From c09d2fef1a16ff8a047661771e2570db9714be26 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 3 Aug 2023 22:00:33 +0000 Subject: [PATCH] Auto-Update: 2023-08-03T22:00:29.636831+00:00 --- CVE-2020/CVE-2020-216xx/CVE-2020-21662.json | 63 +++++++++++++++++-- CVE-2021/CVE-2021-23xx/CVE-2021-2369.json | 8 ++- CVE-2021/CVE-2021-316xx/CVE-2021-31651.json | 63 +++++++++++++++++-- CVE-2021/CVE-2021-352xx/CVE-2021-35226.json | 4 +- CVE-2021/CVE-2021-352xx/CVE-2021-35232.json | 8 +-- CVE-2021/CVE-2021-352xx/CVE-2021-35234.json | 8 +-- CVE-2021/CVE-2021-352xx/CVE-2021-35237.json | 8 +-- CVE-2021/CVE-2021-352xx/CVE-2021-35246.json | 6 +- CVE-2021/CVE-2021-352xx/CVE-2021-35248.json | 8 +-- CVE-2021/CVE-2021-352xx/CVE-2021-35250.json | 8 +-- CVE-2022/CVE-2022-369xx/CVE-2022-36960.json | 10 ++- CVE-2022/CVE-2022-381xx/CVE-2022-38114.json | 8 ++- CVE-2022/CVE-2022-438xx/CVE-2022-43831.json | 66 +++++++++++++++++-- CVE-2022/CVE-2022-475xx/CVE-2022-47503.json | 14 ++--- CVE-2022/CVE-2022-475xx/CVE-2022-47504.json | 14 ++--- CVE-2022/CVE-2022-475xx/CVE-2022-47505.json | 8 +-- CVE-2022/CVE-2022-475xx/CVE-2022-47506.json | 14 ++--- CVE-2022/CVE-2022-475xx/CVE-2022-47507.json | 14 ++--- CVE-2022/CVE-2022-475xx/CVE-2022-47509.json | 16 ++--- CVE-2022/CVE-2022-475xx/CVE-2022-47512.json | 18 +++--- CVE-2023/CVE-2023-06xx/CVE-2023-0602.json | 53 ++++++++++++++-- CVE-2023/CVE-2023-238xx/CVE-2023-23836.json | 14 ++--- CVE-2023/CVE-2023-238xx/CVE-2023-23837.json | 20 +++--- CVE-2023/CVE-2023-238xx/CVE-2023-23838.json | 20 +++--- CVE-2023/CVE-2023-238xx/CVE-2023-23839.json | 18 +++--- CVE-2023/CVE-2023-238xx/CVE-2023-23841.json | 16 ++--- CVE-2023/CVE-2023-238xx/CVE-2023-23843.json | 14 ++--- CVE-2023/CVE-2023-238xx/CVE-2023-23844.json | 14 ++--- CVE-2023/CVE-2023-31xx/CVE-2023-3130.json | 53 ++++++++++++++-- CVE-2023/CVE-2023-31xx/CVE-2023-3134.json | 53 ++++++++++++++-- CVE-2023/CVE-2023-322xx/CVE-2023-32225.json | 57 ++++++++++++++++- CVE-2023/CVE-2023-322xx/CVE-2023-32226.json | 57 ++++++++++++++++- CVE-2023/CVE-2023-322xx/CVE-2023-32227.json | 69 +++++++++++++++++++- CVE-2023/CVE-2023-332xx/CVE-2023-33224.json | 14 ++--- CVE-2023/CVE-2023-332xx/CVE-2023-33231.json | 16 ++--- CVE-2023/CVE-2023-336xx/CVE-2023-33666.json | 24 +++++++ CVE-2023/CVE-2023-33xx/CVE-2023-3345.json | 53 ++++++++++++++-- CVE-2023/CVE-2023-35xx/CVE-2023-3507.json | 53 ++++++++++++++-- CVE-2023/CVE-2023-35xx/CVE-2023-3508.json | 53 ++++++++++++++-- CVE-2023/CVE-2023-372xx/CVE-2023-37213.json | 69 +++++++++++++++++++- CVE-2023/CVE-2023-37xx/CVE-2023-3749.json | 59 +++++++++++++++++ CVE-2023/CVE-2023-391xx/CVE-2023-39121.json | 24 +++++++ CVE-2023/CVE-2023-40xx/CVE-2023-4005.json | 54 ++++++++++++++-- CVE-2023/CVE-2023-40xx/CVE-2023-4006.json | 54 ++++++++++++++-- README.md | 70 ++++++++++----------- 45 files changed, 1120 insertions(+), 247 deletions(-) create mode 100644 CVE-2023/CVE-2023-336xx/CVE-2023-33666.json create mode 100644 CVE-2023/CVE-2023-37xx/CVE-2023-3749.json create mode 100644 CVE-2023/CVE-2023-391xx/CVE-2023-39121.json diff --git a/CVE-2020/CVE-2020-216xx/CVE-2020-21662.json b/CVE-2020/CVE-2020-216xx/CVE-2020-21662.json index 711debc04b5..05aa9f5d1ee 100644 --- a/CVE-2020/CVE-2020-216xx/CVE-2020-21662.json +++ b/CVE-2020/CVE-2020-216xx/CVE-2020-21662.json @@ -2,19 +2,74 @@ "id": "CVE-2020-21662", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-31T14:15:09.900", - "lastModified": "2023-07-31T14:45:51.850", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-03T20:25:54.670", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to run arbitrary SQL commands via XFF." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yunyecms:yunyecms:2.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "55713C33-8B3A-461F-B466-BB7149CB4B9B" + } + ] + } + ] + } + ], "references": [ { "url": "http://note.youdao.com/noteshare?id=5c3b984ee36dfd1da690e0b5963926bc", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-23xx/CVE-2021-2369.json b/CVE-2021/CVE-2021-23xx/CVE-2021-2369.json index 9fb88535c25..f55d279017e 100644 --- a/CVE-2021/CVE-2021-23xx/CVE-2021-2369.json +++ b/CVE-2021/CVE-2021-23xx/CVE-2021-2369.json @@ -2,8 +2,8 @@ "id": "CVE-2021-2369", "sourceIdentifier": "secalert_us@oracle.com", "published": "2021-07-21T15:15:31.057", - "lastModified": "2022-09-23T14:00:37.233", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-03T20:15:09.717", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -138,6 +138,10 @@ } ], "references": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982879", + "source": "secalert_us@oracle.com" + }, { "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00011.html", "source": "secalert_us@oracle.com", diff --git a/CVE-2021/CVE-2021-316xx/CVE-2021-31651.json b/CVE-2021/CVE-2021-316xx/CVE-2021-31651.json index 8958f14e942..4ec23ac3bb3 100644 --- a/CVE-2021/CVE-2021-316xx/CVE-2021-31651.json +++ b/CVE-2021/CVE-2021-316xx/CVE-2021-31651.json @@ -2,19 +2,74 @@ "id": "CVE-2021-31651", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-31T14:15:10.027", - "lastModified": "2023-07-31T14:45:51.850", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-03T20:10:34.737", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting (XSS) vulnerability in neofarg-cms 0.2.3 allows remoate attacker to run arbitrary code via the copyright field in copyright settings." