From ba368fd0ec62d13b6abda1dda5a512a9ef7312b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Helmke?= Date: Fri, 28 Apr 2023 16:00:32 +0200 Subject: [PATCH] Auto-Update: 2023-04-28T14:00:25.326213+00:00 --- CVE-2020/CVE-2020-47xx/CVE-2020-4729.json | 4 +- CVE-2022/CVE-2022-250xx/CVE-2022-25091.json | 4 +- CVE-2022/CVE-2022-316xx/CVE-2022-31647.json | 4 +- CVE-2022/CVE-2022-342xx/CVE-2022-34292.json | 4 +- CVE-2022/CVE-2022-373xx/CVE-2022-37326.json | 4 +- CVE-2022/CVE-2022-385xx/CVE-2022-38583.json | 24 ++ CVE-2022/CVE-2022-387xx/CVE-2022-38730.json | 4 +- CVE-2022/CVE-2022-413xx/CVE-2022-41397.json | 20 ++ CVE-2022/CVE-2022-413xx/CVE-2022-41398.json | 20 ++ CVE-2022/CVE-2022-413xx/CVE-2022-41399.json | 20 ++ CVE-2022/CVE-2022-414xx/CVE-2022-41400.json | 20 ++ CVE-2022/CVE-2022-484xx/CVE-2022-48481.json | 4 +- CVE-2023/CVE-2023-19xx/CVE-2023-1967.json | 4 +- CVE-2023/CVE-2023-217xx/CVE-2023-21712.json | 4 +- CVE-2023/CVE-2023-23xx/CVE-2023-2355.json | 4 +- CVE-2023/CVE-2023-23xx/CVE-2023-2356.json | 4 +- CVE-2023/CVE-2023-23xx/CVE-2023-2360.json | 55 +++++ CVE-2023/CVE-2023-23xx/CVE-2023-2361.json | 4 +- CVE-2023/CVE-2023-23xx/CVE-2023-2363.json | 4 +- CVE-2023/CVE-2023-23xx/CVE-2023-2364.json | 4 +- CVE-2023/CVE-2023-23xx/CVE-2023-2365.json | 88 ++++++++ CVE-2023/CVE-2023-23xx/CVE-2023-2366.json | 88 ++++++++ CVE-2023/CVE-2023-23xx/CVE-2023-2367.json | 88 ++++++++ CVE-2023/CVE-2023-23xx/CVE-2023-2368.json | 88 ++++++++ CVE-2023/CVE-2023-23xx/CVE-2023-2369.json | 88 ++++++++ CVE-2023/CVE-2023-254xx/CVE-2023-25437.json | 4 +- CVE-2023/CVE-2023-255xx/CVE-2023-25556.json | 230 +++++++++++++++++++- CVE-2023/CVE-2023-267xx/CVE-2023-26735.json | 40 ++++ CVE-2023/CVE-2023-275xx/CVE-2023-27556.json | 4 +- CVE-2023/CVE-2023-275xx/CVE-2023-27557.json | 4 +- CVE-2023/CVE-2023-278xx/CVE-2023-27860.json | 4 +- CVE-2023/CVE-2023-280xx/CVE-2023-28004.json | 60 ++++- CVE-2023/CVE-2023-281xx/CVE-2023-28140.json | 58 ++++- CVE-2023/CVE-2023-281xx/CVE-2023-28142.json | 58 ++++- CVE-2023/CVE-2023-282xx/CVE-2023-28261.json | 4 +- CVE-2023/CVE-2023-282xx/CVE-2023-28286.json | 4 +- CVE-2023/CVE-2023-283xx/CVE-2023-28384.json | 4 +- CVE-2023/CVE-2023-284xx/CVE-2023-28400.json | 4 +- CVE-2023/CVE-2023-285xx/CVE-2023-28528.json | 4 +- CVE-2023/CVE-2023-287xx/CVE-2023-28716.json | 4 +- CVE-2023/CVE-2023-288xx/CVE-2023-28882.json | 4 +- CVE-2023/CVE-2023-291xx/CVE-2023-29150.json | 4 +- CVE-2023/CVE-2023-291xx/CVE-2023-29169.json | 4 +- CVE-2023/CVE-2023-294xx/CVE-2023-29411.json | 141 +++++++++++- CVE-2023/CVE-2023-294xx/CVE-2023-29412.json | 129 ++++++++++- CVE-2023/CVE-2023-294xx/CVE-2023-29413.json | 129 ++++++++++- CVE-2023/CVE-2023-294xx/CVE-2023-29471.json | 4 +- CVE-2023/CVE-2023-294xx/CVE-2023-29489.json | 4 +- CVE-2023/CVE-2023-299xx/CVE-2023-29950.json | 4 +- CVE-2023/CVE-2023-300xx/CVE-2023-30024.json | 32 +++ CVE-2023/CVE-2023-303xx/CVE-2023-30380.json | 4 +- CVE-2023/CVE-2023-304xx/CVE-2023-30466.json | 4 +- CVE-2023/CVE-2023-304xx/CVE-2023-30467.json | 4 +- CVE-2023/CVE-2023-314xx/CVE-2023-31436.json | 4 +- README.md | 70 +++++- 55 files changed, 1581 insertions(+), 101 deletions(-) create mode 100644 CVE-2022/CVE-2022-385xx/CVE-2022-38583.json create mode 100644 CVE-2022/CVE-2022-413xx/CVE-2022-41397.json create mode 100644 CVE-2022/CVE-2022-413xx/CVE-2022-41398.json create mode 100644 CVE-2022/CVE-2022-413xx/CVE-2022-41399.json create mode 100644 CVE-2022/CVE-2022-414xx/CVE-2022-41400.json create mode 100644 CVE-2023/CVE-2023-23xx/CVE-2023-2360.json create mode 100644 CVE-2023/CVE-2023-23xx/CVE-2023-2365.json create mode 100644 CVE-2023/CVE-2023-23xx/CVE-2023-2366.json create mode 100644 CVE-2023/CVE-2023-23xx/CVE-2023-2367.json create mode 100644 CVE-2023/CVE-2023-23xx/CVE-2023-2368.json create mode 100644 CVE-2023/CVE-2023-23xx/CVE-2023-2369.json create mode 100644 CVE-2023/CVE-2023-267xx/CVE-2023-26735.json create mode 100644 CVE-2023/CVE-2023-300xx/CVE-2023-30024.json diff --git a/CVE-2020/CVE-2020-47xx/CVE-2020-4729.json b/CVE-2020/CVE-2020-47xx/CVE-2020-4729.json index 6d38a274af7..fbac92ed713 100644 --- a/CVE-2020/CVE-2020-47xx/CVE-2020-4729.json +++ b/CVE-2020/CVE-2020-47xx/CVE-2020-4729.json @@ -2,8 +2,8 @@ "id": "CVE-2020-4729", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-04-28T02:15:08.697", - "lastModified": "2023-04-28T02:15:08.697", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:08.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-250xx/CVE-2022-25091.json b/CVE-2022/CVE-2022-250xx/CVE-2022-25091.json index 1b15b4d32ce..6da33c91008 100644 --- a/CVE-2022/CVE-2022-250xx/CVE-2022-25091.json +++ b/CVE-2022/CVE-2022-250xx/CVE-2022-25091.json @@ -2,8 +2,8 @@ "id": "CVE-2022-25091", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-27T21:15:10.343", - "lastModified": "2023-04-27T21:15:10.343", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:13.110", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-316xx/CVE-2022-31647.json b/CVE-2022/CVE-2022-316xx/CVE-2022-31647.json index 476af37502a..d18c780adca 100644 --- a/CVE-2022/CVE-2022-316xx/CVE-2022-31647.json +++ b/CVE-2022/CVE-2022-316xx/CVE-2022-31647.json @@ -2,8 +2,8 @@ "id": "CVE-2022-31647", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-27T20:15:39.930", - "lastModified": "2023-04-27T20:15:39.930", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:13.110", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-342xx/CVE-2022-34292.json b/CVE-2022/CVE-2022-342xx/CVE-2022-34292.json index 7cc6590eaba..253ee248c9b 100644 --- a/CVE-2022/CVE-2022-342xx/CVE-2022-34292.json +++ b/CVE-2022/CVE-2022-342xx/CVE-2022-34292.json @@ -2,8 +2,8 @@ "id": "CVE-2022-34292", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-27T20:15:40.070", - "lastModified": "2023-04-27T20:15:40.070", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:13.110", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-373xx/CVE-2022-37326.json b/CVE-2022/CVE-2022-373xx/CVE-2022-37326.json index 5f89b69999a..3b424c4f175 100644 --- a/CVE-2022/CVE-2022-373xx/CVE-2022-37326.json +++ b/CVE-2022/CVE-2022-373xx/CVE-2022-37326.json @@ -2,8 +2,8 @@ "id": "CVE-2022-37326", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-27T20:15:40.113", - "lastModified": "2023-04-27T20:15:40.113", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:13.110", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-385xx/CVE-2022-38583.json b/CVE-2022/CVE-2022-385xx/CVE-2022-38583.json new file mode 100644 index 00000000000..cca891c2842 --- /dev/null +++ b/CVE-2022/CVE-2022-385xx/CVE-2022-38583.