA8D-2792F953364F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-2977",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211088",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Issue Tracking",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://github.com/OpenSC/OpenSC/issues/2785",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Issue Tracking",
+ "Patch"
+ ]
},
{
"url": "https://github.com/OpenSC/OpenSC/pull/2787",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Patch"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2985.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2985.json
index f3110cf0bef..a2ecdaa2f81 100644
--- a/CVE-2023/CVE-2023-29xx/CVE-2023-2985.json
+++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2985.json
@@ -2,16 +2,49 @@
"id": "CVE-2023-2985",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-06-01T01:15:17.970",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T19:00:55.003",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-416"
+ }
+ ]
+ },
{
"source": "secalert@redhat.com",
"type": "Secondary",
@@ -23,10 +56,32 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.3",
+ "matchCriteriaId": "3769AA63-B0A8-4EF1-96F9-6A6A6B305A02"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=07db5e247ab5858439b14dd7cc1fe538b9efcf32",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List",
+ "Patch"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2986.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2986.json
new file mode 100644
index 00000000000..ccca65b5249
--- /dev/null
+++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2986.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2023-2986",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-08T02:15:09.217",
+ "lastModified": "2023-06-08T02:44:28.663",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated attackers to log in as users who have abandoned the cart, which users are typically customers."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-288"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/woocommerce-abandoned-cart/trunk/woocommerce-ac.php#L1815",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/woocommerce-abandoned-cart/trunk/woocommerce-ac.php?rev=2916178#L1800",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2922242/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/68052614-204f-4237-af0e-4b8210ebd59f?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2987.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2987.json
index 850488324f1..00b7e681ab4 100644
--- a/CVE-2023/CVE-2023-29xx/CVE-2023-2987.json
+++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2987.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2987",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-05-31T03:15:09.643",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T16:14:17.600",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ },
{
"source": "security@wordfence.com",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-345"
+ }
+ ]
+ },
{
"source": "security@wordfence.com",
"type": "Secondary",
@@ -50,22 +80,52 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:wordapp:wordapp:*:*:*:*:*:wordpress:*:*",
+ "versionEndIncluding": "1.5.0",
+ "matchCriteriaId": "5BBC80E3-CFF0-4AAB-8A43-93613FDD05C2"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wordapp/trunk/includes/access.php#L28",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://plugins.trac.wordpress.org/browser/wordapp/trunk/includes/config.php#L59",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://plugins.trac.wordpress.org/browser/wordapp/trunk/includes/pdx.php#L64",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/80440bfa-4a02-4441-bbdb-52d7dd065a9d?source=cve",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-301xx/CVE-2023-30197.json b/CVE-2023/CVE-2023-301xx/CVE-2023-30197.json
index 9791e2646ab..a65f31e8814 100644
--- a/CVE-2023/CVE-2023-301xx/CVE-2023-30197.json
+++ b/CVE-2023/CVE-2023-301xx/CVE-2023-30197.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-30197",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T01:15:43.223",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T13:34:46.833",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
{
"source": "cve@mitre.org",
"type": "Secondary",
@@ -34,14 +54,50 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:webbax:myinventory:*:*:*:*:*:prestashop:*:*",
+ "versionEndExcluding": "1.6.7",
+ "matchCriteriaId": "DA9617FF-F859-490F-BD62-7F91B1702E7C"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://friends-of-presta.github.io/security-advisories/modules/2023/05/30/myinventory.html",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://github.com/PrestaShop/PrestaShop/blob/6c05518b807d014ee8edb811041e3de232520c28/classes/Tools.php#L1247",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-302xx/CVE-2023-30281.json b/CVE-2023/CVE-2023-302xx/CVE-2023-30281.json
index 8ef7814d9d0..a61d6286e89 100644
--- a/CVE-2023/CVE-2023-302xx/CVE-2023-30281.json
+++ b/CVE-2023/CVE-2023-302xx/CVE-2023-30281.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-30281",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-16T20:15:09.323",
- "lastModified": "2023-05-24T20:41:21.293",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-07T01:15:39.057",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "Insecure permissions in the ps_customer table of Prestashop scquickaccounting before v3.7.3 allows attackers to access sensitive information stored in the component."
+ "value": "Insecure permissions vulnerability was discovered, due to a lack of permissions\u2019s control in scquickaccounting before v3.7.3 from Store Commander for PrestaShop, a guest can access exports from the module which can lead to leak of personnal informations from ps_customer table sush as name / surname / email"
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-302xx/CVE-2023-30285.json b/CVE-2023/CVE-2023-302xx/CVE-2023-30285.json
index c64ff7ad546..eff381fafc9 100644
--- a/CVE-2023/CVE-2023-302xx/CVE-2023-30285.json
+++ b/CVE-2023/CVE-2023-302xx/CVE-2023-30285.json
@@ -2,27 +2,82 @@
"id": "CVE-2023-30285",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T12:15:09.410",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T13:46:38.393",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in Deviniti Issue Sync Synchronization v3.5.2 for Jira allows attackers to obtain the login credentials of a user via a crafted request sent to /rest/synchronizer/1.0/technicalUser."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:deviniti:issue_sync:*:*:*:*:*:jira:*:*",
+ "versionEndExcluding": "3.5.2",
+ "matchCriteriaId": "BFF1CF92-0C1B-4F29-BBFB-DCAA5965023A"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "http://deviniti.com",
- "source": "cve@mitre.org"
- },
- {
- "url": "http://issue.com",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
},
{
"url": "https://github.com/D23K4N/CVE/blob/main/CVE-2023-30285.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-304xx/CVE-2023-30400.json b/CVE-2023/CVE-2023-304xx/CVE-2023-30400.json
new file mode 100644
index 00000000000..aeffc6e6cb2
--- /dev/null
+++ b/CVE-2023/CVE-2023-304xx/CVE-2023-30400.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2023-30400",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-07T01:15:39.143",
+ "lastModified": "2023-06-07T02:45:10.733",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue was discovered in Anyka Microelectronics AK3918EV300 MCU v18. A command injection vulnerability in the network configuration script within the MCU's operating system allows attackers to perform arbitrary command execution via a crafted wifi SSID or password."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://arxiv.org/abs/2306.00610",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/Nemobi/ak3918ev300v18",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-305xx/CVE-2023-30575.json b/CVE-2023/CVE-2023-305xx/CVE-2023-30575.json
new file mode 100644
index 00000000000..9be91f78089
--- /dev/null
+++ b/CVE-2023/CVE-2023-305xx/CVE-2023-30575.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-30575",
+ "sourceIdentifier": "security@apache.org",
+ "published": "2023-06-07T09:15:09.993",
+ "lastModified": "2023-06-07T12:52:33.093",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data.\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@apache.org",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@apache.org",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-74"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://lists.apache.org/thread/tn63n2lon0h5p45oft834t1dqvvxownv",
+ "source": "security@apache.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-305xx/CVE-2023-30576.json b/CVE-2023/CVE-2023-305xx/CVE-2023-30576.json
new file mode 100644
index 00000000000..e273b71c39b
--- /dev/null
+++ b/CVE-2023/CVE-2023-305xx/CVE-2023-30576.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-30576",
+ "sourceIdentifier": "security@apache.org",
+ "published": "2023-06-07T09:15:10.080",
+ "lastModified": "2023-06-07T12:52:33.093",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute arbitrary code with the privileges of the guacd process.\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@apache.org",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.8,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.6,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@apache.org",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-416"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://lists.apache.org/thread/vgtvxb3w7mm84hx6v8dfc0onsoz05gb6",
+ "source": "security@apache.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30758.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30758.json
index a18fb36ec57..30305b8d2e4 100644
--- a/CVE-2023/CVE-2023-307xx/CVE-2023-30758.json
+++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30758.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-30758",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-01T02:15:09.847",
- "lastModified": "2023-06-01T13:00:30.717",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T12:57:12.083",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -14,19 +14,85 @@
"value": "Se ha descubierto una vulnerabilidad de Cross-Site Scripting (XSS) en Pleasanter v1.3.38.1 y anteriores que permite a un atacante remoto autenticado inyectar un script arbitrario. "
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:pleasanter:pleasanter:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.3.38.1",
+ "matchCriteriaId": "97B48747-5C48-4C0E-9584-3584E801DCB4"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/Implem/Implem.Pleasanter/issues/474",
- "source": "vultures@jpcert.or.jp"
+ "source": "vultures@jpcert.or.jp",
+ "tags": [
+ "Exploit",
+ "Issue Tracking",
+ "Patch",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://jvn.jp/en/jp/JVN62111727/",
- "source": "vultures@jpcert.or.jp"
+ "source": "vultures@jpcert.or.jp",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://pleasanter.org/archives/vulnerability-update-202305",
- "source": "vultures@jpcert.or.jp"
+ "source": "vultures@jpcert.or.jp",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30771.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30771.json
index 818265617a8..ffd117f6291 100644
--- a/CVE-2023/CVE-2023-307xx/CVE-2023-30771.json
+++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30771.json
@@ -2,15 +2,38 @@
"id": "CVE-2023-30771",
"sourceIdentifier": "security@apache.org",
"published": "2023-04-17T08:15:07.857",
- "lastModified": "2023-04-18T03:15:07.857",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T14:03:55.963",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database.\n\nThis problem is fixed from version 0.13.4 of iotdb-web-workbench onwards.\n\n"
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
"weaknesses": [
{
"source": "security@apache.org",
@@ -23,14 +46,38 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:apache:iotdb_web_workbench:0.13.3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "08E39F78-DF04-4679-8CD3-02BAA3DB082B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/04/18/7",
- "source": "security@apache.org"
+ "source": "security@apache.org",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.apache.org/thread/08nc3dr6lshfppx0pzmz5vbggdnzpojb",
- "source": "security@apache.org"
+ "source": "security@apache.org",
+ "tags": [
+ "Mailing List",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-308xx/CVE-2023-30863.json b/CVE-2023/CVE-2023-308xx/CVE-2023-30863.json
new file mode 100644
index 00000000000..92c6a39381a
--- /dev/null
+++ b/CVE-2023/CVE-2023-308xx/CVE-2023-30863.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-30863",
+ "sourceIdentifier": "security@unisoc.com",
+ "published": "2023-06-06T06:15:51.317",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In Connectivity Service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1664822361414762498",
+ "source": "security@unisoc.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-308xx/CVE-2023-30864.json b/CVE-2023/CVE-2023-308xx/CVE-2023-30864.json
new file mode 100644
index 00000000000..a08975e00b7
--- /dev/null
+++ b/CVE-2023/CVE-2023-308xx/CVE-2023-30864.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-30864",
+ "sourceIdentifier": "security@unisoc.com",
+ "published": "2023-06-06T06:15:51.437",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In Connectivity Service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1664822361414762498",
+ "source": "security@unisoc.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-308xx/CVE-2023-30865.json b/CVE-2023/CVE-2023-308xx/CVE-2023-30865.json
new file mode 100644
index 00000000000..028a6b688ad
--- /dev/null
+++ b/CVE-2023/CVE-2023-308xx/CVE-2023-30865.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-30865",
+ "sourceIdentifier": "security@unisoc.com",
+ "published": "2023-06-06T06:15:51.607",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In dialer service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1664822361414762498",
+ "source": "security@unisoc.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-308xx/CVE-2023-30866.json b/CVE-2023/CVE-2023-308xx/CVE-2023-30866.json
new file mode 100644
index 00000000000..ddb8ba2294b
--- /dev/null
+++ b/CVE-2023/CVE-2023-308xx/CVE-2023-30866.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-30866",
+ "sourceIdentifier": "security@unisoc.com",
+ "published": "2023-06-06T06:15:51.800",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1664822361414762498",
+ "source": "security@unisoc.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-308xx/CVE-2023-30868.json b/CVE-2023/CVE-2023-308xx/CVE-2023-30868.json
index a70481ab133..e341d1705b7 100644
--- a/CVE-2023/CVE-2023-308xx/CVE-2023-30868.json
+++ b/CVE-2023/CVE-2023-308xx/CVE-2023-30868.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-30868",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-18T09:15:10.437",
- "lastModified": "2023-05-25T16:17:51.900",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-06T19:15:11.503",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -56,7 +56,7 @@
},
"weaknesses": [
{
- "source": "nvd@nist.gov",
+ "source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
@@ -66,7 +66,7 @@
]
},
{
- "source": "audit@patchstack.com",
+ "source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
@@ -95,6 +95,10 @@
}
],
"references": [
+ {
+ "url": "http://packetstormsecurity.com/files/172730/WordPress-Tree-Page-View-1.6.7-Cross-Site-Scripting.html",
+ "source": "audit@patchstack.com"
+ },
{
"url": "https://patchstack.com/database/vulnerability/cms-tree-page-view/wordpress-cms-tree-page-view-plugin-1-6-7-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30914.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30914.json
new file mode 100644
index 00000000000..605ea9f8079
--- /dev/null
+++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30914.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-30914",
+ "sourceIdentifier": "security@unisoc.com",
+ "published": "2023-06-06T06:15:51.977",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In email service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1664822361414762498",
+ "source": "security@unisoc.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30915.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30915.json
new file mode 100644
index 00000000000..eebb9dc1daa
--- /dev/null
+++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30915.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-30915",
+ "sourceIdentifier": "security@unisoc.com",
+ "published": "2023-06-06T06:15:52.080",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In email service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1664822361414762498",
+ "source": "security@unisoc.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30948.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30948.json
new file mode 100644
index 00000000000..eadc37e64de
--- /dev/null
+++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30948.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2023-30948",
+ "sourceIdentifier": "cve-coordination@palantir.com",
+ "published": "2023-06-06T15:15:09.350",
+ "lastModified": "2023-06-06T18:34:03.700",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's content.\n\nThis defect was fixed in Foundry Comments 2.249.0, and a patch was rolled out to affected Foundry environments. No further intervention is required at this time."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "cve-coordination@palantir.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://palantir.safebase.us/?tcuUid=101b083b-6389-4261-98f8-23448e133a62",
+ "source": "cve-coordination@palantir.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3003.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3003.json
index 3dcd40bd9b9..3b3eb140a19 100644
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3003.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3003.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3003",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-31T09:15:10.600",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T16:31:28.410",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@@ -71,18 +93,48 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:train_station_ticketing_system_project:train_station_ticketing_system:1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F3FFACDF-7EB6-4B98-8D37-DF7078FE2B2E"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/shiyur14/bugReport/blob/main/SQL.md",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Exploit"
+ ]
},
{
"url": "https://vuldb.com/?ctiid.230347",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "https://vuldb.com/?id.230347",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3004.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3004.json
index 1ff9b550c08..c26604dcada 100644
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3004.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3004.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3004",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-31T09:15:10.677",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T16:34:04.167",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@@ -71,18 +93,48 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:simple_chat_system_project:simple_chat_system:1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "767D2E82-8F8D-4E48-930B-252CF8A99F6F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/sikii7/CVE/blob/main/SQL.md",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Exploit"
+ ]
},
{
"url": "https://vuldb.com/?ctiid.230348",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "https://vuldb.com/?id.230348",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3005.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3005.json
index 044c76219d4..02078d93dfc 100644
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3005.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3005.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3005",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-31T09:15:10.743",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T16:32:31.537",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@@ -71,18 +93,48 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:local_service_search_engine_management_system_project:local_service_search_engine_management_system:1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8B9B2ABA-7806-43F5-9571-52B741A2F114"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/sikii7/CVE/blob/main/XSS.md",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Exploit"
+ ]
},
{
"url": "https://vuldb.com/?ctiid.230349",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "https://vuldb.com/?id.230349",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3006.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3006.json
index 94639aef3a7..883e0a3274e 100644
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3006.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3006.json
@@ -2,16 +2,49 @@
"id": "CVE-2023-3006",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-05-31T20:15:11.127",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T02:38:11.807",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, becomes actual again for the new hw AmpereOne. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history (stored in the CPU Branch History Buffer, or BHB) to influence mispredicted branches within the victim's hardware context. Once that occurs, speculation caused by the mispredicted branches can cause cache allocation. This issue leads to obtaining information that should not be accessible."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-212"
+ }
+ ]
+ },
{
"source": "secalert@redhat.com",
"type": "Secondary",
@@ -23,10 +56,31 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*",
+ "matchCriteriaId": "E7E331DA-1FB0-4DEC-91AC-7DA69D461C11"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git/commit/?id=0e5d5ae837c8",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List",
+ "Patch"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3007.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3007.json
index 4d9388831bd..64a264fb82e 100644
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3007.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3007.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3007",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-31T12:15:09.550",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T16:33:02.010",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@@ -61,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -69,20 +91,60 @@
"value": "CWE-640"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-640"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:student_management_system_project:student_management_system:1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A7B8D380-AE4F-4AA2-AFFA-EA5477647B41"
+ }
+ ]
+ }
+ ]
}
],
"references": [
{
"url": "https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/student-management-system/password_reset.md",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Broken Link"
+ ]
},
{
"url": "https://vuldb.com/?ctiid.230354",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "https://vuldb.com/?id.230354",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3008.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3008.json
index fa731484cf3..97d208656de 100644
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3008.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3008.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3008",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-31T12:15:09.640",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T16:33:21.420",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@@ -71,18 +93,48 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:student_management_system_project:student_management_system:1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A7B8D380-AE4F-4AA2-AFFA-EA5477647B41"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/student-management-system/sql_inject.md",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Broken Link"
+ ]
},
{
"url": "https://vuldb.com/?ctiid.230355",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "https://vuldb.com/?id.230355",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3009.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3009.json
index a8c0f49fc40..87a2e283471 100644
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3009.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3009.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3009",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-05-31T13:15:10.367",
- "lastModified": "2023-05-31T13:34:42.827",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T20:00:03.617",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ }
+ ],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@@ -46,14 +68,39 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "3.0.9",
+ "matchCriteriaId": "1FBD6586-DC7F-4FD6-BB8D-9874CCFACB2E"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/nilsteampassnet/teampass/commit/6ba8cf1f4b89d62a08d122d533ccf4cb4e26a4ee",
- "source": "security@huntr.dev"
+ "source": "security@huntr.dev",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://huntr.dev/bounties/2929faca-5822-4636-8f04-ca5e0001361f",
- "source": "security@huntr.dev"
+ "source": "security@huntr.dev",
+ "tags": [
+ "Exploit",
+ "Patch"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3012.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3012.json
index 28df69b726f..5be268b8b2c 100644
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3012.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3012.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3012",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-05-31T14:15:11.097",
- "lastModified": "2023-05-31T14:22:04.583",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T20:57:10.037",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@@ -36,7 +58,7 @@
},
"weaknesses": [
{
- "source": "security@huntr.dev",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -44,16 +66,51 @@
"value": "CWE-476"
}
]
+ },
+ {
+ "source": "security@huntr.dev",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-476"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.2.2",
+ "matchCriteriaId": "DBF31B7B-F4C7-40C0-9245-09FECA1A8164"
+ }
+ ]
+ }
+ ]
}
],
"references": [
{
"url": "https://github.com/gpac/gpac/commit/53387aa86c1af1228d0fa57c67f9c7330716d5a7",
- "source": "security@huntr.dev"
+ "source": "security@huntr.dev",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://huntr.dev/bounties/916b787a-c603-409d-afc6-25bb02070e69",
- "source": "security@huntr.dev"
+ "source": "security@huntr.dev",
+ "tags": [
+ "Exploit",
+ "Patch"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3013.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3013.json
index 3539241d36a..4a256a22f4f 100644
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3013.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3013.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3013",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-05-31T14:15:11.157",
- "lastModified": "2023-05-31T14:22:04.583",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T20:54:50.783",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.2
+ }
+ ],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@@ -46,14 +68,39 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.2.2",
+ "matchCriteriaId": "DBF31B7B-F4C7-40C0-9245-09FECA1A8164"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/gpac/gpac/commit/78e539b43293829a14a32e821f5267e3b7417594",
- "source": "security@huntr.dev"
+ "source": "security@huntr.dev",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://huntr.dev/bounties/52f95edc-cc03-4a9f-9bf8-74f641260073",
- "source": "security@huntr.dev"
+ "source": "security@huntr.dev",
+ "tags": [
+ "Exploit",
+ "Patch"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3014.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3014.json
index 5501d7921c6..2d628c87a5e 100644
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3014.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3014.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3014",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-31T14:15:11.223",
- "lastModified": "2023-05-31T14:22:04.583",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T20:59:09.540",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@@ -71,18 +93,46 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:beipyvideoresolution_project:beipyvideoresolution:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "2.6",
+ "matchCriteriaId": "E24081BC-DB32-4260-97E0-50ED35DAADCF"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/BeipyVideoResolution/xss.md",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Broken Link"
+ ]
},
{
"url": "https://vuldb.com/?ctiid.230358",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://vuldb.com/?id.230358",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3015.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3015.json
index 849f20b672f..a0e093a4de7 100644
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3015.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3015.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3015",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-31T14:15:11.290",
- "lastModified": "2023-05-31T14:22:04.583",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T15:46:57.890",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@@ -71,18 +93,46 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:vip_video_analysis_project:vip_video_analysis:1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9508D64F-10B7-43D0-B889-1C214DFE0079"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/VIP-video-analysis/SSRF.md",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Broken Link"
+ ]
},
{
"url": "https://vuldb.com/?ctiid.230359",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://vuldb.com/?id.230359",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3016.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3016.json
index 4336ddf9798..04c36a96a7f 100644
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3016.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3016.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3016",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-31T14:15:11.353",
- "lastModified": "2023-05-31T14:22:04.583",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T15:40:35.873",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@@ -71,18 +93,46 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:vip_video_analysis_project:vip_video_analysis:1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9508D64F-10B7-43D0-B889-1C214DFE0079"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/VIP-video-analysis/XSS.md",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Broken Link"
+ ]
},
{
"url": "https://vuldb.com/?ctiid.230360",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://vuldb.com/?id.230360",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3017.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3017.json
index 9817520fe5c..0e0ed311c71 100644
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3017.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3017.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3017",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-31T15:15:09.627",
- "lastModified": "2023-05-31T17:37:09.913",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T02:52:51.450",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ }
+ ],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@@ -71,18 +93,44 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:lost_and_found_information_system_project:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E7B84257-5F4C-48D4-8097-A6FA541667BE"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://medium.com/@akashpandey380/lost-and-found-information-system-v1-0-html-injection-3596f2b856c0",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Exploit"
+ ]
},
{
"url": "https://vuldb.com/?ctiid.230361",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://vuldb.com/?id.230361",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3018.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3018.json
index 118e977b1c7..166f0be5373 100644
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3018.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3018.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3018",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-31T15:15:09.713",
- "lastModified": "2023-05-31T19:15:27.407",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T02:33:45.763",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@@ -71,22 +93,53 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:lost_and_found_information_system_project:lost_and_found_information_system:1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E7B84257-5F4C-48D4-8097-A6FA541667BE"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "http://packetstormsecurity.com/files/172653/Lost-And-Found-Information-System-1.0-Broken-Access-Control-Privilege-Escalation.html",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "https://medium.com/@akashpandey380/lost-and-found-information-system-v1-0-idor-cve-2023-977966c4450d",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Exploit"
+ ]
},
{
"url": "https://vuldb.com/?ctiid.230362",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://vuldb.com/?id.230362",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3020.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3020.json
index 546e4222031..93fd75972d5 100644
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3020.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3020.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3020",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-05-31T17:15:09.567",
- "lastModified": "2023-05-31T17:37:09.913",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T19:28:02.127",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@@ -46,14 +68,39 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:scilicot:i\\,_librarian:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "5.10.4",
+ "matchCriteriaId": "B8366708-D2ED-4C03-9341-EA773907E156"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/mkucej/i-librarian-free/commit/3f2c64768a70fc0d529bc29d47bc706ecf26314e",
- "source": "security@huntr.dev"
+ "source": "security@huntr.dev",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://huntr.dev/bounties/92cbe37c-33fa-43bf-8d5b-69aebf51d32c",
- "source": "security@huntr.dev"
+ "source": "security@huntr.dev",
+ "tags": [
+ "Exploit",
+ "Patch"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3021.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3021.json
index f584290ef77..3d3c8eb688e 100644
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3021.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3021.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3021",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-05-31T17:15:09.637",
- "lastModified": "2023-05-31T17:37:09.913",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T19:30:22.443",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ }
+ ],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@@ -46,14 +68,39 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:scilico:i\\,_librarian:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "5.10.4",
+ "matchCriteriaId": "513B3BAD-180D-4EF2-A57E-8EAE08875245"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/mkucej/i-librarian-free/commit/187e5ff4f413047fb522a9ab24c3c42555d7cfe7",
- "source": "security@huntr.dev"
+ "source": "security@huntr.dev",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://huntr.dev/bounties/9d289d3a-2931-4e94-b61c-449581736eff",
- "source": "security@huntr.dev"
+ "source": "security@huntr.dev",
+ "tags": [
+ "Exploit",
+ "Patch"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3026.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3026.json
index f56535dbcde..758bb068eca 100644
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3026.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3026.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3026",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-06-01T01:15:18.213",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T14:09:04.243",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@@ -46,14 +68,38 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:diagrams:drawio:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "21.2.8",
+ "matchCriteriaId": "5DF71C98-8D46-49E9-99B4-520F925D1A23"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/jgraph/drawio/commit/c7ac634055c3edfabc7729fc4298a5ab7bfbf384",
- "source": "security@huntr.dev"
+ "source": "security@huntr.dev",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://huntr.dev/bounties/9bbcc127-1e69-4c88-b318-d2afef48eff0",
- "source": "security@huntr.dev"
+ "source": "security@huntr.dev",
+ "tags": [
+ "Permissions Required"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3027.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3027.json
new file mode 100644
index 00000000000..59215ebfe8f
--- /dev/null
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3027.json
@@ -0,0 +1,32 @@
+{
+ "id": "CVE-2023-3027",
+ "sourceIdentifier": "secalert@redhat.com",
+ "published": "2023-06-05T22:15:12.293",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values (instead of the policy apply a static manifest on a managed cluster) of taking advantage of cluster scoped access in a created policy. This feature does not restrict properly to lookup content from the namespace where the policy was created."
+ }
+ ],
+ "metrics": {},
+ "weaknesses": [
+ {
+ "source": "secalert@redhat.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-269"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211468#c0",
+ "source": "secalert@redhat.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3029.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3029.json
index 719466ffd4f..3bef5cf5512 100644
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3029.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3029.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3029",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-01T06:15:15.260",
- "lastModified": "2023-06-01T13:00:30.717",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T17:45:23.853",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@@ -71,18 +93,46 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:pythagorean_oa_office_system_project:pythagorean_oa_office_system:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "4.50.31",
+ "matchCriteriaId": "556C18D7-8259-4A66-A60D-696AF6870AA4"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://gitee.com/gouguopen/office/issues/I74VRG",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://vuldb.com/?ctiid.230458",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required"
+ ]
},
{
"url": "https://vuldb.com/?id.230458",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3035.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3035.json
index 0995807fe6b..03db0828140 100644
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3035.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3035.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3035",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-01T14:15:12.317",
- "lastModified": "2023-06-01T17:29:59.710",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T15:19:29.150",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ }
+ ],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@@ -71,18 +93,46 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:gougucms:pythagorean_oa_office_system:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "4.50.31",
+ "matchCriteriaId": "ADEF2A7A-6D4D-4500-9853-6518685F3920"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://gitee.com/gouguopen/office/issues/I74ZPU",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://vuldb.com/?ctiid.230467",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://vuldb.com/?id.230467",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3059.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3059.json
index 82a8324d297..1b05dbb32c2 100644
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3059.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3059.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3059",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-02T13:15:10.323",
- "lastModified": "2023-06-02T14:32:29.847",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T12:55:29.960",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@@ -71,18 +93,44 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:online_exam_form_submission_project:online_exam_form_submission:1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FD99049F-3BAF-4EFA-8168-586057E007D5"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/Aiiimer/requestCVE/blob/main/SQL.md",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Exploit"
+ ]
},
{
"url": "https://vuldb.com/?ctiid.230565",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://vuldb.com/?id.230565",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3060.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3060.json
index fd247e875b4..9bef202ce78 100644
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3060.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3060.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3060",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-02T14:15:09.530",
- "lastModified": "2023-06-02T14:32:29.847",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T21:35:20.473",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ }
+ ],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@@ -71,18 +93,46 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:agro-school_management_system_project:agro-school_management_system:1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "96ADB127-DE0B-4CD5-B718-C3E50D8AFDD5"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/hotencode/CveHub/blob/main/agricultural%20school%20management%20system%20has%20cross-site%20script%20vulnerability.pdf",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://vuldb.com/?ctiid.230566",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://vuldb.com/?id.230566",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3061.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3061.json
index 1bdc5151a43..8585de21775 100644
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3061.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3061.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3061",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-02T14:15:09.597",
- "lastModified": "2023-06-02T14:32:29.847",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T21:34:45.917",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@@ -71,18 +93,46 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:agro-school_management_system_project:agro-school_management_system:1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "96ADB127-DE0B-4CD5-B718-C3E50D8AFDD5"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/hotencode/CveHub/blob/main/Agro-School%20Management%20System%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://vuldb.com/?ctiid.230567",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://vuldb.com/?id.230567",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3062.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3062.json
index 941b43bc6d6..19c0ca5c5ca 100644
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3062.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3062.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3062",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-02T14:15:09.663",
- "lastModified": "2023-06-02T14:32:29.847",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T21:33:55.697",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@@ -71,18 +93,46 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:agro-school_management_system_project:agro-school_management_system:1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "96ADB127-DE0B-4CD5-B718-C3E50D8AFDD5"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/hotencode/CveHub/blob/main/Agro-School%20Management%20System%20index.php%20has%20Sqlinjection.pdf",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://vuldb.com/?ctiid.230568",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://vuldb.com/?id.230568",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3068.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3068.json
index 95c3cbff733..5148e30405c 100644
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3068.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3068.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3068",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-02T16:15:10.040",
- "lastModified": "2023-06-02T18:10:24.877",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T21:36:08.667",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@@ -71,18 +93,46 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:retro_cellphone_online_store_project:retro_cellphone_online_store:1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A77A0EBC-52BE-4672-A49E-9C10696CD13D"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/wordpress405/cve/blob/main/Retro%20Cellphone%20Online%20Store.pdf",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://vuldb.com/?ctiid.230580",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://vuldb.com/?id.230580",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3069.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3069.json
index 4cdc338fba4..146f7ab69e9 100644
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3069.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3069.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3069",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-06-02T17:15:13.380",
- "lastModified": "2023-06-02T18:10:03.083",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T17:43:09.440",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@@ -36,8 +58,18 @@
},
"weaknesses": [
{
- "source": "security@huntr.dev",
+ "source": "nvd@nist.gov",
"type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-287"
+ }
+ ]
+ },
+ {
+ "source": "security@huntr.dev",
+ "type": "Secondary",
"description": [
{
"lang": "en",
@@ -46,14 +78,39 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:corebos:corebos:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "8.0",
+ "matchCriteriaId": "2ED1C4A9-9F39-4663-9E1B-6270C9CC2539"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/tsolucio/corebos/commit/e3dabd74c68646bb54538d66411fc1e633ec454b",
- "source": "security@huntr.dev"
+ "source": "security@huntr.dev",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://huntr.dev/bounties/00544982-365a-476b-b5fe-42f02f11d367",
- "source": "security@huntr.dev"
+ "source": "security@huntr.dev",
+ "tags": [
+ "Exploit",
+ "Patch"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3070.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3070.json
index 966dee7dcec..51351bf4f73 100644
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3070.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3070.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3070",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-06-02T17:15:13.450",
- "lastModified": "2023-06-02T18:10:03.083",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T17:42:35.870",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ }
+ ],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@@ -46,14 +68,39 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:corebos:corebos:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "8.0",
+ "matchCriteriaId": "2ED1C4A9-9F39-4663-9E1B-6270C9CC2539"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/tsolucio/corebos/commit/b3a7a26c60117d7859b8d77b57fd5771a038c93a",
- "source": "security@huntr.dev"
+ "source": "security@huntr.dev",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://huntr.dev/bounties/e193068e-0b95-403a-8453-e015241b8f1b",
- "source": "security@huntr.dev"
+ "source": "security@huntr.dev",
+ "tags": [
+ "Exploit",
+ "Patch"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3073.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3073.json
index 96a9fbc1696..de6b54a3e01 100644
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3073.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3073.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3073",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-06-02T19:15:09.433",
- "lastModified": "2023-06-02T20:58:57.383",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T17:42:04.270",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ }
+ ],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@@ -46,14 +68,39 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:corebos:corebos:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "8.0",
+ "matchCriteriaId": "2ED1C4A9-9F39-4663-9E1B-6270C9CC2539"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/tsolucio/corebos/commit/e87f77c64061b43186c80ad1b50d313c67d7f6cf",
- "source": "security@huntr.dev"
+ "source": "security@huntr.dev",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://huntr.dev/bounties/a4d6a082-2ea8-49a5-8e48-6d39b5cc62e1",
- "source": "security@huntr.dev"
+ "source": "security@huntr.dev",
+ "tags": [
+ "Exploit",
+ "Patch"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3074.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3074.json
index d83ff72b3bb..2a2ea8e4f2a 100644
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3074.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3074.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3074",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-06-02T18:15:09.650",
- "lastModified": "2023-06-02T20:58:57.383",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T17:42:27.113",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ }
+ ],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@@ -46,14 +68,39 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:corebos:corebos:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "8.0",
+ "matchCriteriaId": "2ED1C4A9-9F39-4663-9E1B-6270C9CC2539"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/tsolucio/corebos/commit/659e328c06a127249e651100d2bc7ec1d2dd8533",
- "source": "security@huntr.dev"
+ "source": "security@huntr.dev",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://huntr.dev/bounties/6132f557-3f0f-465d-990f-4329313349a4",
- "source": "security@huntr.dev"
+ "source": "security@huntr.dev",
+ "tags": [
+ "Exploit",
+ "Patch"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3075.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3075.json
index c05f3068693..debbac1912c 100644
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3075.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3075.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3075",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-06-02T18:15:09.717",
- "lastModified": "2023-06-02T20:58:57.383",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T17:42:18.543",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,6 +11,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@@ -46,14 +68,39 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:corebos:corebos:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "8.0",
+ "matchCriteriaId": "2ED1C4A9-9F39-4663-9E1B-6270C9CC2539"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/tsolucio/corebos/commit/2e415fb4613bc4122578dad5f40c6f819c228a48",
- "source": "security@huntr.dev"
+ "source": "security@huntr.dev",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://huntr.dev/bounties/0f5448a6-d551-424f-887d-80f9bcfaa6e4",
- "source": "security@huntr.dev"
+ "source": "security@huntr.dev",
+ "tags": [
+ "Exploit",
+ "Patch"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3079.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3079.json
new file mode 100644
index 00000000000..194242d4acf
--- /dev/null
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3079.json
@@ -0,0 +1,32 @@
+{
+ "id": "CVE-2023-3079",
+ "sourceIdentifier": "chrome-cve-admin@google.com",
+ "published": "2023-06-05T22:15:12.383",
+ "lastModified": "2023-06-08T04:15:10.407",
+ "vulnStatus": "Awaiting Analysis",
+ "cisaExploitAdd": "2023-06-07",
+ "cisaActionDue": "2023-06-28",
+ "cisaRequiredAction": "Apply updates per vendor instructions.",
+ "cisaVulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html",
+ "source": "chrome-cve-admin@google.com"
+ },
+ {
+ "url": "https://crbug.com/1450481",
+ "source": "chrome-cve-admin@google.com"
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5420",
+ "source": "chrome-cve-admin@google.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31047.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31047.json
index 363d1b8fcef..be5070e47a1 100644
--- a/CVE-2023/CVE-2023-310xx/CVE-2023-31047.json
+++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31047.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-31047",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-07T02:15:08.917",
- "lastModified": "2023-05-16T03:15:09.227",
+ "lastModified": "2023-06-09T08:15:11.207",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -129,6 +129,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD/",
"source": "cve@mitre.org"
},
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230609-0008/",
+ "source": "cve@mitre.org"
+ },
{
"url": "https://www.djangoproject.com/weblog/2023/may/03/security-releases/",
"source": "cve@mitre.org",
diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31114.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31114.json
new file mode 100644
index 00000000000..e1232a8e6c0
--- /dev/null
+++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31114.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-31114",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-07T21:15:13.350",
+ "lastModified": "2023-06-07T21:36:36.773",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer between spheres can cause unintended querying of the SIM status via a crafted application."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31115.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31115.json
new file mode 100644
index 00000000000..7e1292afaf7
--- /dev/null
+++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31115.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-31115",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-07T21:15:13.407",
+ "lastModified": "2023-06-07T21:36:36.773",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer between spheres can cause changes to the activation mode of RCS via a crafted application."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31116.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31116.json
new file mode 100644
index 00000000000..1fafe088019
--- /dev/null
+++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31116.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-31116",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-07T21:15:13.453",
+ "lastModified": "2023-06-07T21:36:36.773",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. An incorrect default permission can cause unintended querying of RCS capability via a crafted application."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31130.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31130.json
index 49b18017fef..febad41157c 100644
--- a/CVE-2023/CVE-2023-311xx/CVE-2023-31130.json
+++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31130.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-31130",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-25T22:15:09.760",
- "lastModified": "2023-06-02T18:14:54.597",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-07T10:15:09.290",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -56,22 +56,22 @@
},
"weaknesses": [
{
- "source": "nvd@nist.gov",
+ "source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
- "value": "NVD-CWE-Other"
+ "value": "CWE-124"
}
]
},
{
- "source": "security-advisories@github.com",
+ "source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
- "value": "CWE-124"
+ "value": "NVD-CWE-Other"
}
]
}
@@ -144,6 +144,10 @@
"Mailing List",
"Third Party Advisory"
]
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5419",
+ "source": "security-advisories@github.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31184.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31184.json
index 7debb6b2561..223eeb64b9c 100644
--- a/CVE-2023/CVE-2023-311xx/CVE-2023-31184.json
+++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31184.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-31184",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2023-05-30T20:15:10.470",
- "lastModified": "2023-05-30T21:10:02.053",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T16:22:25.640",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ },
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-798"
+ }
+ ]
+ },
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
@@ -46,10 +76,30 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:rozcom:rozcom_client:*:*:*:*:*:*:*:*",
+ "matchCriteriaId": "34A15385-C3CB-441A-85BE-5C3776EE1000"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
- "source": "cna@cyber.gov.il"
+ "source": "cna@cyber.gov.il",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31185.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31185.json
index 96e7801253d..6d8d32b3029 100644
--- a/CVE-2023/CVE-2023-311xx/CVE-2023-31185.json
+++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31185.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-31185",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2023-05-30T20:15:10.533",
- "lastModified": "2023-05-30T21:10:02.053",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T16:24:33.907",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ },
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
@@ -46,10 +76,30 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:rozcom:rozcom_client:*:*:*:*:*:*:*:*",
+ "matchCriteriaId": "34A15385-C3CB-441A-85BE-5C3776EE1000"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
- "source": "cna@cyber.gov.il"
+ "source": "cna@cyber.gov.il",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31200.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31200.json
new file mode 100644
index 00000000000..bb8d4c13c10
--- /dev/null
+++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31200.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-31200",
+ "sourceIdentifier": "ics-cert@hq.dhs.gov",
+ "published": "2023-06-07T22:15:10.040",
+ "lastModified": "2023-06-08T02:44:28.663",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\n\n\n\n\nPTC Vuforia Studio does not require a token; this could allow an \nattacker with local access to perform a cross-site request forgery \nattack or a replay attack.\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.5,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13",
+ "source": "ics-cert@hq.dhs.gov"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31226.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31226.json
index 8abfb78c531..6b381f5fd99 100644
--- a/CVE-2023/CVE-2023-312xx/CVE-2023-31226.json
+++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31226.json
@@ -2,19 +2,74 @@
"id": "CVE-2023-31226",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-05-26T17:15:17.913",
- "lastModified": "2023-05-26T17:15:17.913",
- "vulnStatus": "Received",
+ "lastModified": "2023-06-08T14:01:29.527",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The SDK for the MediaPlaybackController module has improper permission verification. Successful exploitation of this vulnerability may affect confidentiality."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-863"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/5/",
- "source": "psirt@huawei.com"
+ "source": "psirt@huawei.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31227.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31227.json
index 243f6fb3635..1ba294e275e 100644
--- a/CVE-2023/CVE-2023-312xx/CVE-2023-31227.json
+++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31227.json
@@ -2,19 +2,74 @@
"id": "CVE-2023-31227",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-05-26T17:15:18.000",
- "lastModified": "2023-05-26T17:15:18.000",
- "vulnStatus": "Received",
+ "lastModified": "2023-06-08T15:33:52.670",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/5/",
- "source": "psirt@huawei.com"
+ "source": "psirt@huawei.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31244.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31244.json
new file mode 100644
index 00000000000..dd97b41edcb
--- /dev/null
+++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31244.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-31244",
+ "sourceIdentifier": "ics-cert@hq.dhs.gov",
+ "published": "2023-06-06T17:15:14.360",
+ "lastModified": "2023-06-06T18:33:59.493",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nThe affected product does not properly validate user-supplied data. If a user opens a maliciously formed CSP file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer. \n\n \n\n \n\n \n\n \n\n\n\n \n\n\n\n\n\n\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-824"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04",
+ "source": "ics-cert@hq.dhs.gov"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31278.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31278.json
new file mode 100644
index 00000000000..a4da42ef364
--- /dev/null
+++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31278.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-31278",
+ "sourceIdentifier": "ics-cert@hq.dhs.gov",
+ "published": "2023-06-06T17:15:14.573",
+ "lastModified": "2023-06-06T18:33:59.493",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nThe affected application lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process. \n\n\n\n \n\n \n\n \n\n \n\n \n\n \n\n\n\n \n\n\n\n\n\n\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-119"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04",
+ "source": "ics-cert@hq.dhs.gov"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31436.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31436.json
index 961598ad645..3c4fa7ee83c 100644
--- a/CVE-2023/CVE-2023-314xx/CVE-2023-31436.json
+++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31436.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-31436",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-28T02:15:09.007",
- "lastModified": "2023-06-05T21:15:10.897",
+ "lastModified": "2023-06-09T08:15:11.370",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -84,6 +84,10 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html",
"source": "cve@mitre.org"
},
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230609-0001/",
+ "source": "cve@mitre.org"
+ },
{
"url": "https://www.debian.org/security/2023/dsa-5402",
"source": "cve@mitre.org"
diff --git a/CVE-2023/CVE-2023-315xx/CVE-2023-31508.json b/CVE-2023/CVE-2023-315xx/CVE-2023-31508.json
index 19d790f282b..f82bfc0cf30 100644
--- a/CVE-2023/CVE-2023-315xx/CVE-2023-31508.json
+++ b/CVE-2023/CVE-2023-315xx/CVE-2023-31508.json
@@ -2,74 +2,14 @@
"id": "CVE-2023-31508",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-11T22:15:11.517",
- "lastModified": "2023-05-15T17:47:09.600",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-06T18:15:10.773",
+ "vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
- "value": "A cross-site scripting (XSS) vulnerability in PrestaShop v1.7.7.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the message parameter in /contactform/contactform.php."
