From bfd38a97b9041eac5d25ad48755aaa0b0a2a9d42 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 2 Jun 2023 22:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-06-02T22:00:24.654156+00:00 --- CVE-2022/CVE-2022-362xx/CVE-2022-36244.json | 63 +++++++++++++++-- CVE-2022/CVE-2022-362xx/CVE-2022-36246.json | 63 +++++++++++++++-- CVE-2022/CVE-2022-362xx/CVE-2022-36247.json | 65 +++++++++++++++-- CVE-2022/CVE-2022-362xx/CVE-2022-36249.json | 63 +++++++++++++++-- CVE-2023/CVE-2023-295xx/CVE-2023-29550.json | 4 +- CVE-2023/CVE-2023-295xx/CVE-2023-29551.json | 4 +- CVE-2023/CVE-2023-30xx/CVE-2023-3073.json | 4 +- CVE-2023/CVE-2023-30xx/CVE-2023-3074.json | 4 +- CVE-2023/CVE-2023-30xx/CVE-2023-3075.json | 4 +- CVE-2023/CVE-2023-312xx/CVE-2023-31225.json | 78 +++++++++++++++++++-- CVE-2023/CVE-2023-322xx/CVE-2023-32215.json | 4 +- CVE-2023/CVE-2023-331xx/CVE-2023-33195.json | 8 ++- CVE-2023/CVE-2023-336xx/CVE-2023-33669.json | 20 ++++++ CVE-2023/CVE-2023-336xx/CVE-2023-33670.json | 20 ++++++ CVE-2023/CVE-2023-336xx/CVE-2023-33671.json | 20 ++++++ CVE-2023/CVE-2023-336xx/CVE-2023-33672.json | 20 ++++++ CVE-2023/CVE-2023-336xx/CVE-2023-33673.json | 20 ++++++ CVE-2023/CVE-2023-336xx/CVE-2023-33675.json | 20 ++++++ CVE-2023/CVE-2023-337xx/CVE-2023-33761.json | 20 ++++++ CVE-2023/CVE-2023-337xx/CVE-2023-33762.json | 20 ++++++ CVE-2023/CVE-2023-337xx/CVE-2023-33763.json | 20 ++++++ README.md | 59 +++++++--------- 22 files changed, 536 insertions(+), 67 deletions(-) create mode 100644 CVE-2023/CVE-2023-336xx/CVE-2023-33669.json create mode 100644 CVE-2023/CVE-2023-336xx/CVE-2023-33670.json create mode 100644 CVE-2023/CVE-2023-336xx/CVE-2023-33671.json create mode 100644 CVE-2023/CVE-2023-336xx/CVE-2023-33672.json create mode 100644 CVE-2023/CVE-2023-336xx/CVE-2023-33673.json create mode 100644 CVE-2023/CVE-2023-336xx/CVE-2023-33675.json create mode 100644 CVE-2023/CVE-2023-337xx/CVE-2023-33761.json create mode 100644 CVE-2023/CVE-2023-337xx/CVE-2023-33762.json create mode 100644 CVE-2023/CVE-2023-337xx/CVE-2023-33763.json diff --git a/CVE-2022/CVE-2022-362xx/CVE-2022-36244.json b/CVE-2022/CVE-2022-362xx/CVE-2022-36244.json index 98c0f9485c9..b988aa1c306 100644 --- a/CVE-2022/CVE-2022-362xx/CVE-2022-36244.json +++ b/CVE-2022/CVE-2022-362xx/CVE-2022-36244.json @@ -2,16 +2,49 @@ "id": "CVE-2022-36244", "sourceIdentifier": "support@shopbeat.co.za", "published": "2023-05-30T20:15:09.660", - "lastModified": "2023-05-30T21:10:07.833", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-02T20:57:58.920", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 suffers from Multiple Stored Cross-Site Scripting (XSS) vulnerabilities via Shop Beat Control Panel found at www.shopbeat.co.za controlpanel.shopbeat.co.za." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "support@shopbeat.co.za", "type": "Secondary", @@ -23,10 +56,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:shopbeat:shop_beat_media_player:*:*:*:*:*:*:arm:*", + "versionStartIncluding": "2.5.95", + "versionEndExcluding": "3.2.57", + "matchCriteriaId": "C54277DA-6740-4A03-AA80-3546DDD4D17E" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.shopbeat.co.za", - "source": "support@shopbeat.co.za" + "source": "support@shopbeat.co.za", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-362xx/CVE-2022-36246.json b/CVE-2022/CVE-2022-362xx/CVE-2022-36246.json index d79174f34e3..81936eaebb0 100644 --- a/CVE-2022/CVE-2022-362xx/CVE-2022-36246.json +++ b/CVE-2022/CVE-2022-362xx/CVE-2022-36246.json @@ -2,16 +2,49 @@ "id": "CVE-2022-36246", "sourceIdentifier": "support@shopbeat.co.za", "published": "2023-05-30T20:15:09.720", - "lastModified": "2023-05-30T21:10:02.053", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-02T20:53:31.427", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Insecure Permissions." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "support@shopbeat.co.za", "type": "Secondary", @@ -23,10 +56,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:shopbeat:shop_beat_media_player:*:*:*:*:*:*:arm:*", + "versionStartIncluding": "2.5.95", + "versionEndExcluding": "3.2.57", + "matchCriteriaId": "C54277DA-6740-4A03-AA80-3546DDD4D17E" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.shopbeat.co.za", - "source": "support@shopbeat.co.za" + "source": "support@shopbeat.co.za", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-362xx/CVE-2022-36247.json b/CVE-2022/CVE-2022-362xx/CVE-2022-36247.json index 6df0285a445..b3f534fdf2b 100644 --- a/CVE-2022/CVE-2022-362xx/CVE-2022-36247.json +++ b/CVE-2022/CVE-2022-362xx/CVE-2022-36247.json @@ -2,19 +2,76 @@ "id": "CVE-2022-36247", "sourceIdentifier": "support@shopbeat.co.za", "published": "2023-05-30T20:15:09.780", - "lastModified": "2023-05-30T21:10:02.053", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-02T20:52:10.493", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to IDOR via controlpanel.shopbeat.co.za." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:shopbeat:shop_beat_media_player:*:*:*:*:*:*:arm:*", + "versionStartIncluding": "2.5.95", + "versionEndExcluding": "3.2.57", + "matchCriteriaId": "C54277DA-6740-4A03-AA80-3546DDD4D17E" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.shopbeat.co.za", - "source": "support@shopbeat.co.za" + "source": "support@shopbeat.co.za", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-362xx/CVE-2022-36249.json b/CVE-2022/CVE-2022-362xx/CVE-2022-36249.json index 9ed47dd7f27..2a4aaef3c6f 100644 --- a/CVE-2022/CVE-2022-362xx/CVE-2022-36249.json +++ b/CVE-2022/CVE-2022-362xx/CVE-2022-36249.json @@ -2,16 +2,49 @@ "id": "CVE-2022-36249", "sourceIdentifier": "support@shopbeat.co.za", "published": "2023-05-30T20:15:09.823", - "lastModified": "2023-05-30T21:10:02.053", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-02T20:50:05.440", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. \"After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API level." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + }, { "source": "support@shopbeat.co.za", "type": "Secondary", @@ -23,10 +56,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:shopbeat:shop_beat_media_player:*:*:*:*:*:*:arm:*", + "versionStartIncluding": "2.5.95", + "versionEndExcluding": "3.2.57", + "matchCriteriaId": "C54277DA-6740-4A03-AA80-3546DDD4D17E" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.shopbeat.co.za", - "source": "support@shopbeat.co.za" + "source": "support@shopbeat.co.za", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29550.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29550.json index 373d760d86b..0d16175ec96 100644 --- a/CVE-2023/CVE-2023-295xx/CVE-2023-29550.json +++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29550.json @@ -2,12 +2,12 @@ "id": "CVE-2023-29550", "sourceIdentifier": "security@mozilla.org", "published": "2023-06-02T17:15:12.967", - "lastModified": "2023-06-02T19:15:09.277", + "lastModified": "2023-06-02T20:15:09.367", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10." + "value": "Mozilla developers Randell Jesup, Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29551.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29551.json index 87241d302e9..ca98d6a7ae4 100644 --- a/CVE-2023/CVE-2023-295xx/CVE-2023-29551.json +++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29551.json @@ -2,12 +2,12 @@ "id": "CVE-2023-29551", "sourceIdentifier": "security@mozilla.org", "published": "2023-06-02T17:15:13.010", - "lastModified": "2023-06-02T19:15:09.333", + "lastModified": "2023-06-02T20:15:09.423", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "Memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112." + "value": "Mozilla developers Randell Jesup, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3073.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3073.json index fac51523752..96a9fbc1696 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3073.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3073.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3073", "sourceIdentifier": "security@huntr.dev", "published": "2023-06-02T19:15:09.433", - "lastModified": "2023-06-02T19:15:09.433", - "vulnStatus": "Received", + "lastModified": "2023-06-02T20:58:57.383", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3074.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3074.json index 58fd20053fd..d83ff72b3bb 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3074.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3074.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3074", "sourceIdentifier": "security@huntr.dev", "published": "2023-06-02T18:15:09.650", - "lastModified": "2023-06-02T18:15:09.650", - "vulnStatus": "Received", + "lastModified": "2023-06-02T20:58:57.383", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3075.