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:neofr:neofrag:0.2.3:*:*:*:*:*:*:*", + "matchCriteriaId": "F270FBF4-F7F5-4EF3-BCEE-E5D3A6258B51" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/NeoFrag/NeoFrag/issues/92", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-352xx/CVE-2021-35226.json b/CVE-2021/CVE-2021-352xx/CVE-2021-35226.json index ee7254710a1..f8f9606f332 100644 --- a/CVE-2021/CVE-2021-352xx/CVE-2021-35226.json +++ b/CVE-2021/CVE-2021-352xx/CVE-2021-35226.json @@ -2,7 +2,7 @@ "id": "CVE-2021-35226", "sourceIdentifier": "psirt@solarwinds.com", "published": "2022-10-10T23:15:14.193", - "lastModified": "2023-08-03T17:15:10.397", + "lastModified": "2023-08-03T21:15:10.437", "vulnStatus": "Modified", "descriptions": [ { @@ -75,7 +75,7 @@ "description": [ { "lang": "en", - "value": "CWE-89" + "value": "CWE-326" } ] } diff --git a/CVE-2021/CVE-2021-352xx/CVE-2021-35232.json b/CVE-2021/CVE-2021-352xx/CVE-2021-35232.json index 95169366e2c..ca1fd9231a0 100644 --- a/CVE-2021/CVE-2021-352xx/CVE-2021-35232.json +++ b/CVE-2021/CVE-2021-352xx/CVE-2021-35232.json @@ -2,12 +2,12 @@ "id": "CVE-2021-35232", "sourceIdentifier": "psirt@solarwinds.com", "published": "2021-12-27T19:15:08.290", - "lastModified": "2022-01-12T15:31:10.680", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-03T21:15:11.197", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database." + "value": "Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database.\n\n" }, { "lang": "es", @@ -100,7 +100,7 @@ "description": [ { "lang": "en", - "value": "CWE-200" + "value": "CWE-798" } ] } diff --git a/CVE-2021/CVE-2021-352xx/CVE-2021-35234.json b/CVE-2021/CVE-2021-352xx/CVE-2021-35234.json index 4c101f84aa0..2fbf6e39b16 100644 --- a/CVE-2021/CVE-2021-352xx/CVE-2021-35234.json +++ b/CVE-2021/CVE-2021-352xx/CVE-2021-35234.json @@ -2,12 +2,12 @@ "id": "CVE-2021-35234", "sourceIdentifier": "psirt@solarwinds.com", "published": "2021-12-20T21:15:08.057", - "lastModified": "2022-10-07T20:46:09.517", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-03T21:15:11.387", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information." + "value": "Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information.\n\n" }, { "lang": "es", @@ -100,7 +100,7 @@ "description": [ { "lang": "en", - "value": "CWE-749" + "value": "CWE-89" } ] } diff --git a/CVE-2021/CVE-2021-352xx/CVE-2021-35237.json b/CVE-2021/CVE-2021-352xx/CVE-2021-35237.json index ba971b2d315..8a24ffd3cce 100644 --- a/CVE-2021/CVE-2021-352xx/CVE-2021-35237.json +++ b/CVE-2021/CVE-2021-352xx/CVE-2021-35237.json @@ -2,12 +2,12 @@ "id": "CVE-2021-35237", "sourceIdentifier": "psirt@solarwinds.com", "published": "2021-10-29T14:15:07.607", - "lastModified": "2023-07-07T19:27:36.727", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-03T21:15:11.590", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server. This is an attack on both the user and the server." + "value": "A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server. This is an attack on both the user and the server.\n\n" }, { "lang": "es", @@ -100,7 +100,7 @@ "description": [ { "lang": "en", - "value": "CWE-693" + "value": "CWE-1021" } ] } diff --git a/CVE-2021/CVE-2021-352xx/CVE-2021-35246.json b/CVE-2021/CVE-2021-352xx/CVE-2021-35246.json index f83577206bf..098d51f0256 100644 --- a/CVE-2021/CVE-2021-352xx/CVE-2021-35246.json +++ b/CVE-2021/CVE-2021-352xx/CVE-2021-35246.json @@ -2,8 +2,8 @@ "id": "CVE-2021-35246", "sourceIdentifier": "psirt@solarwinds.com", "published": "2022-11-23T17:15:09.943", - "lastModified": "2023-07-07T19:16:36.970", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-03T21:15:11.773", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -71,7 +71,7 @@ "description": [ { "lang": "en", - "value": "CWE-838" + "value": "CWE-319" } ] } diff --git a/CVE-2021/CVE-2021-352xx/CVE-2021-35248.json b/CVE-2021/CVE-2021-352xx/CVE-2021-35248.json index 90d470f6957..bf5333bcafb 100644 --- a/CVE-2021/CVE-2021-352xx/CVE-2021-35248.json +++ b/CVE-2021/CVE-2021-352xx/CVE-2021-35248.json @@ -2,12 +2,12 @@ "id": "CVE-2021-35248", "sourceIdentifier": "psirt@solarwinds.com", "published": "2021-12-20T21:15:08.157", - "lastModified": "2022-07-14T18:04:01.903", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-03T21:15:11.923", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings." + "value": "It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.\n\n" }, { "lang": "es", @@ -100,7 +100,7 @@ "description": [ { "lang": "en", - "value": "CWE-284" + "value": "CWE-732" } ] } diff --git a/CVE-2021/CVE-2021-352xx/CVE-2021-35250.json b/CVE-2021/CVE-2021-352xx/CVE-2021-35250.json index 930dd2f0987..1681c64d3d2 100644 --- a/CVE-2021/CVE-2021-352xx/CVE-2021-35250.json +++ b/CVE-2021/CVE-2021-352xx/CVE-2021-35250.json @@ -2,12 +2,12 @@ "id": "CVE-2021-35250", "sourceIdentifier": "psirt@solarwinds.com", "published": "2022-04-25T20:15:41.787", - "lastModified": "2022-05-05T19:40:25.843", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-03T21:15:12.083", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1." + "value": "A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1.\n\n" }, { "lang": "es", @@ -100,7 +100,7 @@ "description": [ { "lang": "en", - "value": "CWE-538" + "value": "CWE-22" } ] } diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36960.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36960.json index 5a44b2be596..93fdc2c4f6a 100644 --- a/CVE-2022/CVE-2022-369xx/CVE-2022-36960.json +++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36960.json @@ -2,12 +2,12 @@ "id": "CVE-2022-36960", "sourceIdentifier": "psirt@solarwinds.com", "published": "2022-11-29T21:15:10.693", - "lastModified": "2023-06-27T20:07:35.373", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-03T21:15:12.260", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges." + "value": "SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges.\n\n" } ], "metrics": { @@ -73,6 +73,10 @@ "source": "psirt@solarwinds.com", "type": "Secondary", "description": [ + { + "lang": "en", + "value": "CWE-20" + }, { "lang": "en", "value": "CWE-287" diff --git a/CVE-2022/CVE-2022-381xx/CVE-2022-38114.json b/CVE-2022/CVE-2022-381xx/CVE-2022-38114.json index e2765a2424f..b21764c9057 100644 --- a/CVE-2022/CVE-2022-381xx/CVE-2022-38114.json +++ b/CVE-2022/CVE-2022-381xx/CVE-2022-38114.json @@ -2,7 +2,7 @@ "id": "CVE-2022-38114", "sourceIdentifier": "psirt@solarwinds.com", "published": "2022-11-23T17:15:10.167", - "lastModified": "2023-08-03T18:15:10.917", + "lastModified": "2023-08-03T21:15:12.417", "vulnStatus": "Modified", "descriptions": [ { @@ -75,7 +75,11 @@ "description": [ { "lang": "en", - "value": "CWE-603" + "value": "CWE-444" + }, + { + "lang": "en", + "value": "CWE-79" } ] } diff --git a/CVE-2022/CVE-2022-438xx/CVE-2022-43831.json b/CVE-2022/CVE-2022-438xx/CVE-2022-43831.json index dffb9ab8b71..aeb6b7ca30d 100644 --- a/CVE-2022/CVE-2022-438xx/CVE-2022-43831.json +++ b/CVE-2022/CVE-2022-438xx/CVE-2022-43831.json @@ -2,8 +2,8 @@ "id": "CVE-2022-43831", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-07-31T01:15:09.550", - "lastModified": "2023-07-31T12:54:46.757", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-03T20:26:02.743", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -38,14 +58,52 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.1.2.1", + "versionEndIncluding": "5.1.6.1", + "matchCriteriaId": "CB1EBBB8-736D-4B28-A007-6DE4100A602B" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238941", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7015067", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-475xx/CVE-2022-47503.json b/CVE-2022/CVE-2022-475xx/CVE-2022-47503.json index 8e2efc2b4a3..b1a8301435a 100644 --- a/CVE-2022/CVE-2022-475xx/CVE-2022-47503.json +++ b/CVE-2022/CVE-2022-475xx/CVE-2022-47503.json @@ -2,12 +2,12 @@ "id": "CVE-2022-47503", "sourceIdentifier": "psirt@solarwinds.com", "published": "2023-02-15T19:15:11.883", - "lastModified": "2023-02-24T18:43:12.177", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-03T20:15:10.577", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands." + "value": "SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.\n\n" } ], "metrics": { @@ -37,19 +37,19 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", - "privilegesRequired": "LOW", + "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 8.8, + "baseScore": 7.2, "baseSeverity": "HIGH" }, - "exploitabilityScore": 2.8, + "exploitabilityScore": 1.2, "impactScore": 5.9 } ] diff --git a/CVE-2022/CVE-2022-475xx/CVE-2022-47504.json b/CVE-2022/CVE-2022-475xx/CVE-2022-47504.json index 22bfcaed4ef..d8d29b69839 100644 --- a/CVE-2022/CVE-2022-475xx/CVE-2022-47504.json +++ b/CVE-2022/CVE-2022-475xx/CVE-2022-47504.json @@ -2,12 +2,12 @@ "id": "CVE-2022-47504", "sourceIdentifier": "psirt@solarwinds.com", "published": "2023-02-15T19:15:11.963", - "lastModified": "2023-02-24T18:43:35.110", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-03T20:15:11.023", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands." + "value": "SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.\n\n" } ], "metrics": { @@ -37,19 +37,19 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", - "privilegesRequired": "LOW", + "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 8.8, + "baseScore": 7.2, "baseSeverity": "HIGH" }, - "exploitabilityScore": 2.8, + "exploitabilityScore": 1.2, "impactScore": 5.9 } ] diff --git a/CVE-2022/CVE-2022-475xx/CVE-2022-47505.json b/CVE-2022/CVE-2022-475xx/CVE-2022-47505.json index ec76cba77bf..80ea4f0995a 100644 --- a/CVE-2022/CVE-2022-475xx/CVE-2022-47505.json +++ b/CVE-2022/CVE-2022-475xx/CVE-2022-47505.json @@ -2,12 +2,12 @@ "id": "CVE-2022-47505", "sourceIdentifier": "psirt@solarwinds.com", "published": "2023-04-21T20:15:07.173", - "lastModified": "2023-05-02T17:10:35.553", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-03T21:15:12.567", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges." + "value": "The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges.\n\n" } ], "metrics": { @@ -71,7 +71,7 @@ "description": [ { "lang": "en", - "value": "CWE-59" + "value": "CWE-269" } ] } diff --git a/CVE-2022/CVE-2022-475xx/CVE-2022-47506.json b/CVE-2022/CVE-2022-475xx/CVE-2022-47506.json index 37b4fb52096..ea65dba1908 100644 --- a/CVE-2022/CVE-2022-475xx/CVE-2022-47506.json +++ b/CVE-2022/CVE-2022-475xx/CVE-2022-47506.json @@ -2,12 +2,12 @@ "id": "CVE-2022-47506", "sourceIdentifier": "psirt@solarwinds.com", "published": "2023-02-15T19:15:12.050", - "lastModified": "2023-02-24T18:44:02.073", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-03T21:15:12.730", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands." + "value": "SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands.\n\n" } ], "metrics": { @@ -37,8 +37,8 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", @@ -46,10 +46,10 @@ "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 8.8, + "baseScore": 7.8, "baseSeverity": "HIGH" }, - "exploitabilityScore": 2.8, + "exploitabilityScore": 1.8, "impactScore": 5.9 } ] diff --git a/CVE-2022/CVE-2022-475xx/CVE-2022-47507.json b/CVE-2022/CVE-2022-475xx/CVE-2022-47507.json index cbf67501c2c..6467c80fe11 100644 --- a/CVE-2022/CVE-2022-475xx/CVE-2022-47507.json +++ b/CVE-2022/CVE-2022-475xx/CVE-2022-47507.json @@ -2,12 +2,12 @@ "id": "CVE-2022-47507", "sourceIdentifier": "psirt@solarwinds.com", "published": "2023-02-15T19:15:12.133", - "lastModified": "2023-02-24T18:45:07.510", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-03T21:15:12.867", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands." + "value": "SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.\n\n" } ], "metrics": { @@ -37,19 +37,19 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", - "privilegesRequired": "LOW", + "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 8.8, + "baseScore": 7.2, "baseSeverity": "HIGH" }, - "exploitabilityScore": 2.8, + "exploitabilityScore": 1.2, "impactScore": 5.9 } ] diff --git a/CVE-2022/CVE-2022-475xx/CVE-2022-47509.json b/CVE-2022/CVE-2022-475xx/CVE-2022-47509.json index 26ed2802131..b1135ae5037 100644 --- a/CVE-2022/CVE-2022-475xx/CVE-2022-47509.json +++ b/CVE-2022/CVE-2022-475xx/CVE-2022-47509.json @@ -2,12 +2,12 @@ "id": "CVE-2022-47509", "sourceIdentifier": "psirt@solarwinds.com", "published": "2023-04-21T20:15:07.247", - "lastModified": "2023-05-02T20:11:21.690", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-03T21:15:12.990", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject HTML." + "value": "The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject HTML.