+ "value": "** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2020-15178. Reason: This record is a duplicate of CVE-2020-15178. Notes: All CVE users should reference CVE-2020-15178 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage."
}
],
- "metrics": {
- "cvssMetricV31": [
- {
- "source": "nvd@nist.gov",
- "type": "Primary",
- "cvssData": {
- "version": "3.1",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "attackVector": "NETWORK",
- "attackComplexity": "LOW",
- "privilegesRequired": "NONE",
- "userInteraction": "REQUIRED",
- "scope": "CHANGED",
- "confidentialityImpact": "LOW",
- "integrityImpact": "LOW",
- "availabilityImpact": "NONE",
- "baseScore": 6.1,
- "baseSeverity": "MEDIUM"
- },
- "exploitabilityScore": 2.8,
- "impactScore": 2.7
- }
- ]
- },
- "weaknesses": [
- {
- "source": "nvd@nist.gov",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
- "configurations": [
- {
- "nodes": [
- {
- "operator": "OR",
- "negate": false,
- "cpeMatch": [
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:a:prestashop:prestashop:1.7.7.4:*:*:*:*:*:*:*",
- "matchCriteriaId": "8E72826B-5D61-46E7-BC6E-E6154565C194"
- }
- ]
- }
- ]
- }
- ],
- "references": [
- {
- "url": "https://github.com/mustgundogdu/Research/blob/main/PrestaShop/ReflectedXSS_1.7.7.4.md",
- "source": "cve@mitre.org",
- "tags": [
- "Exploit"
- ]
- }
- ]
+ "metrics": {},
+ "references": []
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-315xx/CVE-2023-31548.json b/CVE-2023/CVE-2023-315xx/CVE-2023-31548.json
index b87aee606f1..0892184ed2a 100644
--- a/CVE-2023/CVE-2023-315xx/CVE-2023-31548.json
+++ b/CVE-2023/CVE-2023-315xx/CVE-2023-31548.json
@@ -2,19 +2,74 @@
"id": "CVE-2023-31548",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T14:15:10.187",
- "lastModified": "2023-05-31T14:22:04.583",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T19:06:25.360",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:churchcrm:churchcrm:4.5.3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C5A21E4C-1CE8-4C97-9374-DD8EBDB942D5"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/10splayaSec/CVE-Disclosures/tree/main/ChurchCRM/CVE-2023-31548",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-315xx/CVE-2023-31569.json b/CVE-2023/CVE-2023-315xx/CVE-2023-31569.json
new file mode 100644
index 00000000000..02fd0f910eb
--- /dev/null
+++ b/CVE-2023/CVE-2023-315xx/CVE-2023-31569.json
@@ -0,0 +1,32 @@
+{
+ "id": "CVE-2023-31569",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-06T14:15:12.427",
+ "lastModified": "2023-06-06T18:34:03.700",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "http://totolink.com",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/JeeseenSec/Report/tree/main/TOTOLINK,Thanks",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/JeeseenSec/Report/tree/main/TOTOLINK/CVE-2023-31569",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://www.totolink.net/home/menu/newstpl/menu_newstpl/products/id/218.html",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-316xx/CVE-2023-31606.json b/CVE-2023/CVE-2023-316xx/CVE-2023-31606.json
new file mode 100644
index 00000000000..954a3dd177c
--- /dev/null
+++ b/CVE-2023/CVE-2023-316xx/CVE-2023-31606.json
@@ -0,0 +1,28 @@
+{
+ "id": "CVE-2023-31606",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-06T17:15:14.843",
+ "lastModified": "2023-06-06T18:33:59.493",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/e23e/CVE-2023-31606#readme",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/jgarber/redcloth",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/jgarber/redcloth/issues/73",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-318xx/CVE-2023-31893.json b/CVE-2023/CVE-2023-318xx/CVE-2023-31893.json
index cb93790e22a..d57fc950359 100644
--- a/CVE-2023/CVE-2023-318xx/CVE-2023-31893.json
+++ b/CVE-2023/CVE-2023-318xx/CVE-2023-31893.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-31893",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-05T21:15:10.977",
- "lastModified": "2023-06-05T21:15:10.977",
- "vulnStatus": "Received",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-319xx/CVE-2023-31994.json b/CVE-2023/CVE-2023-319xx/CVE-2023-31994.json
index 22168d520aa..e3a36e03064 100644
--- a/CVE-2023/CVE-2023-319xx/CVE-2023-31994.json
+++ b/CVE-2023/CVE-2023-319xx/CVE-2023-31994.json
@@ -2,23 +2,12013 @@
"id": "CVE-2023-31994",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-23T01:15:10.170",
- "lastModified": "2023-05-30T12:15:09.757",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-06-08T15:43:50.280",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Certain Hanwha products are vulnerable to Denial of Service (DoS). ck vector is: When an empty UDP packet is sent to the listening service, the service thread results in a non-functional service (DoS) via WS Discovery and Hanwha proprietary discovery services. This affects IP Camera ANE-L7012R 1.41.01 and IP Camera XNV-9082R 2.10.02."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "LOW",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:ane-l6012r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.03",
+ "matchCriteriaId": "66129289-7682-4C24-90D8-5F1DD592B3C5"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:ane-l6012r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9B4A42BD-9266-4FF4-B2A7-121EE13D26EB"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:ane-l7012r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.03",
+ "matchCriteriaId": "DF1AB2A9-E263-4106-A3ED-2535B07900AB"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:ane-l7012r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3A28D81D-239E-49E3-B007-98C8DE4AB504"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:ano-l6012r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.03",
+ "matchCriteriaId": "ECF7BDCF-BD91-48E5-AFC0-B68AD873FB0A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:ano-l6012r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "95229879-E5C7-4E23-8AD5-C0A9D110A48C"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:ano-l6022r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.03",
+ "matchCriteriaId": "0787B40D-49A3-4D3D-8019-4D16D236F022"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:ano-l6022r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6DCDCAF5-1A8B-445C-BE39-71045B5DD744"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:ano-l6082r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.03",
+ "matchCriteriaId": "9C508D66-0A1A-4E8E-968E-3639FA17B73D"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:ano-l6082r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5624134D-6E73-48BC-8DF9-0DD9127CCA17"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:ano-l7012r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.03",
+ "matchCriteriaId": "1BAA71DC-C894-4C7A-8E92-FD9453C24906"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:ano-l7012r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C3805554-0512-4989-91B1-37303A98224D"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:ano-l7022r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.03",
+ "matchCriteriaId": "BA056C0A-5539-4C74-8743-FA44373433AB"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:ano-l7022r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "73C3A01C-403B-435F-BF4A-E25B0461645E"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:ano-l7082r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.03",
+ "matchCriteriaId": "90E14CA5-C6E5-4EEF-87F4-BE7E2C04EB0D"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:ano-l7082r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FF502C5C-C8AE-4AF5-BA1E-94B31561BB03"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:anv-l6012r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.03",
+ "matchCriteriaId": "4261466F-AAA2-4468-AE77-7DFD0DC67F76"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:anv-l6012r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07C0FFCA-9F10-45AE-91B4-BA1A4913A169"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:anv-l6023r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.03",
+ "matchCriteriaId": "FB497755-8191-40EE-ADFA-AC4D236C6644"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:anv-l6023r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "167D6E46-FE49-466E-B0B1-D49838C3362E"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:anv-l6082r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.03",
+ "matchCriteriaId": "8DA6FC2C-3343-4838-AFCD-5B907D502E4F"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:anv-l6082r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3D51829B-81E1-46B0-9E9B-2D2E17EBB38A"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:anv-l7012r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.03",
+ "matchCriteriaId": "0070E615-E1B7-49CD-A919-C71E116D04DB"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:anv-l7012r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6E60E80C-82DE-42A3-A7E7-F00AF5E25CC0"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:anv-l7082r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.03",
+ "matchCriteriaId": "7D9D6F4C-FCCA-42AF-95A3-51867A33B457"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:anv-l7082r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "52BC696E-42A3-4D84-9885-D39EF0C90969"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:arn-1610s_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.03",
+ "matchCriteriaId": "C7C6525C-66E9-4795-BEA1-7F2497BF536A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:arn-1610s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B326596E-33C8-4877-BF96-14FE88FDC7B2"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:arn-410s_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.03",
+ "matchCriteriaId": "4EE32CB2-FEE0-4D58-9D56-28FDFC8AE233"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:arn-410s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DEA049AE-5CC0-494C-8224-B55F77141FEE"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:arn-810s_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.03",
+ "matchCriteriaId": "C2C2F669-4FFA-4BAA-8351-971E0744F046"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:arn-810s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "75CAC6FB-69C9-4937-B328-FCAAFC4588D7"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lnd-6010r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "E3990BBD-B3FB-4AD9-918D-7B711B9C3F8B"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lnd-6010r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DF131581-D30D-41DF-BA26-D247E66F9D8E"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lnd-6011r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "DF2AE82A-F576-49A3-A18F-38D4456E575A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lnd-6011r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "82D073E9-2589-4CAB-8CE2-16A9BBA81267"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lnd-6012r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "7CC02940-6A59-4A72-8CE1-CE8A9B8293DE"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lnd-6012r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1C2FC72A-AD19-4E00-B6BF-0A5616ABEF33"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lnd-6020r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "F79D385B-73AC-4A5B-8744-7CAD223D1F97"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lnd-6020r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "74D4E6EE-2183-4C3C-B436-CCC17113E569"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lnd-6021r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "31187CA2-E6FB-4A14-9848-B8C207F822BC"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lnd-6021r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CE39446E-14C3-4E2F-9DAB-949093928E9D"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lnd-6022r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "C635CD88-1ECE-4F0C-8A9A-EF08BCFEFDBF"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lnd-6022r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "845E30C8-6C0B-4037-A77B-EC7FCF50DD3A"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lnd-6030r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "E4CE505A-A5E3-4AB9-B10A-DF3CA41A893B"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lnd-6030r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BA3FFAD9-8407-4F3A-8A22-E284BD11CDE8"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lnd-6031r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "79A8F98C-C351-46B8-B458-803ACC0EF860"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lnd-6031r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B653AE72-3412-4116-9E91-2B9F67D29CB7"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lnd-6032r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "F0A38ABE-B260-4CE3-8B45-3345F64F73AB"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lnd-6032r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B7D4D3CF-D65E-4C8A-B5B1-05234FCDA914"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lnd-6070r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "C1169F51-77AE-40CC-A091-48F549CBA129"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lnd-6070r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5561A50F-C02F-499B-B89C-32CD9B51789C"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lnd-6071r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "3D1DA909-3D5B-44C3-80C8-D4F5A7D353AD"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lnd-6071r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "24CCB59E-B170-41CC-AC98-BA1361A468EC"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lnd-6072r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "7388915D-0148-4D1D-9FC0-E8EFB13FF13B"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lnd-6072r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7CEA4E55-BAA6-4F67-AFA0-4353D9EDA5EB"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lno-6010r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "34C33E6A-B46E-4122-9B79-435DF06C519A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lno-6010r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "823F52DC-0EB2-4589-B21F-927C411F5B05"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lno-6011r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "26E1ACAF-F1B5-4D13-92CE-EDE63937D865"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lno-6011r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A170E7DA-817F-4A15-869B-3DD4788DD225"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lno-6012r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "2C3FEF59-16BE-4DC1-BCEA-E9F0D1511CF9"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lno-6012r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8825A194-DB43-4B23-89B2-529E58752F4C"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lno-6020r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "399EB695-245C-4520-8239-2DD2A1F2303F"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lno-6020r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0A5AA06C-BE4B-4FA7-94BC-412467BEB44A"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lno-6021r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "3768F706-9434-48BF-B00E-D6C7AB408004"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lno-6021r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "633F2E20-CD1F-4B7C-948D-E890C6CF93B2"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lno-6022r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "77F9DB5A-AFC8-4E1D-AC0E-F1E1DE1E98F5"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lno-6022r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "856D2F25-AC87-4755-AA32-24A5B33D048F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lno-6030r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "3E5A96F3-902F-4A36-ABF8-7E95CE1DBC03"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lno-6030r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "16E987EC-8479-47F5-8A0B-B8E65E215D93"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lno-6031r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "EF8C8EC6-FE81-4FE5-B272-B54B38C1DE04"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lno-6031r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C933F769-7CEB-4FBC-AB6B-B536F5C9343B"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lno-6032r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "C35286B9-F201-4864-8995-7A080647911F"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lno-6032r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BCFE6053-AEA0-4E34-9A52-A13AD7D5B8DC"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lno-6070r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "C0D33D79-96F8-4FB8-8DDB-4F90F5E3A344"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lno-6070r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B928E63C-DA8A-46CE-8E17-9ED23CD26CEF"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lno-6071r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "3C59F87E-C918-4C29-BED6-90A233FABAEC"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lno-6071r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "65F54E1B-D45A-4B27-B78D-4F5D5D9A0D66"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lno-6072r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "5681EDE8-B618-4EE2-8ACF-A231E03CF753"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lno-6072r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "633F3EE8-B8CC-4062-B1F1-9F939E7312E9"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lnv-6010r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "DFAB1933-3A2F-4472-9373-BC864FC495E3"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lnv-6010r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FB2DDAC3-7AFD-4753-A8AF-519910375787"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lnv-6011r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "BF4EDFB5-64FE-487C-923B-EE2E96B01E14"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lnv-6011r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "05D2BCD4-D1FF-4824-90D5-1EC8CB7F6BE7"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lnv-6012r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "FF35460B-271D-44F3-A522-0BD6E12A4891"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lnv-6012r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AA0E3820-68A1-4C59-B01A-252144766C76"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lnv-6020r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "DC985EC7-2368-4D43-89D7-121DC9FD1AB5"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lnv-6020r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B59008BE-41DE-436A-9361-6BC110CE4206"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lnv-6021r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "56B2DD93-C066-4606-A726-15E478A455D2"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lnv-6021r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "00B34573-9C60-46F3-BEDF-00C972326F4B"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lnv-6022r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "537DF19B-A80D-4D5D-807C-A73D3119787B"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lnv-6022r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "08A25A13-0369-4FBD-843A-B6DD7B4A874C"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lnv-6030r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "4766189A-0B70-4079-93FF-F05B53A6FBBB"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lnv-6030r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "03069764-40C9-4C89-BF67-42DEA6E7A366"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lnv-6031r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "EEE1B95F-FBCC-4AAF-974A-D49F9C8A369E"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lnv-6031r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E17B5DBD-3BB5-456F-BD15-5F3425C61C78"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lnv-6032r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "045A38B9-1263-4ED4-8DC2-124A67DCAE40"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lnv-6032r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E9527472-9EEB-498D-A377-EE911B42BDCA"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lnv-6070r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "08FBCD39-2C0F-493F-9B54-8C06C2868F2E"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lnv-6070r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BF816863-46CE-4934-AB05-D3A129AACF24"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lnv-6071r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "5360B0B9-7037-4C29-81F0-178F5E221C37"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lnv-6071r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F3ED5D81-11BF-47B0-9F1E-82702A1198F7"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:lnv-6072r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.41.12",
+ "matchCriteriaId": "9C131FD2-5C4F-4664-A6D6-C4182C53D306"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:lnv-6072r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B8551741-0FAA-4E2B-989D-4325B7697B53"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnb-a6001_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "E9D68F41-1640-4528-916E-ED4C272A2433"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnb-a6001:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1884F130-FC80-4AAD-AC7E-3528E496B6FD"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnb-a9001_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "9F92645A-E375-41B4-B44F-335421BF2141"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnb-a9001:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4F7BFC6D-1B65-4402-9D80-68F2F3CAB3E6"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnb-a9091rlph_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "85674E9E-F5BC-4E82-8A3A-6A82EBFFD218"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnb-a9091rlph:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5AE474E4-AF88-4F30-8B12-460F9186F9A2"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnd-9080r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "0CA67C73-E1B1-41D4-97DE-FA86E182F670"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnd-9080r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7363C6C3-A93A-427F-9BFE-835DDF22CA0C"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnd-a6081rf_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "2A8B1DB6-61F2-42DD-8303-C3CBB52E1EDD"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnd-a6081rf:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1AA2DAA0-62A6-4D1F-B650-24410D482169"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnd-a6081rv_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "DF6B6A00-E725-4985-B1D3-BCE62E244B02"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnd-a6081rv:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "82885F7A-D462-4BF7-B387-C4EA85A9C3F4"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnd-a9081rf_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "CC6106AA-0535-4FED-926A-FF0C91FC236C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnd-a9081rf:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "49F43F50-9E18-48D0-8516-F68E443B23A1"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnd-a9081rvx_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "7437047B-6066-4131-A172-B1AD623D7C8E"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnd-a9081rvx:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "973D877F-6FFE-45DA-85A9-7018A2B6EE2C"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnf-9010r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "E95DED02-E44D-4546-A02C-41BAFA11253A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnf-9010r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A6993443-EE9D-48F1-B953-839A95E2D2A5"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnf-9010rv_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "12433C9A-2271-4312-AC2A-1635B017A126"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnf-9010rv:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D529AF50-8CB6-4F1B-9BAE-2349CF2F5B97"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnf-9010rvm_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "0D41176B-FE33-4C73-AD54-AEFEE94A18B4"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnf-9010rvm:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "34AC9E2D-99A8-4676-AEE2-2A8A3C84CEE8"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnm-12082rvd_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "C6698FF5-BF4B-47D0-9C07-F36DB71506A1"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnm-12082rvd:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2FE8415A-44DF-4B96-8CFC-D9D2432AA1A6"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnm-7000vd_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "DC77D671-08DF-4CA0-81EF-A22BE477C068"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnm-7000vd:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "32E5B46A-982C-429D-9FCA-3B90C97AE576"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnm-7002vd_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "58D54C8D-C08F-4DE8-8D03-9F0DAB808369"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnm-7002vd:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4F14CCDB-6E5A-4454-9C8E-F9AFE92EBC1B"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnm-7082rvd_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "99913BA9-3626-43DB-8F5C-FEEC34E248B9"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnm-7082rvd:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7EEFEBB0-260A-4CE9-8AE6-E95B53D5E418"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnm-8082vt_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "91248960-CFB0-4CA2-AF59-CACB3C6F2293"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnm-8082vt:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EAC1D3B7-BDF4-40BC-9E29-07D5845A4627"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnm-9000qb_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "400AEAD3-8A9E-4217-8959-EF45C6DC31F0"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnm-9000qb:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "59C549C4-A5D8-4532-98CA-5DF3EFDB2573"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnm-9000vd_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "172C4460-DA14-48D5-AEA2-D9DBC0493318"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnm-9000vd:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0BB8BECD-11C8-4581-BB54-9EA7BF0FEB4D"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnm-9000vq_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "BCE71B59-6FE1-4471-A5B0-63C69907933D"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnm-9000vq:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8917B25A-DC35-4E23-BB22-0C303CD401D4"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnm-9002vq_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "9295F970-7B92-446C-AD0F-A2668F54F550"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnm-9002vq:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "772CD1A3-C9E2-4DAD-BEFE-D60EF8107F8F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnm-9002vqs_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "A5356160-51D9-4CD3-AA6C-8A5198986A7A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnm-9002vqs:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C40BF57D-3A05-4A9E-813D-6677AF6BF721"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnm-9020v_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "7044D160-7324-4F30-92EC-07A2D32C6993"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnm-9020v:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D517248D-61EB-43C4-9C7A-5A8AC8775947"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnm-9022v_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "E73C115D-2ABE-4541-BB3E-324D609A273B"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnm-9022v:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "28A6C969-73D3-4240-A1E5-7FBA409B3EB4"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnm-9030v_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "2605BBFF-C354-4A71-A184-603E855E28AD"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnm-9030v:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5DD00A59-E534-49C1-82EF-389606CFD33F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnm-9031rv_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "E43084D8-EE67-4BAE-A260-6145E1C9AE63"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnm-9031rv:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "ED4DCF92-8F17-4A73-844E-8EC21AB65782"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnm-9080vq_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "2824D361-A72F-44A9-8C85-771FB7EE4A78"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnm-9080vq:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BDAC149B-24F6-4E41-9D7B-353C6B06EE06"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnm-9081vq_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "36A2F674-E42D-4912-B476-0339BE3282C6"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnm-9081vq:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5A04A7E9-49BA-44F6-B0BB-0EB258C72B53"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnm-9084qz_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "507CF918-019D-4593-9E96-F0650C3950AE"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnm-9084qz:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0BC2D72C-543C-4CFA-A2FE-4AA48B56DCDC"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnm-9084qz1_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "9ADEF643-D6B6-47EE-8327-97E5EEC47F2B"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnm-9084qz1:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9A171575-2FB3-440E-A65F-033AA433E24A"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnm-9084rqz_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "1C09BFE1-D947-4DAF-AA97-0FF2CA3C141F"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnm-9084rqz:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "14448BEA-A228-48B9-9C7D-BBA26B69B1D1"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnm-9084rqz1_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "9A342C48-722B-4B8E-A60D-0F382864E575"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnm-9084rqz1:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B58334F0-E781-44DB-99D8-C76C928F9B4D"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnm-9085rqz_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "7CF6F982-B1F0-4DAA-88FB-E442FD7A6DDB"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnm-9085rqz:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D3E118B1-A5D0-425E-A211-07F77A700A53"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnm-9085rqz1_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "C9F5183B-5A41-4603-8AB2-9BB459D50D81"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnm-9085rqz1:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "ADB80DF9-AF72-4D7F-A277-524D0CA7D32C"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnm-9320vqp_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "4D71BD6B-3ACC-4B50-B5A6-4D8D5CA9347B"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnm-9320vqp:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5D617622-7498-4440-ACBD-62481D3BC9D7"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnm-9321vqp_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "B8F8011B-61B9-424F-A674-82DE752E4887"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnm-9321vqp:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4DA66F0A-165B-4A8E-A4B9-747342A50B8C"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnm-9322vqp_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "203DA3B4-7008-4620-A29A-D9E300318F3C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnm-9322vqp:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CF91EA62-F6FA-484F-94EB-5C47D2548CE0"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnm-c12083rvd_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "9C666B16-2BF9-4ABE-AD4F-8674A0468C60"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnm-c12083rvd:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4E504A46-2075-4751-9071-58EF6B2B45D0"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnm-c7083rvd_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "3B290A59-5FCB-4315-9EA2-5B30A1A90697"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnm-c7083rvd:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2C95D84D-0A5D-4320-99DB-1FCE4EAD7261"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnm-c9022rv_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "8750CE2A-774F-4D3B-8B3F-3D7D2ABDE62F"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnm-c9022rv:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E1070654-7881-48F1-8389-34AF8D46FE86"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pno-9080r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "7D568032-C8D3-46F0-AE80-36D5AC0C8370"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pno-9080r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5727F95F-9D2E-4000-B7D7-F1D57352D8F6"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pno-a6081r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "037E11D4-5BC0-4E39-8BF8-D3FA025F2205"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pno-a6081r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CAFAF752-F534-4BEB-80D5-B22A6B4FD8CD"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pno-a9081r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "0D316358-D8A0-41C6-AAD6-F4B88951964A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pno-a9081r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7ECFAF09-4B36-4B11-A2D1-6426139D81D5"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pno-a9081rlp_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "61F2ABBC-1674-4166-B94B-34B3622A7A20"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pno-a9081rlp:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C974B21-C6E1-4E14-AF5F-1C571FAC68A5"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnp-9200rh_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "B8ECABB3-E46E-4DAF-AB41-1151EB7FF7CB"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnp-9200rh:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0A1D9D09-B548-41DC-AA9C-CE699F4F624C"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnv-9080r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "E8E1B00E-185B-442D-91D5-46CED3E062EE"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnv-9080r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D89172B8-BA61-4CAC-A64B-94801B93C7A7"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnv-a6081r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "8BBC44B4-EB54-43A7-807E-2341B1CC5B0D"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnv-a6081r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "94787E7F-7A7C-47A9-A59C-4E2C6892C465"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnv-a9081r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "C672F01B-CC2E-436A-97FC-CA1EC66C96F1"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnv-a9081r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6E2594F5-099A-4ADB-85D7-145375832411"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnv-a9081rlp_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "E13D5435-45DC-4093-879E-C726F96B5896"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnv-a9081rlp:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A04338F5-99C3-4007-93FD-F3A7603349A8"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:pnv-a9081rx_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "8EF503A1-9317-4CD8-81CB-77DCF7AFA626"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:pnv-a9081rx:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "96CBCADA-F7F9-4E07-B8CF-DF34AA2D651C"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnd-6010r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8616A2D6-FC73-4029-99B8-A426DBF9626D"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnd-6010r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "ECAF1AE7-B032-4D77-854C-7A3AEB18152C"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnd-6011_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "512833B6-8C29-4B89-AEC7-5725467A7600"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnd-6011:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "800A47DE-3EFF-47C6-9544-D7302F2C7D6E"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnd-6012r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6E61EE37-E594-418C-92AF-F52F10DA57BC"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnd-6012r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1F7DBDB4-1677-4E64-8287-020C5BDC8266"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnd-6012r1_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BC147C42-2789-498C-ADBB-DFB8C7E56FB8"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnd-6012r1:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9B13DA75-8957-47F0-99EC-439B4C7BBAE5"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnd-6020r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E887C21D-8679-49EB-90D4-F9E75C19C0A5"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnd-6020r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FC07B597-04FF-4183-9FEA-C0C293C91DE2"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnd-6021_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B62FE41D-92D4-40D0-BC11-4D085D62A1B2"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnd-6021:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E85F8652-4F26-4E3E-8FC8-FCBAAEC01F55"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnd-6022r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "61E98F49-AA8B-4650-9DEE-0C21F28B0AE1"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnd-6022r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7B42AB42-B062-412A-886B-C11963C7CCCB"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnd-6030r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C4851740-C03F-40F3-83EC-8C14F30F65FB"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnd-6030r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4F99B081-BC57-47FD-BF6F-399E2CE3EE90"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnd-6032r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9C522432-5AC2-4433-B8E2-F70E85BBFA2E"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnd-6032r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1A726C65-B971-4027-9CA0-1D83CA75AD75"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnd-6070r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F6052EFD-9F95-4361-8734-E4B1DB79BA33"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnd-6070r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B803977D-DF8D-4578-93C5-EBFA00E1B8F5"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnd-6082r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AFBE5AAD-22E1-43FE-A03C-90E0E4BE06D7"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnd-6082r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D7748B0E-1445-4A5D-833C-4EE0ABE400CD"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnd-6082r1_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "787AE8F3-BCE0-4318-9EF5-99842ABC5038"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnd-6082r1:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7B5B57B7-670F-4E47-913D-B58E0E0F7C5B"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnd-7010r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A1C17AFF-746E-4F43-BF35-BF696C888B2A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnd-7010r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "61E26B38-C38B-4E95-A0A1-8891328E2B2E"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnd-7012r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B31B4884-7E5B-4F0E-8A20-D04A42383BFB"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnd-7012r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9205B918-EC07-49B0-BD05-D865FA257D54"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnd-7020r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "017A5706-C5E8-4BF0-813B-F01CB2F1332F"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnd-7020r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E81AC2F1-80FF-4459-98EF-395CCB2A7CAB"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnd-7022r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EE0EAA0D-0D3B-4F15-94CB-3E51C538A1E0"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnd-7022r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BC9F64AE-E083-4973-BC58-067D7D3CB9B7"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnd-7030r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "931BEDC5-4DEB-4B94-BF41-552E7E65F66B"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnd-7030r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E82BC5A1-DA1B-4ADF-A5BC-5AC8EBE7E8A6"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnd-7032r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DD75DB45-B611-4DD0-9E6C-D31857C9A442"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnd-7032r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7A9F938E-5036-45F5-BDCF-7F4ACA3C8D3D"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnd-7080r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "87CDDEA8-D839-4132-BE28-E462F630014C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnd-7080r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E59456CF-E4A2-431D-B585-DED37EED2AD2"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnd-7082r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A771F628-3496-4549-8A98-E37429352FE6"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnd-7082r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8ED329DF-B77E-4B90-BB1C-164AB1FD62BD"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnd-8010r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "239DA5C9-FE78-436E-B459-301DAD729C25"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnd-8010r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "39C2E3D6-6BB1-45CD-824F-A3A4E34A2A28"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnd-8011_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C3D7267A-7434-40A6-A671-60BC02BAD56D"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnd-8011:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "121DD556-B0D8-4FBC-8BD5-13BBE1AAB00F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnd-8020r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7A77A769-6F0F-4A2F-A43A-973B1EEF5661"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnd-8020r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "54BA938B-B003-4AED-AAA8-26998C97B69F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnd-8021_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E3020CC1-DC3E-4F88-9584-3FA9DACBFFAE"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnd-8021:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "42574A30-7AE1-4082-B261-654ECF1ED00F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnd-8030r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07635CA2-5ED0-44FA-B669-FB02BD95CA03"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnd-8030r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "79362DF5-C736-49D4-865F-0B40EB1A2A37"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnd-8080r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E79B4D5A-A454-46BA-B8CD-EFD90C675897"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnd-8080r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "24E312B9-D7D0-4352-9C0C-0FC55B833BA1"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qne-6080rv_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9444943F-DCC7-4266-AFC5-63D0CB49E02C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qne-6080rv:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "73F994F0-F5ED-48B2-A06E-F7133712CBBC"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qne-6080rvw_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E7DF00D3-2509-45B1-8DB7-BAA5724F3C9B"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qne-6080rvw:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3F2D7CDB-1D5E-4911-A7D3-FACFB552DEC5"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qne-7080rv_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1CD4E35A-E607-4AAB-9C32-7EFF4C93D1A5"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qne-7080rv:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "85B059A1-DE49-46F3-8DBE-F3653E6D4975"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qne-7080rvw_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EBD7E74D-F628-4A72-BA21-95B921E31102"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qne-7080rvw:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5DDFD31D-7A8B-4ADB-9C11-B406BD72AD92"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qne-8011r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D00C8B6B-7DAF-4E72-964E-F3A971DD513C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qne-8011r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "13FEA6E2-5C1C-4B68-BC20-A6687261E43B"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qne-8021r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2C379164-FD8B-46BA-B863-43206CF15076"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qne-8021r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EB0CFA75-17DB-4EDE-81B7-ADC14DB21631"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnf-8010_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F4F3FA6D-D314-4587-A936-371B7C64B87D"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnf-8010:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "806B5C80-0D2C-46B8-9D74-4BA8640AEC14"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnf-9010_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07037E5C-47F0-45A2-B97B-D303C990378A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnf-9010:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3900880B-152E-4895-B4A6-EA4F155D18A3"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qno-6010r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C01D9961-0F86-41F7-A7CE-CD409BCF18DD"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qno-6010r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1CD380D1-D467-4802-A694-6584A015AD30"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qno-6012r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "62CC1A6A-3C03-41BE-B64D-CF9674364C9C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qno-6012r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "71818F35-643B-4193-A235-015779BF5F97"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qno-6012r1_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "16DF3DBD-63F4-4FC4-909D-115226C73DF9"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qno-6012r1:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D1A0CF74-B5AF-4A9C-8983-BE8AEDAA10A7"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qno-6020r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B82CF0C2-AE08-4E2B-8F1D-F961E88C37EC"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qno-6020r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8D76ECAA-9E47-4B52-A975-EC54FFC731E2"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qno-6022r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "57A80B22-E499-427C-B5AF-845284A6A25C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qno-6022r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "22330F60-8382-44ED-9A75-FD2770626695"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qno-6022r1_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4A067BF2-97F3-4C3F-AC00-E895980FB780"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qno-6022r1:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3A4DEB1E-44EB-49C6-AAF5-D0E606EF084C"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qno-6030r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3812BFE0-DFBE-4E84-A6C6-F4143D708DB1"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qno-6030r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "87BBCAF0-CF3B-4CD5-ABC9-A750AA7A7025"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qno-6032r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F54379BC-4D5C-443F-A08E-A40F71244F1A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qno-6032r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F2BF0A76-A3B7-48D5-A84E-0307231DD0F0"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qno-6070r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "47DE70C8-A2D9-4E0D-9033-D662F9BDE456"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qno-6070r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6C27F293-ABD1-4DC1-A753-2F227593C980"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qno-6082r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D3A76AC3-3864-4418-9086-6D36450BCAE8"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qno-6082r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "166B6815-2F15-4C65-B053-AE462CE420A5"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qno-6082r1_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D19922F0-871C-4882-8AEF-49F13584ACEE"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qno-6082r1:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0D2A6F5E-9F4B-408E-BA97-FF048525FAE7"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qno-7010r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "589C1510-9590-49B7-96AE-968E5063C50E"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qno-7010r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "855B0772-0273-4EFC-93C6-92EA1152030F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qno-7012r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B74B1CAE-DA53-4F3E-A7D3-2DFF71150B49"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qno-7012r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "42EF82E5-1FC4-4FE6-A776-DC8EEC28593A"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qno-7020r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "70E74DE4-FCC4-4BFE-A479-E1E0F8F0CCCE"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qno-7020r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2B811065-62A2-4F3F-9538-2D22F8923840"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qno-7022r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3FEF5CEB-4BD5-4DFF-B16A-35DCB20C33BF"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qno-7022r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0D239BBA-9403-4CDF-8268-C42F2211208E"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qno-7030r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F28DC1B7-692B-4F92-B72A-6898C014A1F4"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qno-7030r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0D8BCBC7-4A16-4733-869E-64305B7B1621"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qno-7032r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "889FC6F9-28BB-4B5F-8904-65058A2236DE"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qno-7032r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BB1D7ED9-F6C0-4B53-AAF3-511FF6729CC8"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qno-7080r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F36CB635-9DE2-4FF7-AF85-C2B11150200A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qno-7080r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AF1E94C3-5C8E-4679-96BC-66FB610640D7"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qno-7082r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6A243EC2-B88D-4431-8E06-F7F50CC117BA"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qno-7082r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "85BAADDA-6EF3-434F-835E-DBB09264A001"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qno-8010r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "37B735DB-4237-40FD-BBD8-F8E84F793D0D"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qno-8010r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "86AF76A6-8A87-45AD-9263-DFF8C307F427"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qno-8020r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8F394C7-CEFC-4E11-992B-DA5C714D8656"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qno-8020r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8698083C-F763-450B-B826-5C1770DDEDA9"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qno-8030r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "131AE0B9-CA41-4FF5-AAFF-06E1D5494E65"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qno-8030r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CE2F7E95-3EF0-4DAD-9CF1-2F5F3AA4778F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qno-8080r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "40AC0390-9DB2-4E97-9B22-5EEC5CAC064A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qno-8080r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EE522EE9-E294-4E56-B7D8-9366028C40C1"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnp-6230_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "844879C0-DA82-4241-AB8E-173DF04E9158"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnp-6230:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "777557B7-F74D-466E-9312-2C5F22DD3502"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnp-6230h_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "746E4716-1D50-4D3A-A0C0-A2EE8A6D8F3D"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnp-6230h:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2B8CE79F-4208-42F7-A8FD-1559F664F90C"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnp-6230rh_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4E38889E-3D56-4B3D-869C-209C46DDEEFD"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnp-6230rh:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B393B0E0-1393-4C2D-B12F-45F7980E86E8"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnp-6250_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D58BAF1F-4B50-4F89-A357-522ED300EA7D"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnp-6250:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FAFF13B7-5BD7-4926-8CC1-36857FA8768F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnp-6250h_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "797EFB05-CB22-4D67-BCCC-E45CF450598F"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnp-6250h:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8B0452F1-0192-47CE-8A12-7F2FB90477A0"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnp-6250r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4AD213E7-6626-4D88-8336-D7E16B9E782F"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnp-6250r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "12C762CA-1C10-4B70-BF69-4EC10076DC6B"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnp-6320_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D07AF129-33FE-445A-A5BC-69D18243969E"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnp-6320:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "46AAF75C-C6B8-4872-A2DC-2F0827CCF368"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnp-6320h_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "90B9F79A-6A63-404A-B6C6-8775B50D4C26"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnp-6320h:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8D02BC3A-3146-498F-8660-CC2E5F68DB33"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnp-6320hs_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "00CA93AB-C1C3-45A6-80F6-331D9160F060"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnp-6320hs:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "62F45A6E-A120-4BC2-AF4B-F7F8A071E414"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnp-6320r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BB6CC56F-1121-4B49-9952-DC9458ED0624"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnp-6320r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "88F23926-CEE7-4D8A-AE32-A1F47CDB0F37"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnv-6010r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "57AB9EB3-5153-43B4-BDEF-A059D9D32F30"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnv-6010r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "82B50D74-9AA6-4F7D-BD50-89B7E2A0D553"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnv-6012r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C621B10-B568-472F-AACF-943C0BA5CA57"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnv-6012r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "92B38BFB-705B-437D-8E04-F827C9B1170C"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnv-6012r1_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DE3DB7B9-4D0E-47F6-BA9B-CC45EB99C810"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnv-6012r1:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9F9E8666-8955-46FB-AB85-3A51722A249C"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnv-6020r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "90D58334-F5AD-4292-8ACA-64AF69C5176D"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnv-6020r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6E92BF2E-B32B-4F51-9E43-173612846845"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnv-6022r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6BD8C8F5-E1AA-465C-B7A5-02169F2BAC0D"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnv-6022r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1110E035-C2DE-4B3B-8F76-787566697250"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnv-6022r1_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "874E006E-FE35-4534-BDEC-90DEB106F875"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnv-6022r1:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "50709B35-5C7A-4ADC-9645-C8BC52DE9953"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnv-6030r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "32332DB0-6A1E-4178-840B-18D5CCAE2433"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnv-6030r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B6879EDC-E1B6-434E-92CC-1C79B70A61E0"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnv-6032r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A8E40F48-8CAD-4AB2-A5F8-B283AB14F301"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnv-6032r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7A128BAE-550C-4CD7-9758-BC4267A6B8B4"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnv-6070r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DF889C67-A79D-4C9C-8D46-E1072F655673"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnv-6070r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3F209535-3EA9-4E88-A99E-9EDFF7179976"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnv-6082r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E34856F3-748C-4F86-B054-1175DBF9F952"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnv-6082r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E47B0D8F-06B2-4D37-A6AA-B2D10D83FC66"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnv-6082r1_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F9D469DB-A15A-4AC9-837B-FB57A64130BB"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnv-6082r1:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7F691CE0-094F-47FA-8232-A66E5A6DE501"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnv-7010r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D1D28C1B-8757-4D87-90C3-E1B899D8BFB8"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnv-7010r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B70BDCA2-419E-41DA-A779-9630A1CD3A30"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnv-7012r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "57B0FC12-139F-4DBB-981D-C215EAF4FD12"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnv-7012r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0D9F0E6A-B369-48B8-8D57-F18093B46FD7"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnv-7020r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "748D8C6B-08E1-4FC4-A0A0-D084A8707C19"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnv-7020r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5D112016-1B23-458C-9F00-96D387EFEA73"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnv-7022r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "476C4B90-0FA6-46C7-A868-5F7568E52290"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnv-7022r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FF76029A-D92E-41FE-AD95-C974927A1B8F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnv-7030r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "22C44920-0DA7-4E58-9CAA-7B3DE280C7F2"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnv-7030r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "18AAEF39-5101-4E43-946F-1D2E29BDC823"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnv-7032r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3F30F042-4B14-4F63-9941-B7D4F0ABB712"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnv-7032r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0BA1CA22-244E-4AEB-9BA5-85280158F13F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnv-7080r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8A2F324D-4B0A-4019-B819-8DDD068294F4"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnv-7080r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7A29E1CB-BF61-4493-BE4E-ECFD737B1549"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnv-7082r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B898C611-CB37-40FD-B644-D8ADA227851B"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnv-7082r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C8F89EF8-E41C-433F-8162-D4936BBB67AE"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnv-8010r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9BC9B88D-3D8D-4A5D-B21D-8E9CA80FAB2B"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnv-8010r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5A142924-E525-4397-92D4-549FDE2BE9A8"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnv-8020r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2BC884AC-E845-4531-A9D7-3DC30307D000"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnv-8020r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3985E148-2104-493B-9DC1-F8B5C547B71A"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnv-8030r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5678C7E7-E7A2-4CEA-9A30-B31B15B87537"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnv-8030r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4C364674-534A-4FDA-B9B7-1491FA0F5BA6"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:qnv-8080r_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "962CBE1D-C140-4BB0-81F0-2CB14D91D007"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:qnv-8080r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "975B6599-FF41-484D-B607-AEF6E8181783"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:sla-t2880ba_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8E4C11A5-CB65-4CC8-83A5-BC4715066A78"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:sla-t2880ba:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "51A3A812-CB48-4DDD-BAA1-B8C86E12F424"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:spe-100_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.21.01",
+ "matchCriteriaId": "A4273E3F-1ACB-42EE-B50D-41B4F8F7E82F"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:spe-100:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BA74E073-2EEE-44E2-92EA-0F5A17E93CF8"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:spe-101_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.21.01",
+ "matchCriteriaId": "FAB2002A-7E91-465C-853B-52FE17CADDE6"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:spe-101:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C122D94F-167A-4C3C-AE04-10DDBD44D353"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:spe-110_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.21.01",
+ "matchCriteriaId": "B0E3E861-C6C3-485B-A9AE-DFC4301575FD"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:spe-110:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1FF9A92D-8880-4485-979F-5ECD5D6BC7D2"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:spe-1610_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.21.01",
+ "matchCriteriaId": "084B27F3-B442-4DAE-8090-23C4C53E73FD"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:spe-1610:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F561FBBC-985D-4F80-9DD7-017757BDF556"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:spe-1620_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.21.01",
+ "matchCriteriaId": "956259D4-1B10-4DAF-9109-7400A741F0CE"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:spe-1620:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D19C9DC9-F04F-4134-AA16-F9D99A4C28CD"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:spe-1630_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.21.01",
+ "matchCriteriaId": "5872E86A-3B7D-4FA2-9D86-B7D58B1443D8"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:spe-1630:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F7FF7A36-37C1-4315-9E49-0847567EE2F8"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:spe-400_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.21.01",
+ "matchCriteriaId": "D11F0559-9673-4F58-8454-F559F0D80B51"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:spe-400:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C0B036B8-22BD-4E02-8089-1A8588E10826"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:spe-410_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.21.01",
+ "matchCriteriaId": "3355CC2F-9259-471A-BEE1-E2950B25127E"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:spe-410:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4D5BE5AA-10A0-4223-9398-9552F525807C"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:spe-420_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.21.01",