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3075.json index 42170ae2855..c05f3068693 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3075.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3075.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3075", "sourceIdentifier": "security@huntr.dev", "published": "2023-06-02T18:15:09.717", - "lastModified": "2023-06-02T18:15:09.717", - "vulnStatus": "Received", + "lastModified": "2023-06-02T20:58:57.383", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31225.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31225.json index 8a2f81b231c..7d7c28a9bca 100644 --- a/CVE-2023/CVE-2023-312xx/CVE-2023-31225.json +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31225.json @@ -2,19 +2,89 @@ "id": "CVE-2023-31225", "sourceIdentifier": "psirt@huawei.com", "published": "2023-05-26T17:15:17.830", - "lastModified": "2023-05-26T17:15:17.830", - "vulnStatus": "Received", + "lastModified": "2023-06-02T20:42:20.567", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect product availability." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:11.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "511F8CE2-C2B6-4A08-B992-49D9B75B8655" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "2DF07E7F-3A18-4B74-B73D-DF3647C2A48F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/5/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32215.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32215.json index 2d758d4befe..97f9f84d092 100644 --- a/CVE-2023/CVE-2023-322xx/CVE-2023-32215.json +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32215.json @@ -2,12 +2,12 @@ "id": "CVE-2023-32215", "sourceIdentifier": "security@mozilla.org", "published": "2023-06-02T17:15:13.337", - "lastModified": "2023-06-02T19:15:09.383", + "lastModified": "2023-06-02T20:15:09.470", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11." + "value": "Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33195.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33195.json index 0d1d624c89b..20a86633afb 100644 --- a/CVE-2023/CVE-2023-331xx/CVE-2023-33195.json +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33195.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33195", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-27T04:15:25.767", - "lastModified": "2023-06-02T13:49:02.543", - "vulnStatus": "Analyzed", + "lastModified": "2023-06-02T21:15:09.430", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -103,6 +103,10 @@ "Patch" ] }, + { + "url": "https://github.com/craftcms/cms/releases/tag/4.4.6", + "source": "security-advisories@github.com" + }, { "url": "https://github.com/craftcms/cms/security/advisories/GHSA-qpgm-gjgf-8c2x", "source": "security-advisories@github.com", diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33669.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33669.json new file mode 100644 index 00000000000..682dddfef35 --- /dev/null +++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33669.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33669", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-02T20:15:09.520", + "lastModified": "2023-06-02T20:58:57.383", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the timeZone parameter in the sub_44db3c function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/DDizzzy79/Tenda-CVE/blob/main/AC8V4.0/N1/README.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33670.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33670.json new file mode 100644 index 00000000000..12b9fa32f90 --- /dev/null +++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33670.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33670", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-02T20:15:09.563", + "lastModified": "2023-06-02T20:58:57.383", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sub_4a79ec function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/DDizzzy79/Tenda-CVE/blob/main/AC8V4.0/N3/README.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33671.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33671.json new file mode 100644 index 00000000000..63513d55a04 --- /dev/null +++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33671.