\n\n" } ], "metrics": { @@ -37,20 +37,20 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", - "scope": "UNCHANGED", - "confidentialityImpact": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", - "baseScore": 4.3, + "baseScore": 6.1, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.8, - "impactScore": 1.4 + "impactScore": 2.7 } ] }, diff --git a/CVE-2022/CVE-2022-475xx/CVE-2022-47512.json b/CVE-2022/CVE-2022-475xx/CVE-2022-47512.json index 6385700a2f5..125ac726586 100644 --- a/CVE-2022/CVE-2022-475xx/CVE-2022-47512.json +++ b/CVE-2022/CVE-2022-475xx/CVE-2022-47512.json @@ -2,12 +2,12 @@ "id": "CVE-2022-47512", "sourceIdentifier": "psirt@solarwinds.com", "published": "2022-12-19T16:15:11.260", - "lastModified": "2022-12-27T19:54:42.817", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-03T21:15:13.127", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected" + "value": "Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected\n\n" } ], "metrics": { @@ -37,20 +37,20 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", - "privilegesRequired": "HIGH", + "privilegesRequired": "LOW", "userInteraction": "NONE", - "scope": "CHANGED", + "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", - "baseScore": 6.0, + "baseScore": 5.5, "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 1.5, - "impactScore": 4.0 + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0602.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0602.json index 9662f2db0be..fe75dd95f42 100644 --- a/CVE-2023/CVE-2023-06xx/CVE-2023-0602.json +++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0602.json @@ -2,15 +2,38 @@ "id": "CVE-2023-0602", "sourceIdentifier": "contact@wpscan.com", "published": "2023-07-31T10:15:10.333", - "lastModified": "2023-07-31T12:54:46.757", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-03T20:35:13.990", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:johnniejodelljr:twittee_text_tweet:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.8", + "matchCriteriaId": "942F715B-4924-4AEE-897C-2D0BBD509EC3" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/c357f93d-4f21-4cd9-9378-d97756c75255", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-238xx/CVE-2023-23836.json b/CVE-2023/CVE-2023-238xx/CVE-2023-23836.json index ebb4e307325..142e3c89a04 100644 --- a/CVE-2023/CVE-2023-238xx/CVE-2023-23836.json +++ b/CVE-2023/CVE-2023-238xx/CVE-2023-23836.json @@ -2,12 +2,12 @@ "id": "CVE-2023-23836", "sourceIdentifier": "psirt@solarwinds.com", "published": "2023-02-15T19:15:13.007", - "lastModified": "2023-02-24T15:31:29.103", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-03T21:15:13.297", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands." + "value": "SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands.\n\n" } ], "metrics": { @@ -37,19 +37,19 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", - "privilegesRequired": "LOW", + "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 8.8, + "baseScore": 7.2, "baseSeverity": "HIGH" }, - "exploitabilityScore": 2.8, + "exploitabilityScore": 1.2, "impactScore": 5.9 } ] diff --git a/CVE-2023/CVE-2023-238xx/CVE-2023-23837.json b/CVE-2023/CVE-2023-238xx/CVE-2023-23837.json index 1298bc6a840..40dcb782535 100644 --- a/CVE-2023/CVE-2023-238xx/CVE-2023-23837.json +++ b/CVE-2023/CVE-2023-238xx/CVE-2023-23837.json @@ -2,12 +2,12 @@ "id": "CVE-2023-23837", "sourceIdentifier": "psirt@solarwinds.com", "published": "2023-04-25T18:15:09.300", - "lastModified": "2023-05-04T19:30:04.907", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-03T21:15:13.427", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "No exception handling vulnerability which revealed sensitive or excessive information to users." + "value": "No exception handling vulnerability which revealed sensitive or excessive information to users.\n\n" } ], "metrics": { @@ -37,20 +37,20 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "attackVector": "ADJACENT_NETWORK", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", - "confidentialityImpact": "LOW", + "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", - "baseScore": 4.3, - "baseSeverity": "MEDIUM" + "baseScore": 7.5, + "baseSeverity": "HIGH" }, - "exploitabilityScore": 2.8, - "impactScore": 1.4 + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, diff --git a/CVE-2023/CVE-2023-238xx/CVE-2023-23838.json b/CVE-2023/CVE-2023-238xx/CVE-2023-23838.json index e1483ebb28c..250671071c9 100644 --- a/CVE-2023/CVE-2023-238xx/CVE-2023-23838.json +++ b/CVE-2023/CVE-2023-238xx/CVE-2023-23838.json @@ -2,12 +2,12 @@ "id": "CVE-2023-23838", "sourceIdentifier": "psirt@solarwinds.com", "published": "2023-04-25T18:15:09.370", - "lastModified": "2023-05-04T19:32:26.440", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-03T21:15:13.577", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server." + "value": "Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.\n\n" } ], "metrics": { @@ -37,19 +37,19 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N", - "attackVector": "ADJACENT_NETWORK", - "attackComplexity": "HIGH", - "privilegesRequired": "HIGH", - "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", - "baseScore": 4.0, + "baseScore": 6.5, "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 0.4, + "exploitabilityScore": 2.8, "impactScore": 3.6 } ] diff --git a/CVE-2023/CVE-2023-238xx/CVE-2023-23839.json b/CVE-2023/CVE-2023-238xx/CVE-2023-23839.json index ead20f699ef..553cbbe04a7 100644 --- a/CVE-2023/CVE-2023-238xx/CVE-2023-23839.json +++ b/CVE-2023/CVE-2023-238xx/CVE-2023-23839.json @@ -2,12 +2,12 @@ "id": "CVE-2023-23839", "sourceIdentifier": "psirt@solarwinds.com", "published": "2023-04-25T21:15:10.117", - "lastModified": "2023-05-04T21:19:44.067", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-03T21:15:13.687", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information." + "value": "The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information.