+ "matchCriteriaId": "17E6B18E-2735-4823-9EA6-77F748B14F02"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:spe-420:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "572D6A01-C0B2-4121-A6E8-6B6FB95A5875"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tid-600r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "2251B7E8-7220-42C0-8B82-A99DB7DBF638"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tid-600r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BE1D9D8D-3BD6-4A59-98D9-EC3E60892D4E"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tnb-6030_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "FB65B19F-8B1E-41EF-AFA9-9AC07AA6C485"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tnb-6030:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "91461C7E-7324-484C-9C5E-73748B19EE08"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tnb-9000_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "12924C0D-C8AF-402E-8F3F-ACB8D92A303F"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tnb-9000:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DF49B154-DF92-4314-932F-7D2B74747A99"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tnm-3620tdy_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "3EC21451-8122-40CD-ACA2-8D56DD0AF24C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tnm-3620tdy:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "76C77433-1431-4491-982B-DDFF0ECF398A"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tnm-c4940td_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "5D7D73DD-CADD-4915-BA30-7DE44FF52F37"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tnm-c4940td:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "70735D6E-27BA-4B2A-8CB4-E713B0042595"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tnm-c4950td_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "83D7F974-89F9-4A99-A4C6-1DC727D530ED"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tnm-c4950td:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D1DC37AA-F50C-4D74-8195-9190372AA4B5"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tnm-c4960td_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "7117C710-506A-45E7-8E04-3A5CE61AF16B"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tnm-c4960td:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D1A0D8DB-A4EA-4587-B423-7F616BE1D664"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tnm-p9022ept-z_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "39E88774-20F8-431E-8A17-785D120B9285"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tnm-p9022ept-z:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1959F710-94B4-44B1-AF97-24EE9611909D"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-3010t_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "410DDF4C-702E-4AFE-B3F7-C05B757DD126"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-3010t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8CA7DBB2-AF1C-4D24-86E3-172DA2D27384"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-3020t_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "491C54C6-1F1A-4C0C-9F1D-72C91EC5FF61"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-3020t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6C94D122-A1C5-4530-9649-48103499CBE3"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-3030t_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "C80E1E4B-7CF8-4D92-924B-DA359D749F97"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-3030t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BF7FF0A3-A502-4EAF-BAD2-09F0B5418ED3"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-3040t_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "960651F3-D195-414C-B760-EC42AA24CB14"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-3040t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "775BC262-8F33-4F4A-9363-284623DC83D6"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-3050t_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "5BBF5FB2-DC2D-4433-8097-AFE3897DEF82"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-3050t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CBA82BA3-E5C8-4DBD-8AB1-7BD153874D25"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-4030t_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "D4731C38-BA09-4637-9950-2C7DFADC8971"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-4030t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7D2397CC-21A4-419E-B228-1A5AE497308D"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-4030tr_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "B1EE8CA3-0A92-441C-8C7C-99927B2ED0BB"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-4030tr:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C63B385C-0877-49B7-BE20-215E9C91F854"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-4040t_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "E50EDD32-5C7F-4974-A1E9-99506E6E959C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-4040t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "00A19E58-D816-4F8F-81CE-201E7BBFEDF8"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-4040tr_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "A4E2569A-C830-4F9F-A2D7-7A59B38C7241"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-4040tr:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6824E33D-DDB9-439D-A11E-093572DC6CD0"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-4041t_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "1A5F9544-B307-4631-AB7D-D814CF8C4F31"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-4041t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "717A87BC-4EBA-414B-853B-7F8C75F72AA7"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-4041tr_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "86E638B4-71D1-4701-A5E7-F1FAF6931BE1"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-4041tr:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D140AA9D-4CBC-4D22-A171-594C31B2D1D8"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-4050t_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "A4063B30-65D7-494E-BA8E-2A765E3AFBB4"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-4050t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E4883BA2-83D6-4B35-BE89-331E8D8348B7"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-4051t_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "90843D72-E481-49F3-B99C-B41B1AA43DD1"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-4051t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2A6881C8-F81A-41C1-BEE0-7A64456319B0"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-6010m_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "28FA2D71-80FB-468E-97F9-AE02B6BA8336"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-6010m:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "736448EA-11AE-4054-9B21-8F11091D1240"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-6070e1w-z_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "EA12091A-0F0B-47D8-9687-8C17BBF0ACA7"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-6070e1w-z:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4FBA2412-E054-41B6-88A1-784F457D00DB"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-6070e2f-z_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "87D7D5AB-FF60-42B6-8D0F-A279B1FC8451"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-6070e2f-z:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C5065E1E-931B-4AD2-A70A-194B111AA16E"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-6070e2fw-z_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "8C7D7A31-68E1-425C-8BC6-18384F60293A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-6070e2fw-z:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F280C2FD-BF92-4DE4-BDF0-53F832A6AC85"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-6070ep-z_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "B2965BA8-B1DD-4BCC-933F-A713F611EE63"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-6070ep-z:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B12ECDAA-AFC4-4E30-9489-4FB1DA7BAD22"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-6320e1w-z_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "F46AAA55-CFA1-457E-B555-145195E1FE9F"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-6320e1w-z:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1E8DF89E-A912-4252-A7B1-6AFD48519AAA"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-6320e2f-z_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "DF9C6A4E-2FEE-4B8E-9570-4EB432D95C90"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-6320e2f-z:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "64DA2025-0A47-4972-B552-FA1D1AE38506"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-6320e2fw-z_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "E5DE1B59-665D-42F8-A1F4-F4266348B657"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-6320e2fw-z:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "63BDA059-618C-49F2-A93F-4A35AAD77DE8"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-6320ep-z_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "C3C0D456-717D-4202-94EE-D999BF9F421C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-6320ep-z:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A7275CFB-D9F0-4193-B5ED-3EE6910CE5D2"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-p9072rpt1-z_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "C24D77D8-992B-43AC-AA6D-8D591574C15A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-p9072rpt1-z:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "20ACB004-B330-44FE-81A8-CC22C23A7A10"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-q6232ept3-z_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "5F431434-37E4-4653-84F5-5ECBBD1A2C2A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-q6232ept3-z:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9F5F1517-D41A-4C04-8DC3-A99C58413857"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-x6072ept1-z_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "0F0E837E-6274-4440-B360-B3B643D25C34"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-x6072ept1-z:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EE58DB0E-619B-40B2-A3EB-149651191555"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-x6320e1wt1-c_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "8B3D5CA7-1E33-4253-BE9D-D17B2C00EA2E"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-x6320e1wt1-c:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "645A23CF-EAE5-4229-B6C6-935899844E85"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-x6320e1wt1-m_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "3FF9EF8A-B181-4C50-8C60-A08264C8ECC6"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-x6320e1wt1-m:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6073ED29-67A3-40A9-8510-3FA4C76ACFD3"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-x6320e1wt1-z_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "88604311-B68A-4114-9023-9AF9D3B78B3E"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-x6320e1wt1-z:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D0831922-C0FD-4B1A-B954-9681749205E8"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-x6320e1wt2-c_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "254BB231-CB5D-4CF0-9EFD-F07449F09B73"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-x6320e1wt2-c:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "26EB75D5-EB4A-4C87-8762-C0157515DEBE"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-x6320e2f2t1-c_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "8FC32805-9521-4CE6-BEAA-C38D1B465CE9"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-x6320e2f2t1-c:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1AA37135-09FD-4C5C-A97F-8CF3266BAA41"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-x6320e2f2t1-m_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "FBF2002F-82F6-4130-9B77-815EFC88DD31"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-x6320e2f2t1-m:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B58FF3AA-FF80-4C71-B582-776BABD36444"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-x6320e2f2t1-z_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "E5C85435-9D13-42F2-8DE3-556B795DDA58"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-x6320e2f2t1-z:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9EEEE94F-FE27-4E81-96B5-D69EAF82D4C8"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-x6320e2f2t2-c_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "BC5C852D-CA62-46F7-866A-8C3B8F9D3821"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-x6320e2f2t2-c:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F7D92565-83B4-4055-B407-B57F63418181"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-x6320e2f2wt1-c_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "71389285-36DA-4D4F-ACAA-B4FDE43635D4"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-x6320e2f2wt1-c:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1EF989CC-03B1-4F08-932B-B4495D631174"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-x6320e2f2wt1-m_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "FA3F8B17-4DF8-4EDF-BA08-66A6DC2B3FFD"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-x6320e2f2wt1-m:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "230DD943-79F5-48C7-9FC8-4E95D17781FE"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-x6320e2f2wt1-z_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "EDC25842-BD57-4D3F-927C-539FE1AAB6B6"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-x6320e2f2wt1-z:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0AD62781-C76E-4D10-87E2-3702E32EE581"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-x6320e2f2wt2-c_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "0D5A7035-0E95-4373-AD63-374F7B04E7CA"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-x6320e2f2wt2-c:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "ED51DDD4-7D94-4A50-8B1E-6CAFB9A5A10B"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-x6320ept0-c_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "3B179235-EB3E-437E-9942-53C8991D9C4F"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-x6320ept0-c:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1CF20020-8C82-43D2-8A80-EE9F295A760F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-x6320ept0-m_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "ACA31017-9884-4B0F-AF89-F27F22333F6C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-x6320ept0-m:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "27C8FBBB-E70A-4BA8-8DFC-8B8D8FD9BC15"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-x6320ept0-z_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "F489F46B-8518-4D3C-BCCA-15933905F380"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-x6320ept0-z:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1C55D407-B167-4BD2-A58A-74903F2C8F14"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-x6322ept1-z_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "1BF0FB75-E559-4977-A3DC-A9016EEA34C9"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-x6322ept1-z:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CE6FEC31-288C-40B9-AEA9-38219F54F1A6"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tno-x8072ept1-z_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "EA0BEB90-F80F-42F2-897D-0969DC008D24"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tno-x8072ept1-z:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A00C3932-0774-4FF1-B0B8-72D9C69FBAD1"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tnp-6320e1w-z_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "51F8FA1B-BCE7-41AE-A3DC-659FD5DEBD27"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tnp-6320e1w-z:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F3FA0291-1DDB-4258-8DE4-AF776A4E4528"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tnp-6320e1wf-z_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "587E2597-92D4-4739-BBBF-8E4F360D6239"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tnp-6320e1wf-z:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D462767B-B507-4459-9067-FDB7ACD9EB95"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tnp-6320e2fw-z_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "F2AD9AC7-BBAD-4A02-8378-B5C8A7F19DA4"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tnp-6320e2fw-z:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3AFEAEB7-8C87-4192-87F8-8DAF655AA914"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tnp-6320e2w-z_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "4F1068AF-D352-4410-A567-4ADA28BD6FA1"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tnp-6320e2w-z:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "95CFD839-9371-420B-9F10-0F27AFB24539"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tnp-x6322ept3-z_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "F084354A-3993-46C9-9FEC-A49476B39AEA"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tnp-x6322ept3-z:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D980531C-6FAF-4FF4-8B8E-6CC85D2E0842"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tnu-4041t_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "223FCC8A-7829-458C-AF17-ADDC73BC2EF6"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tnu-4041t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8F96B06E-BBA9-47D1-9175-EE8C77E8DFCD"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tnu-4051t_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "33F74CDC-5A64-4A29-A096-07499F0F417D"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tnu-4051t:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B0FA4D45-49B2-42C2-8C7F-3DEFED2CC27A"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tnu-6321_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "4BD765D9-8D19-4FA1-8BE9-43A53717939C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tnu-6321:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07898A72-5C54-45FB-B71F-5A88C25AD18E"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tnu-x6320e1f2wt1-c_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "8058C6D1-AE48-4A8B-A110-72B8002D8941"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tnu-x6320e1f2wt1-c:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7D8B4EE1-3A10-4327-A835-890E38A87923"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tnu-x6320e1f2wt1-m_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "C3833477-772C-4520-B1F2-19E2B21CC126"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tnu-x6320e1f2wt1-m:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2187CD1D-B3E0-45B7-9BB6-FF61F3D95458"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tnu-x6320e1f2wt1-z_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "66E03AA7-0EA2-45DD-8847-ECB8659DAF06"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tnu-x6320e1f2wt1-z:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "031810C2-B371-4C54-B263-171576DD752F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tnu-x6320e1f2wt2-c_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "7589D250-55EE-4056-814E-42A3EAF892E0"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tnu-x6320e1f2wt2-c:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "ED4AC0B3-C140-43CD-B831-DE23F50F4BF1"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tnu-x6320e1wt1-c_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "AC3FEE6C-655C-4DC8-866A-73C72075ACB2"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tnu-x6320e1wt1-c:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E74557EB-B688-4757-85D9-1452BAD3F23E"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tnu-x6320e1wt1-m_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "1FD951A1-ED75-41D2-9202-194401DB6B37"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tnu-x6320e1wt1-m:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "08A47CE8-7A17-477F-B2D1-B052C97397EE"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tnu-x6320e1wt1-z_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8DE05C2E-4402-4A14-B9D0-1B88394D024E"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tnu-x6320e1wt1-z:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "90D3EBBB-8445-4D67-83DA-E8D638DC9983"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tnu-x6320e1wt2-c_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "40A43B9A-4AAB-460B-A7A5-DD77047E7472"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tnu-x6320e1wt2-c:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "06F73029-25B2-4123-B305-4CF5C0607A84"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tnu-x6320e2f2wt1-c_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "AB0FB6B2-69E7-49BF-A371-2DC4D5B88D7A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tnu-x6320e2f2wt1-c:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C5856B55-8500-4B85-81B5-E9C0D54911DC"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tnu-x6320e2f2wt1-m_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "2F18D7BC-76F1-48E3-94FF-8199FBFCF9EB"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tnu-x6320e2f2wt1-m:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "72552856-26A2-4820-9400-7BF6D6938989"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tnu-x6320e2f2wt1-z_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "A8668760-DE44-45E0-953B-EC6A539107C4"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tnu-x6320e2f2wt1-z:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "996584A8-BA51-4219-996C-DB10A4AB81D1"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tnu-x6320e2f2wt2-c_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "8EDEF0CD-3439-45B8-80A7-48B5AF7A905E"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tnu-x6320e2f2wt2-c:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3059EF50-E24E-4971-A70B-5794523C65CC"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tnu-x6320e2wt1-c_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "A3C5588B-7230-4BE5-83DD-051CFFAF151E"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tnu-x6320e2wt1-c:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6EBBB972-FF62-4448-AC45-0D6AA2CA85AB"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tnu-x6320e2wt1-m_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "3B24AE79-6772-4ECD-96FA-B4D6EBD76309"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tnu-x6320e2wt1-m:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "29DCABC8-0EA2-418A-A33E-C7FD79D65A4A"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tnu-x6320e2wt1-z_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "CB17BC5E-1E75-471C-959C-515F961921F4"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tnu-x6320e2wt1-z:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E5D0B221-E052-4D6F-AE24-A9AEB71EB547"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tnu-x6320e2wt2-c_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "EA0BD980-88F5-4EAA-8488-56CBD3A75B83"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tnu-x6320e2wt2-c:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3F81E31D-6F8C-4987-AC1B-28658635954B"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tnv-7011rc_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "545DE1C4-919B-414F-8FAE-AFFBFDD766FC"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tnv-7011rc:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07C83D42-8E3E-4259-8B19-350C88F4EB66"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:tnv-8011c_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.12.00",
+ "matchCriteriaId": "52705E0C-F11F-4472-958F-B4A9C65F7442"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:tnv-8011c:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "965216D0-E0DD-4769-9D3A-C96A00C8A1A3"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnb-6000_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "C3945160-02BE-4911-B0D4-BBDB436F23CE"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnb-6000:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9967A0E9-CF3D-48B6-B270-D44B8C6E53CE"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnb-6001_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "91987151-5AA6-4643-AA99-C1ADE1EA1BEC"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnb-6001:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4CC8014F-388A-4C09-AD63-9B9529B4A609"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnb-6002_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "93673F3F-7F89-434A-8563-2FAE616E0D44"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnb-6002:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D6248B68-AF0D-409A-B1C1-1CA7E18E87B7"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnb-6003_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "E29F7954-73F3-42A6-AEDD-D8BE196C9468"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnb-6003:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "25316105-0BF7-4C55-BF5E-C7EC1A5C9253"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnb-6005_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "FFC6CD91-D11A-43D0-8318-1BB2B418C6A7"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnb-6005:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "18C480C5-6E23-45C7-9AB1-B9249F79FE6C"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnb-8000_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "B4CCEF7E-BEF9-4B7B-9307-07966C83010A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnb-8000:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B4A0C963-C740-4A42-B0A3-B8075BF51665"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnb-8001_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "7512F0E0-92D9-45A5-941D-582FA4525222"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnb-8001:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4A25B688-BBD4-42E4-9763-39261C354C82"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnb-8003_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "83DA8793-A107-4957-9678-436904A4F282"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnb-8003:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "96CE223D-2586-4DA5-876C-B7D164B4C9E2"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnb-9002_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "9057B014-473A-465F-94A3-0D24B5A9A5F3"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnb-9002:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A2246EB8-B987-4111-8EC8-4227E2AFF757"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnb-9003_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "31C68C69-6939-4EB6-9FB2-83490632B5C6"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnb-9003:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E8EEC21D-C5C1-4619-90EF-8B9D71B3BFBB"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnb-h6240a_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "7846F838-FF11-4E64-97C8-CAE09E3A5E8D"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnb-h6240a:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EC153596-AE10-4019-A211-71242BAA4D6F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnb-h6241a_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "75B49DB4-10FC-4074-918B-33AC9E488513"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnb-h6241a:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BF9A860F-4A38-47B0-A50C-16082EBE56C2"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnb-h6280b_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "FC016ED2-CE61-4CAB-8482-34BFA0D4D1B8"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnb-h6280b:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7D01D014-CEB0-4730-94EA-EB6AC0BD77B5"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnb-h6461h_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "E945ECCF-9526-4C98-AA57-D2BEDA52BED6"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnb-h6461h:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1E5D5C06-A8CF-440F-874D-BA2C5435F414"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-6010_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "5799E060-FB84-4E94-A16C-E106353116FA"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-6010:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "278BDAB6-18CE-42EC-9ACC-9BA36B1E6552"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-6011f_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "EBB1A109-F2CB-4FD2-81F9-5B1423E94A25"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-6011f:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AC5CD398-8C7F-45C7-8763-C2E7E26F35A9"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-6020r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "3F876E50-07D6-4669-878C-2A30CD9A0AEA"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-6020r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "ED50558B-3812-4951-8564-8E4CD814C539"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-6080rv_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "AC836A4A-105C-47D3-8D94-4433389AF2D0"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-6080rv:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "256326C4-6D46-4C33-AAB9-FA34D404419D"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-6080v_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "8554F86C-C988-4AA3-97B7-EE7E0CB2AA06"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-6080v:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "13DF906B-865A-46F2-A74D-B2FC6F80F593"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-6081f_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "7D88799C-C4F3-446C-AB08-7806D1512501"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-6081f:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B4F58959-65E6-4E3D-955E-EE476E60D49C"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-6081fz_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "10C83B63-46A8-4A1D-B191-FE8D48430BDE"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-6081fz:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BC74B4DE-250C-4F49-A489-F096BD7CE504"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-6081rev_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "1DDCB494-7689-4977-9E10-85615DEA9196"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-6081rev:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "26FB13FE-E77D-4A70-86E4-C098D624753E"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-6081rf_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "E227C848-3F5B-4A2D-A397-1C34CF00584A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-6081rf:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9B0380FA-ACAE-45FA-8AD3-A3D98C28E3EF"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-6081rv_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "9FEEA3D7-B039-4A86-A7FD-B6795E57D215"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-6081rv:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "176C4215-7997-4F73-9E4F-878B4E1EF31E"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-6081v_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "0405252F-FAC8-42ED-A6E6-A70FB9946F80"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-6081v:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F1DED571-DD7E-404C-8A50-15E8ADCB7138"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-6081vz_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "242AA7E3-D986-49AE-B8A6-B8F5B67943DA"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-6081vz:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "34749104-C860-4D00-93D1-569444FF669A"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-6083rv_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "621B2CCC-0722-4DB1-8B4E-F89D7EC09BFE"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-6083rv:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6AC03D00-D24F-4445-A059-898A9CEC8B11"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-6085v_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "6906432B-4E95-4DB8-849E-AC2A78C78FCF"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-6085v:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "84541223-76C6-48CF-BB05-55AE4BDBF946"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-8020f_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "D883CC1C-B158-49A9-9D65-76BECDB901A8"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-8020f:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A6BB8327-031E-4616-A71C-9CA273BE21EE"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-8020r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "33C193D8-0E60-4306-A20D-58BE6FD40276"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-8020r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8C670916-FEB4-4033-A517-7E4646D2CEC9"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-8030r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "3DE238FD-982F-4A77-A895-BCB4B2C1A868"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-8030r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6C56CFAE-14EE-4439-937D-F7487CDDE038"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-8040r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "612803AB-389D-4216-969C-1212EE1125D2"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-8040r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "876E943F-2FDD-4E9C-9495-B6942B8586B4"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-8080rv_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "DEF1F73B-630C-4D7C-A220-BDDFF158DF66"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-8080rv:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4C3794FC-A140-49D4-BED8-EECD3993F337"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-8081fz_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "5136046F-2BF6-4A77-A22C-4D794EF472FE"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-8081fz:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DAD0DDCF-CEEC-41D8-B944-E4EF9EAAD2E7"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-8081rev_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "195DB40B-D79A-47E1-BB6E-35EB6A0998EB"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-8081rev:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8EA7703C-4E30-4748-8F5A-9099A9A67078"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-8081rf_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "BCDD703C-BE1B-4760-84A4-01E8DC147739"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-8081rf:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "62FAE65B-DCD2-4CEE-9D59-42D4114300DE"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-8081rv_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "49CFCBAB-BC2D-4F14-84A7-161FD38371A6"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-8081rv:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "19C2FA27-3BAA-4065-BD83-A960235E1EAD"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-8081vz_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "70D7330E-6A71-4A86-B079-149A949F1401"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-8081vz:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AF8701F4-EBB5-43C5-9091-DBE55A6731DE"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-8082rf_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "AB57BFF0-8500-4105-A2EB-2AC6959ED032"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-8082rf:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "093E755D-2BEF-498B-BD9C-DFE86E75299A"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-8082rv_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "400780E3-2668-4827-8CC9-B248FDD79F0C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-8082rv:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "590C2E8E-3871-4757-91CF-93036BFA176E"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-8083rv_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7899B183-E160-4AA3-8185-BFC8C4BD1E27"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-8083rv:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EEAEFCDB-711D-453D-A747-29CB4882B5E3"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-8083rvx_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "0068F87C-D18B-449D-A74D-81A8F88ED9C0"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-8083rvx:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AF90704F-A23D-4E4C-9AC0-295AA8D38676"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-8093rv_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "8CC2E9DC-0D7B-4411-8E3C-14A9864B034C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-8093rv:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0FF215A2-8931-48D5-A3E6-F2EAB5043CD8"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-9082rf_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "85A70A5F-3554-44A2-A546-013ACC9102CE"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-9082rf:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0A3B216D-B3EB-4642-978A-A7E4ACBD8D39"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-9082rv_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "FA653BF6-18C3-45FE-A1A7-F14BE1CC2271"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-9082rv:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BED1F349-7606-40AE-B18D-D04A24062BC2"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-9083rv_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "0180C344-9345-496C-90CE-D160DDEBE3D1"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-9083rv:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E8423C48-D75F-4C57-9D38-266F72FC0F68"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-c6083rv_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "770E53CF-3ADF-4F07-A277-B04176A7AF2A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-c6083rv:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8A4DB543-13E7-44D7-9E95-1A316930A002"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-c7083rv_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "1B08BF01-01DD-46A6-A82D-A7EF77E6A453"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-c7083rv:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "ECD81BF6-9034-4401-939C-967A4A6AD5C2"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-c8083rv_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "20E6375B-FAA8-4563-B328-2AF1E6B7D413"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-c8083rv:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "90CFB153-0D7C-43E8-9462-51857E4FCABB"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-c9083rv_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "AAC23A01-8AF2-430F-8BA4-418AF41B4FF0"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-c9083rv:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9E7BE2AE-1B8C-438F-A04F-530AA1C04DE2"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-l6080rv_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "D901EE2B-0055-46B0-A0FA-B4DFB47F3595"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-l6080rv:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B4446767-7337-46BA-A6CB-DF61B141DEB9"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnd-l6080v_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "739BD44E-D7B1-47CD-B3C7-BCE7AA33979B"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnd-l6080v:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "ABA6A42B-4111-420E-A15C-83A047E001F4"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnf-8010r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "CA7DD9D9-8580-481E-8050-6071BEA38833"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnf-8010r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "000E110C-15E3-4767-B38C-289195B92EB2"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnf-8010rv_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "4FA9BF9E-448A-471A-99E2-B6CACEC08C33"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnf-8010rv:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "179DFC2E-E029-4585-9EB7-B0D44657E84F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnf-8010rvm_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "B6429F81-A930-4C8F-B70F-BE1538989052"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnf-8010rvm:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B62C0DBF-CB42-4566-A4A8-5F8D14F623FC"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnf-8010rw_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "20718652-645C-4709-B99F-0CC1362D745A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnf-8010rw:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FBBE8A85-2EB2-4CD4-8173-007839F11D95"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnf-9010rs_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "35616095-BD0C-4A44-B52A-B1483BB72679"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnf-9010rs:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A48F5247-1F0E-4965-95CD-C9B383A45AC9"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnf-9010rv_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "9F45F480-40D9-47A6-96FB-F18B4E2BE653"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnf-9010rv:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "386E8E1E-ADB6-454D-9517-5DBC4876526D"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnf-9010rvm_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "0913FF62-7C9F-4670-BFAE-DB3BDCA34194"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnf-9010rvm:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8C6D5E3F-58D6-4269-A9EE-3F5AB8F73B7F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnf-9013rv_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "63472245-53C4-40EB-91BC-1971208A4A1F"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnf-9013rv:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4012B012-B6D1-4601-A8DE-6F76889E03C9"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xno-6010r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "E89D0DF7-57EF-46D7-9767-59B1BB9BFD04"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xno-6010r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A06BA3FF-2002-4D43-B5CC-7B8592A8A6B1"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xno-6020r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "970BDE30-0A91-4E0E-B70F-2949F441B97E"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xno-6020r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "24480D60-02B9-425D-B6A8-8B7D0A7450B8"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xno-6080r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "6631CBE6-55B3-4A8C-9DDE-17B9FFF27961"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xno-6080r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5B50CBF9-EF20-4FCB-B61C-16D8112128D0"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xno-6083r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "9D6A4068-B931-4B1A-8334-BDC2426F0958"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xno-6083r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4651DAB6-06ED-4CB0-A116-33908DDBBAB0"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xno-6085r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "77243A17-D6F6-4A1B-BD8B-F000C01C6D2C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xno-6085r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "95A5DE23-60F9-4A9D-985B-9BC5487DC102"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xno-6120lpr_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "FDF9DF9C-7A95-4AA0-BA07-2075876E4C8D"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xno-6120lpr:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "79AA00C0-95A0-450B-8254-F61E650659B8"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xno-6120r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "BF810F11-A51B-468D-8491-BADAF8096A4F"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xno-6120r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "56EE0FD8-2A81-4158-AC72-5C5D932B927F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xno-6123r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "57D442BE-2505-460C-B701-26F2995ED9AE"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xno-6123r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CF32A61A-C29D-4357-8593-DBA06165548F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xno-8020r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "6C1DBEC9-8311-42F1-878E-5A543F9D836C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xno-8020r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E5EDA6B8-A1A5-49D4-A92B-BE56CEB5FA6D"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xno-8030r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "0A1D697A-BD73-4E3C-92F5-D565291C7575"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xno-8030r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BC046712-264A-4DD7-936B-86D001BC07FE"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xno-8040r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "8BAC811A-C9D0-47D5-AF17-CF7B8C0EADBE"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xno-8040r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB2AF60D-0C2B-4620-9928-2B7CF1862985"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xno-8080r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "16CC63BB-CB58-4693-897D-55AE7368967D"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xno-8080r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7DF4E6F6-DA4F-49F2-8695-8A52F8C3DDDF"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xno-8082r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "84E27C27-BE11-413D-AAE7-BA623B5CA01B"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xno-8082r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "92B7ED6A-1230-4746-AD8A-A55C384EBB6A"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xno-8083r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "9A3878C7-FDD0-4B06-9738-3C13DEB13985"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xno-8083r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "40C894BF-BDBE-4F22-A4B9-C71DA4FDE353"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xno-9082r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "71CF2B9C-3D02-45F2-BCF9-6BA848283A25"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xno-9082r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6D3E97A3-EFD1-4753-BF3D-81868414DE03"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xno-9083r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "CE967E5B-98A7-49D1-9D52-61148F8E52F0"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xno-9083r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C770BA25-40CB-4AB8-BD11-CA3EFD9B70C7"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xno-c6083r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "325FAF88-5DBC-4093-87F0-A4E510D9269B"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xno-c6083r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A0A4851D-31F8-4355-A784-4F16AEFEFBBD"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xno-c7083r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "45B19A31-6497-483D-889C-43F4B2270E41"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xno-c7083r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "36F94E0C-D7C9-4113-AFFE-8C7125A9E058"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xno-c8083r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "EAA0DE7F-37B2-4B57-82ED-86737B963C1F"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xno-c8083r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1810EB17-B9CD-4443-8134-90550AF8F258"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xno-c9083r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "9CFE620B-2AA3-44B2-A9FE-5C176E06A6A1"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xno-c9083r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "10C58FC0-098B-4E09-A6DB-3763FC3E5246"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xno-l6080r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "BF9CEFE1-5EC5-4970-8B62-7273429AC18E"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xno-l6080r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "84C12AB6-6789-48FB-AFF4-E1651F48CF0C"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnp-6040h_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "572BE524-BA38-44A0-B4CD-0ADA6DD0E237"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnp-6040h:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "00FC59DE-4D20-4A8D-A61E-FC82BCF00B55"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnp-6120h_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "65CB6D9D-4C40-4549-A8B1-F3320D663380"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnp-6120h:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "945C8E68-0787-44B0-AF8F-9BD4E7427CA8"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnp-6320_firmware:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "2.22.00",
+ "matchCriteriaId": "F58AC9B8-D089-4E1E-BB16-F5896A65578D"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnp-6320:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1FB64E73-C019-461F-ACC6-92ECCC3F3B24"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnp-6320h_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "A02CBBF1-F803-4A7E-BD47-DE4BCBEC1F2A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnp-6320h:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "15FAC6D6-F661-4C53-92C2-CFF7147A3102"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnp-6320hs_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "1317C94C-C14E-49F8-BE96-378B2A8BBD89"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnp-6320hs:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "282451CC-4369-4F03-BB23-6A1BF47AE8A9"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnp-6320rh_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "6C00329C-B84A-429A-A1AB-984D9B03D6FE"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnp-6320rh:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0DE56033-F281-45F5-91EC-EAC3A7661138"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnp-6321_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "7097BDA0-E34F-4E07-AF40-6B8CB7C0D0B8"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnp-6321:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C19E0D57-5671-409A-9BB8-E777BFC534DD"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnp-6321h_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "44AD019A-8899-4A06-B5F0-522E5643BD79"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnp-6321h:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0D9581CF-EC85-464C-883C-6E029DD0A596"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnp-6370rh_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "AE5525B4-0606-4119-B739-09F6D647F3E1"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnp-6370rh:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "51DF9E39-442B-4F9A-A1A6-A9323D950CEB"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnp-6371rh_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "BA5BF055-5C45-409B-A55A-555F3B4989C1"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnp-6371rh:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7F51B91A-93B6-4FE0-97B0-F36D3ACA3297"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnp-6400_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "D41D27A4-6FAE-4A9B-B8B3-529C50C2A65B"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnp-6400:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E4325630-002B-4E98-8251-B605E1BF274B"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnp-6400r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "8C61C9FD-01DC-4552-ABA7-D9B11C3F5B3D"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnp-6400r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C01253DB-D9EB-48A3-8D26-FA4F7A025A59"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnp-6400rw_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "7579942D-8535-409D-A74C-6B92FA400C97"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnp-6400rw:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F91FB4B5-47DA-4561-B14A-2383CCA95B58"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnp-6550rh_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "5FCC44DA-94A7-42A7-A12D-94FB030791E1"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnp-6550rh:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1599BDC4-43E9-40C3-B784-725BA12715EB"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnp-8250_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "31AF4C6D-3047-4BBD-B988-E0B476E968B2"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnp-8250:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0D372E92-3081-4FEE-B727-36A17E6FFAEA"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnp-8250r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "076C1A72-53F4-4D68-82DC-04533E8533E2"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnp-8250r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "941EA6D2-CBEC-4BEC-87D9-C645730DCC15"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnp-8300rw_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "F7B9C371-81CC-4EED-9C6D-CF6FC56399EE"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnp-8300rw:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "342500A9-A416-4908-A1A8-4E217175927E"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnp-9250_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "CBFC364A-B2EC-43C0-8D83-35B485732D26"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnp-9250:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CDC5A7C1-414F-4D14-A1C7-C9F79B1E3F87"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnp-9250r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "C1F16C3A-98F6-40D6-8412-D60C46892B9A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnp-9250r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "95697329-6AFD-4948-BAF8-C7F3FA2C44D9"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnp-9300rw_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "28EE8BE9-CADE-4490-AE64-7C90E13A213E"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnp-9300rw:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AE3C4083-3D29-4BB2-B89D-20E48DFFA64A"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-6010_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "9B69D955-5A7E-4A02-A9AD-51B2221C703E"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-6010:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0B517C8D-58A2-4D3D-9716-1AD518667D3E"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-6011_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "4D677EEC-9F60-4177-A8CB-70EBCDE39308"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-6011:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "36250A6C-DA0E-4CBF-8135-5E004C107EF9"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-6011w_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "6AF877B1-F1C1-4F97-91CF-68CA0EAE8F35"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-6011w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "92CA4632-610B-4D2B-9564-98852DC5F2D7"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-6012_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "7C42791B-5346-4F0C-B283-773CB32CA73E"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-6012:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A988547F-E25B-4113-8A4D-69E45A1FB76E"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-6012m_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "BE889909-942A-45D5-91AD-CB2FD0BA4C6D"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-6012m:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C776BC62-7857-40A1-B484-00C4AEB2C7BD"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-6013m_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "4A559598-6896-49F4-BBB5-C033B2DC1A0F"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-6013m:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F861E136-E280-4EC2-926F-37741E3FEBDC"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-6020r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "F03D4F1C-332A-479E-805E-FA6FAE4652C0"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-6020r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2AA99F7B-F361-450C-9A83-8DF00B02681B"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-6022r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "90BCACB6-6655-4992-922F-B06D22CED49D"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-6022r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6060D7C2-1B21-4289-B05A-59BDE1C117B4"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-6022rm_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "34B0C6EC-4612-4A83-8EDD-50B2282BB786"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-6022rm:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4F5A6F1C-7615-47D4-AD4E-5F7CB4756C01"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-6080_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "136E9C96-7AEA-4D43-94F2-402FC26199F1"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-6080:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "346CD10E-20A2-4931-B820-8810F98DF643"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-6080r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "C63DC2E3-2562-403C-9089-8AEE07C56F4B"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-6080r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7BF69BDF-2BA4-4630-BA27-D1384641C5ED"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-6080rs_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "5DC43154-5BB5-4D6C-9D73-A681C0125B80"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-6080rs:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A2DE8422-E191-4A9A-9265-14353F174193"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-6080rsa_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "97E47808-D7B5-4F4D-8CB3-4812E6603EAE"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-6080rsa:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6AA5DE00-FCEE-48BB-B885-07F4802DCB39"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-6081_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "28166947-7A5F-4408-864B-5838506E44F2"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-6081:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3C02814D-8F43-46C6-BFF3-F864C74C36AB"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-6081r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "2B85266F-1DD1-4E16-A75B-4127015D44E8"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-6081r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BD6AB1DE-D9C9-4004-9DA8-B0E3C5E63463"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-6081re_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "25C1E7D3-00A4-4614-948E-CB498D034B1D"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-6081re:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "68BEBB63-6B7A-4C9C-990A-1CA4B250556F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-6081z_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "5AA14201-BAA4-4E19-A38D-0B32B65610C7"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-6081z:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F6B998A5-FA1B-4633-9439-0DC923FE16A8"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-6083r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "D9EFD7C4-6BF0-4D24-BBF0-4B062B733D0E"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-6083r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "64A4F07A-B602-4C83-B0A7-3E36C9CD8817"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-6083rz_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "965B436A-1053-49E0-B98B-12DF52B31532"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-6083rz:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1412AE8A-6410-4264-A761-44826A5A5432"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-6085_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "703F2E44-E352-4358-AB5F-C3576E980505"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-6085:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "755E1D51-D02D-4F02-BF83-2F74F2CA390E"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-6120_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "EECB0A0E-BA05-48A2-8ABE-C2198E72E561"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-6120:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BD32998D-ECE5-4867-ABC0-E6CD47C9E108"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-6120lpr_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "ED47A6C7-BDC3-4291-B65D-91F848E17BE3"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-6120lpr:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1E943013-90B3-45D0-A3F6-A087FE677D9C"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-6120r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "2908DC6F-560E-46C8-B472-5250DFAAF861"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-6120r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4AAB9DC2-2341-4C14-90E3-9D6D98F1FE36"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-6120rs_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "147DBC76-8A74-473E-9F74-E01B08223473"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-6120rs:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F02C5CFE-0D47-4B53-9C51-F83F225F8DA5"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-6123r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "86C06F13-1905-417E-9281-8CB3B8D49E32"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-6123r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EA08F88E-A9EE-4E09-AA2C-F454B4996917"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-8020r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "6D0F68FD-12C4-411F-845E-4A65FE7A7B7A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-8020r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D44B81BC-5F54-4B1F-94D7-5ED983AE0CA1"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-8030r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "3ACFF5D4-6239-465E-9C8E-A2BF23DBC5AA"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-8030r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "505AC48B-3749-4988-B1B1-974A2977F181"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-8040r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "6BCE5ABA-6BDC-46AC-966F-92B1BE8D1454"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-8040r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "12FF3914-C414-44EC-9AEC-926CDC47DAB4"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-8080r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "4DD097BF-7647-4765-9AFF-28EFA01E70C5"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-8080r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1C5B0F47-0EDF-4047-A0AA-EC6A35F85138"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-8080rs_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "4BA75056-4252-458C-9194-9F363A8E2FD8"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-8080rs:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "97C577DF-3DDB-4F7E-89FE-A46FCEEAA47A"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-8080rsa_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "F045799C-B727-4EDC-BB15-AA8BF240B0E0"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-8080rsa:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "047C882D-8337-4CB8-BC72-18937CA0A895"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-8081r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "DE11E30C-AED6-46AF-B909-E569D9E07E46"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-8081r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "94EDA190-EB6B-436B-818A-609E78D283D7"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-8081re_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "8E64AB2F-3386-49CB-B067-709351B0D0FA"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-8081re:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4E0FCEBA-1AE7-4878-88C8-FE99BA5460E2"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-8081z_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "9FE2FE95-C7CB-483F-99AB-DB1FA38AA206"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-8081z:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EB85D6B5-9C0F-4B17-9F82-0F348143B0A3"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-8082r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "EBB834AF-5676-4000-8F8D-185388A830C9"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-8082r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "863CB58A-9AB6-48BF-95D0-E13990707971"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-8083r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "A01388E0-6A73-41D9-8428-357198B22BF0"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-8083r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A783694B-9442-49DD-80B4-A3DBB4C2B6E5"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-8083rx_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "99C72623-C9BF-4372-9613-2514B6EDD2C9"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-8083rx:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "339F06B3-D555-421D-B6DB-7DD872BDA2BB"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-8083rz_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "84914CC7-8202-464D-92BD-FACB3228F67D"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-8083rz:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "737819AC-DEB2-49DF-9353-F8F9B200754D"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-8093r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "1E8B14B9-3C40-478D-AF31-8904AD781568"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-8093r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C45BE003-F804-439B-A9BB-A651B0643D1D"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-9082r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "FC3B8B3C-B69E-4636-9BFF-938ED3D8CA44"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-9082r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "49769129-9803-43B4-988D-6C02850F3E64"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-9083r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "067DB4F2-4B86-4712-B4A8-4BD570054986"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-9083r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1DF12609-05A8-4A88-A58D-136C01152D98"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-9083rz_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "77A4CA00-EA46-494F-9115-AA5B63510C2D"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-9083rz:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2FC7ADA6-CA39-4875-A06E-51BBCFBC31F4"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-c6083r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "D68DDCDF-9715-46AD-A0EE-847BCB8B5BA9"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-c6083r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "76DB62A2-3FE1-40DC-A819-2904EEBFE320"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-c7083r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "606ADE02-E476-44B5-8318-6FF670D249C2"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-c7083r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1A060AFF-0863-4B46-9EC2-03E35CA85D4B"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-c8083r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "9F76CFC9-6B94-40E4-A922-1A3C0D895511"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-c8083r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "30183427-F4C9-4C5A-84AD-5826D1B2EA9A"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-c9083r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "7F376AC3-C381-4463-8632-71B3BC1325F6"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-c9083r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C638802C-5045-4815-BF0E-F44B6457E6FD"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-l6080_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "2D3B9FC8-7FDC-4DC3-BABA-0B8DDACDA746"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-l6080:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "264427C6-C186-4605-8E5E-08B48E2ED217"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnv-l6080r_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "E483D197-BA5D-466D-AC5B-8D2D3EAFBF77"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnv-l6080r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B5B4A68D-A6B6-4EC4-818F-8D50D2DBD5BF"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnz-6320_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "4DEA4A47-CC3A-4BF4-B101-03E79891F22D"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnz-6320:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E3D7C5D3-A65B-42EC-8000-D88C281D7BFF"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnz-6320a_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "F575E2AF-A646-4F42-BC93-FFE78B889232"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnz-6320a:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8AFC436D-E6B3-46D7-9252-7399BCEB016D"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnz-l6320_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "4B997D4C-AD10-4B88-8A71-7DE17D16812F"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnz-l6320:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BFB51EEB-936C-43E9-AAC2-C9B0E626A32D"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hanwhavision:xnz-l6320a_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.22.00",
+ "matchCriteriaId": "16BA6713-BCBA-4F7D-A24D-965B6759C4A2"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hanwhavision:xnz-l6320a:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4F74998B-50FB-4E84-A9BF-4AD9D9184891"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://hanwhavisionamerica.com/download/50042/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.hanwhavision.com/wp-content/uploads/2023/04/Camera-Vulnerability-Report.pdf",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Broken Link"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3111.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3111.json
index 4ec8f7bb2fb..714acfb86c0 100644
--- a/CVE-2023/CVE-2023-31xx/CVE-2023-3111.json
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3111.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3111",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-06-05T21:15:11.377",
- "lastModified": "2023-06-05T21:15:11.377",
- "vulnStatus": "Received",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3119.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3119.json
new file mode 100644
index 00000000000..c109f76fe8f
--- /dev/null
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3119.json
@@ -0,0 +1,92 @@
+{
+ "id": "CVE-2023-3119",
+ "sourceIdentifier": "cna@vuldb.com",
+ "published": "2023-06-06T11:15:10.063",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A vulnerability, which was classified as critical, has been found in SourceCodester Service Provider Management System 1.0. Affected by this issue is some unknown functionality of the file view.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230798 is the identifier assigned to this vulnerability."