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33671", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-02T20:15:09.607", + "lastModified": "2023-06-02T20:58:57.383", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/DDizzzy79/Tenda-CVE/blob/main/AC8V4.0/N4/README.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33672.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33672.json new file mode 100644 index 00000000000..b21aa72fb22 --- /dev/null +++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33672.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33672", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-02T20:15:09.647", + "lastModified": "2023-06-02T20:58:57.383", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/DDizzzy79/Tenda-CVE/blob/main/AC8V4.0/N2/README.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33673.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33673.json new file mode 100644 index 00000000000..9524058f37f --- /dev/null +++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33673.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33673", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-02T20:15:09.693", + "lastModified": "2023-06-02T20:58:57.383", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/DDizzzy79/Tenda-CVE/blob/main/AC8V4.0/N6/README.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33675.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33675.json new file mode 100644 index 00000000000..25e4f15108f --- /dev/null +++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33675.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33675", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-02T20:15:09.733", + "lastModified": "2023-06-02T20:58:57.383", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the get_parentControl_list_Info function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/DDizzzy79/Tenda-CVE/blob/main/AC8V4.0/N5/README.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33761.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33761.json new file mode 100644 index 00000000000..8c836d641d7 --- /dev/null +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33761.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33761", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-02T20:15:09.777", + "lastModified": "2023-06-02T20:58:57.383", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /view/cb/format_642.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/rauschecker/CVEs/tree/main/CVE-2023-33761", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33762.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33762.json new file mode 100644 index 00000000000..5f1735d6c97 --- /dev/null +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33762.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33762", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-02T20:15:09.823", + "lastModified": "2023-06-02T20:58:57.383", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a SQL injection vulnerability via the Activity parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/rauschecker/CVEs/tree/main/CVE-2023-33762", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33763.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33763.json new file mode 100644 index 00000000000..1c5aebbbe89 --- /dev/null +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33763.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33763", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-02T20:15:09.867", + "lastModified": "2023-06-02T20:58:57.383", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /scheduler/index.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/rauschecker/CVEs/tree/main/CVE-2023-33763", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 75aae4e3ad3..ba9bd4eb910 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-06-02T20:00:27.980097+00:00 +2023-06-02T22:00:24.654156+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-06-02T19:50:57.253000+00:00 +2023-06-02T21:15:09.430000+00:00 ``` ### Last Data Feed Release @@ -29,47 +29,40 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -216779 +216788 