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2022-38583", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-04-28T13:15:13.313", + "lastModified": "2023-04-28T13:15:13.313", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a \"Windows Peer-to-Peer Network\" or \"Client Server Network\" configuration, a low-privileged Sage 300 workstation user could abuse their access to the \"SharedData\" folder on the connected Sage 300 server to view and/or modify the credentials associated with Sage 300 users and SQL accounts to impersonate users and/or access the SQL database as a system administrator. With system administrator-level access to the Sage 300 MS SQL database it would be possible to create, update, and delete all records associated with the program and, depending on the configuration, execute code on the underlying database server." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://sage.com", + "source": "cve@mitre.org" + }, + { + "url": "https://www.controlgap.com/blog/sage-300-case-study", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-387xx/CVE-2022-38730.json b/CVE-2022/CVE-2022-387xx/CVE-2022-38730.json index 3ad36b19892..0e5e7c65f8d 100644 --- a/CVE-2022/CVE-2022-387xx/CVE-2022-38730.json +++ b/CVE-2022/CVE-2022-387xx/CVE-2022-38730.json @@ -2,8 +2,8 @@ "id": "CVE-2022-38730", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-27T20:15:40.153", - "lastModified": "2023-04-27T20:15:40.153", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:13.110", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-413xx/CVE-2022-41397.json b/CVE-2022/CVE-2022-413xx/CVE-2022-41397.json new file mode 100644 index 00000000000..5b367198390 --- /dev/null +++ b/CVE-2022/CVE-2022-413xx/CVE-2022-41397.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-41397", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-04-28T13:15:13.417", + "lastModified": "2023-04-28T13:15:13.417", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key (\"LandlordPassKey\") to encrypt and decrypt secrets stored in configuration files and in database tables." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.sage.com/en-ca/products/sage-300/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-413xx/CVE-2022-41398.json b/CVE-2022/CVE-2022-413xx/CVE-2022-41398.json new file mode 100644 index 00000000000..4bdf03047e8 --- /dev/null +++ b/CVE-2022/CVE-2022-413xx/CVE-2022-41398.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-41398", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-04-28T13:15:13.460", + "lastModified": "2023-04-28T13:15:13.460", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. This issue could allow attackers to login to the Solr dashboard with admin privileges and access sensitive information." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.sage.com/en-ca/products/sage-300/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-413xx/CVE-2022-41399.json b/CVE-2022/CVE-2022-413xx/CVE-2022-41399.json new file mode 100644 index 00000000000..a140b4f26b3 --- /dev/null +++ b/CVE-2022/CVE-2022-413xx/CVE-2022-41399.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-41399", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-04-28T13:15:13.510", + "lastModified": "2023-04-28T13:15:13.510", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key (\"PASS_KEY\") to encrypt and decrypt the database connection string for the PORTAL database found in the \"dbconfig.xml\". This issue could allow attackers to obtain access to the SQL database." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.sage.com/en-ca/products/sage-300/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-414xx/CVE-2022-41400.json b/CVE-2022/CVE-2022-414xx/CVE-2022-41400.json new file mode 100644 index 00000000000..56bb4892c02 --- /dev/null +++ b/CVE-2022/CVE-2022-414xx/CVE-2022-41400.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-41400", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-04-28T13:15:13.560", + "lastModified": "2023-04-28T13:15:13.560", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.sage.com/en-ca/products/sage-300/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-484xx/CVE-2022-48481.json b/CVE-2022/CVE-2022-484xx/CVE-2022-48481.json index c656aad3350..460c2cb3935 100644 --- a/CVE-2022/CVE-2022-484xx/CVE-2022-48481.json +++ b/CVE-2022/CVE-2022-484xx/CVE-2022-48481.json @@ -2,8 +2,8 @@ "id": "CVE-2022-48481", "sourceIdentifier": "security@jetbrains.com", "published": "2023-04-28T10:15:09.130", - "lastModified": "2023-04-28T10:15:09.130", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:08.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-19xx/CVE-2023-1967.json b/CVE-2023/CVE-2023-19xx/CVE-2023-1967.json index ae508cc6835..843f1bc9782 100644 --- a/CVE-2023/CVE-2023-19xx/CVE-2023-1967.json +++ b/CVE-2023/CVE-2023-19xx/CVE-2023-1967.json @@ -2,8 +2,8 @@ "id": "CVE-2023-1967", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-04-27T22:15:09.187", - "lastModified": "2023-04-27T22:15:09.187", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:13.110", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-217xx/CVE-2023-21712.json b/CVE-2023/CVE-2023-217xx/CVE-2023-21712.json index cd3599f58a2..6fda64e6a0d 100644 --- a/CVE-2023/CVE-2023-217xx/CVE-2023-21712.json +++ b/CVE-2023/CVE-2023-217xx/CVE-2023-21712.json @@ -2,8 +2,8 @@ "id": "CVE-2023-21712", "sourceIdentifier": "secure@microsoft.com", "published": "2023-04-27T19:15:13.527", - "lastModified": "2023-04-27T19:15:13.527", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:13.110", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2355.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2355.json index 040ccf5d455..0b031b02144 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2355.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2355.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2355", "sourceIdentifier": "security@acronis.com", "published": "2023-04-27T19:15:20.597", - "lastModified": "2023-04-27T19:15:20.597", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:13.110", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2356.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2356.json index 34f36741ca9..f3b8985f2a4 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2356.