\n\n" } ], "metrics": { @@ -37,20 +37,20 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", - "attackVector": "ADJACENT_NETWORK", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", - "scope": "CHANGED", + "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", - "baseScore": 6.8, + "baseScore": 6.5, "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.3, - "impactScore": 4.0 + "exploitabilityScore": 2.8, + "impactScore": 3.6 } ] }, diff --git a/CVE-2023/CVE-2023-238xx/CVE-2023-23841.json b/CVE-2023/CVE-2023-238xx/CVE-2023-23841.json index b8dd098de65..c643c116df8 100644 --- a/CVE-2023/CVE-2023-238xx/CVE-2023-23841.json +++ b/CVE-2023/CVE-2023-238xx/CVE-2023-23841.json @@ -2,7 +2,7 @@ "id": "CVE-2023-23841", "sourceIdentifier": "psirt@solarwinds.com", "published": "2023-06-15T22:15:09.227", - "lastModified": "2023-07-07T23:15:09.253", + "lastModified": "2023-08-03T21:15:13.827", "vulnStatus": "Modified", "descriptions": [ { @@ -41,19 +41,19 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", - "attackComplexity": "HIGH", - "privilegesRequired": "LOW", - "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", - "baseScore": 4.8, - "baseSeverity": "MEDIUM" + "baseScore": 7.5, + "baseSeverity": "HIGH" }, - "exploitabilityScore": 1.2, + "exploitabilityScore": 3.9, "impactScore": 3.6 } ] diff --git a/CVE-2023/CVE-2023-238xx/CVE-2023-23843.json b/CVE-2023/CVE-2023-238xx/CVE-2023-23843.json index 2d8dae22bb0..351aa75e834 100644 --- a/CVE-2023/CVE-2023-238xx/CVE-2023-23843.json +++ b/CVE-2023/CVE-2023-238xx/CVE-2023-23843.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23843", "sourceIdentifier": "psirt@solarwinds.com", "published": "2023-07-26T14:15:10.070", - "lastModified": "2023-08-02T20:50:45.300", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-03T21:15:13.960", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -37,8 +37,8 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "ADJACENT_NETWORK", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", @@ -46,10 +46,10 @@ "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 6.8, - "baseSeverity": "MEDIUM" + "baseScore": 7.2, + "baseSeverity": "HIGH" }, - "exploitabilityScore": 0.9, + "exploitabilityScore": 1.2, "impactScore": 5.9 } ] diff --git a/CVE-2023/CVE-2023-238xx/CVE-2023-23844.json b/CVE-2023/CVE-2023-238xx/CVE-2023-23844.json index 1b89b12dd69..a97265c1805 100644 --- a/CVE-2023/CVE-2023-238xx/CVE-2023-23844.json +++ b/CVE-2023/CVE-2023-238xx/CVE-2023-23844.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23844", "sourceIdentifier": "psirt@solarwinds.com", "published": "2023-07-26T14:15:10.150", - "lastModified": "2023-08-01T20:29:41.527", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-03T21:15:14.107", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -37,8 +37,8 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "ADJACENT_NETWORK", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", @@ -46,10 +46,10 @@ "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 6.8, - "baseSeverity": "MEDIUM" + "baseScore": 7.2, + "baseSeverity": "HIGH" }, - "exploitabilityScore": 0.9, + "exploitabilityScore": 1.2, "impactScore": 5.9 } ] diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3130.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3130.json index 48f95af6853..a3bd8ba6657 100644 --- a/CVE-2023/CVE-2023-31xx/CVE-2023-3130.json +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3130.json @@ -2,15 +2,38 @@ "id": "CVE-2023-3130", "sourceIdentifier": "contact@wpscan.com", "published": "2023-07-31T10:15:10.420", - "lastModified": "2023-07-31T12:54:46.757", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-03T21:24:30.280", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Short URL WordPress plugin before 1.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kaizencoders:short_url:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.6.5", + "matchCriteriaId": "A05A21BD-07F2-4C72-AFB8-9493A92A4DDB" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/6e167864-c304-402e-8b2d-d47b5a3767d1", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3134.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3134.json index e9ad0bc3d1c..3e59ed34902 100644 --- a/CVE-2023/CVE-2023-31xx/CVE-2023-3134.json +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3134.json @@ -2,15 +2,38 @@ "id": "CVE-2023-3134", "sourceIdentifier": "contact@wpscan.com", "published": "2023-07-31T10:15:10.500", - "lastModified": "2023-07-31T12:54:46.757", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-03T21:00:41.997", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:incsub:forminator:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.24.4", + "matchCriteriaId": "6B0F6EFE-F535-4A28-9FF6-37A9C858C1EE" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/6d50d3cc-7563-42c4-977b-f834fee711da", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32225.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32225.json index f84c37e4e3b..1030b6173ce 100644 --- a/CVE-2023/CVE-2023-322xx/CVE-2023-32225.json +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32225.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32225", "sourceIdentifier": "cna@cyber.gov.il", "published": "2023-07-30T08:15:46.760", - "lastModified": "2023-07-31T12:54:52.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-03T20:46:02.310", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "cna@cyber.gov.il", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + }, { "source": "cna@cyber.gov.il", "type": "Secondary", @@ -46,10 +76,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sysaid:sysaid_on-premises:*:*:*:*:*:*:*:*", + "versionEndExcluding": "23.2.14", + "matchCriteriaId": "2D585591-92E3-480D-992B-6314168F2AC2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.gov.il/en/Departments/faq/cve_advisories", - "source": "cna@cyber.gov.il" + "source": "cna@cyber.gov.il", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32226.