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `9` -* [CVE-2023-3074](CVE-2023/CVE-2023-30xx/CVE-2023-3074.json) (`2023-06-02T18:15:09.650`) -* [CVE-2023-3075](CVE-2023/CVE-2023-30xx/CVE-2023-3075.json) (`2023-06-02T18:15:09.717`) -* [CVE-2023-3073](CVE-2023/CVE-2023-30xx/CVE-2023-3073.json) (`2023-06-02T19:15:09.433`) +* [CVE-2023-33669](CVE-2023/CVE-2023-336xx/CVE-2023-33669.json) (`2023-06-02T20:15:09.520`) +* [CVE-2023-33670](CVE-2023/CVE-2023-336xx/CVE-2023-33670.json) (`2023-06-02T20:15:09.563`) +* [CVE-2023-33671](CVE-2023/CVE-2023-336xx/CVE-2023-33671.json) (`2023-06-02T20:15:09.607`) +* [CVE-2023-33672](CVE-2023/CVE-2023-336xx/CVE-2023-33672.json) (`2023-06-02T20:15:09.647`) +* [CVE-2023-33673](CVE-2023/CVE-2023-336xx/CVE-2023-33673.json) (`2023-06-02T20:15:09.693`) +* [CVE-2023-33675](CVE-2023/CVE-2023-336xx/CVE-2023-33675.json) (`2023-06-02T20:15:09.733`) +* [CVE-2023-33761](CVE-2023/CVE-2023-337xx/CVE-2023-33761.json) (`2023-06-02T20:15:09.777`) +* [CVE-2023-33762](CVE-2023/CVE-2023-337xx/CVE-2023-33762.json) (`2023-06-02T20:15:09.823`) +* [CVE-2023-33763](CVE-2023/CVE-2023-337xx/CVE-2023-33763.json) (`2023-06-02T20:15:09.867`) ### CVEs modified in the last Commit -Recently modified CVEs: `121` +Recently modified CVEs: `12` -* [CVE-2023-33194](CVE-2023/CVE-2023-331xx/CVE-2023-33194.json) (`2023-06-02T18:43:36.960`) -* [CVE-2023-32218](CVE-2023/CVE-2023-322xx/CVE-2023-32218.json) (`2023-06-02T18:45:25.407`) -* [CVE-2023-26129](CVE-2023/CVE-2023-261xx/CVE-2023-26129.json) (`2023-06-02T18:45:29.203`) -* [CVE-2023-31187](CVE-2023/CVE-2023-311xx/CVE-2023-31187.json) (`2023-06-02T18:46:06.023`) -* [CVE-2023-31186](CVE-2023/CVE-2023-311xx/CVE-2023-31186.json) (`2023-06-02T18:46:36.920`) -* [CVE-2023-33184](CVE-2023/CVE-2023-331xx/CVE-2023-33184.json) (`2023-06-02T18:52:18.290`) -* [CVE-2023-32688](CVE-2023/CVE-2023-326xx/CVE-2023-32688.json) (`2023-06-02T18:58:42.280`) -* [CVE-2023-1981](CVE-2023/CVE-2023-19xx/CVE-2023-1981.json) (`2023-06-02T19:06:29.867`) -* [CVE-2023-29550](CVE-2023/CVE-2023-295xx/CVE-2023-29550.json) (`2023-06-02T19:15:09.277`) -* [CVE-2023-29551](CVE-2023/CVE-2023-295xx/CVE-2023-29551.json) (`2023-06-02T19:15:09.333`) -* [CVE-2023-32215](CVE-2023/CVE-2023-322xx/CVE-2023-32215.json) (`2023-06-02T19:15:09.383`) -* [CVE-2023-34219](CVE-2023/CVE-2023-342xx/CVE-2023-34219.json) (`2023-06-02T19:17:09.593`) -* [CVE-2023-34220](CVE-2023/CVE-2023-342xx/CVE-2023-34220.json) (`2023-06-02T19:17:30.173`) -* [CVE-2023-34221](CVE-2023/CVE-2023-342xx/CVE-2023-34221.json) (`2023-06-02T19:17:36.690`) -* [CVE-2023-34222](CVE-2023/CVE-2023-342xx/CVE-2023-34222.json) (`2023-06-02T19:17:48.040`) -* [CVE-2023-20868](CVE-2023/CVE-2023-208xx/CVE-2023-20868.json) (`2023-06-02T19:18:23.130`) -* [CVE-2023-34223](CVE-2023/CVE-2023-342xx/CVE-2023-34223.json) (`2023-06-02T19:18:45.707`) -* [CVE-2023-34224](CVE-2023/CVE-2023-342xx/CVE-2023-34224.json) (`2023-06-02T19:19:03.420`) -* [CVE-2023-33780](CVE-2023/CVE-2023-337xx/CVE-2023-33780.json) (`2023-06-02T19:19:36.083`) -* [CVE-2023-34227](CVE-2023/CVE-2023-342xx/CVE-2023-34227.json) (`2023-06-02T19:20:08.277`) -* [CVE-2023-33779](CVE-2023/CVE-2023-337xx/CVE-2023-33779.json) (`2023-06-02T19:20:34.837`) -* [CVE-2023-2954](CVE-2023/CVE-2023-29xx/CVE-2023-2954.json) (`2023-06-02T19:21:18.230`) -* [CVE-2023-29380](CVE-2023/CVE-2023-293xx/CVE-2023-29380.json) (`2023-06-02T19:23:03.893`) -* [CVE-2023-27988](CVE-2023/CVE-2023-279xx/CVE-2023-27988.json) (`2023-06-02T19:49:17.550`) -* [CVE-2023-30350](CVE-2023/CVE-2023-303xx/CVE-2023-30350.json) (`2023-06-02T19:50:57.253`) +* [CVE-2022-36249](CVE-2022/CVE-2022-362xx/CVE-2022-36249.json) (`2023-06-02T20:50:05.440`) +* [CVE-2022-36247](CVE-2022/CVE-2022-362xx/CVE-2022-36247.json) (`2023-06-02T20:52:10.493`) +* [CVE-2022-36246](CVE-2022/CVE-2022-362xx/CVE-2022-36246.json) (`2023-06-02T20:53:31.427`) +* [CVE-2022-36244](CVE-2022/CVE-2022-362xx/CVE-2022-36244.json) (`2023-06-02T20:57:58.920`) +* [CVE-2023-29550](CVE-2023/CVE-2023-295xx/CVE-2023-29550.json) (`2023-06-02T20:15:09.367`) +* [CVE-2023-29551](CVE-2023/CVE-2023-295xx/CVE-2023-29551.json) (`2023-06-02T20:15:09.423`) +* [CVE-2023-32215](CVE-2023/CVE-2023-322xx/CVE-2023-32215.json) (`2023-06-02T20:15:09.470`) +* [CVE-2023-31225](CVE-2023/CVE-2023-312xx/CVE-2023-31225.json) (`2023-06-02T20:42:20.567`) +* [CVE-2023-3074](CVE-2023/CVE-2023-30xx/CVE-2023-3074.json) (`2023-06-02T20:58:57.383`) +* [CVE-2023-3075](CVE-2023/CVE-2023-30xx/CVE-2023-3075.json) (`2023-06-02T20:58:57.383`) +* [CVE-2023-3073](CVE-2023/CVE-2023-30xx/CVE-2023-3073.json) (`2023-06-02T20:58:57.383`) +* [CVE-2023-33195](CVE-2023/CVE-2023-331xx/CVE-2023-33195.json) (`2023-06-02T21:15:09.430`) ## Download and Usage