+ },
+ {
+ "lang": "es",
+ "value": "Se ha encontrado una vulnerabilidad, clasificada como cr\u00edtica, en SourceCodester Service Provider Management System v1.0. Este problema afecta a una funcionalidad desconocida del archivo \"view.php\". La manipulaci\u00f3n del argumento \"id\" conduce a una inyecci\u00f3n SQL. El ataque puede ser lanzado remotamente. La vulnerabilidad ha sido revelada al p\u00fablico y puede ser utilizada. El identificador asignado a esta vulnerabilidad es VDB-230798. "
+ }
+ ],
+ "metrics": {
+ "cvssMetricV30": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.4
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+ "accessVector": "NETWORK",
+ "accessComplexity": "LOW",
+ "authentication": "SINGLE",
+ "confidentialityImpact": "PARTIAL",
+ "integrityImpact": "PARTIAL",
+ "availabilityImpact": "PARTIAL",
+ "baseScore": 6.5
+ },
+ "baseSeverity": "MEDIUM",
+ "exploitabilityScore": 8.0,
+ "impactScore": 6.4,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": false
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/Service%20Provider%20Management%20System%20-%20multiple%20vulnerabilities.md",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.230798",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?id.230798",
+ "source": "cna@vuldb.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3120.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3120.json
new file mode 100644
index 00000000000..a1c59394e42
--- /dev/null
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3120.json
@@ -0,0 +1,92 @@
+{
+ "id": "CVE-2023-3120",
+ "sourceIdentifier": "cna@vuldb.com",
+ "published": "2023-06-06T11:15:10.223",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A vulnerability, which was classified as critical, was found in SourceCodester Service Provider Management System 1.0. This affects an unknown part of the file view_service.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230799."
+ },
+ {
+ "lang": "es",
+ "value": "Se ha encontrado una vulnerabilidad, clasificada como cr\u00edtica, en SourceCodester Service Provider Management System v1.0. Esto afecta a una parte desconocida del archivo \"view_service.php\". La manipulaci\u00f3n del argumento \"id\" conduce a una inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. La explotaci\u00f3n ha sido revelada al p\u00fablico y puede ser utilizada. El identificador asociado a esta vulnerabilidad es VDB-230799."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV30": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.4
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+ "accessVector": "NETWORK",
+ "accessComplexity": "LOW",
+ "authentication": "SINGLE",
+ "confidentialityImpact": "PARTIAL",
+ "integrityImpact": "PARTIAL",
+ "availabilityImpact": "PARTIAL",
+ "baseScore": 6.5
+ },
+ "baseSeverity": "MEDIUM",
+ "exploitabilityScore": 8.0,
+ "impactScore": 6.4,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": false
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/Service%20Provider%20Management%20System%20-%20multiple%20vulnerabilities.md",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.230799",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?id.230799",
+ "source": "cna@vuldb.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3121.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3121.json
new file mode 100644
index 00000000000..5bd1580f419
--- /dev/null
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3121.json
@@ -0,0 +1,92 @@
+{
+ "id": "CVE-2023-3121",
+ "sourceIdentifier": "cna@vuldb.com",
+ "published": "2023-06-06T11:15:10.337",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as problematic. This vulnerability affects unknown code of the file /ipms/imageConvert/image. The manipulation of the argument fileUrl leads to server-side request forgery. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230800. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
+ },
+ {
+ "lang": "es",
+ "value": "Se ha encontrado una vulnerabilidad en Dahua Smart Parking Management hasta 20230528 y se ha clasificado como problem\u00e1tica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo \"/ipms/imageConvert/image\". La manipulaci\u00f3n del argumento \"fileUrl\" conduce a la falsificaci\u00f3n de peticiones del lado del servidor. El exploit ha sido revelado al p\u00fablico y puede ser utilizado. El identificador de esta vulnerabilidad es VDB-230800. NOTA: Se contact\u00f3 con el proveedor en una fase temprana acerca de esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera. "
+ }
+ ],
+ "metrics": {
+ "cvssMetricV30": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.5,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 1.4
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
+ "accessVector": "ADJACENT_NETWORK",
+ "accessComplexity": "LOW",
+ "authentication": "SINGLE",
+ "confidentialityImpact": "PARTIAL",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 2.7
+ },
+ "baseSeverity": "LOW",
+ "exploitabilityScore": 5.1,
+ "impactScore": 2.9,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": false
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-918"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/RCEraser/cve/blob/main/DaHua..md",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.230800",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?id.230800",
+ "source": "cna@vuldb.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3123.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3123.json
new file mode 100644
index 00000000000..9f762cf21a5
--- /dev/null
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3123.json
@@ -0,0 +1,15 @@
+{
+ "id": "CVE-2023-3123",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-06T14:15:12.877",
+ "lastModified": "2023-06-06T14:15:12.877",
+ "vulnStatus": "Rejected",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "** REJECT ** Duplicate Assignment."
+ }
+ ],
+ "metrics": {},
+ "references": []
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3124.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3124.json
new file mode 100644
index 00000000000..4ee3292c9b5
--- /dev/null
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3124.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-3124",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:15.970",
+ "lastModified": "2023-06-07T02:44:48.507",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_page_option function in versions up to, and including, 3.11.6. This makes it possible for authenticated attackers with subscriber-level capabilities to update arbitrary site options, which can lead to privilege escalation."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/high-severity-vulnerability-fixed-in-wordpress-elementor-pro-plugin/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/570474f2-c118-45e1-a237-c70b849b2d3c?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3125.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3125.json
new file mode 100644
index 00000000000..3366138ba9a
--- /dev/null
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3125.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-3125",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:16.027",
+ "lastModified": "2023-06-07T02:44:48.507",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The B2BKing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'b2bking_save_price_import' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions to modify the pricing of any product on the site."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-b2bking-plugin/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://woocommerce-b2b-plugin.com/changelog/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b3f2c4c3-73d6-4b3b-8eb3-c494f52dc183?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3126.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3126.json
new file mode 100644
index 00000000000..76e797dba5b
--- /dev/null
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3126.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-3126",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-06-07T02:15:16.093",
+ "lastModified": "2023-06-07T02:44:48.507",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The B2BKing plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'b2bkingdownloadpricelist' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions to retrieve the full pricing list of all products on the site."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-b2bking-plugin/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://woocommerce-b2b-plugin.com/changelog/",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d2e3ac14-1421-49f0-9c60-7f7d5c9d7654?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3140.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3140.json
new file mode 100644
index 00000000000..73ba8acc4ed
--- /dev/null
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3140.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-3140",
+ "sourceIdentifier": "security@knime.com",
+ "published": "2023-06-07T10:15:09.770",
+ "lastModified": "2023-06-07T12:52:33.093",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNIME\n Business Hub before 1.4.0 has left users vulnerable to click \njacking. Clickjacking is an attack that occurs when an attacker uses a \ntransparent iframe in a window to trick a user into clicking on an \nactionable item, such as a button or link, to another server in which \nthey have an identical webpage. The attacker essentially hijacks the \nuser activity intended for the original server and sends them to the \nother server."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@knime.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@knime.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-1021"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.knime.com/security/advisories#CVE-2023-3140",
+ "source": "security@knime.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3142.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3142.json
new file mode 100644
index 00000000000..9f23eed7a17
--- /dev/null
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3142.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-3142",
+ "sourceIdentifier": "security@huntr.dev",
+ "published": "2023-06-07T15:15:09.533",
+ "lastModified": "2023-06-07T16:18:07.597",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV30": [
+ {
+ "source": "security@huntr.dev",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
+ "attackVector": "LOCAL",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 3.8,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 0.3,
+ "impactScore": 3.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@huntr.dev",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/microweber/microweber/commit/42efa981a2239d042d910069952d6276497bdcf1",
+ "source": "security@huntr.dev"
+ },
+ {
+ "url": "https://huntr.dev/bounties/d00686b0-f89a-4e14-98d7-b8dd3f92a6e5",
+ "source": "security@huntr.dev"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3143.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3143.json
new file mode 100644
index 00000000000..2eb8abaf9f9
--- /dev/null
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3143.json
@@ -0,0 +1,88 @@
+{
+ "id": "CVE-2023-3143",
+ "sourceIdentifier": "cna@vuldb.com",
+ "published": "2023-06-07T15:15:09.617",
+ "lastModified": "2023-06-07T16:18:07.597",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A vulnerability classified as problematic has been found in SourceCodester Online Discussion Forum Site 1.0. Affected is an unknown function of the file admin\\posts\\manage_post.php. The manipulation of the argument content leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231012."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV30": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.5,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 1.4
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
+ "accessVector": "NETWORK",
+ "accessComplexity": "LOW",
+ "authentication": "SINGLE",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "PARTIAL",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.0
+ },
+ "baseSeverity": "MEDIUM",
+ "exploitabilityScore": 8.0,
+ "impactScore": 2.9,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": false
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/Online%20Discussion%20Forum%20Site%20-%20multiple%20vulnerabilities.md#11xss-vulnerability-in-adminpostsmanage_postphpcontent",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.231012",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?id.231012",
+ "source": "cna@vuldb.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3144.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3144.json
new file mode 100644
index 00000000000..8ebff3f8207
--- /dev/null
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3144.json
@@ -0,0 +1,88 @@
+{
+ "id": "CVE-2023-3144",
+ "sourceIdentifier": "cna@vuldb.com",
+ "published": "2023-06-07T15:15:09.710",
+ "lastModified": "2023-06-07T16:18:07.597",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A vulnerability classified as problematic was found in SourceCodester Online Discussion Forum Site 1.0. Affected by this vulnerability is an unknown functionality of the file admin\\posts\\manage_post.php. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231013 was assigned to this vulnerability."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV30": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.5,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 1.4
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
+ "accessVector": "NETWORK",
+ "accessComplexity": "LOW",
+ "authentication": "SINGLE",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "PARTIAL",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.0
+ },
+ "baseSeverity": "MEDIUM",
+ "exploitabilityScore": 8.0,
+ "impactScore": 2.9,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": false
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/Online%20Discussion%20Forum%20Site%20-%20multiple%20vulnerabilities.md#10xss-vulnerability-in-adminpostsmanage_postphptitle",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.231013",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?id.231013",
+ "source": "cna@vuldb.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3145.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3145.json
new file mode 100644
index 00000000000..e1351b2fea2
--- /dev/null
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3145.json
@@ -0,0 +1,88 @@
+{
+ "id": "CVE-2023-3145",
+ "sourceIdentifier": "cna@vuldb.com",
+ "published": "2023-06-07T15:15:09.793",
+ "lastModified": "2023-06-07T16:18:07.597",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A vulnerability, which was classified as critical, has been found in SourceCodester Online Discussion Forum Site 1.0. Affected by this issue is some unknown functionality of the file classes\\Users.php?f=registration. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-231014 is the identifier assigned to this vulnerability."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV30": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.4
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+ "accessVector": "NETWORK",
+ "accessComplexity": "LOW",
+ "authentication": "SINGLE",
+ "confidentialityImpact": "PARTIAL",
+ "integrityImpact": "PARTIAL",
+ "availabilityImpact": "PARTIAL",
+ "baseScore": 6.5
+ },
+ "baseSeverity": "MEDIUM",
+ "exploitabilityScore": 8.0,
+ "impactScore": 6.4,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": false
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/Online%20Discussion%20Forum%20Site%20-%20multiple%20vulnerabilities.md#9sql-injection-vulnerability-in-classesusersphppost",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.231014",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?id.231014",
+ "source": "cna@vuldb.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3146.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3146.json
new file mode 100644
index 00000000000..faa4491fc0d
--- /dev/null
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3146.json
@@ -0,0 +1,88 @@
+{
+ "id": "CVE-2023-3146",
+ "sourceIdentifier": "cna@vuldb.com",
+ "published": "2023-06-07T16:15:09.523",
+ "lastModified": "2023-06-07T16:18:07.597",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A vulnerability, which was classified as critical, was found in SourceCodester Online Discussion Forum Site 1.0. This affects an unknown part of the file admin\\categories\\manage_category.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231015."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV30": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.4
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+ "accessVector": "NETWORK",
+ "accessComplexity": "LOW",
+ "authentication": "SINGLE",
+ "confidentialityImpact": "PARTIAL",
+ "integrityImpact": "PARTIAL",
+ "availabilityImpact": "PARTIAL",
+ "baseScore": 6.5
+ },
+ "baseSeverity": "MEDIUM",
+ "exploitabilityScore": 8.0,
+ "impactScore": 6.4,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": false
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/Online%20Discussion%20Forum%20Site%20-%20multiple%20vulnerabilities.md#8sql-injection-vulnerability-in-admincategoriesmanage_categoryphp",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.231015",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?id.231015",
+ "source": "cna@vuldb.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3147.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3147.json
new file mode 100644
index 00000000000..8b9633e08b7
--- /dev/null
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3147.json
@@ -0,0 +1,88 @@
+{
+ "id": "CVE-2023-3147",
+ "sourceIdentifier": "cna@vuldb.com",
+ "published": "2023-06-07T16:15:09.630",
+ "lastModified": "2023-06-07T16:18:07.597",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A vulnerability has been found in SourceCodester Online Discussion Forum Site 1.0 and classified as critical. This vulnerability affects unknown code of the file admin\\categories\\view_category.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231016."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV30": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.4
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+ "accessVector": "NETWORK",
+ "accessComplexity": "LOW",
+ "authentication": "SINGLE",
+ "confidentialityImpact": "PARTIAL",
+ "integrityImpact": "PARTIAL",
+ "availabilityImpact": "PARTIAL",
+ "baseScore": 6.5
+ },
+ "baseSeverity": "MEDIUM",
+ "exploitabilityScore": 8.0,
+ "impactScore": 6.4,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": false
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/Online%20Discussion%20Forum%20Site%20-%20multiple%20vulnerabilities.md#7sql-injection-vulnerability-in-admincategoriesview_categoryphp",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.231016",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?id.231016",
+ "source": "cna@vuldb.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3148.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3148.json
new file mode 100644
index 00000000000..874bdc5355d
--- /dev/null
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3148.json
@@ -0,0 +1,88 @@
+{
+ "id": "CVE-2023-3148",
+ "sourceIdentifier": "cna@vuldb.com",
+ "published": "2023-06-07T17:15:10.397",
+ "lastModified": "2023-06-07T17:28:57.443",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0 and classified as critical. This issue affects some unknown processing of the file admin\\posts\\manage_post.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231017 was assigned to this vulnerability."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV30": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.4
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+ "accessVector": "NETWORK",
+ "accessComplexity": "LOW",
+ "authentication": "SINGLE",
+ "confidentialityImpact": "PARTIAL",
+ "integrityImpact": "PARTIAL",
+ "availabilityImpact": "PARTIAL",
+ "baseScore": 6.5
+ },
+ "baseSeverity": "MEDIUM",
+ "exploitabilityScore": 8.0,
+ "impactScore": 6.4,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": false
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/Online%20Discussion%20Forum%20Site%20-%20multiple%20vulnerabilities.md#6sql-injection-vulnerability-in-adminpostsmanage_postphp",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.231017",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?id.231017",
+ "source": "cna@vuldb.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3149.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3149.json
new file mode 100644
index 00000000000..cc82d4a9fd0
--- /dev/null
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3149.json
@@ -0,0 +1,88 @@
+{
+ "id": "CVE-2023-3149",
+ "sourceIdentifier": "cna@vuldb.com",
+ "published": "2023-06-07T17:15:10.483",
+ "lastModified": "2023-06-07T17:28:57.443",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been classified as critical. Affected is an unknown function of the file admin\\user\\manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-231018 is the identifier assigned to this vulnerability."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV30": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.4
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+ "accessVector": "NETWORK",
+ "accessComplexity": "LOW",
+ "authentication": "SINGLE",
+ "confidentialityImpact": "PARTIAL",
+ "integrityImpact": "PARTIAL",
+ "availabilityImpact": "PARTIAL",
+ "baseScore": 6.5
+ },
+ "baseSeverity": "MEDIUM",
+ "exploitabilityScore": 8.0,
+ "impactScore": 6.4,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": false
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/Online%20Discussion%20Forum%20Site%20-%20multiple%20vulnerabilities.md#4sql-injection-vulnerability-in-adminusermanage_userphp",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.231018",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?id.231018",
+ "source": "cna@vuldb.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3150.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3150.json
new file mode 100644
index 00000000000..c15f73fdd6c
--- /dev/null
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3150.json
@@ -0,0 +1,88 @@
+{
+ "id": "CVE-2023-3150",
+ "sourceIdentifier": "cna@vuldb.com",
+ "published": "2023-06-07T18:15:10.050",
+ "lastModified": "2023-06-07T20:24:12.193",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file posts\\manage_post.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231019."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV30": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.4
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+ "accessVector": "NETWORK",
+ "accessComplexity": "LOW",
+ "authentication": "SINGLE",
+ "confidentialityImpact": "PARTIAL",
+ "integrityImpact": "PARTIAL",
+ "availabilityImpact": "PARTIAL",
+ "baseScore": 6.5
+ },
+ "baseSeverity": "MEDIUM",
+ "exploitabilityScore": 8.0,
+ "impactScore": 6.4,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": false
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/Online%20Discussion%20Forum%20Site%20-%20multiple%20vulnerabilities.md",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.231019",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?id.231019",
+ "source": "cna@vuldb.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3151.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3151.json
new file mode 100644
index 00000000000..3e01e27bbc0
--- /dev/null
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3151.json
@@ -0,0 +1,88 @@
+{
+ "id": "CVE-2023-3151",
+ "sourceIdentifier": "cna@vuldb.com",
+ "published": "2023-06-07T18:15:10.127",
+ "lastModified": "2023-06-07T20:24:12.193",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file user\\manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231020."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV30": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.4
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+ "accessVector": "NETWORK",
+ "accessComplexity": "LOW",
+ "authentication": "SINGLE",
+ "confidentialityImpact": "PARTIAL",
+ "integrityImpact": "PARTIAL",
+ "availabilityImpact": "PARTIAL",
+ "baseScore": 6.5
+ },
+ "baseSeverity": "MEDIUM",
+ "exploitabilityScore": 8.0,
+ "impactScore": 6.4,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": false
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/Online%20Discussion%20Forum%20Site%20-%20multiple%20vulnerabilities.md",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.231020",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?id.231020",
+ "source": "cna@vuldb.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3152.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3152.json
new file mode 100644
index 00000000000..437efbb164f
--- /dev/null
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3152.json
@@ -0,0 +1,88 @@
+{
+ "id": "CVE-2023-3152",
+ "sourceIdentifier": "cna@vuldb.com",
+ "published": "2023-06-07T18:15:10.193",
+ "lastModified": "2023-06-07T20:24:12.193",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A vulnerability classified as critical has been found in SourceCodester Online Discussion Forum Site 1.0. This affects an unknown part of the file admin\\posts\\view_post.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231021 was assigned to this vulnerability."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV30": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.4
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+ "accessVector": "NETWORK",
+ "accessComplexity": "LOW",
+ "authentication": "SINGLE",
+ "confidentialityImpact": "PARTIAL",
+ "integrityImpact": "PARTIAL",
+ "availabilityImpact": "PARTIAL",
+ "baseScore": 6.5
+ },
+ "baseSeverity": "MEDIUM",
+ "exploitabilityScore": 8.0,
+ "impactScore": 6.4,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": false
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/Online%20Discussion%20Forum%20Site%20-%20multiple%20vulnerabilities.md#5sql-injection-vulnerability-in-adminpostsview_postphp",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.231021",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?id.231021",
+ "source": "cna@vuldb.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3163.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3163.json
new file mode 100644
index 00000000000..3597f5945a3
--- /dev/null
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3163.json
@@ -0,0 +1,88 @@
+{
+ "id": "CVE-2023-3163",
+ "sourceIdentifier": "cna@vuldb.com",
+ "published": "2023-06-08T14:15:15.910",
+ "lastModified": "2023-06-08T17:08:49.797",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A vulnerability was found in y_project RuoYi up to 4.7.7. It has been classified as problematic. Affected is the function filterKeyword. The manipulation of the argument value leads to resource consumption. VDB-231090 is the identifier assigned to this vulnerability."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV30": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "LOW",
+ "baseScore": 3.5,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 1.4
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P",
+ "accessVector": "ADJACENT_NETWORK",
+ "accessComplexity": "LOW",
+ "authentication": "SINGLE",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "PARTIAL",
+ "baseScore": 2.7
+ },
+ "baseSeverity": "LOW",
+ "exploitabilityScore": 5.1,
+ "impactScore": 2.9,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": false
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-400"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://gitee.com/y_project/RuoYi/issues/I78DOR",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.231090",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?id.231090",
+ "source": "cna@vuldb.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3165.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3165.json
new file mode 100644
index 00000000000..af9f3707ccd
--- /dev/null
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3165.json
@@ -0,0 +1,88 @@
+{
+ "id": "CVE-2023-3165",
+ "sourceIdentifier": "cna@vuldb.com",
+ "published": "2023-06-08T17:15:09.987",
+ "lastModified": "2023-06-08T17:15:09.987",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A vulnerability was found in SourceCodester Life Insurance Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file insertNominee.php of the component POST Parameter Handler. The manipulation of the argument nominee_id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231109 was assigned to this vulnerability."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV30": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.5,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 1.4
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
+ "accessVector": "NETWORK",
+ "accessComplexity": "LOW",
+ "authentication": "SINGLE",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "PARTIAL",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.0
+ },
+ "baseSeverity": "MEDIUM",
+ "exploitabilityScore": 8.0,
+ "impactScore": 2.9,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": false
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/Hanwengao/CVERequests/blob/main/XSS.md",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.231109",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?id.231109",
+ "source": "cna@vuldb.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3172.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3172.json
new file mode 100644
index 00000000000..d6c1c5946d0
--- /dev/null
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3172.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-3172",
+ "sourceIdentifier": "security@huntr.dev",
+ "published": "2023-06-09T01:15:30.237",
+ "lastModified": "2023-06-09T01:15:30.237",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20."
+ },
+ {
+ "lang": "es",
+ "value": "Salto de ruta en el repositorio de GitHub de froxlor/froxlor anterior a 2.0.20."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV30": [
+ {
+ "source": "security@huntr.dev",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@huntr.dev",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/froxlor/froxlor/commit/da810ea95393dfaec68a70e30b7c887c50563a7e",
+ "source": "security@huntr.dev"
+ },
+ {
+ "url": "https://huntr.dev/bounties/e50966cd-9222-46b9-aedc-1feb3f2a0b0e",
+ "source": "security@huntr.dev"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3173.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3173.json
new file mode 100644
index 00000000000..d52c6240a49
--- /dev/null
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3173.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-3173",
+ "sourceIdentifier": "security@huntr.dev",
+ "published": "2023-06-09T02:15:09.233",
+ "lastModified": "2023-06-09T02:15:09.233",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Improper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20."
+ },
+ {
+ "lang": "es",
+ "value": "Restricci\u00f3n inapropiada de intentos de autenticaci\u00f3n excesivos en el repositorio froxlor de GitHub en versiones anteriores a 2.0.20."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV30": [
+ {
+ "source": "security@huntr.dev",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@huntr.dev",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-307"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/froxlor/froxlor/commit/464216072456efb35b4541c58e7016463dfbd9a6",
+ "source": "security@huntr.dev"
+ },
+ {
+ "url": "https://huntr.dev/bounties/4d715f76-950d-4251-8139-3dffea798f14",
+ "source": "security@huntr.dev"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3176.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3176.json
new file mode 100644
index 00000000000..f67f9bfa188
--- /dev/null
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3176.json
@@ -0,0 +1,88 @@
+{
+ "id": "CVE-2023-3176",
+ "sourceIdentifier": "cna@vuldb.com",
+ "published": "2023-06-09T06:16:12.497",
+ "lastModified": "2023-06-09T06:16:12.497",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A vulnerability, which was classified as critical, was found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file admin\\user\\manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-231150 is the identifier assigned to this vulnerability."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV30": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.4
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+ "accessVector": "NETWORK",
+ "accessComplexity": "LOW",
+ "authentication": "SINGLE",
+ "confidentialityImpact": "PARTIAL",
+ "integrityImpact": "PARTIAL",
+ "availabilityImpact": "PARTIAL",
+ "baseScore": 6.5
+ },
+ "baseSeverity": "MEDIUM",
+ "exploitabilityScore": 8.0,
+ "impactScore": 6.4,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": false
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/AnotherN/cvv/blob/main/imgs/Lost%20and%20Found%20Information%20System%20-%20multiple%20vulnerabilities.md#7sql-injection-vulnerability-in-adminusermanage_userphp",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.231150",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?id.231150",
+ "source": "cna@vuldb.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3177.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3177.json
new file mode 100644
index 00000000000..0be19991761
--- /dev/null
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3177.json
@@ -0,0 +1,88 @@
+{
+ "id": "CVE-2023-3177",
+ "sourceIdentifier": "cna@vuldb.com",
+ "published": "2023-06-09T06:16:12.870",
+ "lastModified": "2023-06-09T06:16:12.870",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin\\inquiries\\view_inquiry.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231151."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV30": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.4
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+ "accessVector": "NETWORK",
+ "accessComplexity": "LOW",
+ "authentication": "SINGLE",
+ "confidentialityImpact": "PARTIAL",
+ "integrityImpact": "PARTIAL",
+ "availabilityImpact": "PARTIAL",
+ "baseScore": 6.5
+ },
+ "baseSeverity": "MEDIUM",
+ "exploitabilityScore": 8.0,
+ "impactScore": 6.4,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": false
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/AnotherN/cvv/blob/main/imgs/Lost%20and%20Found%20Information%20System%20-%20multiple%20vulnerabilities.md#4sql-injection-vulnerability-in-admininquiriesview_inquiryphp",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.231151",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://vuldb.com/?id.231151",
+ "source": "cna@vuldb.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32067.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32067.json
index 5bce70a9cf5..869af978a8c 100644
--- a/CVE-2023/CVE-2023-320xx/CVE-2023-32067.json
+++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32067.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-32067",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-25T23:15:09.380",
- "lastModified": "2023-06-01T13:09:33.777",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-07T10:15:09.637",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -56,7 +56,7 @@
},
"weaknesses": [
{
- "source": "nvd@nist.gov",
+ "source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
@@ -66,7 +66,7 @@
]
},
{
- "source": "security-advisories@github.com",
+ "source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
@@ -144,6 +144,10 @@
"Mailing List",
"Third Party Advisory"
]
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5419",
+ "source": "security-advisories@github.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-321xx/CVE-2023-32181.json b/CVE-2023/CVE-2023-321xx/CVE-2023-32181.json
index 56338a209e1..561030aa017 100644
--- a/CVE-2023/CVE-2023-321xx/CVE-2023-32181.json
+++ b/CVE-2023/CVE-2023-321xx/CVE-2023-32181.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-32181",
"sourceIdentifier": "meissner@suse.de",
"published": "2023-06-01T12:15:09.727",
- "lastModified": "2023-06-01T13:00:30.717",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T18:29:24.157",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ },
{
"source": "meissner@suse.de",
"type": "Secondary",
@@ -46,14 +66,42 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:opensuse:libeconf:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "0.5.2",
+ "matchCriteriaId": "346C0440-B422-4C32-B61E-09467A38DF0B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32181",
- "source": "meissner@suse.de"
+ "source": "meissner@suse.de",
+ "tags": [
+ "Broken Link",
+ "Issue Tracking",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://https://github.com/openSUSE/libeconf/issues/178",
- "source": "meissner@suse.de"
+ "source": "meissner@suse.de",
+ "tags": [
+ "Broken Link",
+ "Issue Tracking",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32203.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32203.json
new file mode 100644
index 00000000000..36ddab58f79
--- /dev/null
+++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32203.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-32203",
+ "sourceIdentifier": "ics-cert@hq.dhs.gov",
+ "published": "2023-06-06T17:15:15.023",
+ "lastModified": "2023-06-06T18:33:59.493",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nThe affected application lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e374b. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. \n\n \n\n \n\n \n\n \n\n \n\n\n\n \n\n\n\n\n\n\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-119"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04",
+ "source": "ics-cert@hq.dhs.gov"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32205.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32205.json
index ca33cba3b23..3dff773fafe 100644
--- a/CVE-2023/CVE-2023-322xx/CVE-2023-32205.json
+++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32205.json
@@ -2,35 +2,118 @@
"id": "CVE-2023-32205",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:13.057",
- "lastModified": "2023-06-02T18:10:03.083",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-09T03:56:00.593",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "113.0",
+ "matchCriteriaId": "D953B9B0-5231-4517-BCDC-2120FBE1B9F4"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.11",
+ "matchCriteriaId": "6487CCA9-C946-4313-A93A-350828389D8F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.11",
+ "matchCriteriaId": "8AD4D2C8-87C4-4E70-8499-2C6E3892DFC0"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1753339",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1753341",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-16/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-17/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-18/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32206.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32206.json
index 7dda7a64b87..ef27d62b085 100644
--- a/CVE-2023/CVE-2023-322xx/CVE-2023-32206.json
+++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32206.json
@@ -2,31 +2,110 @@
"id": "CVE-2023-32206",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:13.100",
- "lastModified": "2023-06-02T18:10:03.083",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-09T03:55:57.680",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "113.0",
+ "matchCriteriaId": "D953B9B0-5231-4517-BCDC-2120FBE1B9F4"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.11",
+ "matchCriteriaId": "6487CCA9-C946-4313-A93A-350828389D8F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.11",
+ "matchCriteriaId": "8AD4D2C8-87C4-4E70-8499-2C6E3892DFC0"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1824892",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-16/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-17/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-18/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32207.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32207.json
index 932a38ed00a..d0da5d0c41d 100644
--- a/CVE-2023/CVE-2023-322xx/CVE-2023-32207.json
+++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32207.json
@@ -2,31 +2,110 @@
"id": "CVE-2023-32207",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:13.147",
- "lastModified": "2023-06-02T18:10:03.083",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-09T03:55:37.263",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-290"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "113.0",
+ "matchCriteriaId": "D953B9B0-5231-4517-BCDC-2120FBE1B9F4"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.11",
+ "matchCriteriaId": "6487CCA9-C946-4313-A93A-350828389D8F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.11",
+ "matchCriteriaId": "8AD4D2C8-87C4-4E70-8499-2C6E3892DFC0"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1826116",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-16/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-17/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-18/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32211.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32211.json
index 64a354597be..d0a545c178d 100644
--- a/CVE-2023/CVE-2023-322xx/CVE-2023-32211.json
+++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32211.json
@@ -2,31 +2,110 @@
"id": "CVE-2023-32211",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:13.197",
- "lastModified": "2023-06-02T18:10:03.083",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-09T03:55:35.073",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "113.0",
+ "matchCriteriaId": "D953B9B0-5231-4517-BCDC-2120FBE1B9F4"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.11",
+ "matchCriteriaId": "6487CCA9-C946-4313-A93A-350828389D8F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.11",
+ "matchCriteriaId": "8AD4D2C8-87C4-4E70-8499-2C6E3892DFC0"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1823379",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-16/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-17/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-18/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32212.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32212.json
index a919e9a897a..67b6f73daf8 100644
--- a/CVE-2023/CVE-2023-322xx/CVE-2023-32212.json
+++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32212.json
@@ -2,31 +2,110 @@
"id": "CVE-2023-32212",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:13.240",
- "lastModified": "2023-06-02T18:10:03.083",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-09T03:55:32.897",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An attacker could have positioned a datalist element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "113.0",
+ "matchCriteriaId": "D953B9B0-5231-4517-BCDC-2120FBE1B9F4"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.11",
+ "matchCriteriaId": "6487CCA9-C946-4313-A93A-350828389D8F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.11",
+ "matchCriteriaId": "8AD4D2C8-87C4-4E70-8499-2C6E3892DFC0"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1826622",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-16/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-17/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-18/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32213.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32213.json
index fdf0a2c63e1..a77e12fc273 100644
--- a/CVE-2023/CVE-2023-322xx/CVE-2023-32213.json
+++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32213.json
@@ -2,31 +2,110 @@
"id": "CVE-2023-32213",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:13.287",
- "lastModified": "2023-06-02T18:10:03.083",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-09T03:55:30.177",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-908"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "113.0",
+ "matchCriteriaId": "D953B9B0-5231-4517-BCDC-2120FBE1B9F4"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.11",
+ "matchCriteriaId": "6487CCA9-C946-4313-A93A-350828389D8F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.11",
+ "matchCriteriaId": "8AD4D2C8-87C4-4E70-8499-2C6E3892DFC0"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1826666",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Permissions Required",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-16/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-17/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-18/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32215.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32215.json
index 97f9f84d092..727fa8cb2e2 100644
--- a/CVE-2023/CVE-2023-322xx/CVE-2023-32215.json
+++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32215.json
@@ -2,31 +2,110 @@
"id": "CVE-2023-32215",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:13.337",
- "lastModified": "2023-06-02T20:15:09.470",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-09T03:55:28.257",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "113.0",
+ "matchCriteriaId": "D953B9B0-5231-4517-BCDC-2120FBE1B9F4"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.11",
+ "matchCriteriaId": "6487CCA9-C946-4313-A93A-350828389D8F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "102.11",
+ "matchCriteriaId": "8AD4D2C8-87C4-4E70-8499-2C6E3892DFC0"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1540883%2C1751943%2C1814856%2C1820210%2C1821480%2C1827019%2C1827024%2C1827144%2C1827359%2C1830186",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Issue Tracking",
+ "Not Applicable",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-16/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-17/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-18/",
- "source": "security@mozilla.org"
+ "source": "security@mozilla.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32281.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32281.json
new file mode 100644
index 00000000000..2026fc1908d
--- /dev/null
+++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32281.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-32281",
+ "sourceIdentifier": "ics-cert@hq.dhs.gov",
+ "published": "2023-06-06T16:15:09.603",
+ "lastModified": "2023-06-06T18:34:03.700",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\n\n\n\n\n\n\n\n\nThe affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to an out-of-bounds read in the FontManager. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.\n\n \n\n\n\n\n\n\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04",
+ "source": "ics-cert@hq.dhs.gov"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32289.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32289.json
new file mode 100644
index 00000000000..2bdaf5c1869
--- /dev/null
+++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32289.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-32289",
+ "sourceIdentifier": "ics-cert@hq.dhs.gov",
+ "published": "2023-06-06T16:15:10.073",
+ "lastModified": "2023-06-06T18:33:59.493",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\n\n\n\n\n\n\n\n\n\n\nThe affected application lacks proper validation of user-supplied data when parsing project files (e.g.., CSP). This could lead to an out-of-bounds read in IO_CFG. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. \n\n\n\n \n\n\n\n\n\n\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04",
+ "source": "ics-cert@hq.dhs.gov"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32307.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32307.json
index c1d2b0b39ac..02c9b7420b2 100644
--- a/CVE-2023/CVE-2023-323xx/CVE-2023-32307.json
+++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32307.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-32307",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-26T23:15:10.127",
- "lastModified": "2023-06-02T18:15:09.533",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-06-08T15:30:19.337",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -35,6 +55,20 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-190"
+ },
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -50,14 +84,54 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:signalwire:sofia-sip:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.13.15",
+ "matchCriteriaId": "088D6615-EA8D-4AB6-8126-5F828DE92CBC"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-rm4c-ccvf-ff9c",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00002.html",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32324.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32324.json
index 563106c1669..1407a79e163 100644
--- a/CVE-2023/CVE-2023-323xx/CVE-2023-32324.json
+++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32324.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-32324",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-01T17:15:09.873",
- "lastModified": "2023-06-02T00:15:09.673",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T14:32:55.127",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -50,14 +80,55 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:openprinting:cups:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "2.4.2",
+ "matchCriteriaId": "566936DE-4D77-4187-B5D1-97FCE25D17AF"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Exploit",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00001.html",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32342.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32342.json
index 94cf967d1f8..70afe01f00c 100644
--- a/CVE-2023/CVE-2023-323xx/CVE-2023-32342.json
+++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32342.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-32342",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-05-30T22:15:10.677",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T18:18:41.097",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -34,10 +54,52 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-203"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:http_server:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.5.0.0",
+ "versionEndExcluding": "8.5.5.24",
+ "matchCriteriaId": "59E31948-A20E-4B41-A65C-67C0F64611F6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:http_server:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "9.0.0.0",
+ "versionEndExcluding": "9.0.5.16",
+ "matchCriteriaId": "A31D0CD4-3CB3-4BD9-A97E-DC9CF053A6A8"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/255828",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32448.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32448.json
index afe9415ae7b..a8546d5e752 100644
--- a/CVE-2023/CVE-2023-324xx/CVE-2023-32448.json
+++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32448.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-32448",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-05-30T16:15:09.937",