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2356.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2356", "sourceIdentifier": "security@huntr.dev", "published": "2023-04-28T00:15:08.890", - "lastModified": "2023-04-28T00:15:08.890", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:08.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2360.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2360.json new file mode 100644 index 00000000000..4cc426d9d26 --- /dev/null +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2360.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-2360", + "sourceIdentifier": "security@acronis.com", + "published": "2023-04-28T12:15:09.820", + "lastModified": "2023-04-28T12:58:08.387", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Sensitive information disclosure due to CORS misconfiguration. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.2.0-135." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@acronis.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.6, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@acronis.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-942" + } + ] + } + ], + "references": [ + { + "url": "https://security-advisory.acronis.com/advisories/SEC-4215", + "source": "security@acronis.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2361.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2361.json index 491f83ed4cc..c68cdacf4ed 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2361.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2361.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2361", "sourceIdentifier": "security@huntr.dev", "published": "2023-04-28T08:15:09.340", - "lastModified": "2023-04-28T08:15:09.340", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:08.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2363.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2363.json index 3fcbeb20ad8..72f0d3b9be8 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2363.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2363.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2363", "sourceIdentifier": "cna@vuldb.com", "published": "2023-04-28T11:15:08.847", - "lastModified": "2023-04-28T11:15:08.847", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:08.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2364.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2364.json index f7302436b18..37ce9744a6e 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2364.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2364.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2364", "sourceIdentifier": "cna@vuldb.com", "published": "2023-04-28T11:15:08.923", - "lastModified": "2023-04-28T11:15:08.923", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:08.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2365.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2365.json new file mode 100644 index 00000000000..bbfde92444c --- /dev/null +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2365.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-2365", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-04-28T12:15:09.877", + "lastModified": "2023-04-28T12:58:08.387", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file ajax.php?action=delete_subject. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227641 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/oV201/cve_report/blob/main/vendors/oretnom23/faculty-evaluation-system/SQLi-1.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.227641", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.227641", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2366.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2366.json new file mode 100644 index 00000000000..7f21557fa87 --- /dev/null +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2366.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-2366", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-04-28T12:15:09.937", + "lastModified": "2023-04-28T12:58:08.387", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ajax.php?action=delete_class. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227642 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/oV201/cve_report/blob/main/vendors/oretnom23/faculty-evaluation-system/SQLi-2.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.227642", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.227642", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2367.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2367.json new file mode 100644 index 00000000000..27558642802 --- /dev/null +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2367.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-2367", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-04-28T13:15:13.697", + "lastModified": "2023-04-28T13:15:13.697", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/manage_academic.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227643." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/f0llow/bug_report/blob/main/vendors/oretnom23/faculty-evaluation-system/SQLi-1.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.227643", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.227643", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2368.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2368.json new file mode 100644 index 00000000000..93a64fbacd8 --- /dev/null +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2368.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-2368", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-04-28T13:15:13.797", + "lastModified": "2023-04-28T13:15:13.797", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php?page=manage_questionnaire. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227644." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/f0llow/bug_report/blob/main/vendors/oretnom23/faculty-evaluation-system/SQLi-2.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.227644", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.227644", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2369.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2369.json new file mode 100644 index 00000000000..6c326c0b905 --- /dev/null +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2369.