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32226.json index d400cf25db5..ef3f2f9ae3b 100644 --- a/CVE-2023/CVE-2023-322xx/CVE-2023-32226.json +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32226.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32226", "sourceIdentifier": "cna@cyber.gov.il", "published": "2023-07-30T08:15:47.160", - "lastModified": "2023-07-31T12:54:52.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-03T20:49:39.170", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "cna@cyber.gov.il", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-552" + } + ] + }, { "source": "cna@cyber.gov.il", "type": "Secondary", @@ -46,10 +76,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sysaid:sysaid_on-premises:*:*:*:*:*:*:*:*", + "versionEndExcluding": "23.2.14", + "matchCriteriaId": "2D585591-92E3-480D-992B-6314168F2AC2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.gov.il/en/Departments/faq/cve_advisories", - "source": "cna@cyber.gov.il" + "source": "cna@cyber.gov.il", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32227.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32227.json index 0bc0a965f83..a3ce853dc5f 100644 --- a/CVE-2023/CVE-2023-322xx/CVE-2023-32227.json +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32227.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32227", "sourceIdentifier": "cna@cyber.gov.il", "published": "2023-07-30T09:15:09.570", - "lastModified": "2023-07-31T12:54:52.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-03T20:54:18.493", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@cyber.gov.il", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + }, { "source": "cna@cyber.gov.il", "type": "Secondary", @@ -46,10 +76,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:synel:synergy\\/a_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3015.1", + "matchCriteriaId": "7C3431BE-8E85-40A8-91D9-A3C03C81BF7A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:synel:synergy\\/a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9CEB5432-74EB-4A98-AA18-897CABE4AF26" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.gov.il/en/Departments/faq/cve_advisories", - "source": "cna@cyber.gov.il" + "source": "cna@cyber.gov.il", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33224.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33224.json index 4e53114dfe4..54ed33b92e9 100644 --- a/CVE-2023/CVE-2023-332xx/CVE-2023-33224.json +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33224.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33224", "sourceIdentifier": "psirt@solarwinds.com", "published": "2023-07-26T14:15:10.340", - "lastModified": "2023-08-02T20:52:12.910", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-03T21:15:14.230", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -37,8 +37,8 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "ADJACENT_NETWORK", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", @@ -46,10 +46,10 @@ "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 6.8, - "baseSeverity": "MEDIUM" + "baseScore": 7.2, + "baseSeverity": "HIGH" }, - "exploitabilityScore": 0.9, + "exploitabilityScore": 1.2, "impactScore": 5.9 } ] diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33231.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33231.json index 5b63f378519..cf0a9d20d5e 100644 --- a/CVE-2023/CVE-2023-332xx/CVE-2023-33231.json +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33231.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33231", "sourceIdentifier": "psirt@solarwinds.com", "published": "2023-07-18T17:15:11.397", - "lastModified": "2023-07-27T03:56:11.813", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-03T21:15:14.363", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -37,20 +37,20 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "attackVector": "ADJACENT_NETWORK", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", - "baseScore": 5.4, + "baseScore": 6.1, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.8, - "impactScore": 2.5 + "impactScore": 2.7 } ] }, diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33666.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33666.json new file mode 100644 index 00000000000..e12bdf8d041 --- /dev/null +++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33666.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-33666", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-03T20:15:11.337", + "lastModified": "2023-08-03T20:15:11.337", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://security.friendsofpresta.org/modules/2023/08/03/aioptimizedcombinations.html", + "source": "cve@mitre.org" + }, + { + "url": "https://www.boutique.ai-dev.fr/en/ergonomie/59-optimized-combinations.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3345.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3345.json index d67f7429267..159d67b68af 100644 --- a/CVE-2023/CVE-2023-33xx/CVE-2023-3345.json +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3345.json @@ -2,15 +2,38 @@ "id": "CVE-2023-3345", "sourceIdentifier": "contact@wpscan.com", "published": "2023-07-31T10:15:10.653", - "lastModified": "2023-07-31T12:54:46.757", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-03T20:30:11.853", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The LMS by Masteriyo WordPress plugin before 1.6.8 does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:masteriyo:masteriyo:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.6.8", + "matchCriteriaId": "68D5B983-C89A-4BE7-884D-3DB7D09BB2F1" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/0d07423e-98d2-43a3-824d-562747a3d65a", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3507.