- "lastModified": "2023-05-30T16:36:55.623",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T14:22:51.167",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
+ },
{
"source": "security_alert@emc.com",
"type": "Secondary",
@@ -46,10 +66,41 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:dell:powerpath:7.0:*:*:*:*:windows:*:*",
+ "matchCriteriaId": "381F7BE1-3FD4-48C4-9A80-687C2BBFA7AD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:dell:powerpath:7.1:*:*:*:*:windows:*:*",
+ "matchCriteriaId": "2877B661-722E-46EB-B396-024B7B7D2A02"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:dell:powerpath:7.2:*:*:*:*:windows:*:*",
+ "matchCriteriaId": "41D40F07-86F1-4466-90CE-13CE744A0BCB"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000214248/dsa-2023-154-powerpath-windows-security-update-for-security-update-for-multiple-vulnerabilities",
- "source": "security_alert@emc.com"
+ "source": "security_alert@emc.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32539.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32539.json
new file mode 100644
index 00000000000..1630aa1d4fa
--- /dev/null
+++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32539.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-32539",
+ "sourceIdentifier": "ics-cert@hq.dhs.gov",
+ "published": "2023-06-06T16:15:10.297",
+ "lastModified": "2023-06-06T18:33:59.493",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nThe affected application lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e3c04. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process.\n\n \n\n \n\n \n\n \n\n \n\n \n\n\n\n \n\n\n\n\n\n\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-119"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04",
+ "source": "ics-cert@hq.dhs.gov"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32540.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32540.json
new file mode 100644
index 00000000000..e8ac55a783b
--- /dev/null
+++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32540.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-32540",
+ "sourceIdentifier": "ics-cert@hq.dhs.gov",
+ "published": "2023-06-06T00:15:10.067",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\nIn Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution.\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-94"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-01",
+ "source": "ics-cert@hq.dhs.gov"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32545.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32545.json
new file mode 100644
index 00000000000..3f0bb9f2255
--- /dev/null
+++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32545.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-32545",
+ "sourceIdentifier": "ics-cert@hq.dhs.gov",
+ "published": "2023-06-06T15:15:09.867",
+ "lastModified": "2023-06-06T18:34:03.700",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\n\n\n\n\n\n\n\n\n\n\n\n\nThe affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to an out-of-bounds read in Cscape!CANPortMigration. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. \n\n \n\n\n\n \n\n\n\n\n\n\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04",
+ "source": "ics-cert@hq.dhs.gov"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32549.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32549.json
new file mode 100644
index 00000000000..25515267e15
--- /dev/null
+++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32549.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-32549",
+ "sourceIdentifier": "security@ubuntu.com",
+ "published": "2023-06-06T16:15:10.447",
+ "lastModified": "2023-06-06T18:33:59.493",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Landscape cryptographic keys were insecurely generated with a weak pseudo-random generator."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@ubuntu.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.8,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.2,
+ "impactScore": 4.0
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@ubuntu.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-338"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://bugs.launchpad.net/landscape/+bug/1929034",
+ "source": "security@ubuntu.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32550.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32550.json
new file mode 100644
index 00000000000..b401e5a91b8
--- /dev/null
+++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32550.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-32550",
+ "sourceIdentifier": "security@ubuntu.com",
+ "published": "2023-06-06T16:15:10.687",
+ "lastModified": "2023-06-06T18:33:59.493",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Landscape's server-status page exposed sensitive system information. This data leak included GET requests which contain information to attack and leak further information from the Landscape API."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@ubuntu.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 9.3,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 4.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@ubuntu.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-497"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://bugs.launchpad.net/landscape/+bug/1929037",
+ "source": "security@ubuntu.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32551.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32551.json
new file mode 100644
index 00000000000..b07271f9e6b
--- /dev/null
+++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32551.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-32551",
+ "sourceIdentifier": "security@ubuntu.com",
+ "published": "2023-06-06T16:15:10.813",
+ "lastModified": "2023-06-06T18:33:59.493",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Landscape allowed URLs which caused open redirection."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@ubuntu.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@ubuntu.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-601"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://bugs.launchpad.net/landscape/+bug/1929620",
+ "source": "security@ubuntu.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32628.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32628.json
new file mode 100644
index 00000000000..4d4d5c6d174
--- /dev/null
+++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32628.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-32628",
+ "sourceIdentifier": "ics-cert@hq.dhs.gov",
+ "published": "2023-06-06T00:15:10.177",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\n\n\n\n\nIn Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution.\n\n\n\n\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-434"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-01",
+ "source": "ics-cert@hq.dhs.gov"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32682.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32682.json
new file mode 100644
index 00000000000..cd7d10d3a78
--- /dev/null
+++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32682.json
@@ -0,0 +1,75 @@
+{
+ "id": "CVE-2023-32682",
+ "sourceIdentifier": "security-advisories@github.com",
+ "published": "2023-06-06T19:15:11.743",
+ "lastModified": "2023-06-07T02:45:20.120",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the `jwt_config.enabled` configuration setting. 2. The local password database is enabled via the `password_config.enabled` and `password_config.localdb_enabled` configuration settings *and* a user's password is updated via an admin API after a user is deactivated. Note that the local password database is enabled by default, but it is uncommon to set a user's password after they've been deactivated. Installations that are configured to only allow login via Single Sign-On (SSO) via CAS, SAML or OpenID Connect (OIDC); or via an external password provider (e.g. LDAP) are not affected. If not using JSON Web Tokens, ensure that deactivated users do not have a password set. This issue has been addressed in version 1.85.0. Users are advised to upgrade."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-287"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/matrix-org/synapse/pull/15624",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/matrix-org/synapse/pull/15634",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-26c5-ppr8-f33p",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#create-or-modify-account",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://matrix-org.github.io/synapse/latest/jwt.html",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#password_config",
+ "source": "security-advisories@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32683.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32683.json
new file mode 100644
index 00000000000..e78f6c0b8a6
--- /dev/null
+++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32683.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-32683",
+ "sourceIdentifier": "security-advisories@github.com",
+ "published": "2023-06-06T19:15:11.963",
+ "lastModified": "2023-06-07T02:45:20.120",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the `url_preview_url_blacklist` setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the `url_preview_ip_range_blacklist` setting (by default this only allows public IPs) and by the limited information returned to the client: 1. For discovered oEmbed URLs, any non-JSON response or a JSON response which includes non-oEmbed information is discarded. 2. For discovered image URLs, any non-image response is discarded. Systems which have URL preview disabled (via the `url_preview_enabled` setting) or have not configured a `url_preview_url_blacklist` are not affected. This issue has been addressed in version 1.85.0. Users are advised to upgrade. User unable to upgrade may also disable URL previews."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.5,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-863"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/matrix-org/synapse/pull/15601",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-98px-6486-j7qc",
+ "source": "security-advisories@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32684.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32684.json
index 34d7036d0c1..385af0ca56a 100644
--- a/CVE-2023/CVE-2023-326xx/CVE-2023-32684.json
+++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32684.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-32684",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-30T18:15:10.137",
- "lastModified": "2023-05-30T18:52:32.890",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T20:07:00.123",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 2.5,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 1.0,
+ "impactScore": 1.4
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-552"
+ }
+ ]
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -46,18 +76,45 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:linuxfoundation:lima:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "0.16.0",
+ "matchCriteriaId": "50F05079-2814-4C46-9824-6F8F36713C1E"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/lima-vm/lima/commit/01dbd4d9cabe692afa4517be3995771f0ebb38a5",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/lima-vm/lima/releases/tag/v0.16.0",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Release Notes"
+ ]
},
{
"url": "https://github.com/lima-vm/lima/security/advisories/GHSA-f7qw-jj9c-rpq9",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32685.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32685.json
index 5be52e4400a..ce914427429 100644
--- a/CVE-2023/CVE-2023-326xx/CVE-2023-32685.json
+++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32685.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-32685",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-30T05:15:11.770",
- "lastModified": "2023-05-30T12:52:56.613",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T19:13:44.657",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -46,18 +76,45 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.2.29",
+ "matchCriteriaId": "14326D4F-06FA-4C19-B1F5-763D2D9F6AAD"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/kanboard/kanboard/commit/26b6eebb78d4306e48b836a58f7c386251aa2bc7",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/kanboard/kanboard/commit/c9c187206700030c43493b80fd599b4d096cb713",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-hjmw-gm82-r4gv",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32687.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32687.json
index c1e595fa8f4..80047d48a8c 100644
--- a/CVE-2023/CVE-2023-326xx/CVE-2023-32687.json
+++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32687.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-32687",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-29T21:15:10.053",
- "lastModified": "2023-05-30T12:52:56.613",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T15:12:31.750",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-522"
+ }
+ ]
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -46,18 +76,46 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tgstation13:tgstation-server:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.7.0",
+ "versionEndExcluding": "5.12.1",
+ "matchCriteriaId": "EEDF294D-ADA6-45C2-9C45-CFFD516F33FC"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/tgstation/tgstation-server/pull/1487",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/tgstation/tgstation-server/releases/tag/tgstation-server-v5.12.1",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Release Notes"
+ ]
},
{
"url": "https://github.com/tgstation/tgstation-server/security/advisories/GHSA-rv76-495p-g7cp",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32689.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32689.json
index 29336e466a5..53847189625 100644
--- a/CVE-2023/CVE-2023-326xx/CVE-2023-32689.json
+++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32689.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-32689",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-30T18:15:10.227",
- "lastModified": "2023-05-30T18:52:32.890",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T20:08:00.527",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-434"
+ }
+ ]
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -46,18 +76,52 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:parseplatform:parse-server:*:*:*:*:*:node.js:*:*",
+ "versionEndExcluding": "5.4.4",
+ "matchCriteriaId": "57079A61-9B9E-4201-9734-CDE120163A44"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:parseplatform:parse-server:*:*:*:*:*:node.js:*:*",
+ "versionStartIncluding": "6.0.0",
+ "versionEndExcluding": "6.1.1",
+ "matchCriteriaId": "CAB996D8-C3AD-4F24-AC7B-65B309001BA7"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/parse-community/parse-server/pull/8537",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/parse-community/parse-server/pull/8538",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-9prm-jqwx-45x9",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32692.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32692.json
index 1ffc3cc5c19..003b947ba87 100644
--- a/CVE-2023/CVE-2023-326xx/CVE-2023-32692.json
+++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32692.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-32692",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-30T04:15:10.097",
- "lastModified": "2023-05-30T12:52:56.613",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T20:39:59.217",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-94"
+ }
+ ]
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -50,14 +80,39 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:codeigniter:codeigniter:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "4.3.5",
+ "matchCriteriaId": "94AEF6DC-6C48-4A0E-973E-7AD5B9EFB2A2"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/codeigniter4/CodeIgniter4/blob/develop/CHANGELOG.md",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Release Notes"
+ ]
},
{
"url": "https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-m6m8-6gq8-c9fj",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mitigation",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32696.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32696.json
index f01082b0452..fdc5437c974 100644
--- a/CVE-2023/CVE-2023-326xx/CVE-2023-32696.json
+++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32696.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-32696",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-30T19:15:10.023",
- "lastModified": "2023-05-30T21:10:07.833",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T00:53:59.340",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-269"
+ }
+ ]
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -46,14 +76,43 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:okfn:ckan:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.9.9",
+ "matchCriteriaId": "92E424CF-0024-4B08-986C-D899503F7CCE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:okfn:ckan:2.10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5B88933D-4004-4D42-BB4F-8552FA2A7871"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/ckan/ckan-docker-base/commit/5483c46ce9b518a4e1b626ef7032cce2c1d75c7d",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/ckan/ckan-docker-base/security/advisories/GHSA-c74x-xfvr-x5wg",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32698.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32698.json
index a0716b07f75..92ce5bcff0f 100644
--- a/CVE-2023/CVE-2023-326xx/CVE-2023-32698.json
+++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32698.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-32698",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-30T04:15:10.187",
- "lastModified": "2023-05-30T12:52:56.613",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T19:29:45.097",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.2
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-276"
+ }
+ ]
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -50,18 +80,48 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:goreleaser:nfpm:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "0.1.0",
+ "versionEndExcluding": "2.29.0",
+ "matchCriteriaId": "325B45DF-6615-4FC7-B712-4A80B0661905"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/goreleaser/nfpm/commit/ed9abdf63d5012cc884f2a83b4ab2b42b3680d30",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/goreleaser/nfpm/releases/tag/v2.29.0",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Release Notes"
+ ]
},
{
"url": "https://github.com/goreleaser/nfpm/security/advisories/GHSA-w7jw-q4fg-qc4c",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Exploit",
+ "Mitigation",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32699.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32699.json
index 697348bc0d6..da353ad6071 100644
--- a/CVE-2023/CVE-2023-326xx/CVE-2023-32699.json
+++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32699.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-32699",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-30T19:15:10.103",
- "lastModified": "2023-05-30T21:10:07.833",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T01:27:53.160",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-770"
+ }
+ ]
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -46,14 +76,39 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:metersphere:metersphere:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "2.9.1",
+ "matchCriteriaId": "A9B92902-18D3-4FF8-AEE0-570EA6B9B74D"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/metersphere/metersphere/commit/c59e381d368990214813085a1a4877c5ef865411",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-qffq-8gf8-mhq7",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Exploit",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32706.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32706.json
index fb1da44e555..dec713fcc59 100644
--- a/CVE-2023/CVE-2023-327xx/CVE-2023-32706.json
+++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32706.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-32706",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2023-06-01T17:15:10.027",
- "lastModified": "2023-06-01T17:29:59.710",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T14:29:56.843",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ },
{
"source": "prodsec@splunk.com",
"type": "Secondary",
@@ -34,10 +54,64 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-611"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "8.1.0",
+ "versionEndExcluding": "8.1.14",
+ "matchCriteriaId": "285DAAE6-0931-41DA-A64A-25ED6A3BE2C5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "8.2.0",
+ "versionEndExcluding": "8.2.11",
+ "matchCriteriaId": "E924894C-6C74-4F3B-B8FC-B3FDA0F487F3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "9.0.0",
+ "versionEndExcluding": "9.0.5",
+ "matchCriteriaId": "4FF90BE2-6E2E-41F7-A77E-7547CBDD8596"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "9.0.2303.100",
+ "matchCriteriaId": "97F2BD15-F25B-488B-B2AC-AD33239B4A27"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-0601",
- "source": "prodsec@splunk.com"
+ "source": "prodsec@splunk.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32707.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32707.json
index 387085e8082..8a46f6c21b4 100644
--- a/CVE-2023/CVE-2023-327xx/CVE-2023-32707.json
+++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32707.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-32707",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2023-06-01T17:15:10.117",
- "lastModified": "2023-06-01T17:29:59.710",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T14:29:18.523",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
{
"source": "prodsec@splunk.com",
"type": "Secondary",
@@ -34,14 +54,71 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "8.1.0",
+ "versionEndExcluding": "8.1.14",
+ "matchCriteriaId": "285DAAE6-0931-41DA-A64A-25ED6A3BE2C5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "8.2.0",
+ "versionEndExcluding": "8.2.11",
+ "matchCriteriaId": "E924894C-6C74-4F3B-B8FC-B3FDA0F487F3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "9.0.0",
+ "versionEndExcluding": "9.0.5",
+ "matchCriteriaId": "4FF90BE2-6E2E-41F7-A77E-7547CBDD8596"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "9.0.2303.100",
+ "matchCriteriaId": "97F2BD15-F25B-488B-B2AC-AD33239B4A27"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-0602",
- "source": "prodsec@splunk.com"
+ "source": "prodsec@splunk.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://research.splunk.com/application/39e1c326-67d7-4c0d-8584-8056354f6593/",
- "source": "prodsec@splunk.com"
+ "source": "prodsec@splunk.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32708.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32708.json
index 20424d8b445..a6ec494f9d1 100644
--- a/CVE-2023/CVE-2023-327xx/CVE-2023-32708.json
+++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32708.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-32708",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2023-06-01T17:15:10.173",
- "lastModified": "2023-06-01T17:29:59.710",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T14:28:24.293",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
{
"source": "prodsec@splunk.com",
"type": "Secondary",
@@ -34,14 +54,71 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-436"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "8.1.0",
+ "versionEndExcluding": "8.1.14",
+ "matchCriteriaId": "285DAAE6-0931-41DA-A64A-25ED6A3BE2C5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "8.2.0",
+ "versionEndExcluding": "8.2.11",
+ "matchCriteriaId": "E924894C-6C74-4F3B-B8FC-B3FDA0F487F3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "9.0.0",
+ "versionEndExcluding": "9.0.5",
+ "matchCriteriaId": "4FF90BE2-6E2E-41F7-A77E-7547CBDD8596"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "9.0.2303.100",
+ "matchCriteriaId": "97F2BD15-F25B-488B-B2AC-AD33239B4A27"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-0603",
- "source": "prodsec@splunk.com"
+ "source": "prodsec@splunk.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://research.splunk.com/application/e615a0e1-a1b2-4196-9865-8aa646e1708c/",
- "source": "prodsec@splunk.com"
+ "source": "prodsec@splunk.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32709.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32709.json
index 865136f33e1..b0eff9d8e30 100644
--- a/CVE-2023/CVE-2023-327xx/CVE-2023-32709.json
+++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32709.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-32709",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2023-06-01T17:15:10.227",
- "lastModified": "2023-06-01T17:29:59.710",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T14:26:09.613",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ },
{
"source": "prodsec@splunk.com",
"type": "Secondary",
@@ -34,14 +54,71 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-Other"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "8.1.0",
+ "versionEndExcluding": "8.1.14",
+ "matchCriteriaId": "285DAAE6-0931-41DA-A64A-25ED6A3BE2C5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "8.2.0",
+ "versionEndExcluding": "8.2.11",
+ "matchCriteriaId": "E924894C-6C74-4F3B-B8FC-B3FDA0F487F3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "9.0.0",
+ "versionEndExcluding": "9.0.5",
+ "matchCriteriaId": "4FF90BE2-6E2E-41F7-A77E-7547CBDD8596"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "9.0.2303.100",
+ "matchCriteriaId": "97F2BD15-F25B-488B-B2AC-AD33239B4A27"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-0604",
- "source": "prodsec@splunk.com"
+ "source": "prodsec@splunk.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://research.splunk.com/application/a1be424d-e59c-4583-b6f9-2dcc23be4875/",
- "source": "prodsec@splunk.com"
+ "source": "prodsec@splunk.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32710.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32710.json
index af9ecbe4291..fe335e074e1 100644
--- a/CVE-2023/CVE-2023-327xx/CVE-2023-32710.json
+++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32710.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-32710",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2023-06-01T17:15:10.283",
- "lastModified": "2023-06-01T17:29:59.710",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T14:24:48.217",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.6,
+ "impactScore": 3.6
+ },
{
"source": "prodsec@splunk.com",
"type": "Secondary",
@@ -34,10 +54,64 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-Other"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "8.1.0",
+ "versionEndExcluding": "8.1.14",
+ "matchCriteriaId": "285DAAE6-0931-41DA-A64A-25ED6A3BE2C5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "8.2.0",
+ "versionEndExcluding": "8.2.11",
+ "matchCriteriaId": "E924894C-6C74-4F3B-B8FC-B3FDA0F487F3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "9.0.0",
+ "versionEndExcluding": "9.0.5",
+ "matchCriteriaId": "4FF90BE2-6E2E-41F7-A77E-7547CBDD8596"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "9.0.2303.100",
+ "matchCriteriaId": "97F2BD15-F25B-488B-B2AC-AD33239B4A27"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-0609",
- "source": "prodsec@splunk.com"
+ "source": "prodsec@splunk.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32711.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32711.json
index f94be2656bc..c63deba2f9c 100644
--- a/CVE-2023/CVE-2023-327xx/CVE-2023-32711.json
+++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32711.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-32711",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2023-06-01T17:15:10.340",
- "lastModified": "2023-06-01T17:29:59.710",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T14:23:52.817",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ },
{
"source": "prodsec@splunk.com",
"type": "Secondary",
@@ -34,14 +54,65 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "8.1.0",
+ "versionEndExcluding": "8.1.14",
+ "matchCriteriaId": "285DAAE6-0931-41DA-A64A-25ED6A3BE2C5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "8.2.0",
+ "versionEndExcluding": "8.2.11",
+ "matchCriteriaId": "E924894C-6C74-4F3B-B8FC-B3FDA0F487F3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "9.0.0",
+ "versionEndExcluding": "9.0.5",
+ "matchCriteriaId": "4FF90BE2-6E2E-41F7-A77E-7547CBDD8596"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-0605",
- "source": "prodsec@splunk.com"
+ "source": "prodsec@splunk.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://research.splunk.com/application/8a43558f-a53c-4ee4-86c1-30b1e8ef3606/",
- "source": "prodsec@splunk.com"
+ "source": "prodsec@splunk.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32712.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32712.json
index 46de3e0e06e..a4b7263b30e 100644
--- a/CVE-2023/CVE-2023-327xx/CVE-2023-32712.json
+++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32712.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-32712",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2023-06-01T17:15:10.397",
- "lastModified": "2023-06-01T17:29:59.710",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T14:23:31.040",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.1,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 1.6,
+ "impactScore": 1.4
+ },
{
"source": "prodsec@splunk.com",
"type": "Secondary",
@@ -34,10 +54,58 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-116"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "8.1.0",
+ "versionEndExcluding": "8.1.14",
+ "matchCriteriaId": "285DAAE6-0931-41DA-A64A-25ED6A3BE2C5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "8.2.0",
+ "versionEndExcluding": "8.2.11",
+ "matchCriteriaId": "E924894C-6C74-4F3B-B8FC-B3FDA0F487F3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "9.0.0",
+ "versionEndExcluding": "9.0.5",
+ "matchCriteriaId": "4FF90BE2-6E2E-41F7-A77E-7547CBDD8596"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-0606",
- "source": "prodsec@splunk.com"
+ "source": "prodsec@splunk.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32713.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32713.json
index 23af6aaa4ce..58c56867f97 100644
--- a/CVE-2023/CVE-2023-327xx/CVE-2023-32713.json
+++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32713.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-32713",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2023-06-01T17:15:10.453",
- "lastModified": "2023-06-01T17:29:59.710",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T14:21:31.067",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.9,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.1,
+ "impactScore": 6.0
+ },
{
"source": "prodsec@splunk.com",
"type": "Secondary",
@@ -34,10 +54,43 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-269"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk_app_for_stream:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "8.1.1",
+ "matchCriteriaId": "1935738E-D4ED-4D2E-B984-FACD89EEAF7F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-0607",
- "source": "prodsec@splunk.com"
+ "source": "prodsec@splunk.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32714.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32714.json
index 4e86b54ebce..7b263a57f1d 100644
--- a/CVE-2023/CVE-2023-327xx/CVE-2023-32714.json
+++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32714.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-32714",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2023-06-01T17:15:10.513",
- "lastModified": "2023-06-01T17:29:59.710",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T14:20:42.940",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 8.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.2
+ },
{
"source": "prodsec@splunk.com",
"type": "Secondary",
@@ -34,14 +54,71 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "8.1.0",
+ "versionEndExcluding": "8.1.14",
+ "matchCriteriaId": "285DAAE6-0931-41DA-A64A-25ED6A3BE2C5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "8.2.0",
+ "versionEndExcluding": "8.2.11",
+ "matchCriteriaId": "E924894C-6C74-4F3B-B8FC-B3FDA0F487F3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "9.0.0",
+ "versionEndExcluding": "9.0.5",
+ "matchCriteriaId": "4FF90BE2-6E2E-41F7-A77E-7547CBDD8596"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk_app_for_lookup_file_editing:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "4.0.1",
+ "matchCriteriaId": "344C7507-BAD0-45FC-B2DE-ECD2C9135EE1"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-0608",
- "source": "prodsec@splunk.com"
+ "source": "prodsec@splunk.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://research.splunk.com/application/8ed58987-738d-4917-9e44-b8ef6ab948a6/",
- "source": "prodsec@splunk.com"
+ "source": "prodsec@splunk.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32715.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32715.json
index 7ceef1d1f2f..8d6cfb1800c 100644
--- a/CVE-2023/CVE-2023-327xx/CVE-2023-32715.json
+++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32715.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-32715",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2023-06-01T17:15:10.570",
- "lastModified": "2023-06-01T17:29:59.710",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T14:19:36.413",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ },
{
"source": "prodsec@splunk.com",
"type": "Secondary",
@@ -34,10 +54,43 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk_app_for_lookup_file_editing:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "4.0.1",
+ "matchCriteriaId": "344C7507-BAD0-45FC-B2DE-ECD2C9135EE1"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-0610",
- "source": "prodsec@splunk.com"
+ "source": "prodsec@splunk.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32716.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32716.json
index f2390d9ac59..ff79fc33c7c 100644
--- a/CVE-2023/CVE-2023-327xx/CVE-2023-32716.json
+++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32716.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-32716",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2023-06-01T17:15:10.630",
- "lastModified": "2023-06-01T17:29:59.710",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T14:18:33.360",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ },
{
"source": "prodsec@splunk.com",
"type": "Secondary",
@@ -34,14 +54,71 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-754"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "8.1.0",
+ "versionEndExcluding": "8.1.14",
+ "matchCriteriaId": "285DAAE6-0931-41DA-A64A-25ED6A3BE2C5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "8.2.0",
+ "versionEndExcluding": "8.2.11",
+ "matchCriteriaId": "E924894C-6C74-4F3B-B8FC-B3FDA0F487F3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "9.0.0",
+ "versionEndExcluding": "9.0.5",
+ "matchCriteriaId": "4FF90BE2-6E2E-41F7-A77E-7547CBDD8596"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "9.0.2303.100",
+ "matchCriteriaId": "97F2BD15-F25B-488B-B2AC-AD33239B4A27"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-0611",
- "source": "prodsec@splunk.com"
+ "source": "prodsec@splunk.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://research.splunk.com/application/fb0e6823-365f-48ed-b09e-272ac4c1dad6/",
- "source": "prodsec@splunk.com"
+ "source": "prodsec@splunk.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32717.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32717.json
index 5a2087612dc..2e406c81c66 100644
--- a/CVE-2023/CVE-2023-327xx/CVE-2023-32717.json
+++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32717.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-32717",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2023-06-01T17:15:10.687",
- "lastModified": "2023-06-01T17:29:59.710",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T14:17:03.670",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ },
{
"source": "prodsec@splunk.com",
"type": "Secondary",
@@ -34,14 +54,71 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-Other"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "8.1.0",
+ "versionEndExcluding": "8.1.14",
+ "matchCriteriaId": "285DAAE6-0931-41DA-A64A-25ED6A3BE2C5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "8.2.0",
+ "versionEndExcluding": "8.2.11",
+ "matchCriteriaId": "E924894C-6C74-4F3B-B8FC-B3FDA0F487F3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "9.0.0",
+ "versionEndExcluding": "9.0.5",
+ "matchCriteriaId": "4FF90BE2-6E2E-41F7-A77E-7547CBDD8596"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "9.0.2303.100",
+ "matchCriteriaId": "97F2BD15-F25B-488B-B2AC-AD33239B4A27"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-0612",
- "source": "prodsec@splunk.com"
+ "source": "prodsec@splunk.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://research.splunk.com/application/bbe26f95-1655-471d-8abd-3d32fafa86f8/",
- "source": "prodsec@splunk.com"
+ "source": "prodsec@splunk.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32731.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32731.json
new file mode 100644
index 00000000000..360b4414470
--- /dev/null
+++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32731.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-32731",
+ "sourceIdentifier": "cve-coordination@google.com",
+ "published": "2023-06-09T11:15:09.303",
+ "lastModified": "2023-06-09T11:15:09.303",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in\u00a0 https://github.com/grpc/grpc/pull/32309 https://github.com/grpc/grpc/pull/32309 \n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "cve-coordination@google.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.4,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.2,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "cve-coordination@google.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-440"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/grpc/grpc/pull/32309",
+ "source": "cve-coordination@google.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32732.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32732.json
new file mode 100644
index 00000000000..93e30153723
--- /dev/null
+++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32732.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-32732",
+ "sourceIdentifier": "cve-coordination@google.com",
+ "published": "2023-06-09T11:15:09.377",
+ "lastModified": "2023-06-09T11:15:09.377",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in\u00a0 https://github.com/grpc/grpc/pull/32309 https://www.google.com/url \n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "cve-coordination@google.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "LOW",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "cve-coordination@google.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-440"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/grpc/grpc/pull/32309",
+ "source": "cve-coordination@google.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32749.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32749.json
new file mode 100644
index 00000000000..4cb6d9076d0
--- /dev/null
+++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32749.json
@@ -0,0 +1,32 @@
+{
+ "id": "CVE-2023-32749",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-08T20:15:09.430",
+ "lastModified": "2023-06-08T20:15:09.430",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all cells and non-personal workspaces is granted."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "http://packetstormsecurity.com/files/172645/Pydio-Cells-4.1.2-Privilege-Escalation.html",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2023/May/18",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2023-003/-pydio-cells-unauthorised-role-assignments",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32750.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32750.json
new file mode 100644
index 00000000000..0f6aa6830ff
--- /dev/null
+++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32750.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2023-32750",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-08T21:15:17.340",
+ "lastModified": "2023-06-08T21:15:17.340",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job \"remote-download\" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The response file is then available in a user-specified folder in Pydio Cells."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.redteam-pentesting.de/advisories/rt-sa-2023-005/",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32751.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32751.json
new file mode 100644
index 00000000000..7702aa97c11
--- /dev/null
+++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32751.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2023-32751",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-08T21:15:17.427",
+ "lastModified": "2023-06-08T21:15:17.427",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript [1]. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it is possible to generate valid signatures for arbitrary download URLs. By uploading an HTML file and modifying the download URL to serve the file inline instead of as an attachment, any included JavaScript code is executed when the URL is opened in a browser, leading to a cross-site scripting vulnerability."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.redteam-pentesting.de/advisories/rt-sa-2023-004/",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32758.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32758.json
index e9a0d3cf597..4481c5a28e2 100644
--- a/CVE-2023/CVE-2023-327xx/CVE-2023-32758.json
+++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32758.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-32758",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-15T04:15:10.330",
- "lastModified": "2023-05-26T18:53:30.167",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-06-06T18:15:10.883",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "giturlparse (aka git-url-parse) through 1.2.2, as used in Semgrep through 1.21.0, is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package (for example, to check whether it accesses any Git repository at an http:// URL), and that package's author placed a ReDoS attack payload in a URL used by the package."
+ "value": "giturlparse (aka git-url-parse) through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package (for example, to check whether it accesses any Git repository at an http:// URL), and that package's author placed a ReDoS attack payload in a URL used by the package."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32958.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32958.json
index e79d70c8556..e3337fcd5bd 100644
--- a/CVE-2023/CVE-2023-329xx/CVE-2023-32958.json
+++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32958.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-32958",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-28T18:15:09.477",
- "lastModified": "2023-05-28T18:32:54.977",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T14:33:26.060",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.8,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.7,
+ "impactScore": 2.7
+ },
{
"source": "audit@patchstack.com",
"type": "Secondary",
@@ -46,10 +66,31 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:nosegraze:novelist:*:*:*:*:*:wordpress:*:*",
+ "versionEndExcluding": "1.2.1",
+ "matchCriteriaId": "B5363F23-C990-46A4-80B2-E53E22854FA7"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/novelist/wordpress-novelist-plugin-1-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
- "source": "audit@patchstack.com"
+ "source": "audit@patchstack.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33009.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33009.json
index c0a33e50740..98b6e935c2f 100644
--- a/CVE-2023/CVE-2023-330xx/CVE-2023-33009.json
+++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33009.json
@@ -2,8 +2,12 @@
"id": "CVE-2023-33009",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-05-24T13:15:09.560",
- "lastModified": "2023-05-24T13:42:11.173",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T18:20:46.193",
+ "vulnStatus": "Analyzed",
+ "cisaExploitAdd": "2023-06-05",
+ "cisaActionDue": "2023-06-26",
+ "cisaRequiredAction": "Apply updates per vendor instructions.",
+ "cisaVulnerabilityName": "Zyxel Multiple Firewalls Buffer Overflow Vulnerability",
"descriptions": [
{
"lang": "en",
@@ -12,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ },
{
"source": "security@zyxel.com.tw",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-120"
+ }
+ ]
+ },
{
"source": "security@zyxel.com.tw",
"type": "Secondary",
@@ -46,10 +80,898 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.32",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "73E39B94-291E-4E3A-8A89-B74FF063BA05"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp100_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "C5813B69-C1A3-4695-8B63-17994BBA1723"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp100_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "B61DE8A9-6A73-45EF-8C37-39138F39168A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.32",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "84A41F09-4474-4ABC-B2FA-92B17F63A7CA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp200_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "49FF3D01-C9AA-452C-A079-3180DC8DB269"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp200_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "8ABED29D-8074-46AB-8A0F-759B0653691B"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.32",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "8B7E5F75-5577-4511-A1F4-1BD142D60BD5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp500_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "9801F3AB-4560-44AA-934F-0A6D31F46195"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp500_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "2A0E5B17-00E0-4CB0-9787-D6A8C8E1E0BE"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.32",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "B8F79940-F737-4A71-9FAC-1F99E0BCE450"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp100w_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "3CBAF763-195F-4B36-A450-719931B86650"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp100w_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "4CB974EC-859A-4B74-8A60-98A5406E8F43"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.32",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "7728D2C4-0B0A-404E-92BC-AAA1A1987BFD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp700_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "F4CF847A-A858-43A6-B35B-91455682E382"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp700_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "9BE980D6-9D39-41B9-A35C-1879B72F4146"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.32",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "791D6928-BE82-4678-A8A4-39C9D9A1C684"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp800_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "BA1C872C-9192-410D-86F1-55CDF07DE77C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp800_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "EECC0FB9-DED8-4ACF-A627-0537F3EE8C65"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.50",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "FC95F84E-95A0-4FB8-942A-732E022E3CC6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "DA9E3C5E-9447-40D2-9036-6097FF433433"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "12F0F5D8-AC3F-4485-A013-5109FB796FF3"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "EF66A8A2-EE45-43ED-8F5A-FF488AC39943"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "F185DD94-DDA0-4B37-BADE-8468BA08CC02"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.50",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "F65ACDFE-3A54-46D6-98CA-2D51957072AF"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "23E7810E-370E-4405-B7A2-C988511BE7B4"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "8571FFB9-A90D-4EBD-87C0-F5119D142CEC"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.50",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "C0B8FF81-5020-429E-ABC7-D0F18A5177F5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "46E17CE0-8EA7-4188-B3E7-DBD1D30C8DC3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "C3D2B551-E080-4F75-A0C7-30D9E684EEEF"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.50",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "FD0F817C-6388-41E2-9F80-9B5427036865"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "9A4E9538-EFB8-4181-A48B-D9B09F124B4B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "9ECBAE12-DD16-476C-A2F1-2DF5F334741D"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.50",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "FC95F84E-95A0-4FB8-942A-732E022E3CC6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "6ED353C3-7BD1-4270-8D70-0B3D51C276E5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "AEA17444-10FA-4B93-A2D3-5D00151C12C6"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.25",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "0751B297-FB9F-4F44-BF19-1C7668B8B757"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "206BCF6E-CEB7-4972-B321-ED3CAFD92E76"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "18F99AF2-8419-4ADC-9F46-D53C177BA50F"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "107BB5B9-9C04-4C35-88AD-4D59ECD17778"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "5776089E-F9F4-4A0E-A169-FA1FC4DC6329"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.30",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "FB329984-D2A1-40B4-826D-78643B8DD4C8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:vpn100_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "B5FD9479-4FF2-412C-AB26-5F46FB354653"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:vpn100_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "499EA838-5310-4C1C-B9E7-2AB90ACEAA2E"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.30",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "B01FA34A-CA33-48E7-978C-638FC678C9C1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:vpn50_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "A7C9CFAA-87BB-4FFE-9191-0A662E58A2F7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:vpn50_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "062596D1-4466-46B6-B6B6-4403675B6A3B"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.30",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "D0135FFF-62FA-4AEA-8B67-1CCA2D85D8E0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:vpn300_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "B41E614E-708B-4793-B10A-E264AC128AC2"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:vpn300_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "DF398D47-F670-4669-B0BC-9BD9DEC553AC"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.30",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "5DB62871-BC40-43D8-A486-471CD9316332"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "DA96F7C3-B9DA-4B14-8C69-05A8BC1C4FFA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "3F62D2F9-2D33-4E3F-B641-C721CF34B5C2"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.30",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "7079103C-ED92-40C3-AF42-4689822A96E2"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "BC69FAB1-C862-470A-8CBF-BB8751485611"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "8FD54572-2C29-4D2E-B15A-DE3A16D8E3CA"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7239C54F-EC9E-44B4-AE33-1D36E5448219"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_40_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.25",