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-2369", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-04-28T13:15:13.863", + "lastModified": "2023-04-28T13:15:13.863", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/manage_restriction.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227645 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/f0llow/bug_report/blob/main/vendors/oretnom23/faculty-evaluation-system/SQLi-3.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.227645", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.227645", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-254xx/CVE-2023-25437.json b/CVE-2023/CVE-2023-254xx/CVE-2023-25437.json index 2cf6d5f9652..97d0f9f1269 100644 --- a/CVE-2023/CVE-2023-254xx/CVE-2023-25437.json +++ b/CVE-2023/CVE-2023-254xx/CVE-2023-25437.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25437", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-27T21:15:10.630", - "lastModified": "2023-04-27T21:15:10.630", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:13.110", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-255xx/CVE-2023-25556.json b/CVE-2023/CVE-2023-255xx/CVE-2023-25556.json index 96d6330b496..87dc53020e3 100644 --- a/CVE-2023/CVE-2023-255xx/CVE-2023-25556.json +++ b/CVE-2023/CVE-2023-255xx/CVE-2023-25556.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25556", "sourceIdentifier": "cybersecurity@se.com", "published": "2023-04-18T18:15:07.357", - "lastModified": "2023-04-18T19:40:03.307", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-04-28T13:36:55.870", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "cybersecurity@se.com", "type": "Secondary", @@ -46,10 +66,214 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:schneider-electric:merten_instabus_tastermodul_1fach_system_m_firmware:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07A53874-254C-4CA0-9CA8-387094723B4A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:schneider-electric:merten_instabus_tastermodul_1fach_system_m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "29918B0B-9089-46B0-B86E-B78BFB5F0DB6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:schneider-electric:merten_instabus_tastermodul_2fach_system_m_firmware:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "10E0A138-4F3A-434D-B52D-5EE91CD7E2EA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:schneider-electric:merten_instabus_tastermodul_2fach_system_m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D4676AD5-F82E-42C0-B6A2-3D57F075C532" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:schneider-electric:merten_tasterschnittstelle_4fach_plus_firmware:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F7B565DF-3403-45E2-8C12-010DAFDA308E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:schneider-electric:merten_tasterschnittstelle_4fach_plus_firmware:1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "5CA73BB4-92DA-49BF-89D6-B037EF16F963" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:schneider-electric:merten_tasterschnittstelle_4fach_plus:-:*:*:*:*:*:*:*", + "matchCriteriaId": "46DEB9E7-1212-4BCA-8C23-72B2F45A97BF" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:schneider-electric:merten_knx_argus_180\\/2\\,20m_up_system_firmware:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F9D64205-D9F0-4199-8BEF-68979E7DB147" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:schneider-electric:merten_knx_argus_180\\/2\\,20m_up_system:-:*:*:*:*:*:*:*", + "matchCriteriaId": "559DECE9-5779-40B5-AF91-C97B3731AF73" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:schneider-electric:merten_jalousie-\\/schaltaktor_reg-k\\/8x\\/16x\\/10_m._hb_firmware:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "65F4A4D6-B1EF-41DC-B392-8BE542F473A2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:schneider-electric:merten_jalousie-\\/schaltaktor_reg-k\\/8x\\/16x\\/10_m._hb:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0FAF80D9-ED66-4D7A-8E1F-80D096B95DC6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:schneider-electric:merten_knx_uni-dimmaktor_ll_reg-k\\/2x230\\/300_w_firmware:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F7709BD4-99D8-4155-8EDE-62D4E58096FD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:schneider-electric:merten_knx_uni-dimmaktor_ll_reg-k\\/2x230\\/300_w_firmware:1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "A79222B6-2823-40D8-9A4B-52140789C7F6" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:schneider-electric:merten_knx_uni-dimmaktor_ll_reg-k\\/2x230\\/300_w:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DC7716A5-1CF8-4B90-952F-64E1B160BB2C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:schneider-electric:merten_knx_schaltakt.2x6a_up_m.2_eing._firmware:0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "501E6F54-418C-46A1-997B-CE3AAEBF0D2F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:schneider-electric:merten_knx_schaltakt.2x6a_up_m.2_eing.:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0B2F19DC-9F7A-431D-B0F9-559A9D49F53B" + } + ] + } + ] + } + ], "references": [ { "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-03.pdf", - "source": "cybersecurity@se.com" + "source": "cybersecurity@se.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-267xx/CVE-2023-26735.json b/CVE-2023/CVE-2023-267xx/CVE-2023-26735.json new file mode 100644 index 00000000000..15d8e05930d --- /dev/null +++ b/CVE-2023/CVE-2023-267xx/CVE-2023-26735.json @@ -0,0 +1,40 @@ +{ + "id": "CVE-2023-26735", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-04-26T00:15:09.227", + "lastModified": "2023-04-28T13:15:13.620", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "** DISPUTED ** blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://blackboxexporter.com", + "source": "cve@mitre.org" + }, + { + "url": "http://prometheus.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/prometheus/blackbox_exporter#tls-and-basic-authentication", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/prometheus/blackbox_exporter/issues/1024", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/prometheus/blackbox_exporter/issues/1025", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/prometheus/blackbox_exporter/issues/1026", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-275xx/CVE-2023-27556.json b/CVE-2023/CVE-2023-275xx/CVE-2023-27556.json index b3fb41784f8..55e91e4fc21 100644 --- a/CVE-2023/CVE-2023-275xx/CVE-2023-27556.json +++ b/CVE-2023/CVE-2023-275xx/CVE-2023-27556.