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3507.json index 32a31c0395f..6a2256fc9e9 100644 --- a/CVE-2023/CVE-2023-35xx/CVE-2023-3507.json +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3507.json @@ -2,15 +2,38 @@ "id": "CVE-2023-3507", "sourceIdentifier": "contact@wpscan.com", "published": "2023-07-31T10:15:10.847", - "lastModified": "2023-07-31T12:54:46.757", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-03T20:06:15.517", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:woocommerce:woocommerce_pre-orders:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.0.3", + "matchCriteriaId": "96141F7F-A70D-4F84-BFD8-462E327688F4" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/e72bbe9b-e51d-40ab-820d-404e0cb86ee6", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3508.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3508.json index 1f63e099eca..1d9c3bb4f16 100644 --- a/CVE-2023/CVE-2023-35xx/CVE-2023-3508.json +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3508.json @@ -2,15 +2,38 @@ "id": "CVE-2023-3508", "sourceIdentifier": "contact@wpscan.com", "published": "2023-07-31T10:15:10.923", - "lastModified": "2023-07-31T12:54:46.757", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-03T20:03:41.923", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:woocommerce:woocommerce_pre-orders:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.0.3", + "matchCriteriaId": "96141F7F-A70D-4F84-BFD8-462E327688F4" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/064c7acb-db57-4537-8a6d-32f7ea31c738", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37213.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37213.json index 5b042a60a49..26e5d650795 100644 --- a/CVE-2023/CVE-2023-372xx/CVE-2023-37213.json +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37213.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37213", "sourceIdentifier": "cna@cyber.gov.il", "published": "2023-07-30T09:15:10.133", - "lastModified": "2023-07-31T12:54:52.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-03T21:21:59.040", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@cyber.gov.il", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, { "source": "cna@cyber.gov.il", "type": "Secondary", @@ -46,10 +76,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:synel:synergy\\/a_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3015.1", + "matchCriteriaId": "7C3431BE-8E85-40A8-91D9-A3C03C81BF7A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:synel:synergy\\/a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9CEB5432-74EB-4A98-AA18-897CABE4AF26" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.gov.il/en/Departments/faq/cve_advisories", - "source": "cna@cyber.gov.il" + "source": "cna@cyber.gov.il", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3749.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3749.json new file mode 100644 index 00000000000..7be92d5f302 --- /dev/null +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3749.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3749", + "sourceIdentifier": "productsecurity@jci.com", + "published": "2023-08-03T20:15:11.883", + "lastModified": "2023-08-03T20:15:11.883", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "productsecurity@jci.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "productsecurity@jci.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-349" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-04", + "source": "productsecurity@jci.com" + }, + { + "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories", + "source": "productsecurity@jci.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-391xx/CVE-2023-39121.json b/CVE-2023/CVE-2023-391xx/CVE-2023-39121.json new file mode 100644 index 00000000000..f1373029433 --- /dev/null +++ b/CVE-2023/CVE-2023-391xx/CVE-2023-39121.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-39121", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-03T20:15:11.623", + "lastModified": "2023-08-03T20:15:11.623", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/safe-b/CVE/issues/1", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/safe-b/CVE/issues/1#issue-1817133689", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4005.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4005.json index 9f099c8e6b1..9dd0cbce3c2 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4005.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4005.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4005", "sourceIdentifier": "security@huntr.dev", "published": "2023-07-31T01:15:09.840", - "lastModified": "2023-07-31T12:54:46.757", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-03T20:40:43.133", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.5.5", + "matchCriteriaId": "5064D6F1-C513-447E-9D1F-2523C10A0FB2" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/fossbilling/fossbilling/commit/20c23b051eb690cb4ae60a257f6bb46eb3aae2d1", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/f0aacce1-79bc-4765-95f1-7e824433b9e4", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4006.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4006.json index 1ac5634ef5b..10eb0ef4504 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4006.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4006.