+ "versionEndExcluding": "4.73",
+ "matchCriteriaId": "24F44F62-BE75-45DE-9160-E807F6789BE1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_40_firmware:4.73:-:*:*:*:*:*:*",
+ "matchCriteriaId": "97239F61-5715-476B-BD20-B40746AAFE42"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_40_firmware:4.73:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "FA798B77-D4B4-4F21-A543-A6C5AAD7878F"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:usg_40:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D84DDB81-DE66-4427-8833-633B45A45A14"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_40w_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.25",
+ "versionEndExcluding": "4.73",
+ "matchCriteriaId": "F1C7AA79-C28C-4075-B420-FE41D106D6C6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_40w_firmware:4.73:-:*:*:*:*:*:*",
+ "matchCriteriaId": "1C2309AF-4FDB-4564-B2C4-B7BA67F1DA6B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_40w_firmware:4.73:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "8A04A40D-7093-49E3-A7A7-8C6F148F460F"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:usg_40w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8F11F36C-60DB-4D81-A320-53EEE43758C1"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_60w_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.25",
+ "versionEndExcluding": "4.73",
+ "matchCriteriaId": "560B1BFF-DB43-426C-A3B9-BF9A595EA62F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_60w_firmware:4.73:-:*:*:*:*:*:*",
+ "matchCriteriaId": "4C76684E-0F6D-4D89-8E59-343988366E1D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_60w_firmware:4.73:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "14613F31-56A0-4F5B-9E1A-F316A4508F3F"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:usg_60w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "82864EF6-B63D-4947-A18C-AE0156CCA7FA"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_60_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.25",
+ "versionEndExcluding": "4.73",
+ "matchCriteriaId": "3208CBB7-A4A2-4D92-9A40-766328C0CE4E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_60_firmware:4.73:-:*:*:*:*:*:*",
+ "matchCriteriaId": "02C8DD42-9023-43B9-8B8B-BF9CC79E27E0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_60_firmware:4.73:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "8B7249A0-0AE1-4C01-BF04-BD8BA385C84D"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:usg_60:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C65DB5E9-2FE3-4807-970E-A42FDF82B50E"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls",
- "source": "security@zyxel.com.tw"
+ "source": "security@zyxel.com.tw",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33010.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33010.json
index c8e954e1ce8..9d128ff6dc6 100644
--- a/CVE-2023/CVE-2023-330xx/CVE-2023-33010.json
+++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33010.json
@@ -2,8 +2,12 @@
"id": "CVE-2023-33010",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-05-24T13:15:09.640",
- "lastModified": "2023-05-24T13:42:11.173",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T18:20:46.193",
+ "vulnStatus": "Analyzed",
+ "cisaExploitAdd": "2023-06-05",
+ "cisaActionDue": "2023-06-26",
+ "cisaRequiredAction": "Apply updates per vendor instructions.",
+ "cisaVulnerabilityName": "Zyxel Multiple Firewalls Buffer Overflow Vulnerability",
"descriptions": [
{
"lang": "en",
@@ -12,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ },
{
"source": "security@zyxel.com.tw",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-120"
+ }
+ ]
+ },
{
"source": "security@zyxel.com.tw",
"type": "Secondary",
@@ -46,10 +80,898 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.32",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "73E39B94-291E-4E3A-8A89-B74FF063BA05"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp100_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "C5813B69-C1A3-4695-8B63-17994BBA1723"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp100_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "B61DE8A9-6A73-45EF-8C37-39138F39168A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.32",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "84A41F09-4474-4ABC-B2FA-92B17F63A7CA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp200_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "49FF3D01-C9AA-452C-A079-3180DC8DB269"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp200_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "8ABED29D-8074-46AB-8A0F-759B0653691B"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.32",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "8B7E5F75-5577-4511-A1F4-1BD142D60BD5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp500_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "9801F3AB-4560-44AA-934F-0A6D31F46195"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp500_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "2A0E5B17-00E0-4CB0-9787-D6A8C8E1E0BE"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.32",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "B8F79940-F737-4A71-9FAC-1F99E0BCE450"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp100w_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "3CBAF763-195F-4B36-A450-719931B86650"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp100w_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "4CB974EC-859A-4B74-8A60-98A5406E8F43"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.32",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "7728D2C4-0B0A-404E-92BC-AAA1A1987BFD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp700_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "F4CF847A-A858-43A6-B35B-91455682E382"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp700_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "9BE980D6-9D39-41B9-A35C-1879B72F4146"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.32",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "791D6928-BE82-4678-A8A4-39C9D9A1C684"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp800_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "BA1C872C-9192-410D-86F1-55CDF07DE77C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:atp800_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "EECC0FB9-DED8-4ACF-A627-0537F3EE8C65"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.50",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "FC95F84E-95A0-4FB8-942A-732E022E3CC6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "DA9E3C5E-9447-40D2-9036-6097FF433433"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "12F0F5D8-AC3F-4485-A013-5109FB796FF3"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "EF66A8A2-EE45-43ED-8F5A-FF488AC39943"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "F185DD94-DDA0-4B37-BADE-8468BA08CC02"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.50",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "F65ACDFE-3A54-46D6-98CA-2D51957072AF"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "23E7810E-370E-4405-B7A2-C988511BE7B4"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "8571FFB9-A90D-4EBD-87C0-F5119D142CEC"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.50",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "C0B8FF81-5020-429E-ABC7-D0F18A5177F5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "46E17CE0-8EA7-4188-B3E7-DBD1D30C8DC3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "C3D2B551-E080-4F75-A0C7-30D9E684EEEF"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.50",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "FD0F817C-6388-41E2-9F80-9B5427036865"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "9A4E9538-EFB8-4181-A48B-D9B09F124B4B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "9ECBAE12-DD16-476C-A2F1-2DF5F334741D"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.50",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "FC95F84E-95A0-4FB8-942A-732E022E3CC6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "6ED353C3-7BD1-4270-8D70-0B3D51C276E5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "AEA17444-10FA-4B93-A2D3-5D00151C12C6"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.25",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "0751B297-FB9F-4F44-BF19-1C7668B8B757"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "206BCF6E-CEB7-4972-B321-ED3CAFD92E76"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "18F99AF2-8419-4ADC-9F46-D53C177BA50F"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "107BB5B9-9C04-4C35-88AD-4D59ECD17778"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "5776089E-F9F4-4A0E-A169-FA1FC4DC6329"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.30",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "FB329984-D2A1-40B4-826D-78643B8DD4C8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:vpn100_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "B5FD9479-4FF2-412C-AB26-5F46FB354653"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:vpn100_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "499EA838-5310-4C1C-B9E7-2AB90ACEAA2E"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.30",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "B01FA34A-CA33-48E7-978C-638FC678C9C1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:vpn50_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "A7C9CFAA-87BB-4FFE-9191-0A662E58A2F7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:vpn50_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "062596D1-4466-46B6-B6B6-4403675B6A3B"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.30",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "D0135FFF-62FA-4AEA-8B67-1CCA2D85D8E0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:vpn300_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "B41E614E-708B-4793-B10A-E264AC128AC2"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:vpn300_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "DF398D47-F670-4669-B0BC-9BD9DEC553AC"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.30",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "5DB62871-BC40-43D8-A486-471CD9316332"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "DA96F7C3-B9DA-4B14-8C69-05A8BC1C4FFA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "3F62D2F9-2D33-4E3F-B641-C721CF34B5C2"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.30",
+ "versionEndExcluding": "5.36",
+ "matchCriteriaId": "7079103C-ED92-40C3-AF42-4689822A96E2"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:5.36:-:*:*:*:*:*:*",
+ "matchCriteriaId": "BC69FAB1-C862-470A-8CBF-BB8751485611"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:5.36:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "8FD54572-2C29-4D2E-B15A-DE3A16D8E3CA"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7239C54F-EC9E-44B4-AE33-1D36E5448219"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_40_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.25",
+ "versionEndExcluding": "4.73",
+ "matchCriteriaId": "24F44F62-BE75-45DE-9160-E807F6789BE1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_40_firmware:4.73:-:*:*:*:*:*:*",
+ "matchCriteriaId": "97239F61-5715-476B-BD20-B40746AAFE42"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_40_firmware:4.73:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "FA798B77-D4B4-4F21-A543-A6C5AAD7878F"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:usg_40:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D84DDB81-DE66-4427-8833-633B45A45A14"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_40w_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.25",
+ "versionEndExcluding": "4.73",
+ "matchCriteriaId": "F1C7AA79-C28C-4075-B420-FE41D106D6C6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_40w_firmware:4.73:-:*:*:*:*:*:*",
+ "matchCriteriaId": "1C2309AF-4FDB-4564-B2C4-B7BA67F1DA6B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_40w_firmware:4.73:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "8A04A40D-7093-49E3-A7A7-8C6F148F460F"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:usg_40w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8F11F36C-60DB-4D81-A320-53EEE43758C1"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_60w_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.25",
+ "versionEndExcluding": "4.73",
+ "matchCriteriaId": "560B1BFF-DB43-426C-A3B9-BF9A595EA62F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_60w_firmware:4.73:-:*:*:*:*:*:*",
+ "matchCriteriaId": "4C76684E-0F6D-4D89-8E59-343988366E1D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_60w_firmware:4.73:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "14613F31-56A0-4F5B-9E1A-F316A4508F3F"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:usg_60w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "82864EF6-B63D-4947-A18C-AE0156CCA7FA"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_60_firmware:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.25",
+ "versionEndExcluding": "4.73",
+ "matchCriteriaId": "3208CBB7-A4A2-4D92-9A40-766328C0CE4E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_60_firmware:4.73:-:*:*:*:*:*:*",
+ "matchCriteriaId": "02C8DD42-9023-43B9-8B8B-BF9CC79E27E0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:zyxel:usg_60_firmware:4.73:patch1:*:*:*:*:*:*",
+ "matchCriteriaId": "8B7249A0-0AE1-4C01-BF04-BD8BA385C84D"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:zyxel:usg_60:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C65DB5E9-2FE3-4807-970E-A42FDF82B50E"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls",
- "source": "security@zyxel.com.tw"
+ "source": "security@zyxel.com.tw",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33175.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33175.json
index 31b43d09091..91a797ba49e 100644
--- a/CVE-2023/CVE-2023-331xx/CVE-2023-33175.json
+++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33175.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-33175",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-30T05:15:11.877",
- "lastModified": "2023-05-30T12:52:56.613",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T17:21:24.507",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-913"
+ }
+ ]
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -46,14 +76,39 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:toui_project:toui:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "2.0.1",
+ "versionEndIncluding": "2.4.0",
+ "matchCriteriaId": "8C14F24C-0F44-472D-A3CE-16C78C907A2D"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/mubarakalmehairbi/ToUI/releases/tag/v2.4.1",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Release Notes"
+ ]
},
{
"url": "https://github.com/mubarakalmehairbi/ToUI/security/advisories/GHSA-hh7j-pg39-q563",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33177.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33177.json
index 09e3843fa0f..76b8874a2ea 100644
--- a/CVE-2023/CVE-2023-331xx/CVE-2023-33177.json
+++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33177.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-33177",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-30T20:15:10.837",
- "lastModified": "2023-05-30T21:10:02.053",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T01:06:39.687",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ }
+ ]
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -46,26 +76,68 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:xibosignage:xibo:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "1.8.0",
+ "versionEndExcluding": "2.3.17",
+ "matchCriteriaId": "8C5BA7B5-A641-4549-A091-5FD03BB571B7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:xibosignage:xibo:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.0.0",
+ "versionEndExcluding": "3.3.5",
+ "matchCriteriaId": "A9A69FAF-8979-43F9-AA38-10568026EFE4"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://claroty.com/team82/disclosure-dashboard",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://github.com/xibosignage/xibo-cms/commit/1cbba380fa751a00756e70d7b08b5c6646092658",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/xibosignage/xibo-cms/commit/45c6b53c3978639db03b63270a56f4397f49b2c9",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-jj27-x85q-crqv",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://xibosignage.com/blog/security-advisory-2023-05/",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33178.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33178.json
index 031dabe55fe..8f6daf2997c 100644
--- a/CVE-2023/CVE-2023-331xx/CVE-2023-33178.json
+++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33178.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-33178",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-30T20:15:10.907",
- "lastModified": "2023-05-30T21:10:02.053",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T00:59:10.210",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -46,18 +76,53 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:xibosignage:xibo:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "1.4.0",
+ "versionEndExcluding": "2.3.17",
+ "matchCriteriaId": "B10E8D2E-C0C5-4F4B-8F9A-82506C3FFE93"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:xibosignage:xibo:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.0.0",
+ "versionEndExcluding": "3.3.5",
+ "matchCriteriaId": "A9A69FAF-8979-43F9-AA38-10568026EFE4"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://claroty.com/team82/disclosure-dashboard",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-g9x2-757j-hmhh",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://xibosignage.com/blog/security-advisory-2023-05/",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33179.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33179.json
index 602b06847d1..e4a92655ae1 100644
--- a/CVE-2023/CVE-2023-331xx/CVE-2023-33179.json
+++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33179.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-33179",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-30T21:15:09.077",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T01:01:56.027",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -46,18 +76,46 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:xibosignage:xibo:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.2.0",
+ "versionEndExcluding": "3.3.5",
+ "matchCriteriaId": "401215DE-8684-4986-BB19-3B16AF2155C7"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://claroty.com/team82/disclosure-dashboard",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-jmx8-cgm4-7mf5",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://xibosignage.com/blog/security-advisory-2023-05/",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33180.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33180.json
index 5104107bfe1..6b08a302a63 100644
--- a/CVE-2023/CVE-2023-331xx/CVE-2023-33180.json
+++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33180.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-33180",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-30T21:15:09.147",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T01:11:16.797",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -46,18 +76,46 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:xibosignage:xibo:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.2.0",
+ "versionEndExcluding": "3.3.5",
+ "matchCriteriaId": "401215DE-8684-4986-BB19-3B16AF2155C7"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://claroty.com/team82/disclosure-dashboard",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-7ww5-x9rm-qm89",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://xibosignage.com/blog/security-advisory-2023-05/",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33181.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33181.json
index f6421062f2c..77d308feb03 100644
--- a/CVE-2023/CVE-2023-331xx/CVE-2023-33181.json
+++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33181.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-33181",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-30T21:15:09.207",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T01:15:10.333",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-209"
+ }
+ ]
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -46,18 +76,47 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:xibosignage:xibo:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.0.0",
+ "versionEndExcluding": "3.3.5",
+ "matchCriteriaId": "A9A69FAF-8979-43F9-AA38-10568026EFE4"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://claroty.com/team82/disclosure-dashboard",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Issue Tracking",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-c9cx-ghwr-x58m",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://xibosignage.com/blog/security-advisory-2023-05/",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33182.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33182.json
index f60374e736c..d2d0dfd3820 100644
--- a/CVE-2023/CVE-2023-331xx/CVE-2023-33182.json
+++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33182.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-33182",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-30T05:15:11.957",
- "lastModified": "2023-06-05T16:57:53.903",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-06-06T13:47:28.927",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -93,9 +93,9 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:contacts:*:*:*:*:*:*:*:*",
- "versionStartIncluding": "5..0.0",
+ "versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.0.3",
- "matchCriteriaId": "02E95A73-61FB-4B8B-B08E-DE0C8325AA70"
+ "matchCriteriaId": "B07ED717-3B87-434B-980F-32F2CD033D3A"
}
]
}
diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33185.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33185.json
index 514424b8d1a..15dff8cd428 100644
--- a/CVE-2023/CVE-2023-331xx/CVE-2023-33185.json
+++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33185.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-33185",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-26T21:15:20.527",
- "lastModified": "2023-05-28T02:28:04.970",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T18:09:12.467",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.5
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-347"
+ }
+ ]
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -46,18 +76,46 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:django-ses_project:django-ses:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "3.5.0",
+ "matchCriteriaId": "B87C9D64-0546-4BC8-B456-D2EB87E34F57"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/django-ses/django-ses/blob/3d627067935876487f9938310d5e1fbb249a7778/CVE/001-cert-url-signature-verification.md",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://github.com/django-ses/django-ses/commit/b71b5f413293a13997b6e6314086cb9c22629795",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/django-ses/django-ses/security/advisories/GHSA-qg36-9jxh-fj25",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33186.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33186.json
index 275c0c070c0..d4e62af90b6 100644
--- a/CVE-2023/CVE-2023-331xx/CVE-2023-33186.json
+++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33186.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-33186",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-30T06:16:36.237",
- "lastModified": "2023-05-30T12:52:56.613",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T16:01:21.473",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -46,22 +76,57 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zulip:zulip_server:7.0:beta1:*:*:*:*:*:*",
+ "matchCriteriaId": "E449504D-DB1E-4244-A98D-85AC698B4A6A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zulip:zulip_server:7.0:beta2:*:*:*:*:*:*",
+ "matchCriteriaId": "4571E1B8-F9D4-4F6F-B7F2-07A1FE57A8E5"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/zulip/zulip/commit/3ca131743b00f42bad8edbac4ef92656d954c629",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/zulip/zulip/commit/903dbda79bd176702d3175a7c8a5450a64b6eccb",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/zulip/zulip/pull/25370",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Issue Tracking",
+ "Patch"
+ ]
},
{
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-4r83-8f94-hrph",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33282.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33282.json
new file mode 100644
index 00000000000..c40a057ebd9
--- /dev/null
+++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33282.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2023-33282",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-07T20:15:09.740",
+ "lastModified": "2023-06-07T20:24:12.193",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Marval MSM through 14.19.0.12476 and 15.0 has a System account with default credentials. A remote attacker is able to login and create a valid session. This makes it possible to make backend calls to endpoints in the application."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://marvalglobal.com/software/",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://www.cyberskydd.se/cve/2023/CVE-2023-33282.html",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33283.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33283.json
new file mode 100644
index 00000000000..c81d0996500
--- /dev/null
+++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33283.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-33283",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-07T20:15:09.790",
+ "lastModified": "2023-06-07T20:24:12.193",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.cyberskydd.se/cve/2023/CVE-2023-33283.html",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33284.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33284.json
new file mode 100644
index 00000000000..1fecac2a575
--- /dev/null
+++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33284.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-33284",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-07T20:15:09.833",
+ "lastModified": "2023-06-07T20:24:12.193",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Marval MSM through 14.19.0.12476 and 15.0 has a Remote Code Execution vulnerability. A remote attacker authenticated as any user is able to execute code in context of the web server."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.cyberskydd.se/cve/2023/CVE-2023-33284.html",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33285.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33285.json
index 9d61d8a12f9..5faf5c217cc 100644
--- a/CVE-2023/CVE-2023-332xx/CVE-2023-33285.json
+++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33285.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-33285",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-22T03:15:09.720",
- "lastModified": "2023-05-30T21:34:23.247",
+ "lastModified": "2023-06-07T17:42:07.260",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -17,7 +17,7 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@@ -25,12 +25,12 @@
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
- "availabilityImpact": "HIGH",
- "baseScore": 7.5,
- "baseSeverity": "HIGH"
+ "availabilityImpact": "LOW",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
- "impactScore": 3.6
+ "impactScore": 1.4
},
{
"source": "cve@mitre.org",
diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33287.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33287.json
index c2a4c3fa540..17f2ac0126b 100644
--- a/CVE-2023/CVE-2023-332xx/CVE-2023-33287.json
+++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33287.json
@@ -2,27 +2,90 @@
"id": "CVE-2023-33287",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T20:15:10.583",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T01:26:27.440",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the Inline Table Editing application before 3.8.0 for Confluence allows attackers to store and execute arbitrary JavaScript via a crafted payload injected into the tables."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:actonic:inline_table_editing:*:*:*:*:*:confluence:*:*",
+ "versionEndExcluding": "3.8.0",
+ "matchCriteriaId": "1E37E2D4-40CC-4C19-8950-C8226A109266"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://actonic.de/produkte/inline-table-editing/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
},
{
"url": "https://marketplace.atlassian.com/apps/1217271/inline-table-editing/version-history",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product",
+ "Release Notes"
+ ]
},
{
"url": "https://marketplace.atlassian.com/apps/1217271/inline-table-editing?hosting=server&tab=versions",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33326.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33326.json
index 75c49e9e1cc..428a7ec0ee3 100644
--- a/CVE-2023/CVE-2023-333xx/CVE-2023-33326.json
+++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33326.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-33326",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-28T18:15:09.847",
- "lastModified": "2023-06-02T01:22:23.857",
+ "lastModified": "2023-06-07T21:37:57.253",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -75,9 +75,9 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:theeventprime:eventprime:*:*:*:*:*:wordpress:*:*",
+ "criteria": "cpe:2.3:a:metagauss:eventprime:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.0.0",
- "matchCriteriaId": "34B230EF-2DB7-4FD1-ACD1-8303739A90F7"
+ "matchCriteriaId": "46F8A1A3-3179-4654-9551-6FD2A257720B"
}
]
}
diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33381.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33381.json
new file mode 100644
index 00000000000..f0a4a3e6db1
--- /dev/null
+++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33381.json
@@ -0,0 +1,28 @@
+{
+ "id": "CVE-2023-33381",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-06T12:15:09.250",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A command injection vulnerability was found in the ping functionality of the MitraStar GPT-2741GNAC router (firmware version AR_g5.8_110WVN0b7_2). The vulnerability allows an authenticated user to execute arbitrary OS commands by sending specially crafted input to the router via the ping function."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "http://gpt-2741gnac.com",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "http://mitrastar.com",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/duality084/CVE-2023-33381-MitraStar-GPT-2741GNAC/blob/main/README.md",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-334xx/CVE-2023-33408.json b/CVE-2023/CVE-2023-334xx/CVE-2023-33408.json
index ad88f099053..aab107462d4 100644
--- a/CVE-2023/CVE-2023-334xx/CVE-2023-33408.json
+++ b/CVE-2023/CVE-2023-334xx/CVE-2023-33408.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-33408",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-05T21:15:11.140",
- "lastModified": "2023-06-05T21:15:11.140",
- "vulnStatus": "Received",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-334xx/CVE-2023-33409.json b/CVE-2023/CVE-2023-334xx/CVE-2023-33409.json
index 2491d4458ef..c6cf37ca7a5 100644
--- a/CVE-2023/CVE-2023-334xx/CVE-2023-33409.json
+++ b/CVE-2023/CVE-2023-334xx/CVE-2023-33409.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-33409",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-05T21:15:11.193",
- "lastModified": "2023-06-05T21:15:11.193",
- "vulnStatus": "Received",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-334xx/CVE-2023-33410.json b/CVE-2023/CVE-2023-334xx/CVE-2023-33410.json
index 191bdd5352b..e630356b0bd 100644
--- a/CVE-2023/CVE-2023-334xx/CVE-2023-33410.json
+++ b/CVE-2023/CVE-2023-334xx/CVE-2023-33410.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-33410",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-05T21:15:11.243",
- "lastModified": "2023-06-05T21:15:11.243",
- "vulnStatus": "Received",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-334xx/CVE-2023-33443.json b/CVE-2023/CVE-2023-334xx/CVE-2023-33443.json
new file mode 100644
index 00000000000..63113452902
--- /dev/null
+++ b/CVE-2023/CVE-2023-334xx/CVE-2023-33443.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-33443",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-08T14:15:15.860",
+ "lastModified": "2023-06-08T17:08:49.797",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Incorrect access control in the administrative functionalities of BES--6024PB-I50H1 VideoPlayTool v2.0.1.0 allow attackers to execute arbitrary administrative commands via a crafted payload sent to the desired endpoints."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://gitlab.com/FallFur/exploiting-unprotected-admin-funcionalities-on-besder-ip-cameras/",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-334xx/CVE-2023-33457.json b/CVE-2023/CVE-2023-334xx/CVE-2023-33457.json
new file mode 100644
index 00000000000..ab75d51dc11
--- /dev/null
+++ b/CVE-2023/CVE-2023-334xx/CVE-2023-33457.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-33457",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-06T14:15:12.673",
+ "lastModified": "2023-06-06T18:34:03.700",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , may cause buffer-overflow and crash."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/sogou/workflow/issues/1272",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-334xx/CVE-2023-33460.json b/CVE-2023/CVE-2023-334xx/CVE-2023-33460.json
new file mode 100644
index 00000000000..cd58c21278f
--- /dev/null
+++ b/CVE-2023/CVE-2023-334xx/CVE-2023-33460.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-33460",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-06T12:15:09.447",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/lloyd/yajl/issues/250",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-334xx/CVE-2023-33461.json b/CVE-2023/CVE-2023-334xx/CVE-2023-33461.json
index 7a965bf8045..af61a286cd3 100644
--- a/CVE-2023/CVE-2023-334xx/CVE-2023-33461.json
+++ b/CVE-2023/CVE-2023-334xx/CVE-2023-33461.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-33461",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-01T03:15:20.547",
- "lastModified": "2023-06-01T13:00:30.717",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T16:50:51.870",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -14,11 +14,68 @@
"value": "Iniparser v4.1 es vulnerable a una desreferencia de puntero NULL en la funci\u00f3n \"iniparser_getlongint\" que no comprueba el retorno NULL de la funci\u00f3n \"iniparser_getstring\". "
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-476"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:iniparser_project:iniparser:4.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "26DCED98-868B-4A1E-8659-0A4AAD370E89"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/ndevilla/iniparser/issues/144",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Issue Tracking",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-334xx/CVE-2023-33477.json b/CVE-2023/CVE-2023-334xx/CVE-2023-33477.json
new file mode 100644
index 00000000000..68e4bf77915
--- /dev/null
+++ b/CVE-2023/CVE-2023-334xx/CVE-2023-33477.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-33477",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-06T20:15:13.857",
+ "lastModified": "2023-06-07T02:45:15.873",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/Skr11lex/CVE-2023-33477",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-334xx/CVE-2023-33485.json b/CVE-2023/CVE-2023-334xx/CVE-2023-33485.json
index e4384fb09d9..fe7cbd52c5b 100644
--- a/CVE-2023/CVE-2023-334xx/CVE-2023-33485.json
+++ b/CVE-2023/CVE-2023-334xx/CVE-2023-33485.json
@@ -2,19 +2,114 @@
"id": "CVE-2023-33485",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T13:15:09.637",
- "lastModified": "2023-05-31T13:34:42.827",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T20:01:27.337",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a post-authentication buffer overflow via parameter sPort/ePort in the addEffect function."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:totolink:x5000r_firmware:9.1.0u.6118_b20201102:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AFCC3B52-0985-4F61-BBCC-16A271E15CD4"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:totolink:x5000r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BC45BFB0-0CF0-4F9E-B19D-D274B17F1591"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:totolink:x5000r_firmware:9.1.0u.6369_b20230113:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FAA27C60-0FFD-45E3-91B1-0C2F8EBF2442"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:totolink:x5000r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BC45BFB0-0CF0-4F9E-B19D-D274B17F1591"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/Kazamayc/vuln/tree/main/TOTOLINK/X5000R/5",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-334xx/CVE-2023-33486.json b/CVE-2023/CVE-2023-334xx/CVE-2023-33486.json
index 36bf88e6620..b85ebd41b84 100644
--- a/CVE-2023/CVE-2023-334xx/CVE-2023-33486.json
+++ b/CVE-2023/CVE-2023-334xx/CVE-2023-33486.json
@@ -2,19 +2,114 @@
"id": "CVE-2023-33486",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T13:15:09.697",
- "lastModified": "2023-05-31T13:34:42.827",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T20:01:48.737",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setOpModeCfg. This vulnerability allows an attacker to execute arbitrary commands through the \"hostName\" parameter."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-77"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:totolink:x5000r_firmware:9.1.0u.6118_b20201102:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AFCC3B52-0985-4F61-BBCC-16A271E15CD4"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:totolink:x5000r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BC45BFB0-0CF0-4F9E-B19D-D274B17F1591"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:totolink:x5000r_firmware:9.1.0u.6369_b20230113:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FAA27C60-0FFD-45E3-91B1-0C2F8EBF2442"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:totolink:x5000r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BC45BFB0-0CF0-4F9E-B19D-D274B17F1591"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/Kazamayc/vuln/tree/main/TOTOLINK/X5000R/3",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-334xx/CVE-2023-33487.json b/CVE-2023/CVE-2023-334xx/CVE-2023-33487.json
index 79a2b540a76..25105e1275d 100644
--- a/CVE-2023/CVE-2023-334xx/CVE-2023-33487.json
+++ b/CVE-2023/CVE-2023-334xx/CVE-2023-33487.json
@@ -2,19 +2,114 @@
"id": "CVE-2023-33487",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T13:15:09.753",
- "lastModified": "2023-05-31T13:34:42.827",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T20:02:00.027",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands through the \"ip\" parameter."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-77"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:totolink:x5000r_firmware:9.1.0u.6118_b20201102:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AFCC3B52-0985-4F61-BBCC-16A271E15CD4"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:totolink:x5000r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BC45BFB0-0CF0-4F9E-B19D-D274B17F1591"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:totolink:x5000r_firmware:9.1.0u.6369_b20230113:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FAA27C60-0FFD-45E3-91B1-0C2F8EBF2442"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:totolink:x5000r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BC45BFB0-0CF0-4F9E-B19D-D274B17F1591"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/Kazamayc/vuln/tree/main/TOTOLINK/X5000R/4",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-334xx/CVE-2023-33496.json b/CVE-2023/CVE-2023-334xx/CVE-2023-33496.json
new file mode 100644
index 00000000000..651593a088a
--- /dev/null
+++ b/CVE-2023/CVE-2023-334xx/CVE-2023-33496.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-33496",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-07T21:15:13.513",
+ "lastModified": "2023-06-07T21:36:36.773",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerability via the component com.xxl.rpc.core.remoting.net.impl.netty.codec.NettyDecode#decode."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/edirc-wong/record/blob/main/deserialization_vulnerability_report.md",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-334xx/CVE-2023-33498.json b/CVE-2023/CVE-2023-334xx/CVE-2023-33498.json
new file mode 100644
index 00000000000..a7cf9ef53b5
--- /dev/null
+++ b/CVE-2023/CVE-2023-334xx/CVE-2023-33498.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-33498",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-07T14:15:09.917",
+ "lastModified": "2023-06-07T14:35:57.670",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/YUyuanAN-com/loophole",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33507.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33507.json
index 791ed5694c2..ad8339b1743 100644
--- a/CVE-2023/CVE-2023-335xx/CVE-2023-33507.json
+++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33507.json
@@ -2,19 +2,88 @@
"id": "CVE-2023-33507",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T13:15:09.880",
- "lastModified": "2023-05-31T13:34:42.827",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T20:02:11.800",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "KramerAV VIA GO\u00b2 < 4.0.1.1326 is vulnerable to Unauthenticated arbitrary file read."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:kramerav:via_go2_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "4.0.1.1326",
+ "matchCriteriaId": "1B4DD0C6-167E-4649-BDE4-201EC41BBA7C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:kramerav:via_go2:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2192F73C-6F59-4319-8921-3BAE8AF7A330"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://zxsecurity.co.nz/research/advisories/kramer-via-go-2-rce-and-other-vulns/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33508.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33508.json
index 43fe5931f2f..a279f915974 100644
--- a/CVE-2023/CVE-2023-335xx/CVE-2023-33508.json
+++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33508.json
@@ -2,19 +2,88 @@
"id": "CVE-2023-33508",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T13:15:09.960",
- "lastModified": "2023-05-31T13:34:42.827",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T20:02:24.543",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "KramerAV VIA GO\u00b2 < 4.0.1.1326 is vulnerable to unauthenticated file upload resulting in Remote Code Execution (RCE)."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-434"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:kramerav:via_go2_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "4.0.1.1326",
+ "matchCriteriaId": "1B4DD0C6-167E-4649-BDE4-201EC41BBA7C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:kramerav:via_go2:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2192F73C-6F59-4319-8921-3BAE8AF7A330"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://zxsecurity.co.nz/research/advisories/kramer-via-go-2-rce-and-other-vulns/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33509.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33509.json
index ccc63f87e0b..76cf18336fe 100644
--- a/CVE-2023/CVE-2023-335xx/CVE-2023-33509.json
+++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33509.json
@@ -2,19 +2,88 @@
"id": "CVE-2023-33509",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T13:15:10.220",
- "lastModified": "2023-05-31T13:34:42.827",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T18:19:42.980",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "KramerAV VIA GO\u00b2 < 4.0.1.1326 is vulnerable to SQL Injection."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:kramerav:via_go2_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "4.0.1.1326",
+ "matchCriteriaId": "1B4DD0C6-167E-4649-BDE4-201EC41BBA7C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:kramerav:via_go2:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2192F73C-6F59-4319-8921-3BAE8AF7A330"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://zxsecurity.co.nz/research/advisories/kramer-via-go-2-rce-and-other-vulns/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33510.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33510.json
new file mode 100644
index 00000000000..de7c644cd54
--- /dev/null
+++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33510.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-33510",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-07T20:15:09.877",
+ "lastModified": "2023-06-07T20:24:12.193",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://carl1l.github.io/2023/05/08/jeecg-p3-biz-chat-1-0-5-jar-has-arbitrary-file-read-vulnerability/",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33524.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33524.json
index 4a8e495c711..a23b862ee26 100644
--- a/CVE-2023/CVE-2023-335xx/CVE-2023-33524.json
+++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33524.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-33524",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-05T17:15:08.940",
- "lastModified": "2023-06-05T19:15:10.277",
- "vulnStatus": "Received",
+ "lastModified": "2023-06-07T00:15:09.300",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
@@ -19,6 +19,10 @@
{
"url": "https://gist.github.com/barrett092/9ed092e4b14b9145f4d046556eb9dab7",
"source": "cve@mitre.org"
+ },
+ {
+ "url": "https://www.advent.com/resources/all-resources/info-kit-tamale-rms-for-asset-owners/",
+ "source": "cve@mitre.org"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33530.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33530.json
new file mode 100644
index 00000000000..6ba0a3abffe
--- /dev/null
+++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33530.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2023-33530",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-06T13:15:15.900",
+ "lastModified": "2023-06-06T13:36:46.723",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "There is a command injection vulnerability in the Tenda G103 Gigabit GPON Terminal with firmware version V1.0.0.5. If an attacker gains web management privileges, they can inject commands gaining shell privileges."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "http://tenda.com",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/D2y6p/CVE/blob/main/tenda/CVE-2023-33530/RCE2/tenda_G103_RCE_2.pdf",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33532.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33532.json
new file mode 100644
index 00000000000..dc2ff739494
--- /dev/null
+++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33532.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2023-33532",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-06T14:15:12.740",
+ "lastModified": "2023-06-06T18:34:03.700",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "http://netgear.com",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/D2y6p/CVE/blob/main/Netgear/CVE-2023-33532/Netgear_R6250_RCE.pdf",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33533.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33533.json
new file mode 100644
index 00000000000..606d238ca7b
--- /dev/null
+++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33533.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2023-33533",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-06T14:15:12.817",
+ "lastModified": "2023-06-06T18:34:03.700",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmware Version 1.0.2.26, and R6900 with Firmware Version 1.0.2.26 are vulnerable to Command Injection. If an attacker gains web management privileges, they can inject commands into the post request parameters, gaining shell privileges."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/D2y6p/CVE/blob/main/Netgear/CVE-2023-33533/Netgear_RCE.pdf",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://www.netgear.com/about/security/",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33536.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33536.json
new file mode 100644
index 00000000000..1fb0f995184
--- /dev/null
+++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33536.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-33536",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-07T04:15:10.467",
+ "lastModified": "2023-06-07T12:52:33.093",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/WlanMacFilterRpm."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/2/TL-WR940N_TL-WR841N_TL-WR740N_userRpm_WlanMacFilterRpm.md",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33537.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33537.json
new file mode 100644
index 00000000000..a5a85be35e9
--- /dev/null
+++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33537.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-33537",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-07T04:15:10.563",
+ "lastModified": "2023-06-07T12:52:33.093",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/FixMapCfgRpm."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/1/TL-WR940N_TL-WR841N_TL-WR740N_userRpm_FixMapCfgRpm.md",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33538.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33538.json
new file mode 100644
index 00000000000..909ca1a8c6d
--- /dev/null
+++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33538.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2023-33538",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-07T04:15:10.623",
+ "lastModified": "2023-06-07T12:52:33.093",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm ."