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27556", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-04-28T01:15:06.967", - "lastModified": "2023-04-28T01:15:06.967", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:08.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-275xx/CVE-2023-27557.json b/CVE-2023/CVE-2023-275xx/CVE-2023-27557.json index 4af4648e7a9..57526370ea2 100644 --- a/CVE-2023/CVE-2023-275xx/CVE-2023-27557.json +++ b/CVE-2023/CVE-2023-275xx/CVE-2023-27557.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27557", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-04-28T02:15:08.910", - "lastModified": "2023-04-28T02:15:08.910", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:08.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-278xx/CVE-2023-27860.json b/CVE-2023/CVE-2023-278xx/CVE-2023-27860.json index 32dec2ed34d..93dfc9afda4 100644 --- a/CVE-2023/CVE-2023-278xx/CVE-2023-27860.json +++ b/CVE-2023/CVE-2023-278xx/CVE-2023-27860.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27860", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-04-27T19:15:20.253", - "lastModified": "2023-04-27T19:15:20.253", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:13.110", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-280xx/CVE-2023-28004.json b/CVE-2023/CVE-2023-280xx/CVE-2023-28004.json index e61045f1d7a..b8ad07a5706 100644 --- a/CVE-2023/CVE-2023-280xx/CVE-2023-28004.json +++ b/CVE-2023/CVE-2023-280xx/CVE-2023-28004.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28004", "sourceIdentifier": "cybersecurity@se.com", "published": "2023-04-18T22:15:07.350", - "lastModified": "2023-04-19T12:39:47.563", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-04-28T13:24:07.207", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cybersecurity@se.com", "type": "Secondary", @@ -46,10 +66,44 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:schneider-electric:powerlogic_hdpm6000_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "0.58.6", + "matchCriteriaId": "32778A18-2556-4F6B-A7AF-5F6F35E0BB3A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:schneider-electric:powerlogic_hdpm6000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E1493DEA-30AA-4BE0-84D7-FC0152D43F7F" + } + ] + } + ] + } + ], "references": [ { "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-073-02.pdf", - "source": "cybersecurity@se.com" + "source": "cybersecurity@se.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-281xx/CVE-2023-28140.json b/CVE-2023/CVE-2023-281xx/CVE-2023-28140.json index 050c6529629..e4e19a156f5 100644 --- a/CVE-2023/CVE-2023-281xx/CVE-2023-28140.json +++ b/CVE-2023/CVE-2023-281xx/CVE-2023-28140.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28140", "sourceIdentifier": "bugreport@qualys.com", "published": "2023-04-18T16:15:09.003", - "lastModified": "2023-04-18T17:36:19.570", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-04-28T13:52:12.577", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + }, { "source": "bugreport@qualys.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] + }, { "source": "bugreport@qualys.com", "type": "Secondary", @@ -46,10 +76,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qualys:cloud_agent:*:*:*:*:*:windows:*:*", + "versionStartIncluding": "3.1.3.34", + "versionEndExcluding": "4.5.3.1", + "matchCriteriaId": "A3C649A1-257A-441A-A11B-33208739DABD" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.qualys.com/security-advisories/", - "source": "bugreport@qualys.com" + "source": "bugreport@qualys.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-281xx/CVE-2023-28142.json b/CVE-2023/CVE-2023-281xx/CVE-2023-28142.json index 17b74e54e42..42f435378f4 100644 --- a/CVE-2023/CVE-2023-281xx/CVE-2023-28142.json +++ b/CVE-2023/CVE-2023-281xx/CVE-2023-28142.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28142", "sourceIdentifier": "bugreport@qualys.com", "published": "2023-04-18T16:15:09.153", - "lastModified": "2023-04-18T17:36:19.570", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-04-28T13:18:20.980", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + }, { "source": "bugreport@qualys.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-362" + } + ] + }, { "source": "bugreport@qualys.com", "type": "Secondary", @@ -46,10 +76,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qualys:cloud_agent:*:*:*:*:*:windows:*:*", + "versionStartIncluding": "3.1.3.34", + "versionEndExcluding": "4.5.3.1", + "matchCriteriaId": "A3C649A1-257A-441A-A11B-33208739DABD" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.qualys.com/security-advisories/", - "source": "bugreport@qualys.com" + "source": "bugreport@qualys.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-282xx/CVE-2023-28261.json b/CVE-2023/CVE-2023-282xx/CVE-2023-28261.json index 3a926787653..70d80936012 100644 --- a/CVE-2023/CVE-2023-282xx/CVE-2023-28261.json +++ b/CVE-2023/CVE-2023-282xx/CVE-2023-28261.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28261", "sourceIdentifier": "secure@microsoft.com", "published": "2023-04-27T19:15:20.350", - "lastModified": "2023-04-27T19:15:20.350", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:13.110", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-282xx/CVE-2023-28286.json b/CVE-2023/CVE-2023-282xx/CVE-2023-28286.json index 7c9e4dcd780..28ffc2c4637 100644 --- a/CVE-2023/CVE-2023-282xx/CVE-2023-28286.json +++ b/CVE-2023/CVE-2023-282xx/CVE-2023-28286.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28286", "sourceIdentifier": "secure@microsoft.com", "published": "2023-04-27T19:15:20.467", - "lastModified": "2023-04-27T19:15:20.467", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:13.110", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28384.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28384.json index 706e1e45ff7..fb70fcf0986 100644 --- a/CVE-2023/CVE-2023-283xx/CVE-2023-28384.json +++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28384.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28384", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-04-27T23:15:14.867", - "lastModified": "2023-04-27T23:15:14.867", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:13.110", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-284xx/CVE-2023-28400.json b/CVE-2023/CVE-2023-284xx/CVE-2023-28400.json index 9686c59c179..27b94fafe02 100644 --- a/CVE-2023/CVE-2023-284xx/CVE-2023-28400.json +++ b/CVE-2023/CVE-2023-284xx/CVE-2023-28400.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28400", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-04-27T23:15:14.917", - "lastModified": "2023-04-27T23:15:14.917", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:08.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-285xx/CVE-2023-28528.json b/CVE-2023/CVE-2023-285xx/CVE-2023-28528.json index ea475bd04fd..5b416db653d 100644 --- a/CVE-2023/CVE-2023-285xx/CVE-2023-28528.json +++ b/CVE-2023/CVE-2023-285xx/CVE-2023-28528.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28528", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-04-28T03:15:08.453", - "lastModified": "2023-04-28T03:15:08.453", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:08.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28716.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28716.json index 8b1adc257e4..23b9134f1c3 100644 --- a/CVE-2023/CVE-2023-287xx/CVE-2023-28716.json +++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28716.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28716", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-04-27T23:15:14.963", - "lastModified": "2023-04-27T23:15:14.963", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:08.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-288xx/CVE-2023-28882.json b/CVE-2023/CVE-2023-288xx/CVE-2023-28882.json index 45059059571..22b6325dc8d 100644 --- a/CVE-2023/CVE-2023-288xx/CVE-2023-28882.json +++ b/CVE-2023/CVE-2023-288xx/CVE-2023-28882.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28882", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-28T04:15:38.017", - "lastModified": "2023-04-28T04:15:38.017", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:08.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-291xx/CVE-2023-29150.json b/CVE-2023/CVE-2023-291xx/CVE-2023-29150.json index 02358b3c0c9..a703b2a70d9 100644 --- a/CVE-2023/CVE-2023-291xx/CVE-2023-29150.json +++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29150.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29150", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-04-27T23:15:15.007", - "lastModified": "2023-04-27T23:15:15.007", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:08.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-291xx/CVE-2023-29169.json b/CVE-2023/CVE-2023-291xx/CVE-2023-29169.json index e3526ca8ca8..b0d8cdb9880 100644 --- a/CVE-2023/CVE-2023-291xx/CVE-2023-29169.json +++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29169.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29169", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-04-27T23:15:15.050", - "lastModified": "2023-04-27T23:15:15.050", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:08.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29411.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29411.json index 9d6e06a85bc..416765d3274 100644 --- a/CVE-2023/CVE-2023-294xx/CVE-2023-29411.json +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29411.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29411", "sourceIdentifier": "cybersecurity@se.com", "published": "2023-04-18T21:15:09.390", - "lastModified": "2023-04-18T21:25:05.953", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-04-28T13:31:57.647", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cybersecurity@se.com", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "cybersecurity@se.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +64,125 @@ "value": "CWE-306" } ] + }, + { + "source": "cybersecurity@se.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:schneider-electric:apc_easy_ups_online_monitoring_software:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.5-ga-01-22320", + "matchCriteriaId": "D52617D6-0503-4B6B-A59D-441E0D1F4296" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", + "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:-:*", + "matchCriteriaId": "647F2145-B063-43EA-8045-32D3B4D893F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:schneider-electric:easy_ups_online_monitoring_software:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.5-gs-01-22320", + "matchCriteriaId": "1849E03C-445A-4225-AECD-B4A7502F5F3B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", + "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:-:*", + "matchCriteriaId": "647F2145-B063-43EA-8045-32D3B4D893F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" + } + ] + } + ] } ], "references": [ { "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-04.pdf", - "source": "cybersecurity@se.com" + "source": "cybersecurity@se.com", + "tags": [ + "Mitigation", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29412.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29412.json index 2d87fbaa5eb..8bcb53de21c 100644 --- a/CVE-2023/CVE-2023-294xx/CVE-2023-29412.json +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29412.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29412", "sourceIdentifier": "cybersecurity@se.com", "published": "2023-04-18T21:15:09.457", - "lastModified": "2023-04-18T21:25:05.953", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-04-28T13:30:38.643", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cybersecurity@se.com", "type": "Secondary", @@ -46,10 +66,113 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:schneider-electric:apc_easy_ups_online_monitoring_software:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.5-ga-01-22320", + "matchCriteriaId": "D52617D6-0503-4B6B-A59D-441E0D1F4296" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", + "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:-:*", + "matchCriteriaId": "647F2145-B063-43EA-8045-32D3B4D893F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:schneider-electric:easy_ups_online_monitoring_software:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.5-gs-01-22320", + "matchCriteriaId": "1849E03C-445A-4225-AECD-B4A7502F5F3B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", + "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:-:*", + "matchCriteriaId": "647F2145-B063-43EA-8045-32D3B4D893F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" + } + ] + } + ] + } + ], "references": [ { "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-04.pdf", - "source": "cybersecurity@se.com" + "source": "cybersecurity@se.com", + "tags": [ + "Mitigation", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29413.