+ },
+ {
+ "lang": "es",
+ "value": "Se ha descubierto que TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, y TL-WR740N V1/V2 contienen una vulnerabilidad de inyecci\u00f3n de comandos en el componente /userRpm/WlanNetworkRpm."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/3/TL-WR940N_TL-WR841N_userRpm_WlanNetworkRpm_Command_Injection.md",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33544.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33544.json
index 5cfd1887629..f66503bb98a 100644
--- a/CVE-2023/CVE-2023-335xx/CVE-2023-33544.json
+++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33544.json
@@ -2,19 +2,76 @@
"id": "CVE-2023-33544",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-01T13:15:10.637",
- "lastModified": "2023-06-01T14:01:50.967",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T02:30:24.810",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hawt:hawtio:2.17.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C51751B6-656C-4410-8B49-25E3796FD279"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/hawtio/hawtio/issues/2832",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Issue Tracking",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33546.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33546.json
index f22c16bb657..358a35ccaca 100644
--- a/CVE-2023/CVE-2023-335xx/CVE-2023-33546.json
+++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33546.json
@@ -2,19 +2,77 @@
"id": "CVE-2023-33546",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-01T13:15:10.743",
- "lastModified": "2023-06-01T14:01:50.967",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T18:49:27.210",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "janino 3.1.9 and earlier are subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:janino_project:janino:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "3.1.9",
+ "matchCriteriaId": "E70F1ECA-3C8D-43A0-AF1D-602935F0C7D6"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/janino-compiler/janino/issues/201",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Issue Tracking",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33553.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33553.json
new file mode 100644
index 00000000000..5580233c464
--- /dev/null
+++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33553.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2023-33553",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-07T15:15:09.480",
+ "lastModified": "2023-06-07T16:18:07.597",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attackers to bypass authentication and escalate privileges to root via manipulation of the LoginStatus cookie."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/0xfml/poc/blob/main/PLANET/WDRT-1800AX.md",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://www.planet.com.tw/en/product/wdrt-1800ax",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33556.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33556.json
new file mode 100644
index 00000000000..c50c8e5da4b
--- /dev/null
+++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33556.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-33556",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-07T21:15:13.567",
+ "lastModified": "2023-06-07T21:36:36.773",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/Am1ngl/ttt/tree/main/37",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33569.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33569.json
new file mode 100644
index 00000000000..121d7dbd1c0
--- /dev/null
+++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33569.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-33569",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-06T20:15:14.050",
+ "lastModified": "2023-06-07T02:45:15.873",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via ip/eval/ajax.php?action=update_user."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/Cr4at0r/bug_report/blob/main/vendors/oretnom23/faculty-evaluation-system/RCE-1.md",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33595.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33595.json
new file mode 100644
index 00000000000..ea2326484fa
--- /dev/null
+++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33595.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2023-33595",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-07T20:15:09.920",
+ "lastModified": "2023-06-07T20:24:12.193",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/python/cpython/issues/103824",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/python/cpython/pull/103993/commits/c120bc2d354ca3d27d0c7a53bf65574ddaabaf3a",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33601.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33601.json
new file mode 100644
index 00000000000..9e93e46f655
--- /dev/null
+++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33601.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-33601",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-07T02:15:15.887",
+ "lastModified": "2023-06-07T02:44:48.507",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://gitee.com/phpok/phpok/issues/I72D24",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33604.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33604.json
new file mode 100644
index 00000000000..d5df72860c1
--- /dev/null
+++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33604.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-33604",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-07T02:15:15.930",
+ "lastModified": "2023-06-07T02:44:48.507",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Imperial CMS v7.5 was discovered to contain an arbitrary file deletion vulnerability via the DelspReFile function in /sp/ListSp.php. This vulnerability is exploited by attackers via a crafted POST request."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.mubucm.com/doc/38rCUPucWz",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33613.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33613.json
new file mode 100644
index 00000000000..69535ea601a
--- /dev/null
+++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33613.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-33613",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-06T18:15:11.357",
+ "lastModified": "2023-06-06T18:33:59.493",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "axTLS v2.1.5 was discovered to contain a heap buffer overflow in the bi_import function in axtls-code/crypto/bigint.c. This vulnerability allows attackers to cause a Denial of Service (DoS) when parsing a private key."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://sourceforge.net/p/axtls/mailman/message/37843071/",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33651.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33651.json
new file mode 100644
index 00000000000..fb81ac60f83
--- /dev/null
+++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33651.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2023-33651",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-06T19:15:12.103",
+ "lastModified": "2023-06-07T02:45:15.873",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 Initial Release to v13.0 Initial Release allows attackers to bypass authorization rules."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://blog.assetnote.io/2023/05/10/sitecore-round-two/",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1002925",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33652.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33652.json
new file mode 100644
index 00000000000..d12954b03f8
--- /dev/null
+++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33652.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-33652",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-06T19:15:12.217",
+ "lastModified": "2023-06-07T02:45:15.873",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /sitecore/shell/Invoke.aspx."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://blog.assetnote.io/2023/05/10/sitecore-round-two/",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33653.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33653.json
new file mode 100644
index 00000000000..e7fa26f9834
--- /dev/null
+++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33653.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-33653",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-06T19:15:12.287",
+ "lastModified": "2023-06-07T02:45:15.873",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /Applications/Content%20Manager/Execute.aspx?cmd=convert&mode=HTML."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://blog.assetnote.io/2023/05/10/sitecore-round-two/",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33656.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33656.json
index b751229bad9..f05ca49f676 100644
--- a/CVE-2023/CVE-2023-336xx/CVE-2023-33656.json
+++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33656.json
@@ -2,27 +2,90 @@
"id": "CVE-2023-33656",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-30T18:15:10.383",
- "lastModified": "2023-05-30T18:52:32.890",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T18:13:37.213",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A memory leak vulnerability exists in NanoMQ 0.17.2. The vulnerability is located in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack by causing the program to consume all available memory resources."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-770"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:emqx:nanomq:0.17.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0898CABA-5930-437A-8300-4D91648091F1"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/emqx/nanomq",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
},
{
"url": "https://github.com/emqx/nanomq/issues/1164",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Mailing List"
+ ]
},
{
"url": "https://github.com/emqx/nanomq/issues/1165#issuecomment-1515667127",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33657.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33657.json
new file mode 100644
index 00000000000..40b2d228f07
--- /dev/null
+++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33657.json
@@ -0,0 +1,28 @@
+{
+ "id": "CVE-2023-33657",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-08T13:15:09.530",
+ "lastModified": "2023-06-08T17:08:49.797",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_mqtt_msg_get_publish_property() in the file mqtt_msg.c. This vulnerability is caused by improper data tracing, and an attacker could exploit it to cause a denial of service attack."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/emqx/nanomq",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/emqx/nanomq/issues/1165#issue-1668648319",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/emqx/nanomq/pull/1187",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33658.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33658.json
new file mode 100644
index 00000000000..ade6172ba8c
--- /dev/null
+++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33658.json
@@ -0,0 +1,28 @@
+{
+ "id": "CVE-2023-33658",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-08T12:15:09.240",
+ "lastModified": "2023-06-08T17:08:49.797",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_msg_get_pub_pid() in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/emqx/nanomq",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/emqx/nanomq/issues/1153",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/nanomq/NanoNNG/commit/657e6c81c474bdee0e6413483b990e90610030c1",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33659.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33659.json
new file mode 100644
index 00000000000..3b3ad6cf28c
--- /dev/null
+++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33659.json
@@ -0,0 +1,28 @@
+{
+ "id": "CVE-2023-33659",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-06T12:15:09.503",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nmq_subinfo_decode() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/emqx/nanomq",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/emqx/nanomq/issues/1154",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/nanomq/NanoNNG/pull/509/commits/6815c4036a2344865da393803ecdb7af27d8bde1",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33660.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33660.json
new file mode 100644
index 00000000000..987cd9ca470
--- /dev/null
+++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33660.json
@@ -0,0 +1,28 @@
+{
+ "id": "CVE-2023-33660",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-08T12:15:09.347",
+ "lastModified": "2023-06-08T17:08:49.797",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function copyn_str() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/emqx/nanomq",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/emqx/nanomq/issues/1155",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/nanomq/NanoNNG/pull/509/commits/6815c4036a2344865da393803ecdb7af27d8bde1",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33669.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33669.json
index 682dddfef35..49909cce422 100644
--- a/CVE-2023/CVE-2023-336xx/CVE-2023-33669.json
+++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33669.json
@@ -2,19 +2,87 @@
"id": "CVE-2023-33669",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-02T20:15:09.520",
- "lastModified": "2023-06-02T20:58:57.383",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T17:41:49.907",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the timeZone parameter in the sub_44db3c function."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:tenda:ac8_firmware:16.03.34.06:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9C1D64DC-1EDC-4F62-8D22-E1890B71843C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:tenda:ac8:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C81F1E48-0204-4478-A937-5D40CDD9E5E4"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/DDizzzy79/Tenda-CVE/blob/main/AC8V4.0/N1/README.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33670.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33670.json
index 12b9fa32f90..ca49c786730 100644
--- a/CVE-2023/CVE-2023-336xx/CVE-2023-33670.json
+++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33670.json
@@ -2,19 +2,87 @@
"id": "CVE-2023-33670",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-02T20:15:09.563",
- "lastModified": "2023-06-02T20:58:57.383",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T17:41:28.717",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sub_4a79ec function."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:tenda:ac8_firmware:16.03.34.06:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9C1D64DC-1EDC-4F62-8D22-E1890B71843C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:tenda:ac8:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C81F1E48-0204-4478-A937-5D40CDD9E5E4"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/DDizzzy79/Tenda-CVE/blob/main/AC8V4.0/N3/README.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33671.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33671.json
index 63513d55a04..d01a72c4710 100644
--- a/CVE-2023/CVE-2023-336xx/CVE-2023-33671.json
+++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33671.json
@@ -2,19 +2,87 @@
"id": "CVE-2023-33671",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-02T20:15:09.607",
- "lastModified": "2023-06-02T20:58:57.383",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T17:40:47.040",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:tenda:ac8_firmware:16.03.34.06:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9C1D64DC-1EDC-4F62-8D22-E1890B71843C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:tenda:ac8:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C81F1E48-0204-4478-A937-5D40CDD9E5E4"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/DDizzzy79/Tenda-CVE/blob/main/AC8V4.0/N4/README.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33672.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33672.json
index b21aa72fb22..9132ed71f77 100644
--- a/CVE-2023/CVE-2023-336xx/CVE-2023-33672.json
+++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33672.json
@@ -2,19 +2,87 @@
"id": "CVE-2023-33672",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-02T20:15:09.647",
- "lastModified": "2023-06-02T20:58:57.383",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T17:40:19.360",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:tenda:ac8_firmware:16.03.34.06:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9C1D64DC-1EDC-4F62-8D22-E1890B71843C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:tenda:ac8:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C81F1E48-0204-4478-A937-5D40CDD9E5E4"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/DDizzzy79/Tenda-CVE/blob/main/AC8V4.0/N2/README.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33673.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33673.json
index 9524058f37f..d040c224241 100644
--- a/CVE-2023/CVE-2023-336xx/CVE-2023-33673.json
+++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33673.json
@@ -2,19 +2,87 @@
"id": "CVE-2023-33673",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-02T20:15:09.693",
- "lastModified": "2023-06-02T20:58:57.383",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T17:39:27.753",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:tenda:ac8_firmware:16.03.34.06:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9C1D64DC-1EDC-4F62-8D22-E1890B71843C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:tenda:ac8:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C81F1E48-0204-4478-A937-5D40CDD9E5E4"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/DDizzzy79/Tenda-CVE/blob/main/AC8V4.0/N6/README.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33675.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33675.json
index 25e4f15108f..cd64649e794 100644
--- a/CVE-2023/CVE-2023-336xx/CVE-2023-33675.json
+++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33675.json
@@ -2,19 +2,87 @@
"id": "CVE-2023-33675",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-02T20:15:09.733",
- "lastModified": "2023-06-02T20:58:57.383",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T17:29:23.480",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the get_parentControl_list_Info function."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:tenda:ac8_firmware:16.03.34.06:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9C1D64DC-1EDC-4F62-8D22-E1890B71843C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:tenda:ac8:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C81F1E48-0204-4478-A937-5D40CDD9E5E4"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/DDizzzy79/Tenda-CVE/blob/main/AC8V4.0/N5/README.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33684.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33684.json
new file mode 100644
index 00000000000..502d06818e6
--- /dev/null
+++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33684.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-33684",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-06T20:15:14.217",
+ "lastModified": "2023-06-07T02:45:15.873",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Weak session management in DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware: 1.9.3 Bios firmware: 7.1 (Apr 19 2021) Gui: 2.46 FPGA: 169.55 uc: 6.15 allows attackers on the same network to bypass authentication by re-using the IP address assigned to the device by the NAT protocol."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5771.php",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33716.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33716.json
index 95c772165b9..1815acdf13e 100644
--- a/CVE-2023/CVE-2023-337xx/CVE-2023-33716.json
+++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33716.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-33716",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-01T03:15:20.590",
- "lastModified": "2023-06-01T13:00:30.717",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T12:29:35.987",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -14,11 +14,66 @@
"value": "Se ha descubierto que MP4v2 v2.1.3 contiene una fuga de memoria a trav\u00e9s de la clase \"MP4StringProperty\" en \"mp4property.cpp\"."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-401"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mp4v2:mp4v2:2.1.3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F5EA933F-A645-4970-9C1F-AE890537E1C5"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/enzo1982/mp4v2/issues/36",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33718.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33718.json
index d86bc6046b9..db5de030ed3 100644
--- a/CVE-2023/CVE-2023-337xx/CVE-2023-33718.json
+++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33718.json
@@ -2,19 +2,77 @@
"id": "CVE-2023-33718",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T19:15:26.997",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T18:07:34.630",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "mp4v2 v2.1.3 was discovered to contain a memory leak via MP4File::ReadString() at mp4file_io.cpp"
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-401"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mp4v2_project:mp4v2:2.1.3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F0B6B69D-D184-4BAE-8622-AEDD9AB5E3F4"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/enzo1982/mp4v2/issues/37",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Issue Tracking",
+ "Patch",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33719.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33719.json
index 4dde02c7481..1593cc2beb2 100644
--- a/CVE-2023/CVE-2023-337xx/CVE-2023-33719.json
+++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33719.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-33719",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-01T03:15:20.630",
- "lastModified": "2023-06-01T13:00:30.717",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T12:36:02.610",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -14,15 +14,74 @@
"value": "Se ha descubierto que MP4v2 v2.1.3 contiene una fuga de memoria a trav\u00e9s de \"MP4SdpAtom::Read()\" en \"atom_sdp.cpp\"."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-401"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mp4v2:mp4v2:2.1.3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F5EA933F-A645-4970-9C1F-AE890537E1C5"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/enzo1982/mp4v2/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
},
{
"url": "https://github.com/enzo1982/mp4v2/issues/37",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33722.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33722.json
index df976246cc3..926fc869f77 100644
--- a/CVE-2023/CVE-2023-337xx/CVE-2023-33722.json
+++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33722.json
@@ -2,23 +2,94 @@
"id": "CVE-2023-33722",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T19:15:27.090",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T02:52:01.370",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "EDIMAX BR-6288ACL v1.12 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the pppUserName parameter."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-77"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:edimax:br-6288acl_firmware:1.12:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2C572927-4FFD-4F8E-82C8-BE8676334383"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:edimax:br-6288acl:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3BD9748C-CF8C-41E0-901E-D3523BF97C1D"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://docs.google.com/document/d/1KNuU0nVd4oHMZiKgfs45wK2yA4N6K7q4/edit?usp=sharing&ouid=108638774561085298954&rtpof=true&sd=true",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Broken Link"
+ ]
},
{
"url": "https://shimo.im/docs/pmkxQ1GQ4DTowANr",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33730.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33730.json
index 4644c430e8c..61afa0e9904 100644
--- a/CVE-2023/CVE-2023-337xx/CVE-2023-33730.json
+++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33730.json
@@ -2,19 +2,75 @@
"id": "CVE-2023-33730",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T20:15:10.630",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T01:24:53.397",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Privilege Escalation in the \"GetUserCurrentPwd\" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-319"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:escanav:escan_management_console:14.0.1400.2281:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C9D13C7-6948-4E3A-946C-B291CFBD4D70"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/sahiloj/CVE-2023-33730/blob/main/CVE-2023-33730.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33732.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33732.json
index e9274804775..a40d93f545d 100644
--- a/CVE-2023/CVE-2023-337xx/CVE-2023-33732.json
+++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33732.json
@@ -2,19 +2,74 @@
"id": "CVE-2023-33732",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T20:15:10.677",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T01:19:01.710",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:escanav:escan_management_console:14.0.1400.2281:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C9D13C7-6948-4E3A-946C-B291CFBD4D70"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/sahiloj/CVE-2023-33733/blob/main/CVE-2023-33733.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Broken Link"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33733.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33733.json
index be839e4e0f8..1f9e6b4e003 100644
--- a/CVE-2023/CVE-2023-337xx/CVE-2023-33733.json
+++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33733.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-33733",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-05T16:15:09.550",
- "lastModified": "2023-06-05T16:42:43.303",
+ "lastModified": "2023-06-07T01:15:39.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@@ -12,17 +12,9 @@
],
"metrics": {},
"references": [
- {
- "url": "https://cure53.de/",
- "source": "cve@mitre.org"
- },
{
"url": "https://github.com/c53elyas/CVE-2023-33733",
"source": "cve@mitre.org"
- },
- {
- "url": "https://www.linkedin.com/in/elyas-damej-714b7269/",
- "source": "cve@mitre.org"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33734.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33734.json
index c0dc6e3b537..410ce693034 100644
--- a/CVE-2023/CVE-2023-337xx/CVE-2023-33734.json
+++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33734.json
@@ -2,19 +2,74 @@
"id": "CVE-2023-33734",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-30T22:15:10.737",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T18:16:14.670",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "BlueCMS v1.6 was discovered to contain a SQL injection vulnerability via the keywords parameter at search.php."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:bluecms_project:bluecms:1.6:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6A26806A-9CB5-4262-BAD1-049659C2CE2C"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/Peanuts-s/BlueCms",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33735.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33735.json
index 0ba7c95b188..740285ae108 100644
--- a/CVE-2023/CVE-2023-337xx/CVE-2023-33735.json
+++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33735.json
@@ -2,23 +2,94 @@
"id": "CVE-2023-33735",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T20:15:10.720",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T02:29:41.367",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-846 v1.00A52 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in the /HNAP1 interface."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:dlink:dir-846_firmware:100a52:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6B2ACF96-B1BE-45A4-864C-636F7EB9D9DB"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:dlink:dir-846:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "77723994-0E2A-4A90-B2C6-5B262CBBAFA1"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/Tyaoo/IoT-Vuls/blob/main/dlink/DIR-846/vul.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33736.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33736.json
index e8f539c620e..9963f345258 100644
--- a/CVE-2023/CVE-2023-337xx/CVE-2023-33736.json
+++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33736.json
@@ -2,19 +2,76 @@
"id": "CVE-2023-33736",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T13:15:10.270",
- "lastModified": "2023-05-31T13:34:42.827",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T20:00:11.277",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.1.3:beta:*:*:*:*:*:*",
+ "matchCriteriaId": "EA07899B-5D17-4D06-8BFC-A8B19F70B994"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/jqhph/dcat-admin/issues/2027",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Issue Tracking",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33740.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33740.json
index 78ff4e4f4ba..57d487121e8 100644
--- a/CVE-2023/CVE-2023-337xx/CVE-2023-33740.json
+++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33740.json
@@ -2,19 +2,88 @@
"id": "CVE-2023-33740",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-30T22:15:10.777",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T18:28:52.223",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Incorrect access control in luowice v3.5.18 allows attackers to access cloud source code information via modification fo the Verify parameter in a warning message."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-Other"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:luowice:luowice:3.5.18:*:*:*:*:android:*:*",
+ "matchCriteriaId": "7FDFAFAB-A294-4CCF-8D5C-9C7672BBDE4E"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "7.0",
+ "matchCriteriaId": "386FC091-5CA1-4782-A7EA-4EECA5F26F4B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/zzh-newlearner/record/blob/main/luowice_warning.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33741.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33741.json
index 8579e63d0be..459f64da37d 100644
--- a/CVE-2023/CVE-2023-337xx/CVE-2023-33741.json
+++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33741.json
@@ -2,19 +2,88 @@
"id": "CVE-2023-33741",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-30T22:15:10.820",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T20:47:03.053",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Macrovideo v380pro v1.4.97 shares the device id and password when sharing the device."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-Other"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:macro-video:v380_pro:1.4.97:*:*:*:*:android:*:*",
+ "matchCriteriaId": "2221C7FD-1E41-42D2-B50D-0C80CB1A597F"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "7.0",
+ "matchCriteriaId": "386FC091-5CA1-4782-A7EA-4EECA5F26F4B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/zzh-newlearner/record/blob/main/macrovideo_share.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33747.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33747.json
new file mode 100644
index 00000000000..cd1861c0c5e
--- /dev/null
+++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33747.json
@@ -0,0 +1,40 @@
+{
+ "id": "CVE-2023-33747",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-06T18:15:11.497",
+ "lastModified": "2023-06-07T18:15:09.757",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "CloudPanel v2.2.2 allows attackers to execute a path traversal."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "http://packetstormsecurity.com/files/172768/CloudPanel-2.2.2-Privilege-Escalation-Path-Traversal.html",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://cwe.mitre.org/data/definitions/264.html",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://cwe.mitre.org/data/definitions/269.html",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://cwe.mitre.org/data/definitions/35.html",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/EagleTube/CloudPanel",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://www.cloudpanel.io/docs/v2/changelog/",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33761.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33761.json
index 8c836d641d7..e9887079073 100644
--- a/CVE-2023/CVE-2023-337xx/CVE-2023-33761.json
+++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33761.json
@@ -2,19 +2,76 @@
"id": "CVE-2023-33761",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-02T20:15:09.777",
- "lastModified": "2023-06-02T20:58:57.383",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T20:35:14.327",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /view/cb/format_642.php."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:simpleredak:simpleredak:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.47.23.06",
+ "matchCriteriaId": "64661A8F-7CEC-40B5-81D8-2E29A2C96810"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/rauschecker/CVEs/tree/main/CVE-2023-33761",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33762.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33762.json
index 5f1735d6c97..e389aa3def6 100644
--- a/CVE-2023/CVE-2023-337xx/CVE-2023-33762.json
+++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33762.json
@@ -2,19 +2,76 @@
"id": "CVE-2023-33762",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-02T20:15:09.823",
- "lastModified": "2023-06-02T20:58:57.383",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T20:34:57.727",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a SQL injection vulnerability via the Activity parameter."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:simpleredak:simpleredak:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.47.23.06",
+ "matchCriteriaId": "64661A8F-7CEC-40B5-81D8-2E29A2C96810"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/rauschecker/CVEs/tree/main/CVE-2023-33762",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33763.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33763.json
index 1c5aebbbe89..67fc9f3014a 100644
--- a/CVE-2023/CVE-2023-337xx/CVE-2023-33763.json
+++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33763.json
@@ -2,19 +2,76 @@
"id": "CVE-2023-33763",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-02T20:15:09.867",
- "lastModified": "2023-06-02T20:58:57.383",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T20:27:52.947",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /scheduler/index.php."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:simpleredak:simpleredak:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.47.23.06",
+ "matchCriteriaId": "64661A8F-7CEC-40B5-81D8-2E29A2C96810"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/rauschecker/CVEs/tree/main/CVE-2023-33763",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33764.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33764.json
index 5e0ff33a043..ac2e61a7d45 100644
--- a/CVE-2023/CVE-2023-337xx/CVE-2023-33764.json
+++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33764.json
@@ -2,19 +2,76 @@
"id": "CVE-2023-33764",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-01T20:15:09.523",
- "lastModified": "2023-06-02T00:07:04.253",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T18:57:08.327",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component #/de/casting/show/detail/."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:simpleredak:simpleredak:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.47.23.06",
+ "matchCriteriaId": "64661A8F-7CEC-40B5-81D8-2E29A2C96810"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/rauschecker/CVEs/tree/main/CVE-2023-33764",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33781.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33781.json
new file mode 100644
index 00000000000..f966bfc8fc5
--- /dev/null
+++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33781.json
@@ -0,0 +1,32 @@
+{
+ "id": "CVE-2023-33781",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-07T01:15:39.247",
+ "lastModified": "2023-06-07T02:45:10.733",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue in D-Link DIR-842V2 v1.0.3 allows attackers to execute arbitrary commands via importing a crafted file."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "http://d-link.com",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "http://dir-842v2.com",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/s0tr/CVE-2023-33781",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://www.dlink.com/en/security-bulletin/",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33782.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33782.json
new file mode 100644
index 00000000000..8a167c16b55
--- /dev/null
+++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33782.json
@@ -0,0 +1,32 @@
+{
+ "id": "CVE-2023-33782",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-07T01:15:39.293",
+ "lastModified": "2023-06-07T02:45:10.733",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability via the iperf3 diagnostics function."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "http://d-link.com",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "http://dir-842v2.com",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/s0tr/CVE-2023-33782",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://www.dlink.com/en/security-bulletin/",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33846.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33846.json
new file mode 100644
index 00000000000..2986d6401e2
--- /dev/null
+++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33846.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2023-33846",
+ "sourceIdentifier": "psirt@us.ibm.com",
+ "published": "2023-06-08T01:15:09.047",
+ "lastModified": "2023-06-08T02:44:28.663",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 257100."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "psirt@us.ibm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "psirt@us.ibm.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257100",
+ "source": "psirt@us.ibm.com"
+ },
+ {
+ "url": "https://www.ibm.com/support/pages/node/7001601",
+ "source": "psirt@us.ibm.com"
+ },
+ {
+ "url": "https://www.ibm.com/support/pages/node/7001629",
+ "source": "psirt@us.ibm.com"
+ },
+ {
+ "url": "https://www.ibm.com/support/pages/node/7001633",
+ "source": "psirt@us.ibm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33847.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33847.json
new file mode 100644
index 00000000000..1d3fefef1d3
--- /dev/null
+++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33847.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-33847",
+ "sourceIdentifier": "psirt@us.ibm.com",
+ "published": "2023-06-08T01:15:09.120",
+ "lastModified": "2023-06-08T02:44:28.663",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\nIBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257102.\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "psirt@us.ibm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.7,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 2.2,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257102",
+ "source": "psirt@us.ibm.com"
+ },
+ {
+ "url": "https://www.ibm.com/support/pages/node/7001635",
+ "source": "psirt@us.ibm.com"
+ },
+ {
+ "url": "https://www.ibm.com/support/pages/node/7001641",
+ "source": "psirt@us.ibm.com"
+ },
+ {
+ "url": "https://www.ibm.com/support/pages/node/7001645",
+ "source": "psirt@us.ibm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33848.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33848.json
new file mode 100644
index 00000000000..cdedb298d0d
--- /dev/null
+++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33848.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2023-33848",
+ "sourceIdentifier": "psirt@us.ibm.com",
+ "published": "2023-06-07T21:15:13.617",
+ "lastModified": "2023-06-07T21:36:36.773",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could allow a privileged user to obtain highly sensitive information by enabling debug mode. IBM X-Force ID: 257104."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "psirt@us.ibm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "psirt@us.ibm.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-200"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257104",
+ "source": "psirt@us.ibm.com"
+ },
+ {
+ "url": "https://www.ibm.com/support/pages/node/7001647",
+ "source": "psirt@us.ibm.com"
+ },
+ {
+ "url": "https://www.ibm.com/support/pages/node/7001681",
+ "source": "psirt@us.ibm.com"
+ },
+ {
+ "url": "https://www.ibm.com/support/pages/node/7001683",
+ "source": "psirt@us.ibm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33849.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33849.json
new file mode 100644
index 00000000000..332822acaef
--- /dev/null
+++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33849.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2023-33849",
+ "sourceIdentifier": "psirt@us.ibm.com",
+ "published": "2023-06-07T22:15:10.120",
+ "lastModified": "2023-06-08T02:44:28.663",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques. IBM X-Force ID: 257105."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "psirt@us.ibm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.7,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 2.2,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "psirt@us.ibm.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-311"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257105",
+ "source": "psirt@us.ibm.com"
+ },
+ {
+ "url": "https://www.ibm.com/support/pages/node/7001687",
+ "source": "psirt@us.ibm.com"
+ },
+ {
+ "url": "https://www.ibm.com/support/pages/node/7001695",
+ "source": "psirt@us.ibm.com"
+ },
+ {
+ "url": "https://www.ibm.com/support/pages/node/7001697",
+ "source": "psirt@us.ibm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33863.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33863.json
new file mode 100644
index 00000000000..f9cf4ecd83a
--- /dev/null
+++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33863.json
@@ -0,0 +1,32 @@
+{
+ "id": "CVE-2023-33863",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-07T20:15:09.963",
+ "lastModified": "2023-06-08T17:15:09.817",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "RenderDoc through 1.26 allows an Integer Overflow with a resultant Buffer Overflow (issue 1 of 2)."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "http://packetstormsecurity.com/files/172804/RenderDoc-1.26-Local-Privilege-Escalation-Remote-Code-Execution.html",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2023/Jun/2",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://renderdoc.org/",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://www.qualys.com/2023/06/06/renderdoc/renderdoc.txt",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33864.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33864.json
new file mode 100644
index 00000000000..6b8b8cc4a9a
--- /dev/null
+++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33864.json
@@ -0,0 +1,32 @@
+{
+ "id": "CVE-2023-33864",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-07T20:15:10.007",
+ "lastModified": "2023-06-08T17:15:09.870",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "RenderDoc through 1.26 allows an Integer Overflow with a resultant Buffer Overflow (issue 2 of 2)."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "http://packetstormsecurity.com/files/172804/RenderDoc-1.26-Local-Privilege-Escalation-Remote-Code-Execution.html",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2023/Jun/2",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://renderdoc.org/",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://www.qualys.com/2023/06/06/renderdoc/renderdoc.txt",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33865.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33865.json
new file mode 100644
index 00000000000..634dedfd8eb
--- /dev/null
+++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33865.json
@@ -0,0 +1,32 @@
+{
+ "id": "CVE-2023-33865",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-07T20:15:10.053",
+ "lastModified": "2023-06-08T17:15:09.930",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "RenderDoc through 1.26 allows local privilege escalation via a symlink attack."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "http://packetstormsecurity.com/files/172804/RenderDoc-1.26-Local-Privilege-Escalation-Remote-Code-Execution.html",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2023/Jun/2",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://renderdoc.org/",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://www.qualys.com/2023/06/06/renderdoc/renderdoc.txt",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33956.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33956.json
index 102702600b3..e2d934fa9f9 100644
--- a/CVE-2023/CVE-2023-339xx/CVE-2023-33956.json
+++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33956.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-33956",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-05T20:15:09.460",
- "lastModified": "2023-06-05T20:15:09.460",
- "vulnStatus": "Received",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33957.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33957.json
new file mode 100644
index 00000000000..fe27cee204a
--- /dev/null
+++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33957.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-33957",
+ "sourceIdentifier": "security-advisories@github.com",
+ "published": "2023-06-06T19:15:12.363",
+ "lastModified": "2023-06-07T02:45:15.873",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation inspect command on the same machine. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation packages to v1.0.0-rc.6 or above. Users are advised to upgrade. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:N/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "LOW",
+ "baseScore": 2.6,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 1.0,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-400"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/notaryproject/notation/commit/ed22fde52f6d70ae0b53521bd28c9ccafa868c24",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/notaryproject/notation/security/advisories/GHSA-9m3v-v4r5-ppx7",
+ "source": "security-advisories@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33958.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33958.json
new file mode 100644
index 00000000000..99aed684fd5
--- /dev/null
+++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33958.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-33958",
+ "sourceIdentifier": "security-advisories@github.com",
+ "published": "2023-06-06T19:15:12.510",
+ "lastModified": "2023-06-07T02:45:15.873",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation verify command on the same machine. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation packages to v1.0.0-rc.6 or above. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-400"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/notaryproject/notation/releases/tag/v1.0.0-rc.6",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/notaryproject/notation/security/advisories/GHSA-rvrx-rrwh-r9p6",
+ "source": "security-advisories@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33959.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33959.json
new file mode 100644
index 00000000000..9b3a9114655
--- /dev/null
+++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33959.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-33959",
+ "sourceIdentifier": "security-advisories@github.com",
+ "published": "2023-06-06T19:15:12.637",
+ "lastModified": "2023-06-07T02:45:15.873",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry can cause users to verify the wrong artifact. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to v1.0.0-rc.6 or above. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.3,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.6,
+ "impactScore": 6.0
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-347"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/notaryproject/notation-go/security/advisories/GHSA-xhg5-42rf-296r",
+ "source": "security-advisories@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33961.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33961.json
index 3d9cbe8c164..4479ee2e7bc 100644
--- a/CVE-2023/CVE-2023-339xx/CVE-2023-33961.json
+++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33961.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-33961",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-30T22:15:10.863",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T20:45:07.077",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -46,10 +76,31 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:leantime:leantime:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "2.3.21",
+ "matchCriteriaId": "9FBD6275-D030-4741-AF52-FBF5CDDCEC54"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/Leantime/leantime/security/advisories/GHSA-359m-fp6q-65r7",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33962.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33962.json
index ff6e44d722d..876c630e19b 100644
--- a/CVE-2023/CVE-2023-339xx/CVE-2023-33962.json
+++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33962.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-33962",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-30T22:15:10.933",
- "lastModified": "2023-05-31T13:02:26.480",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T20:53:25.557",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -46,26 +76,61 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:jstachio_project:jstachio:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.0.1",
+ "matchCriteriaId": "D70C741E-647E-400A-AB8D-FCFEAE5393C0"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/jstachio/jstachio/commit/7b2f78377d1284df14c580be762a25af5f8dcd66",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/jstachio/jstachio/issues/157",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Issue Tracking",
+ "Patch"
+ ]
},
{
"url": "https://github.com/jstachio/jstachio/pull/158",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/jstachio/jstachio/releases/tag/v1.0.1",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Release Notes"
+ ]
},
{
"url": "https://github.com/jstachio/jstachio/security/advisories/GHSA-gwxv-jv83-6qjr",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Exploit",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33963.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33963.json
index 7da5da8052f..f990fb6f283 100644
--- a/CVE-2023/CVE-2023-339xx/CVE-2023-33963.json
+++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33963.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-33963",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-01T16:15:09.710",
- "lastModified": "2023-06-01T17:29:59.710",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T19:21:58.423",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-502"
+ }
+ ]
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -46,14 +76,39 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.18.7",
+ "matchCriteriaId": "C93D0BD1-CE9D-4B2C-B865-66A271A8451C"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/dataease/dataease/releases/tag/v1.18.7",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Release Notes"
+ ]
},
{
"url": "https://github.com/dataease/dataease/security/advisories/GHSA-m26j-gh4m-xh9f",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Exploit",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33964.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33964.json
index d01f4d19be6..a5d79b31cfa 100644
--- a/CVE-2023/CVE-2023-339xx/CVE-2023-33964.json
+++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33964.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-33964",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-31T18:15:09.437",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T14:32:11.240",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -46,14 +76,38 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:multiversx:mx-chain-go:*:*:*:*:*:go:*:*",
+ "versionEndExcluding": "1.4.16",
+ "matchCriteriaId": "97C7E7E5-D0DE-497B-BE07-19D3948CB95B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/multiversx/mx-chain-go/commit/97295471465f4b5f79e51b32f8b7111f8d921606",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/multiversx/mx-chain-go/security/advisories/GHSA-7xpv-4pm9-xch2",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33966.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33966.json
index 31e194ffebc..22453bb9787 100644
--- a/CVE-2023/CVE-2023-339xx/CVE-2023-33966.json
+++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33966.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-33966",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-31T18:15:09.527",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T17:58:58.577",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-276"
+ }
+ ]
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -46,14 +76,42 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:deno:deno:1.34.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B7E67CC3-3EA3-429B-9C41-BB8AF9EFFF2D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:deno:deno_runtime:0.114.0:*:*:*:*:rust:*:*",
+ "matchCriteriaId": "0194D26C-BFC4-46B7-A264-E78B30D47A7B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/denoland/deno/releases/tag/v1.34.1",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Release Notes"
+ ]
},
{
"url": "https://github.com/denoland/deno/security/advisories/GHSA-vc52-gwm3-8v2f",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33967.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33967.json
index 388a7db6eed..70e8979b864 100644
--- a/CVE-2023/CVE-2023-339xx/CVE-2023-33967.json
+++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33967.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-33967",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-31T18:15:09.603",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T17:58:21.197",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -46,22 +76,52 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:megaease:easeprobe:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.1.0",
+ "matchCriteriaId": "80D94939-ED69-452D-BFAF-BDB67A4110BA"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/megaease/easeprobe/commit/caaf5860df2aaa76acd29bc40ec9a578d0b1d6e1",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/megaease/easeprobe/pull/330",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/megaease/easeprobe/releases/tag/v2.1.0",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Release Notes"
+ ]
},
{
"url": "https://github.com/megaease/easeprobe/security/advisories/GHSA-4c32-w6c7-77x4",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33968.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33968.json
index c29ffe21f49..2443207efdc 100644
--- a/CVE-2023/CVE-2023-339xx/CVE-2023-33968.json
+++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33968.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-33968",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-05T20:15:09.750",
- "lastModified": "2023-06-05T20:15:09.750",
- "vulnStatus": "Received",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33969.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33969.json
index f047be7d73d..e89304dd514 100644
--- a/CVE-2023/CVE-2023-339xx/CVE-2023-33969.json
+++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33969.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-33969",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-05T20:15:09.867",
- "lastModified": "2023-06-05T20:15:09.867",
- "vulnStatus": "Received",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33970.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33970.json
index 28832525689..850b53ff832 100644
--- a/CVE-2023/CVE-2023-339xx/CVE-2023-33970.json
+++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33970.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-33970",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-05T20:15:09.980",
- "lastModified": "2023-06-05T20:15:09.980",
- "vulnStatus": "Received",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33971.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33971.json
index ede2f852fa9..f62958c5d59 100644
--- a/CVE-2023/CVE-2023-339xx/CVE-2023-33971.json
+++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33971.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-33971",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-31T18:15:09.683",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T17:13:40.813",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -46,10 +76,31 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:teclib-edition:form_creator:2.13.5:*:*:*:*:glpi:*:*",
+ "matchCriteriaId": "158F25FB-65F1-4C4D-97CA-A52B9888297C"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/pluginsGLPI/formcreator/security/advisories/GHSA-777g-3848-8r3g",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Exploit",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33973.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33973.json
index 448549d0b14..8289dd482aa 100644
--- a/CVE-2023/CVE-2023-339xx/CVE-2023-33973.json
+++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33973.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-33973",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-30T17:15:10.127",
- "lastModified": "2023-05-30T18:52:32.890",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T16:35:11.990",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-476"
+ }
+ ]
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -46,38 +76,81 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:riot-os:riot:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "2023.01",
+ "matchCriteriaId": "E3ECD3F7-1DD5-430A-B5E7-50FDFE044CF7"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/RIOT-OS/RIOT/blob/f41b4b67b6affca0a8b32edced7f51088696869a/sys/net/gnrc/network_layer/sixlowpan/iphc/gnrc_sixlowpan_iphc.c#L1067",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Product"
+ ]
},
{
"url": "https://github.com/RIOT-OS/RIOT/blob/f41b4b67b6affca0a8b32edced7f51088696869a/sys/net/gnrc/network_layer/sixlowpan/iphc/gnrc_sixlowpan_iphc.c#L1495",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Product"
+ ]
},
{
"url": "https://github.com/RIOT-OS/RIOT/blob/f41b4b67b6affca0a8b32edced7f51088696869a/sys/net/gnrc/network_layer/sixlowpan/iphc/gnrc_sixlowpan_iphc.c#L1511",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Product"
+ ]
},
{
"url": "https://github.com/RIOT-OS/RIOT/blob/f41b4b67b6affca0a8b32edced7f51088696869a/sys/net/gnrc/network_layer/sixlowpan/iphc/gnrc_sixlowpan_iphc.c#L1644",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Product"
+ ]
},
{
"url": "https://github.com/RIOT-OS/RIOT/blob/f41b4b67b6affca0a8b32edced7f51088696869a/sys/net/gnrc/network_layer/sixlowpan/iphc/gnrc_sixlowpan_iphc.c#L1655",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Product"
+ ]
},
{
"url": "https://github.com/RIOT-OS/RIOT/commit/c9d7863e5664a169035038628029bb07e090c5ff",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/RIOT-OS/RIOT/pull/19678",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Issue Tracking",
+ "Patch"
+ ]
},
{
"url": "https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-r2pv-3jqc-vh7w",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33974.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33974.json
index 7f32e57fa76..b8cbdba71cd 100644
--- a/CVE-2023/CVE-2023-339xx/CVE-2023-33974.json
+++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33974.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-33974",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-30T17:15:10.200",
- "lastModified": "2023-05-30T18:52:32.890",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T14:57:41.787",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 5.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.2,
+ "impactScore": 3.6
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-362"
+ }
+ ]
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -46,38 +76,80 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:riot-os:riot:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "2023.01",
+ "matchCriteriaId": "E3ECD3F7-1DD5-430A-B5E7-50FDFE044CF7"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/RIOT-OS/RIOT/blob/f41b4b67b6affca0a8b32edced7f51088696869a/sys/net/gnrc/network_layer/sixlowpan/frag/sfr/gnrc_sixlowpan_frag_sfr.c#L1717",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Product"
+ ]
},
{
"url": "https://github.com/RIOT-OS/RIOT/blob/f41b4b67b6affca0a8b32edced7f51088696869a/sys/net/gnrc/network_layer/sixlowpan/frag/sfr/gnrc_sixlowpan_frag_sfr.c#L509",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Product"
+ ]
},
{
"url": "https://github.com/RIOT-OS/RIOT/blob/f41b4b67b6affca0a8b32edced7f51088696869a/sys/net/gnrc/network_layer/sixlowpan/frag/sfr/gnrc_sixlowpan_frag_sfr.c#L617",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Product"
+ ]
},
{
"url": "https://github.com/RIOT-OS/RIOT/blob/master/sys/net/gnrc/network_layer/sixlowpan/frag/sfr/gnrc_sixlowpan_frag_sfr.c#L1586",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Product"
+ ]
},
{
"url": "https://github.com/RIOT-OS/RIOT/blob/master/sys/net/gnrc/network_layer/sixlowpan/frag/sfr/gnrc_sixlowpan_frag_sfr.c#L404",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Product"
+ ]
},
{
"url": "https://github.com/RIOT-OS/RIOT/commit/31c6191f6196f1a05c9765cffeadba868e3b0723",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/RIOT-OS/RIOT/pull/19679",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-8m3w-mphf-wxm8",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33975.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33975.json
index 7b148b13864..611d23ae575 100644
--- a/CVE-2023/CVE-2023-339xx/CVE-2023-33975.json
+++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33975.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-33975",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-30T18:15:10.433",
- "lastModified": "2023-05-30T18:52:32.890",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T19:35:51.893",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -50,38 +80,82 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:riot-os:riot:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "2023.01",