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29413.json index b5223201a2c..9ee1851778e 100644 --- a/CVE-2023/CVE-2023-294xx/CVE-2023-29413.json +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29413.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29413", "sourceIdentifier": "cybersecurity@se.com", "published": "2023-04-18T21:15:09.523", - "lastModified": "2023-04-18T21:25:05.953", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-04-28T13:26:11.537", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "cybersecurity@se.com", "type": "Secondary", @@ -46,10 +66,113 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:schneider-electric:apc_easy_ups_online_monitoring_software:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.5-ga-01-22320", + "matchCriteriaId": "D52617D6-0503-4B6B-A59D-441E0D1F4296" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", + "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:-:*", + "matchCriteriaId": "647F2145-B063-43EA-8045-32D3B4D893F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:schneider-electric:easy_ups_online_monitoring_software:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.5-gs-01-22320", + "matchCriteriaId": "1849E03C-445A-4225-AECD-B4A7502F5F3B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", + "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:-:*", + "matchCriteriaId": "647F2145-B063-43EA-8045-32D3B4D893F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" + } + ] + } + ] + } + ], "references": [ { "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-04.pdf", - "source": "cybersecurity@se.com" + "source": "cybersecurity@se.com", + "tags": [ + "Mitigation", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29471.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29471.json index 668e3576e7d..8f95c31745a 100644 --- a/CVE-2023/CVE-2023-294xx/CVE-2023-29471.json +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29471.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29471", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-27T21:15:10.710", - "lastModified": "2023-04-27T21:15:10.710", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:13.110", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29489.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29489.json index 4a88bb4bb90..e41ae46ca77 100644 --- a/CVE-2023/CVE-2023-294xx/CVE-2023-29489.json +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29489.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29489", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-27T21:15:10.783", - "lastModified": "2023-04-27T21:15:10.783", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:13.110", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-299xx/CVE-2023-29950.json b/CVE-2023/CVE-2023-299xx/CVE-2023-29950.json index 55e00ec0253..dd3f9709fea 100644 --- a/CVE-2023/CVE-2023-299xx/CVE-2023-29950.json +++ b/CVE-2023/CVE-2023-299xx/CVE-2023-29950.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29950", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-27T20:15:40.207", - "lastModified": "2023-04-27T20:15:40.207", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:13.110", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-300xx/CVE-2023-30024.json b/CVE-2023/CVE-2023-300xx/CVE-2023-30024.json new file mode 100644 index 00000000000..cf12e7135cd --- /dev/null +++ b/CVE-2023/CVE-2023-300xx/CVE-2023-30024.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-30024", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-04-28T13:15:13.920", + "lastModified": "2023-04-28T13:15:13.920", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Insecure Permissions vulnerability found in MagicJack A921 USB Phone Jack Rev 3.0 v.1.4 allows a physically proximate attacker to escalate privileges and gain access to sensitive information via the NAND flash memory." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://drive.google.com/drive/folders/1cKd8hksThK610GPtBQ3du8DEkwKywlAi?usp=sharing", + "source": "cve@mitre.org" + }, + { + "url": "https://pastebin.com/raw/irWcawp8", + "source": "cve@mitre.org" + }, + { + "url": "https://samuraisecurity.co.uk/red-teaming-0x01-click-rce-via-voip-usb/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.magicjack.com/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-303xx/CVE-2023-30380.json b/CVE-2023/CVE-2023-303xx/CVE-2023-30380.json index 44477f92891..52526e298b8 100644 --- a/CVE-2023/CVE-2023-303xx/CVE-2023-30380.json +++ b/CVE-2023/CVE-2023-303xx/CVE-2023-30380.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30380", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-27T22:15:09.917", - "lastModified": "2023-04-27T22:15:09.917", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:13.110", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-304xx/CVE-2023-30466.json b/CVE-2023/CVE-2023-304xx/CVE-2023-30466.json index 622c0f9aa58..a3f748617b3 100644 --- a/CVE-2023/CVE-2023-304xx/CVE-2023-30466.json +++ b/CVE-2023/CVE-2023-304xx/CVE-2023-30466.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30466", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2023-04-28T11:15:08.987", - "lastModified": "2023-04-28T11:15:08.987", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:08.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-304xx/CVE-2023-30467.json b/CVE-2023/CVE-2023-304xx/CVE-2023-30467.json index fd3ec8ca01f..6e55e258bfd 100644 --- a/CVE-2023/CVE-2023-304xx/CVE-2023-30467.json +++ b/CVE-2023/CVE-2023-304xx/CVE-2023-30467.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30467", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2023-04-28T11:15:09.040", - "lastModified": "2023-04-28T11:15:09.040", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:08.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31436.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31436.json index e15368df33d..85019dbe2d5 100644 --- a/CVE-2023/CVE-2023-314xx/CVE-2023-31436.json +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31436.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31436", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-28T02:15:09.007", - "lastModified": "2023-04-28T02:15:09.007", - "vulnStatus": "Received", + "lastModified": "2023-04-28T12:58:08.387", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/README.md b/README.md index 825cc1d31a2..5a289953cb3 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-04-28T12:00:23.385733+00:00 +2023-04-28T14:00:25.326213+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-04-28T11:15:09.040000+00:00 +2023-04-28T13:52:12.577000+00:00 ``` ### Last Data Feed Release @@ -29,25 +29,73 @@ Download and Changelog: [Click](releases/latest) ### Total Number of included CVEs ```plain -213721 +213733 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `12` -* [CVE-2022-48481](CVE-2022/CVE-2022-484xx/CVE-2022-48481.json) (`2023-04-28T10:15:09.130`) -* [CVE-2023-2363](CVE-2023/CVE-2023-23xx/CVE-2023-2363.json) (`2023-04-28T11:15:08.847`) -* [CVE-2023-2364](CVE-2023/CVE-2023-23xx/CVE-2023-2364.json) (`2023-04-28T11:15:08.923`) -* [CVE-2023-30466](CVE-2023/CVE-2023-304xx/CVE-2023-30466.json) (`2023-04-28T11:15:08.987`) -* [CVE-2023-30467](CVE-2023/CVE-2023-304xx/CVE-2023-30467.json) (`2023-04-28T11:15:09.040`) +* [CVE-2022-38583](CVE-2022/CVE-2022-385xx/CVE-2022-38583.json) (`2023-04-28T13:15:13.313`) +* [CVE-2022-41397](CVE-2022/CVE-2022-413xx/CVE-2022-41397.json) (`2023-04-28T13:15:13.417`) +* [CVE-2022-41398](CVE-2022/CVE-2022-413xx/CVE-2022-41398.json) (`2023-04-28T13:15:13.460`) +* [CVE-2022-41399](CVE-2022/CVE-2022-413xx/CVE-2022-41399.json) (`2023-04-28T13:15:13.510`) +* [CVE-2022-41400](CVE-2022/CVE-2022-414xx/CVE-2022-41400.json) (`2023-04-28T13:15:13.560`) +* [CVE-2023-2360](CVE-2023/CVE-2023-23xx/CVE-2023-2360.json) (`2023-04-28T12:15:09.820`) +* [CVE-2023-2365](CVE-2023/CVE-2023-23xx/CVE-2023-2365.json) (`2023-04-28T12:15:09.877`) +* [CVE-2023-2366](CVE-2023/CVE-2023-23xx/CVE-2023-2366.json) (`2023-04-28T12:15:09.937`) +* [CVE-2023-2367](CVE-2023/CVE-2023-23xx/CVE-2023-2367.json) (`2023-04-28T13:15:13.697`) +* [CVE-2023-2368](CVE-2023/CVE-2023-23xx/CVE-2023-2368.json) (`2023-04-28T13:15:13.797`) +* [CVE-2023-2369](CVE-2023/CVE-2023-23xx/CVE-2023-2369.json) (`2023-04-28T13:15:13.863`) +* [CVE-2023-30024](CVE-2023/CVE-2023-300xx/CVE-2023-30024.json) (`2023-04-28T13:15:13.920`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `42` -* [CVE-2023-26876](CVE-2023/CVE-2023-268xx/CVE-2023-26876.json) (`2023-04-28T11:15:08.770`) +* [CVE-2020-4729](CVE-2020/CVE-2020-47xx/CVE-2020-4729.json) (`2023-04-28T12:58:08.387`) +* [CVE-2022-25091](CVE-2022/CVE-2022-250xx/CVE-2022-25091.json) (`2023-04-28T12:58:13.110`) +* [CVE-2022-31647](CVE-2022/CVE-2022-316xx/CVE-2022-31647.json) (`2023-04-28T12:58:13.110`) +* [CVE-2022-34292](CVE-2022/CVE-2022-342xx/CVE-2022-34292.json) (`2023-04-28T12:58:13.110`) +* [CVE-2022-37326](CVE-2022/CVE-2022-373xx/CVE-2022-37326.json) (`2023-04-28T12:58:13.110`) +* [CVE-2022-38730](CVE-2022/CVE-2022-387xx/CVE-2022-38730.json) (`2023-04-28T12:58:13.110`) +* [CVE-2022-48481](CVE-2022/CVE-2022-484xx/CVE-2022-48481.json) (`2023-04-28T12:58:08.387`) +* [CVE-2023-1967](CVE-2023/CVE-2023-19xx/CVE-2023-1967.json) (`2023-04-28T12:58:13.110`) +* [CVE-2023-21712](CVE-2023/CVE-2023-217xx/CVE-2023-21712.json) (`2023-04-28T12:58:13.110`) +* [CVE-2023-2355](CVE-2023/CVE-2023-23xx/CVE-2023-2355.json) (`2023-04-28T12:58:13.110`) +* [CVE-2023-2356](CVE-2023/CVE-2023-23xx/CVE-2023-2356.json) (`2023-04-28T12:58:08.387`) +* [CVE-2023-2361](CVE-2023/CVE-2023-23xx/CVE-2023-2361.json) (`2023-04-28T12:58:08.387`) +* [CVE-2023-2363](CVE-2023/CVE-2023-23xx/CVE-2023-2363.json) (`2023-04-28T12:58:08.387`) +* [CVE-2023-2364](CVE-2023/CVE-2023-23xx/CVE-2023-2364.json) (`2023-04-28T12:58:08.387`) +* [CVE-2023-25437](CVE-2023/CVE-2023-254xx/CVE-2023-25437.json) (`2023-04-28T12:58:13.110`) +* [CVE-2023-25556](CVE-2023/CVE-2023-255xx/CVE-2023-25556.json) (`2023-04-28T13:36:55.870`) +* [CVE-2023-26735](CVE-2023/CVE-2023-267xx/CVE-2023-26735.json) (`2023-04-28T13:15:13.620`) +* [CVE-2023-27556](CVE-2023/CVE-2023-275xx/CVE-2023-27556.json) (`2023-04-28T12:58:08.387`) +* [CVE-2023-27557](CVE-2023/CVE-2023-275xx/CVE-2023-27557.json) (`2023-04-28T12:58:08.387`) +* [CVE-2023-27860](CVE-2023/CVE-2023-278xx/CVE-2023-27860.json) (`2023-04-28T12:58:13.110`) +* [CVE-2023-28004](CVE-2023/CVE-2023-280xx/CVE-2023-28004.json) (`2023-04-28T13:24:07.207`) +* [CVE-2023-28140](CVE-2023/CVE-2023-281xx/CVE-2023-28140.json) (`2023-04-28T13:52:12.577`) +* [CVE-2023-28142](CVE-2023/CVE-2023-281xx/CVE-2023-28142.json) (`2023-04-28T13:18:20.980`) +* [CVE-2023-28261](CVE-2023/CVE-2023-282xx/CVE-2023-28261.json) (`2023-04-28T12:58:13.110`) +* [CVE-2023-28286](CVE-2023/CVE-2023-282xx/CVE-2023-28286.json) (`2023-04-28T12:58:13.110`) +* [CVE-2023-28384](CVE-2023/CVE-2023-283xx/CVE-2023-28384.json) (`2023-04-28T12:58:13.110`) +* [CVE-2023-28400](CVE-2023/CVE-2023-284xx/CVE-2023-28400.json) (`2023-04-28T12:58:08.387`) +* [CVE-2023-28528](CVE-2023/CVE-2023-285xx/CVE-2023-28528.json) (`2023-04-28T12:58:08.387`) +* [CVE-2023-28716](CVE-2023/CVE-2023-287xx/CVE-2023-28716.json) (`2023-04-28T12:58:08.387`) +* [CVE-2023-28882](CVE-2023/CVE-2023-288xx/CVE-2023-28882.json) (`2023-04-28T12:58:08.387`) +* [CVE-2023-29150](CVE-2023/CVE-2023-291xx/CVE-2023-29150.json) (`2023-04-28T12:58:08.387`) +* [CVE-2023-29169](CVE-2023/CVE-2023-291xx/CVE-2023-29169.json) (`2023-04-28T12:58:08.387`) +* [CVE-2023-29411](CVE-2023/CVE-2023-294xx/CVE-2023-29411.json) (`2023-04-28T13:31:57.647`) +* [CVE-2023-29412](CVE-2023/CVE-2023-294xx/CVE-2023-29412.json) (`2023-04-28T13:30:38.643`) +* [CVE-2023-29413](CVE-2023/CVE-2023-294xx/CVE-2023-29413.json) (`2023-04-28T13:26:11.537`) +* [CVE-2023-29471](CVE-2023/CVE-2023-294xx/CVE-2023-29471.json) (`2023-04-28T12:58:13.110`) +* [CVE-2023-29489](CVE-2023/CVE-2023-294xx/CVE-2023-29489.json) (`2023-04-28T12:58:13.110`) +* [CVE-2023-29950](CVE-2023/CVE-2023-299xx/CVE-2023-29950.json) (`2023-04-28T12:58:13.110`) +* [CVE-2023-30380](CVE-2023/CVE-2023-303xx/CVE-2023-30380.json) (`2023-04-28T12:58:13.110`) +* [CVE-2023-30466](CVE-2023/CVE-2023-304xx/CVE-2023-30466.json) (`2023-04-28T12:58:08.387`) +* [CVE-2023-30467](CVE-2023/CVE-2023-304xx/CVE-2023-30467.json) (`2023-04-28T12:58:08.387`) +* [CVE-2023-31436](CVE-2023/CVE-2023-314xx/CVE-2023-31436.json) (`2023-04-28T12:58:08.387`) ## Download and Usage