+ "matchCriteriaId": "E3ECD3F7-1DD5-430A-B5E7-50FDFE044CF7"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/RIOT-OS/RIOT/blob/f41b4b67b6affca0a8b32edced7f51088696869a/sys/net/gnrc/network_layer/sixlowpan/frag/rb/gnrc_sixlowpan_frag_rb.c#L320",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://github.com/RIOT-OS/RIOT/blob/f41b4b67b6affca0a8b32edced7f51088696869a/sys/net/gnrc/network_layer/sixlowpan/frag/rb/gnrc_sixlowpan_frag_rb.c#L388",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://github.com/RIOT-OS/RIOT/blob/f41b4b67b6affca0a8b32edced7f51088696869a/sys/net/gnrc/network_layer/sixlowpan/frag/rb/gnrc_sixlowpan_frag_rb.c#L463",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://github.com/RIOT-OS/RIOT/blob/f41b4b67b6affca0a8b32edced7f51088696869a/sys/net/gnrc/network_layer/sixlowpan/frag/rb/gnrc_sixlowpan_frag_rb.c#L467",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://github.com/RIOT-OS/RIOT/blob/f41b4b67b6affca0a8b32edced7f51088696869a/sys/net/gnrc/network_layer/sixlowpan/frag/rb/gnrc_sixlowpan_frag_rb.c#L480",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://github.com/RIOT-OS/RIOT/commit/1aeb90ee5555ae78b567a6365ae4ab71bfd1404b",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://github.com/RIOT-OS/RIOT/pull/19680",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-f6ff-g7mh-58q4",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Exploit",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33977.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33977.json
new file mode 100644
index 00000000000..2c53dc2b3f5
--- /dev/null
+++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33977.json
@@ -0,0 +1,71 @@
+{
+ "id": "CVE-2023-33977",
+ "sourceIdentifier": "security-advisories@github.com",
+ "published": "2023-06-06T19:15:12.800",
+ "lastModified": "2023-06-07T02:45:15.873",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded and Content-Security-Policy definition to prevent cross-site-scripting attacks. The upload validation checks were not 100% robust which left the possibility to circumvent them and upload a potentially dangerous file which allows execution of arbitrary JavaScript in the browser. Additionally we've discovered that Nginx's `proxy_pass` directive will strip some headers negating protections built into Kiwi TCMS when served behind a reverse proxy. This issue has been addressed in version 12.4. Users are advised to upgrade. Users unable to upgrade who are serving Kiwi TCMS behind a reverse proxy should make sure that additional header values are still passed to the client browser. If they aren't redefining them inside the proxy configuration."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 8.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/kiwitcms/Kiwi/blob/master/etc/nginx.conf#L66-L68",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/kiwitcms/Kiwi/blob/master/etc/nginx.conf#L87",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/kiwitcms/Kiwi/commit/d789f4b51025de4f8c747c037d02e1b0da80b034",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-2fqm-m4r2-fh98",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://huntr.dev/bounties/6aea9a26-e29a-467b-aa5a-f767f0c2ec96/",
+ "source": "security-advisories@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33979.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33979.json
index d91e701ffa7..e9de62e14b8 100644
--- a/CVE-2023/CVE-2023-339xx/CVE-2023-33979.json
+++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33979.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-33979",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-31T19:15:27.163",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T13:41:28.850",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-200"
+ }
+ ]
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -46,14 +76,39 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:gpt_academic_project:gpt_academic:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "3.37",
+ "matchCriteriaId": "F668B717-FBAD-4982-9C25-C725A580EC34"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/binary-husky/gpt_academic/commit/1dcc2873d2168ad2d3d70afcb453ac1695fbdf02",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/binary-husky/gpt_academic/security/advisories/GHSA-pg65-p24m-wf5g",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34088.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34088.json
index 82c473daa85..87e56019829 100644
--- a/CVE-2023/CVE-2023-340xx/CVE-2023-34088.json
+++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34088.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-34088",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-31T19:15:27.290",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T01:43:01.050",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -35,6 +55,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -46,10 +76,45 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:collaboraoffice:collabora_online:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.4.27",
+ "matchCriteriaId": "CD758C01-7062-4D64-8E21-0379AF524D7C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:collaboraoffice:collabora_online:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "21.0",
+ "versionEndExcluding": "21.11.9.1",
+ "matchCriteriaId": "D6343E76-C7E4-463B-AE2A-EDA63550C4D1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:collaboraoffice:collabora_online:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "22.0",
+ "versionEndExcluding": "22.05.13",
+ "matchCriteriaId": "7DC6EBB9-CB83-474B-8E86-C780B1A8D6A5"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-7582-pwfh-3pwr",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34096.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34096.json
new file mode 100644
index 00000000000..9421d829e2d
--- /dev/null
+++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34096.json
@@ -0,0 +1,79 @@
+{
+ "id": "CVE-2023-34096",
+ "sourceIdentifier": "security-advisories@github.com",
+ "published": "2023-06-08T19:15:09.773",
+ "lastModified": "2023-06-08T19:15:09.773",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file `panorama.pm` is vulnerable to a Path Traversal vulnerability which allows an attacker to upload a file to any folder which has write permissions on the affected system. The parameter location is not filtered, validated or sanitized and it accepts any kind of characters. For a path traversal attack, the only characters required were the dot (`.`) and the slash (`/`). A fix is available in version 3.06.2."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/sni/Thruk/blob/1bc5a5804bf9fc22e82a4eadb21a1795954f0867/plugins/plugins-available/panorama/lib/Thruk/Controller/panorama.pm#L690",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/sni/Thruk/blob/1bc5a5804bf9fc22e82a4eadb21a1795954f0867/plugins/plugins-available/panorama/lib/Thruk/Controller/panorama.pm#L705",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/sni/Thruk/blob/1bc5a5804bf9fc22e82a4eadb21a1795954f0867/plugins/plugins-available/panorama/lib/Thruk/Controller/panorama.pm#L727",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/sni/Thruk/blob/1bc5a5804bf9fc22e82a4eadb21a1795954f0867/plugins/plugins-available/panorama/lib/Thruk/Controller/panorama.pm#L735",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/sni/Thruk/commit/26de047275c355c5ae2bbbc51b164f0f8bef5c5b",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/sni/Thruk/commit/cf03f67621b7bb20e2c768bc62b30e976206aa17",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/sni/Thruk/security/advisories/GHSA-vhqc-649h-994h",
+ "source": "security-advisories@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34097.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34097.json
index 921cae8c3fe..d81e17404bd 100644
--- a/CVE-2023/CVE-2023-340xx/CVE-2023-34097.json
+++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34097.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-34097",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-05T21:15:11.290",
- "lastModified": "2023-06-05T21:15:11.290",
- "vulnStatus": "Received",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34102.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34102.json
new file mode 100644
index 00000000000..ccca52ceaa3
--- /dev/null
+++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34102.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-34102",
+ "sourceIdentifier": "security-advisories@github.com",
+ "published": "2023-06-05T23:15:12.220",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Avo is an open source ruby on rails admin panel creation framework. The polymorphic field type stores the classes to operate on when updating a record with user input, and does not validate them in the back end. This can lead to unexpected behavior, remote code execution, or application crashes when viewing a manipulated record. This issue has been addressed in commit `ec117882d` which is expected to be included in subsequent releases. Users are advised to limit access to untrusted users until a new release is made."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.3,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-20"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/avo-hq/avo/commit/ec117882ddb1b519481bdd046dc3cfa4474e6e17",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/avo-hq/avo/security/advisories/GHSA-86h2-2g4g-29qx",
+ "source": "security-advisories@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34103.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34103.json
new file mode 100644
index 00000000000..d0852fb1aa7
--- /dev/null
+++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34103.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-34103",
+ "sourceIdentifier": "security-advisories@github.com",
+ "published": "2023-06-05T23:15:12.627",
+ "lastModified": "2023-06-06T12:50:56.083",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Avo is an open source ruby on rails admin panel creation framework. In affected versions some avo fields are vulnerable to Cross Site Scripting (XSS) when rendering html based content. Attackers do need form edit privilege in order to successfully exploit this vulnerability, but the results are stored and no specific timing is required. This issue has been addressed in commit `7891c01e` which is expected to be included in the next release of avo. Users are advised to configure CSP headers for their application and to limit untrusted user access as a mitigation."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.3,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/avo-hq/avo/commit/7891c01e1fba9ca5d7dbccc43d27f385e5d08563",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/avo-hq/avo/security/advisories/GHSA-5cr9-5jx3-2g39",
+ "source": "security-advisories@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34104.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34104.json
new file mode 100644
index 00000000000..b54a397293b
--- /dev/null
+++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34104.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-34104",
+ "sourceIdentifier": "security-advisories@github.com",
+ "published": "2023-06-06T18:15:11.643",
+ "lastModified": "2023-06-06T18:33:59.493",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "fast-xml-parser is an open source, pure javascript xml parser. fast-xml-parser allows special characters in entity names, which are not escaped or sanitized. Since the entity name is used for creating a regex for searching and replacing entities in the XML body, an attacker can abuse it for denial of service (DoS) attacks. By crafting an entity name that results in an intentionally bad performing regex and utilizing it in the entity replacement step of the parser, this can cause the parser to stall for an indefinite amount of time. This problem has been resolved in v4.2.4. Users are advised to upgrade. Users unable to upgrade should avoid using DOCTYPE parsing by setting the `processEntities: false` option."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-1333"
+ },
+ {
+ "lang": "en",
+ "value": "CWE-400"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/39b0e050bb909e8499478657f84a3076e39ce76c",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-6w63-h3fj-q4vw",
+ "source": "security-advisories@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34108.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34108.json
new file mode 100644
index 00000000000..22c4bed2dd2
--- /dev/null
+++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34108.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-34108",
+ "sourceIdentifier": "security-advisories@github.com",
+ "published": "2023-06-07T18:15:09.817",
+ "lastModified": "2023-06-07T20:24:12.193",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "mailcow is a mail server suite based on Dovecot, Postfix and other open source software, that provides a modern web UI for user/server administration. A vulnerability has been discovered in mailcow which allows an attacker to manipulate internal Dovecot variables by using specially crafted passwords during the authentication process. The issue arises from the behavior of the `passwd-verify.lua` script, which is responsible for verifying user passwords during login attempts. Upon a successful login, the script returns a response in the format of \"password=\", indicating the successful authentication. By crafting a password with additional key-value pairs appended to it, an attacker can manipulate the returned string and influence the internal behavior of Dovecot. For example, using the password \"123 mail_crypt_save_version=0\" would cause the `passwd-verify.lua` script to return the string \"password=123 mail_crypt_save_version=0\". Consequently, Dovecot will interpret this string and set the internal variables accordingly, leading to unintended consequences. This vulnerability can be exploited by an authenticated attacker who has the ability to set their own password. Successful exploitation of this vulnerability could result in unauthorized access to user accounts, bypassing security controls, or other malicious activities. This issue has been patched in version `2023-05a`. Users are advised to upgrade. There are no known workarounds for this vulnerability."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-78"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/VladimirBorisov/CVE_proposal/blob/main/MailcowUserPassword.md",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/mailcow/mailcow-dockerized/commit/f80940efdccd393bf5fccec2886795372a38c445",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-mhh4-qchc-pv22",
+ "source": "security-advisories@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34109.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34109.json
new file mode 100644
index 00000000000..3137454fbdf
--- /dev/null
+++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34109.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-34109",
+ "sourceIdentifier": "security-advisories@github.com",
+ "published": "2023-06-07T18:15:09.903",
+ "lastModified": "2023-06-07T20:24:12.193",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "zxcvbn-ts is an open source password strength estimator written in typescript. This vulnerability affects users running on the nodeJS platform which are using the second argument of the zxcvbn function. It can result in an unbounded resource consumption as the user inputs array is extended with every function call. Browsers are impacted, too but a single user need to do a lot of input changes so that it affects the browser, while the node process gets the inputs of every user of a platform and can be killed that way. This problem has been patched in version 3.0.2. Users are advised to upgrade. Users unable to upgrade should stop using the second argument of the zxcvbn function and use the zxcvbnOptions.setOptions function."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-400"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/zxcvbn-ts/zxcvbn/commit/3f9bed21b5d01f6f6863476822ca857355fba22f",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/zxcvbn-ts/zxcvbn/security/advisories/GHSA-38hx-x5hq-5fg4",
+ "source": "security-advisories@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34111.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34111.json
new file mode 100644
index 00000000000..d936e26758b
--- /dev/null
+++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34111.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-34111",
+ "sourceIdentifier": "security-advisories@github.com",
+ "published": "2023-06-06T17:15:15.210",
+ "lastModified": "2023-06-06T18:33:59.493",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The `Release PR Merged` workflow in the github repo taosdata/grafanaplugin is subject to a command injection vulnerability which allows for arbitrary code execution within the github action context due to the insecure usage of `${{ github.event.pull_request.title }}` in a bash command within the GitHub workflow. Attackers can inject malicious commands which will be executed by the workflow. This happens because `${{ github.event.pull_request.title }}` is directly passed to bash command on like 25 of the workflow. This may allow an attacker to gain access to secrets which the github action has access to or to otherwise make use of the compute resources."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-20"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/taosdata/grafanaplugin/blob/master/.github/workflows/release-pr-merged.yaml#L25",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/taosdata/grafanaplugin/security/advisories/GHSA-23wp-p848-hcgr",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://securitylab.github.com/research/github-actions-untrusted-input/",
+ "source": "security-advisories@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34112.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34112.json
new file mode 100644
index 00000000000..daf51203e01
--- /dev/null
+++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34112.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-34112",
+ "sourceIdentifier": "security-advisories@github.com",
+ "published": "2023-06-09T00:15:10.447",
+ "lastModified": "2023-06-09T00:15:10.447",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "JavaCPP Presets is a project providing Java distributions of native C++ libraries. All the actions in the `bytedeco/javacpp-presets` use the `github.event.head_commit.message?` parameter in an insecure way. For example, the commit message is used in a run statement - resulting in a command injection vulnerability due to string interpolation. No exploitation has been reported. This issue has been addressed in version 1.5.9. Users of JavaCPP Presets are advised to upgrade as a precaution."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-94"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/bytedeco/javacpp-presets/security/advisories/GHSA-36rx-hq22-jm5x",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://securitylab.github.com/research/github-actions-untrusted-input/",
+ "source": "security-advisories@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34151.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34151.json
index 2787d1dbc1b..73e12c6585a 100644
--- a/CVE-2023/CVE-2023-341xx/CVE-2023-34151.json
+++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34151.json
@@ -2,16 +2,49 @@
"id": "CVE-2023-34151",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-05-30T22:15:11.000",
- "lastModified": "2023-06-03T05:15:09.977",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T13:57:20.020",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546)."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-190"
+ }
+ ]
+ },
{
"source": "secalert@redhat.com",
"type": "Secondary",
@@ -23,22 +56,101 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "7.1.1.11",
+ "matchCriteriaId": "81FC97E7-D26F-47A4-A0D3-0E957026718D"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BB176AC3-3CDA-4DDA-9089-C67B2F73AA62"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-34151",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210657",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Issue Tracking",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://github.com/ImageMagick/ImageMagick/issues/6341",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Exploit",
+ "Issue Tracking",
+ "Patch"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34152.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34152.json
index 6021aa82a7e..fdfd3c59ecb 100644
--- a/CVE-2023/CVE-2023-341xx/CVE-2023-34152.json
+++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34152.json
@@ -2,16 +2,49 @@
"id": "CVE-2023-34152",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-05-30T22:15:11.070",
- "lastModified": "2023-06-03T05:15:10.037",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T14:05:42.223",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-78"
+ }
+ ]
+ },
{
"source": "secalert@redhat.com",
"type": "Secondary",
@@ -23,22 +56,102 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "7.1.1.11",
+ "matchCriteriaId": "81FC97E7-D26F-47A4-A0D3-0E957026718D"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BB176AC3-3CDA-4DDA-9089-C67B2F73AA62"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-34152",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210659",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Issue Tracking",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://github.com/ImageMagick/ImageMagick/issues/6339",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Exploit",
+ "Issue Tracking",
+ "Patch",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34153.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34153.json
index 27ac6efc423..a811c225ed3 100644
--- a/CVE-2023/CVE-2023-341xx/CVE-2023-34153.json
+++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34153.json
@@ -2,16 +2,49 @@
"id": "CVE-2023-34153",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-05-30T22:15:11.143",
- "lastModified": "2023-06-03T05:15:10.093",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T14:27:38.797",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-77"
+ }
+ ]
+ },
{
"source": "secalert@redhat.com",
"type": "Secondary",
@@ -23,22 +56,101 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "7.1.1.11",
+ "matchCriteriaId": "81FC97E7-D26F-47A4-A0D3-0E957026718D"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BB176AC3-3CDA-4DDA-9089-C67B2F73AA62"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-34153",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210660",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Issue Tracking"
+ ]
},
{
"url": "https://github.com/ImageMagick/ImageMagick/issues/6338",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Exploit",
+ "Issue Tracking",
+ "Patch",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34204.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34204.json
index 481d5310183..1dc99bd9edc 100644
--- a/CVE-2023/CVE-2023-342xx/CVE-2023-34204.json
+++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34204.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-34204",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-30T04:15:10.317",
- "lastModified": "2023-05-30T12:52:56.613",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T16:01:59.353",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -14,11 +14,69 @@
"value": "Imapsync hasta la versi\u00f3n 2.229 utiliza rutas predecibles bajo /tmp y /var/tmp en su modo de operaci\u00f3n por defecto. Ambas rutas suelen ser de escritura universal, por lo que, por ejemplo, un atacante puede modificar la cach\u00e9 de imapsync y sobrescribir archivos pertenecientes al usuario que lo ejecuta. "
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-59"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:imapsync_project:imapsync:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "2.229",
+ "matchCriteriaId": "2D898D32-1D01-40C0-996B-7EC08EBF910D"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/imapsync/imapsync/issues/399",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Issue Tracking",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34205.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34205.json
index 460a70ca415..b978b0af60a 100644
--- a/CVE-2023/CVE-2023-342xx/CVE-2023-34205.json
+++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34205.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-34205",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-30T04:15:10.377",
- "lastModified": "2023-05-30T12:52:56.613",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T15:36:50.337",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -14,11 +14,67 @@
"value": "En Moov signedxml hasta la versi\u00f3n 1.0.0, el an\u00e1lisis del XML sin procesar (tal y como se recibe) puede dar lugar a resultados diferentes que el an\u00e1lisis del XML procesado y canonicalizado. Por lo tanto, la validaci\u00f3n de la firma puede eludirse mediante un ataque de envoltura de firma (tambi\u00e9n conocido como XSW). "
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 9.1,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-347"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:moov:signedxml:1.0.0:*:*:*:*:go:*:*",
+ "matchCriteriaId": "0FED842A-1A04-434A-ACE8-901295325FD4"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/moov-io/signedxml/issues/23",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Issue Tracking",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34218.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34218.json
index b7287155838..5d374367f64 100644
--- a/CVE-2023/CVE-2023-342xx/CVE-2023-34218.json
+++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34218.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-34218",
"sourceIdentifier": "security@jetbrains.com",
"published": "2023-05-31T14:15:10.230",
- "lastModified": "2023-05-31T14:22:04.583",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-06T20:02:39.667",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ },
{
"source": "security@jetbrains.com",
"type": "Secondary",
@@ -46,10 +66,31 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2023.05",
+ "matchCriteriaId": "062C573B-23CC-4F05-BB1D-3FC107988E92"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
- "source": "security@jetbrains.com"
+ "source": "security@jetbrains.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34228.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34228.json
index 58173df64e0..ea29f365b0b 100644
--- a/CVE-2023/CVE-2023-342xx/CVE-2023-34228.json
+++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34228.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-34228",
"sourceIdentifier": "security@jetbrains.com",
"published": "2023-05-31T14:15:10.887",
- "lastModified": "2023-05-31T14:22:04.583",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T15:20:02.280",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ },
{
"source": "security@jetbrains.com",
"type": "Secondary",
@@ -46,10 +66,31 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2023.05",
+ "matchCriteriaId": "062C573B-23CC-4F05-BB1D-3FC107988E92"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
- "source": "security@jetbrains.com"
+ "source": "security@jetbrains.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34229.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34229.json
index 39b941b4068..b0ab672067a 100644
--- a/CVE-2023/CVE-2023-342xx/CVE-2023-34229.json
+++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34229.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-34229",
"sourceIdentifier": "security@jetbrains.com",
"published": "2023-05-31T14:15:10.957",
- "lastModified": "2023-05-31T14:22:04.583",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T02:31:24.327",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ },
{
"source": "security@jetbrains.com",
"type": "Secondary",
@@ -46,10 +66,31 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2023.05",
+ "matchCriteriaId": "062C573B-23CC-4F05-BB1D-3FC107988E92"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
- "source": "security@jetbrains.com"
+ "source": "security@jetbrains.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34230.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34230.json
new file mode 100644
index 00000000000..1288fa28b1b
--- /dev/null
+++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34230.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-34230",
+ "sourceIdentifier": "security-advisories@github.com",
+ "published": "2023-06-08T21:15:17.513",
+ "lastModified": "2023-06-08T21:15:17.513",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user\u2019s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 2.0.18 fixes this issue."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.3,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-77"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/snowflakedb/snowflake-connector-net/security/advisories/GHSA-223g-8w3x-98wr",
+ "source": "security-advisories@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34231.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34231.json
new file mode 100644
index 00000000000..db3289a4dc0
--- /dev/null
+++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34231.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-34231",
+ "sourceIdentifier": "security-advisories@github.com",
+ "published": "2023-06-08T20:15:09.483",
+ "lastModified": "2023-06-08T20:15:09.483",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a command injection vulnerability exists in the Snowflake Golang driver via single sign-on (SSO) browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user\u2019s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. A patch is available in version 1.6.19."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV30": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.3,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-77"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/snowflakedb/gosnowflake/commit/e11a2a555f1b9f7adc1f01fb7b5e7f38fbbb2a1c",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/snowflakedb/gosnowflake/pull/757",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/snowflakedb/gosnowflake/security/advisories/GHSA-fwv2-65wh-2w8c",
+ "source": "security-advisories@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34232.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34232.json
new file mode 100644
index 00000000000..ffcfb80a405
--- /dev/null
+++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34232.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2023-34232",
+ "sourceIdentifier": "security-advisories@github.com",
+ "published": "2023-06-08T21:15:17.593",
+ "lastModified": "2023-06-08T21:15:17.593",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on (SSO) browser URL authentication in versions prior to 1.6.21. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user\u2019s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 1.6.21 contains a patch for this issue."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.3,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-77"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://community.snowflake.com/s/article/Node-js-Driver-Release-Notes",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/snowflakedb/snowflake-connector-nodejs/commit/0c9622ae12cd7d627df404b73a783b4a5f60728a",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/snowflakedb/snowflake-connector-nodejs/pull/465",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/snowflakedb/snowflake-connector-nodejs/security/advisories/GHSA-h53w-7qw7-vh5c",
+ "source": "security-advisories@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34233.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34233.json
new file mode 100644
index 00000000000..a131c6bec7e
--- /dev/null
+++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34233.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-34233",
+ "sourceIdentifier": "security-advisories@github.com",
+ "published": "2023-06-08T21:15:17.663",
+ "lastModified": "2023-06-08T21:15:17.663",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Versions prior to 3.0.2 are vulnerable to command injection via single sign-on(SSO) browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user\u2019s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 3.0.2 contains a patch for this issue."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV30": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.3,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-77"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/snowflakedb/snowflake-connector-python/commit/1cdbd3b1403c5ef520d7f4d9614fe35165e101ac",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/snowflakedb/snowflake-connector-python/pull/1480",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/snowflakedb/snowflake-connector-python/security/advisories/GHSA-5w5m-pfw9-c8fp",
+ "source": "security-advisories@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34234.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34234.json
new file mode 100644
index 00000000000..2d4b28ee00b
--- /dev/null
+++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34234.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-34234",
+ "sourceIdentifier": "security-advisories@github.com",
+ "published": "2023-06-07T18:15:09.977",
+ "lastModified": "2023-06-07T20:24:12.193",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": " OpenZeppelin Contracts is a library for smart contract development. By frontrunning the creation of a proposal, an attacker can become the proposer and gain the ability to cancel it. The attacker can do this repeatedly to try to prevent a proposal from being proposed at all. This impacts the `Governor` contract in v4.9.0 only, and the `GovernorCompatibilityBravo` contract since v4.3.0. This problem has been patched in 4.9.1 by introducing opt-in frontrunning protection. Users are advised to upgrade. Users unable to upgrade may submit the proposal creation transaction to an endpoint with frontrunning protection as a workaround."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "LOW",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/OpenZeppelin/openzeppelin-contracts/commit/d9474327a492f9f310f31bc53f38dbea56ed9a57",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-5h3x-9wvq-w4m2",
+ "source": "security-advisories@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34237.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34237.json
new file mode 100644
index 00000000000..0ee827ce0ee
--- /dev/null
+++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34237.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2023-34237",
+ "sourceIdentifier": "security-advisories@github.com",
+ "published": "2023-06-07T20:15:10.097",
+ "lastModified": "2023-06-07T20:24:12.193",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd process. Exploiting the vulnerabilities requires access to the web interface. Remote exploitation is possible if users[exposed their setup to the internet or other untrusted networks without setting a username/password. By default SABnzbd is only accessible from `localhost`, with no authentication required for the web interface. This issue has been patched in commits `e3a722` and `422b4f` which have been included in the 4.0.2 release. Users are advised to upgrade. Users unable to upgrade should ensure that a username and password have been set if their instance is web accessible."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.2,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-94"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/sabnzbd/sabnzbd/commit/422b4fce7bfd56e95a315be0400cdfdc585df7cc",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/sabnzbd/sabnzbd/commit/e3a722664819d1c7c8fab97144cc299b1c18b429",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-hhgh-xgh3-985r",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://sabnzbd.org/wiki/configuration/4.0/general",
+ "source": "security-advisories@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34238.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34238.json
new file mode 100644
index 00000000000..a6977c2e03c
--- /dev/null
+++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34238.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-34238",
+ "sourceIdentifier": "security-advisories@github.com",
+ "published": "2023-06-08T00:15:09.907",
+ "lastModified": "2023-06-08T02:44:28.663",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the `__file-code-frame` and `__original-stack-frame` paths, exposed when running the Gatsby develop server (`gatsby develop`). Any file in scope of the development server could potentially be exposed. It should be noted that by default `gatsby develop` is only accessible via the localhost `127.0.0.1`, and one would need to intentionally expose the server to other interfaces to exploit this vulnerability by using server options such as `--host 0.0.0.0`, `-H 0.0.0.0`, or the `GATSBY_HOST=0.0.0.0` environment variable. A patch has been introduced in `gatsby@5.9.1` and `gatsby@4.25.7` which mitigates the issue. Users are advised to upgrade. Users unable to upgrade should avoid exposing their development server to the internet."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/gatsbyjs/gatsby/commit/ae5a654eb346b2e7a9d341b809b2f82d34c0f17c",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/gatsbyjs/gatsby/commit/fc22f4ba3ad7ca5fb3592f38f4f0ca8ae60b4bf7",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/gatsbyjs/gatsby/security/advisories/GHSA-c6f8-8r25-c4gc",
+ "source": "security-advisories@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34239.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34239.json
new file mode 100644
index 00000000000..6c7cdabbc1f
--- /dev/null
+++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34239.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-34239",
+ "sourceIdentifier": "security-advisories@github.com",
+ "published": "2023-06-08T00:15:09.997",
+ "lastModified": "2023-06-08T02:44:28.663",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have been addressed in version 3.34.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 7.3,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-20"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/gradio-app/gradio/pull/4370",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/gradio-app/gradio/pull/4406",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-3qqg-pgqq-3695",
+ "source": "security-advisories@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34243.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34243.json
new file mode 100644
index 00000000000..ff96d0b7891
--- /dev/null
+++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34243.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-34243",
+ "sourceIdentifier": "security-advisories@github.com",
+ "published": "2023-06-08T22:15:09.437",
+ "lastModified": "2023-06-08T22:15:09.437",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was registered in tgstation-server (TGS), an attacker could discover their username by brute-forcing the login endpoint with an invalid password. When a valid Windows logon was found, a distinct response would be generated. This issue has been addressed in version 5.12.5. Users are advised to upgrade. Users unable to upgrade may be mitigated by rate-limiting API calls with software that sits in front of TGS in the HTTP pipeline such as fail2ban."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.8,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-200"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/tgstation/tgstation-server/pull/1526",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/tgstation/tgstation-server/security/advisories/GHSA-w3jx-4x93-76ph",
+ "source": "security-advisories@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34256.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34256.json
index 182fd55ca61..e62c1c3da7b 100644
--- a/CVE-2023/CVE-2023-342xx/CVE-2023-34256.json
+++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34256.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-34256",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T20:15:10.817",
- "lastModified": "2023-06-05T14:15:10.550",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-07T16:11:47.793",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -14,23 +14,118 @@
"value": "Se ha descubierto un problema en el kernel de Linux en las versiones anteriores a 6.3.3. Hay una lectura fuera de l\u00edmites en crc16 en \"lib/crc16.c\" cuando se llama dese \"fs/ext4/super.c\" porque \"ext4_group_desc_csum\" no comprueba correctamente un desplazamiento. "
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.3.3",
+ "matchCriteriaId": "660ED42D-8407-4AF6-86A1-281BC7D09829"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:suse:linux_enterprise:12.0:sp5:*:*:*:*:*:*",
+ "matchCriteriaId": "92067E0F-BC44-4C95-9686-BB51D7F6BE55"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:suse:linux_enterprise:15.0:sp4:*:*:*:*:*:*",
+ "matchCriteriaId": "A6A1F863-4D18-45F9-86D5-91ED3B38EB47"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:suse:linux_enterprise:15.0:sp5:*:*:*:*:*:*",
+ "matchCriteriaId": "E69A4648-4BA3-4DBE-965C-C5E1717CD059"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1211895",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Issue Tracking",
+ "Patch",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.3",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Patch"
+ ]
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f04351888a83e595571de672e0a4a8b74f4fb31",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Patch"
+ ]
},
{
"url": "https://syzkaller.appspot.com/bug?extid=8785e41224a3afd04321",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Patch"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34257.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34257.json
index 39f7aa19dcb..192eabf8b54 100644
--- a/CVE-2023/CVE-2023-342xx/CVE-2023-34257.json
+++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34257.json
@@ -2,19 +2,76 @@
"id": "CVE-2023-34257",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T20:15:10.860",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T13:42:38.540",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "** DISPUTED ** An issue was discovered in BMC Patrol through 23.1.00. The agent's configuration can be remotely modified (and, by default, authentication is not required). Some configuration fields related to SNMP (e.g., masterAgentName or masterAgentStartLine) result in code execution when the agent is restarted. NOTE: the vendor's perspective is \"These are not vulnerabilities for us as we have provided the option to implement the authentication.\""
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:bmc:patrol:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "23.1.00",
+ "matchCriteriaId": "195D3820-0A98-497F-9F71-7B4CADBBB53E"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://www.errno.fr/PatrolAdvisory.html#remote-code-excution-using-patrols-pconfig",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34258.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34258.json
index 7f1caf50a61..2daef3ef850 100644
--- a/CVE-2023/CVE-2023-342xx/CVE-2023-34258.json
+++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34258.json
@@ -2,23 +2,84 @@
"id": "CVE-2023-34258",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T20:15:10.903",
- "lastModified": "2023-06-01T01:17:03.663",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T17:26:19.893",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in BMC Patrol before 22.1.00. The agent's configuration can be remotely queried. This configuration contains the Patrol account password, encrypted with a default AES key. This account can then be used to achieve remote code execution."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-311"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:bmc:patrol:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "22.1.00",
+ "matchCriteriaId": "8EA224DB-89A7-4394-8332-A9B78BA6B15F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://gist.github.com/gquere/045638b9959f4b3e119ea01d8d6ff856",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.errno.fr/PatrolAdvisory.html#remote-secrets-leak-using-patrols-pconfig-22100",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34312.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34312.json
index 370c42e340f..45a16cf09bd 100644
--- a/CVE-2023/CVE-2023-343xx/CVE-2023-34312.json
+++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34312.json
@@ -2,19 +2,84 @@
"id": "CVE-2023-34312",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-01T03:15:20.673",
- "lastModified": "2023-06-01T13:00:30.717",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T16:45:47.183",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-763"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tencent:qq:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "9.7.1.28940",
+ "versionEndIncluding": "9.7.8.29039",
+ "matchCriteriaId": "5FE916C4-93CB-42B0-B01F-45015B263C7F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tencent:tim:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.4.5.22071",
+ "versionEndIncluding": "3.4.7.22084",
+ "matchCriteriaId": "7EF89892-427C-4662-B796-645E549813D8"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/vi3t1/qq-tim-elevation",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34339.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34339.json
index a3db9a7a8b1..84cbe20b674 100644
--- a/CVE-2023/CVE-2023-343xx/CVE-2023-34339.json
+++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34339.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-34339",
"sourceIdentifier": "security@jetbrains.com",
"published": "2023-06-01T19:15:09.283",
- "lastModified": "2023-06-01T20:11:35.947",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-06-08T19:15:46.400",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.3,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 1.4
+ },
{
"source": "security@jetbrains.com",
"type": "Secondary",
@@ -46,10 +66,32 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:jetbrains:ktor:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.3.1",
+ "matchCriteriaId": "4409F54D-D894-4DBF-90AC-7E0073FBD32A"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
- "source": "security@jetbrains.com"
+ "source": "security@jetbrains.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34363.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34363.json
new file mode 100644
index 00000000000..f07a9543109
--- /dev/null
+++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34363.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2023-34363",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-09T07:15:10.507",
+ "lastModified": "2023-06-09T07:15:10.507",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security (OAS) encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption mechanism that uses an insecure random number generator to generate the private key. It is possible for a well-placed attacker to predict the output of this random number generator, which could lead to an attacker decrypting traffic between the driver and the database server. The vulnerability does not exist if SSL / TLS encryption is used."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://community.progress.com/s/article/Security-vulnerabilities-in-DataDirect-ODBC-Oracle-Wire-Protocol-driver-June-2023",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://progress.com",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34364.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34364.json
new file mode 100644
index 00000000000..c05a4113228
--- /dev/null
+++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34364.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2023-34364",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-09T07:15:10.563",
+ "lastModified": "2023-06-09T07:15:10.563",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. An overly large value for certain options of a connection string may overrun the buffer allocated to process the string value. This allows an attacker to execute code of their choice on an affected host by copying carefully selected data that will be executed as code."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://community.progress.com/s/article/Security-vulnerabilities-in-DataDirect-ODBC-Oracle-Wire-Protocol-driver-June-2023",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://progress.com",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-344xx/CVE-2023-34409.json b/CVE-2023/CVE-2023-344xx/CVE-2023-34409.json
new file mode 100644
index 00000000000..771f24e3c83
--- /dev/null
+++ b/CVE-2023/CVE-2023-344xx/CVE-2023-34409.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-34409",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-06T20:15:14.333",
+ "lastModified": "2023-06-07T02:45:15.873",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticated API routes, to access otherwise protected API routes leading to escalation of privileges and information disclosure."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.percona.com/blog/pmm-authentication-bypass-vulnerability-fixed-in-2-37-1/",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-345xx/CVE-2023-34566.json b/CVE-2023/CVE-2023-345xx/CVE-2023-34566.json
new file mode 100644
index 00000000000..317369f19a8
--- /dev/null
+++ b/CVE-2023/CVE-2023-345xx/CVE-2023-34566.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-34566",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-08T15:15:09.560",
+ "lastModified": "2023-06-08T17:08:49.797",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/saveParentControlInfo."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://hackmd.io/@0dayResearch/rk8hQf5rh",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-345xx/CVE-2023-34567.json b/CVE-2023/CVE-2023-345xx/CVE-2023-34567.json
new file mode 100644
index 00000000000..c7aa6d09746
--- /dev/null
+++ b/CVE-2023/CVE-2023-345xx/CVE-2023-34567.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-34567",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-08T15:15:09.607",
+ "lastModified": "2023-06-08T17:08:49.797",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://hackmd.io/@0dayResearch/H1xUqzfHh",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-345xx/CVE-2023-34568.json b/CVE-2023/CVE-2023-345xx/CVE-2023-34568.json
new file mode 100644
index 00000000000..0f87fdb26e2
--- /dev/null
+++ b/CVE-2023/CVE-2023-345xx/CVE-2023-34568.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-34568",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-08T15:15:09.653",
+ "lastModified": "2023-06-08T17:08:49.797",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://hackmd.io/@0dayResearch/ryR8IzMH2",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-345xx/CVE-2023-34569.json b/CVE-2023/CVE-2023-345xx/CVE-2023-34569.json
new file mode 100644
index 00000000000..8f183487418
--- /dev/null
+++ b/CVE-2023/CVE-2023-345xx/CVE-2023-34569.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-34569",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-08T15:15:09.697",
+ "lastModified": "2023-06-08T17:08:49.797",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://hackmd.io/@0dayResearch/HymuzffSh",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-345xx/CVE-2023-34570.json b/CVE-2023/CVE-2023-345xx/CVE-2023-34570.json
new file mode 100644
index 00000000000..5111264858a
--- /dev/null
+++ b/CVE-2023/CVE-2023-345xx/CVE-2023-34570.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-34570",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-08T15:15:09.747",
+ "lastModified": "2023-06-08T17:08:49.797",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter devName at /goform/SetOnlineDevName."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://hackmd.io/@0dayResearch/S1eI91_l2",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-345xx/CVE-2023-34571.json b/CVE-2023/CVE-2023-345xx/CVE-2023-34571.json
new file mode 100644
index 00000000000..43bda33fb29
--- /dev/null
+++ b/CVE-2023/CVE-2023-345xx/CVE-2023-34571.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-34571",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-08T15:15:09.793",
+ "lastModified": "2023-06-08T17:08:49.797",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter shareSpeed at /goform/WifiGuestSet."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://hackmd.io/@0dayResearch/S1GcUxzSn",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34958.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34958.json
new file mode 100644
index 00000000000..e0f9d45cd08
--- /dev/null
+++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34958.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2023-34958",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-08T19:15:09.920",
+ "lastModified": "2023-06-08T19:15:09.920",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/chamilo/chamilo-lms/commit/0c1c29db18856a6f25e21d0405dda2c20b35ff3a",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-109-2023-04-15-Moderate-impact-Moderate-risk-IDOR-in-workstudent-publication",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34959.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34959.json
new file mode 100644
index 00000000000..4ec83cd142e
--- /dev/null
+++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34959.json
@@ -0,0 +1,32 @@
+{
+ "id": "CVE-2023-34959",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-08T19:15:10.003",
+ "lastModified": "2023-06-08T19:15:10.003",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/chamilo/chamilo-lms/commit/cc278f01864948b1fb160e03f0a3dc0875d5f81f",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/chamilo/chamilo-lms/commit/ea5791ff8ce6ea45148a171b0da5348a7c415e6f",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/chamilo/chamilo-lms/commit/ed946908fef23e8aa4cefc28f745f3cd6710099f",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-111-2023-04-20-Moderate-impact-Low-risk-Multiple-blind-SSRF-in-links-and-social-tools",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34961.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34961.json
new file mode 100644
index 00000000000..3adb577bca3
--- /dev/null
+++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34961.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2023-34961",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-08T19:15:10.077",
+ "lastModified": "2023-06-08T19:15:10.077",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/chamilo/chamilo-lms/commit/80d1a8c9063a20f286b0195ef537c84a1a11875a",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-105-2023-04-15-Low-impact-Moderate-risk-XSS-in-student-work-comments",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34962.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34962.json
new file mode 100644
index 00000000000..e75da8b2b2a
--- /dev/null
+++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34962.json
@@ -0,0 +1,28 @@
+{
+ "id": "CVE-2023-34962",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-08T19:15:10.163",
+ "lastModified": "2023-06-08T19:15:10.163",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student's personal notes."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/chamilo/chamilo-lms/commit/19af444d2da9e5a60f02b4ebe7755cdff36709cd",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/chamilo/chamilo-lms/commit/f9a17bfaf05994383bca5f4b65eb6897acc60d41",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-106-2023-04-15-Moderate-impact-Moderate-risk-A-student-can-access-and-modify-another-students-personal-notes",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34969.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34969.json
new file mode 100644
index 00000000000..2e0df8d5612
--- /dev/null
+++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34969.json
@@ -0,0 +1,20 @@
+{
+ "id": "CVE-2023-34969",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-06-08T03:15:08.970",
+ "lastModified": "2023-06-08T17:08:49.797",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/457",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/README.md b/README.md
index b00816310b6..b6104b73946 100644
--- a/README.md
+++ b/README.md
@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
-2023-06-05T22:00:23.184243+00:00
+2023-06-09T11:28:13.172170+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
-2023-06-05T21:15:11.377000+00:00
+2023-06-09T11:15:09.377000+00:00
```
### Last Data Feed Release
@@ -23,44 +23,75 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
-2023-06-05T00:00:13.565163+00:00
+2023-06-09T00:00:13.876776+00:00
```
### Total Number of included CVEs
```plain
-216886
+217355
```
### CVEs added in the last Commit
-Recently added CVEs: `16`
+Recently added CVEs: `469`
-* [CVE-2013-10029](CVE-2013/CVE-2013-100xx/CVE-2013-10029.json) (`2023-06-05T21:15:09.250`)
-* [CVE-2020-19028](CVE-2020/CVE-2020-190xx/CVE-2020-19028.json) (`2023-06-05T21:15:10.307`)
-* [CVE-2022-4569](CVE-2022/CVE-2022-45xx/CVE-2022-4569.json) (`2023-06-05T21:15:10.413`)
-* [CVE-2023-33956](CVE-2023/CVE-2023-339xx/CVE-2023-33956.json) (`2023-06-05T20:15:09.460`)
-* [CVE-2023-33968](CVE-2023/CVE-2023-339xx/CVE-2023-33968.json) (`2023-06-05T20:15:09.750`)
-* [CVE-2023-33969](CVE-2023/CVE-2023-339xx/CVE-2023-33969.json) (`2023-06-05T20:15:09.867`)
-* [CVE-2023-33970](CVE-2023/CVE-2023-339xx/CVE-2023-33970.json) (`2023-06-05T20:15:09.980`)
-* [CVE-2023-29629](CVE-2023/CVE-2023-296xx/CVE-2023-29629.json) (`2023-06-05T21:15:10.687`)
-* [CVE-2023-29630](CVE-2023/CVE-2023-296xx/CVE-2023-29630.json) (`2023-06-05T21:15:10.760`)
-* [CVE-2023-29631](CVE-2023/CVE-2023-296xx/CVE-2023-29631.json) (`2023-06-05T21:15:10.827`)
-* [CVE-2023-31893](CVE-2023/CVE-2023-318xx/CVE-2023-31893.json) (`2023-06-05T21:15:10.977`)
-* [CVE-2023-33408](CVE-2023/CVE-2023-334xx/CVE-2023-33408.json) (`2023-06-05T21:15:11.140`)
-* [CVE-2023-33409](CVE-2023/CVE-2023-334xx/CVE-2023-33409.json) (`2023-06-05T21:15:11.193`)
-* [CVE-2023-33410](CVE-2023/CVE-2023-334xx/CVE-2023-33410.json) (`2023-06-05T21:15:11.243`)
-* [CVE-2023-34097](CVE-2023/CVE-2023-340xx/CVE-2023-34097.json) (`2023-06-05T21:15:11.290`)
-* [CVE-2023-3111](CVE-2023/CVE-2023-31xx/CVE-2023-3111.json) (`2023-06-05T21:15:11.377`)
+* [CVE-2023-2556](CVE-2023/CVE-2023-25xx/CVE-2023-2556.json) (`2023-06-09T06:16:08.960`)
+* [CVE-2023-2557](CVE-2023/CVE-2023-25xx/CVE-2023-2557.json) (`2023-06-09T06:16:09.247`)
+* [CVE-2023-2558](CVE-2023/CVE-2023-25xx/CVE-2023-2558.json) (`2023-06-09T06:16:09.583`)
+* [CVE-2023-2584](CVE-2023/CVE-2023-25xx/CVE-2023-2584.json) (`2023-06-09T06:16:09.897`)
+* [CVE-2023-2599](CVE-2023/CVE-2023-25xx/CVE-2023-2599.json) (`2023-06-09T06:16:10.247`)
+* [CVE-2023-2604](CVE-2023/CVE-2023-26xx/CVE-2023-2604.json) (`2023-06-09T06:16:10.567`)
+* [CVE-2023-2607](CVE-2023/CVE-2023-26xx/CVE-2023-2607.json) (`2023-06-09T06:16:10.967`)
+* [CVE-2023-2688](CVE-2023/CVE-2023-26xx/CVE-2023-2688.json) (`2023-06-09T06:16:11.217`)
+* [CVE-2023-2764](CVE-2023/CVE-2023-27xx/CVE-2023-2764.json) (`2023-06-09T06:16:11.573`)
+* [CVE-2023-2767](CVE-2023/CVE-2023-27xx/CVE-2023-2767.json) (`2023-06-09T06:16:11.867`)
+* [CVE-2023-2891](CVE-2023/CVE-2023-28xx/CVE-2023-2891.json) (`2023-06-09T06:16:12.163`)
+* [CVE-2023-3176](CVE-2023/CVE-2023-31xx/CVE-2023-3176.json) (`2023-06-09T06:16:12.497`)
+* [CVE-2023-3177](CVE-2023/CVE-2023-31xx/CVE-2023-3177.json) (`2023-06-09T06:16:12.870`)
+* [CVE-2023-2892](CVE-2023/CVE-2023-28xx/CVE-2023-2892.json) (`2023-06-09T07:15:09.987`)
+* [CVE-2023-2893](CVE-2023/CVE-2023-28xx/CVE-2023-2893.json) (`2023-06-09T07:15:10.110`)
+* [CVE-2023-2894](CVE-2023/CVE-2023-28xx/CVE-2023-2894.json) (`2023-06-09T07:15:10.193`)
+* [CVE-2023-2895](CVE-2023/CVE-2023-28xx/CVE-2023-2895.json) (`2023-06-09T07:15:10.273`)
+* [CVE-2023-2896](CVE-2023/CVE-2023-28xx/CVE-2023-2896.json) (`2023-06-09T07:15:10.347`)
+* [CVE-2023-2897](CVE-2023/CVE-2023-28xx/CVE-2023-2897.json) (`2023-06-09T07:15:10.423`)
+* [CVE-2023-34363](CVE-2023/CVE-2023-343xx/CVE-2023-34363.json) (`2023-06-09T07:15:10.507`)
+* [CVE-2023-34364](CVE-2023/CVE-2023-343xx/CVE-2023-34364.json) (`2023-06-09T07:15:10.563`)
+* [CVE-2023-0342](CVE-2023/CVE-2023-03xx/CVE-2023-0342.json) (`2023-06-09T09:15:09.383`)
+* [CVE-2023-1428](CVE-2023/CVE-2023-14xx/CVE-2023-1428.json) (`2023-06-09T11:15:09.200`)
+* [CVE-2023-32731](CVE-2023/CVE-2023-327xx/CVE-2023-32731.json) (`2023-06-09T11:15:09.303`)
+* [CVE-2023-32732](CVE-2023/CVE-2023-327xx/CVE-2023-32732.json) (`2023-06-09T11:15:09.377`)
### CVEs modified in the last Commit
-Recently modified CVEs: `3`
+Recently modified CVEs: `457`
-* [CVE-2023-0386](CVE-2023/CVE-2023-03xx/CVE-2023-0386.json) (`2023-06-05T21:15:10.510`)
-* [CVE-2023-31436](CVE-2023/CVE-2023-314xx/CVE-2023-31436.json) (`2023-06-05T21:15:10.897`)
-* [CVE-2023-32233](CVE-2023/CVE-2023-322xx/CVE-2023-32233.json) (`2023-06-05T21:15:11.027`)
+* [CVE-2023-29539](CVE-2023/CVE-2023-295xx/CVE-2023-29539.json) (`2023-06-09T03:56:54.370`)
+* [CVE-2023-29538](CVE-2023/CVE-2023-295xx/CVE-2023-29538.json) (`2023-06-09T03:56:56.727`)
+* [CVE-2023-29537](CVE-2023/CVE-2023-295xx/CVE-2023-29537.json) (`2023-06-09T03:56:59.427`)
+* [CVE-2023-29536](CVE-2023/CVE-2023-295xx/CVE-2023-29536.json) (`2023-06-09T03:57:01.487`)
+* [CVE-2023-29535](CVE-2023/CVE-2023-295xx/CVE-2023-29535.json) (`2023-06-09T03:57:03.400`)
+* [CVE-2023-29533](CVE-2023/CVE-2023-295xx/CVE-2023-29533.json) (`2023-06-09T03:57:05.667`)
+* [CVE-2023-28177](CVE-2023/CVE-2023-281xx/CVE-2023-28177.json) (`2023-06-09T03:57:08.567`)
+* [CVE-2023-28176](CVE-2023/CVE-2023-281xx/CVE-2023-28176.json) (`2023-06-09T03:57:11.497`)
+* [CVE-2023-28164](CVE-2023/CVE-2023-281xx/CVE-2023-28164.json) (`2023-06-09T03:57:13.657`)
+* [CVE-2023-27986](CVE-2023/CVE-2023-279xx/CVE-2023-27986.json) (`2023-06-09T06:16:00.423`)
+* [CVE-2023-28392](CVE-2023/CVE-2023-283xx/CVE-2023-28392.json) (`2023-06-09T06:16:00.853`)
+* [CVE-2023-27985](CVE-2023/CVE-2023-279xx/CVE-2023-27985.json) (`2023-06-09T07:15:09.753`)
+* [CVE-2023-1387](CVE-2023/CVE-2023-13xx/CVE-2023-1387.json) (`2023-06-09T08:15:09.287`)
+* [CVE-2023-28319](CVE-2023/CVE-2023-283xx/CVE-2023-28319.json) (`2023-06-09T08:15:09.393`)
+* [CVE-2023-28320](CVE-2023/CVE-2023-283xx/CVE-2023-28320.json) (`2023-06-09T08:15:09.493`)
+* [CVE-2023-28321](CVE-2023/CVE-2023-283xx/CVE-2023-28321.json) (`2023-06-09T08:15:09.617`)
+* [CVE-2023-28322](CVE-2023/CVE-2023-283xx/CVE-2023-28322.json) (`2023-06-09T08:15:09.730`)
+* [CVE-2023-28656](CVE-2023/CVE-2023-286xx/CVE-2023-28656.json) (`2023-06-09T08:15:09.817`)
+* [CVE-2023-28724](CVE-2023/CVE-2023-287xx/CVE-2023-28724.json) (`2023-06-09T08:15:10.027`)
+* [CVE-2023-2006](CVE-2023/CVE-2023-20xx/CVE-2023-2006.json) (`2023-06-09T08:15:10.170`)
+* [CVE-2023-2176](CVE-2023/CVE-2023-21xx/CVE-2023-2176.json) (`2023-06-09T08:15:10.317`)
+* [CVE-2023-2197](CVE-2023/CVE-2023-21xx/CVE-2023-2197.json) (`2023-06-09T08:15:10.823`)
+* [CVE-2023-2235](CVE-2023/CVE-2023-22xx/CVE-2023-2235.json) (`2023-06-09T08:15:10.990`)
+* [CVE-2023-31047](CVE-2023/CVE-2023-310xx/CVE-2023-31047.json) (`2023-06-09T08:15:11.207`)
+* [CVE-2023-31436](CVE-2023/CVE-2023-314xx/CVE-2023-31436.json) (`2023-06-09T08:15:11.370`)
## Download and Usage