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4006", "sourceIdentifier": "security@huntr.dev", "published": "2023-07-31T01:15:09.937", - "lastModified": "2023-07-31T12:54:46.757", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-03T20:39:51.860", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.1.16", + "matchCriteriaId": "EF9F1132-3D27-4D51-AF94-75A8C3DDE21F" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/thorsten/phpmyfaq/commit/03946eca488724251eaed8d9d36fed92e6d8fd22", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/36149a42-cbd5-445e-a371-e351c899b189", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 603b67d3c02..949b55d3f4a 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-03T20:00:27.907454+00:00 +2023-08-03T22:00:29.636831+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-03T19:57:55.053000+00:00 +2023-08-03T21:24:30.280000+00:00 ``` ### Last Data Feed Release @@ -29,51 +29,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -221597 +221600 ``` ### CVEs added in the last Commit -Recently added CVEs: `7` +Recently added CVEs: `3` -* [CVE-2022-42986](CVE-2022/CVE-2022-429xx/CVE-2022-42986.json) (`2023-08-03T18:15:11.113`) -* [CVE-2023-32764](CVE-2023/CVE-2023-327xx/CVE-2023-32764.json) (`2023-08-03T18:15:11.230`) -* [CVE-2023-35081](CVE-2023/CVE-2023-350xx/CVE-2023-35081.json) (`2023-08-03T18:15:11.303`) -* [CVE-2023-36217](CVE-2023/CVE-2023-362xx/CVE-2023-36217.json) (`2023-08-03T18:15:11.397`) -* [CVE-2023-39075](CVE-2023/CVE-2023-390xx/CVE-2023-39075.json) (`2023-08-03T18:15:11.477`) -* [CVE-2023-0956](CVE-2023/CVE-2023-09xx/CVE-2023-0956.json) (`2023-08-03T19:15:10.323`) -* [CVE-2023-38942](CVE-2023/CVE-2023-389xx/CVE-2023-38942.json) (`2023-08-03T19:15:10.600`) +* [CVE-2023-33666](CVE-2023/CVE-2023-336xx/CVE-2023-33666.json) (`2023-08-03T20:15:11.337`) +* [CVE-2023-39121](CVE-2023/CVE-2023-391xx/CVE-2023-39121.json) (`2023-08-03T20:15:11.623`) +* [CVE-2023-3749](CVE-2023/CVE-2023-37xx/CVE-2023-3749.json) (`2023-08-03T20:15:11.883`) ### CVEs modified in the last Commit -Recently modified CVEs: `32` +Recently modified CVEs: `41` -* [CVE-2022-2502](CVE-2022/CVE-2022-25xx/CVE-2022-2502.json) (`2023-08-03T19:26:16.343`) -* [CVE-2023-39020](CVE-2023/CVE-2023-390xx/CVE-2023-39020.json) (`2023-08-03T18:01:31.200`) -* [CVE-2023-39018](CVE-2023/CVE-2023-390xx/CVE-2023-39018.json) (`2023-08-03T18:04:07.150`) -* [CVE-2023-39017](CVE-2023/CVE-2023-390xx/CVE-2023-39017.json) (`2023-08-03T18:05:20.460`) -* [CVE-2023-39016](CVE-2023/CVE-2023-390xx/CVE-2023-39016.json) (`2023-08-03T18:07:14.903`) -* [CVE-2023-38609](CVE-2023/CVE-2023-386xx/CVE-2023-38609.json) (`2023-08-03T18:09:27.580`) -* [CVE-2023-39015](CVE-2023/CVE-2023-390xx/CVE-2023-39015.json) (`2023-08-03T18:09:48.280`) -* [CVE-2023-39013](CVE-2023/CVE-2023-390xx/CVE-2023-39013.json) (`2023-08-03T18:10:07.200`) -* [CVE-2023-39010](CVE-2023/CVE-2023-390xx/CVE-2023-39010.json) (`2023-08-03T18:10:42.550`) -* [CVE-2023-38992](CVE-2023/CVE-2023-389xx/CVE-2023-38992.json) (`2023-08-03T18:10:52.757`) -* [CVE-2023-37754](CVE-2023/CVE-2023-377xx/CVE-2023-37754.json) (`2023-08-03T18:11:04.527`) -* [CVE-2023-39122](CVE-2023/CVE-2023-391xx/CVE-2023-39122.json) (`2023-08-03T18:15:11.547`) -* [CVE-2023-32443](CVE-2023/CVE-2023-324xx/CVE-2023-32443.json) (`2023-08-03T18:16:54.600`) -* [CVE-2023-32468](CVE-2023/CVE-2023-324xx/CVE-2023-32468.json) (`2023-08-03T18:23:50.197`) -* [CVE-2023-3977](CVE-2023/CVE-2023-39xx/CVE-2023-3977.json) (`2023-08-03T18:29:30.730`) -* [CVE-2023-37467](CVE-2023/CVE-2023-374xx/CVE-2023-37467.json) (`2023-08-03T18:34:44.600`) -* [CVE-2023-2860](CVE-2023/CVE-2023-28xx/CVE-2023-2860.json) (`2023-08-03T18:39:50.520`) -* [CVE-2023-35087](CVE-2023/CVE-2023-350xx/CVE-2023-35087.json) (`2023-08-03T18:43:53.560`) -* [CVE-2023-3670](CVE-2023/CVE-2023-36xx/CVE-2023-3670.json) (`2023-08-03T18:44:39.050`) -* [CVE-2023-3773](CVE-2023/CVE-2023-37xx/CVE-2023-3773.json) (`2023-08-03T18:51:44.460`) -* [CVE-2023-38988](CVE-2023/CVE-2023-389xx/CVE-2023-38988.json) (`2023-08-03T18:54:14.513`) -* [CVE-2023-36542](CVE-2023/CVE-2023-365xx/CVE-2023-36542.json) (`2023-08-03T19:09:29.110`) -* [CVE-2023-37216](CVE-2023/CVE-2023-372xx/CVE-2023-37216.json) (`2023-08-03T19:14:49.727`) -* [CVE-2023-4007](CVE-2023/CVE-2023-40xx/CVE-2023-4007.json) (`2023-08-03T19:16:00.417`) -* [CVE-2023-38572](CVE-2023/CVE-2023-385xx/CVE-2023-38572.json) (`2023-08-03T19:57:55.053`) +* [CVE-2022-47506](CVE-2022/CVE-2022-475xx/CVE-2022-47506.json) (`2023-08-03T21:15:12.730`) +* [CVE-2022-47507](CVE-2022/CVE-2022-475xx/CVE-2022-47507.json) (`2023-08-03T21:15:12.867`) +* [CVE-2022-47509](CVE-2022/CVE-2022-475xx/CVE-2022-47509.json) (`2023-08-03T21:15:12.990`) +* [CVE-2022-47512](CVE-2022/CVE-2022-475xx/CVE-2022-47512.json) (`2023-08-03T21:15:13.127`) +* [CVE-2023-3508](CVE-2023/CVE-2023-35xx/CVE-2023-3508.json) (`2023-08-03T20:03:41.923`) +* [CVE-2023-3507](CVE-2023/CVE-2023-35xx/CVE-2023-3507.json) (`2023-08-03T20:06:15.517`) +* [CVE-2023-3345](CVE-2023/CVE-2023-33xx/CVE-2023-3345.json) (`2023-08-03T20:30:11.853`) +* [CVE-2023-0602](CVE-2023/CVE-2023-06xx/CVE-2023-0602.json) (`2023-08-03T20:35:13.990`) +* [CVE-2023-4006](CVE-2023/CVE-2023-40xx/CVE-2023-4006.json) (`2023-08-03T20:39:51.860`) +* [CVE-2023-4005](CVE-2023/CVE-2023-40xx/CVE-2023-4005.json) (`2023-08-03T20:40:43.133`) +* [CVE-2023-32225](CVE-2023/CVE-2023-322xx/CVE-2023-32225.json) (`2023-08-03T20:46:02.310`) +* [CVE-2023-32226](CVE-2023/CVE-2023-322xx/CVE-2023-32226.json) (`2023-08-03T20:49:39.170`) +* [CVE-2023-32227](CVE-2023/CVE-2023-322xx/CVE-2023-32227.json) (`2023-08-03T20:54:18.493`) +* [CVE-2023-3134](CVE-2023/CVE-2023-31xx/CVE-2023-3134.json) (`2023-08-03T21:00:41.997`) +* [CVE-2023-23836](CVE-2023/CVE-2023-238xx/CVE-2023-23836.json) (`2023-08-03T21:15:13.297`) +* [CVE-2023-23837](CVE-2023/CVE-2023-238xx/CVE-2023-23837.json) (`2023-08-03T21:15:13.427`) +* [CVE-2023-23838](CVE-2023/CVE-2023-238xx/CVE-2023-23838.json) (`2023-08-03T21:15:13.577`) +* [CVE-2023-23839](CVE-2023/CVE-2023-238xx/CVE-2023-23839.json) (`2023-08-03T21:15:13.687`) +* [CVE-2023-23841](CVE-2023/CVE-2023-238xx/CVE-2023-23841.json) (`2023-08-03T21:15:13.827`) +* [CVE-2023-23843](CVE-2023/CVE-2023-238xx/CVE-2023-23843.json) (`2023-08-03T21:15:13.960`) +* [CVE-2023-23844](CVE-2023/CVE-2023-238xx/CVE-2023-23844.json) (`2023-08-03T21:15:14.107`) +* [CVE-2023-33224](CVE-2023/CVE-2023-332xx/CVE-2023-33224.json) (`2023-08-03T21:15:14.230`) +* [CVE-2023-33231](CVE-2023/CVE-2023-332xx/CVE-2023-33231.json) (`2023-08-03T21:15:14.363`) +* [CVE-2023-37213](CVE-2023/CVE-2023-372xx/CVE-2023-37213.json) (`2023-08-03T21:21:59.040`) +* [CVE-2023-3130](CVE-2023/CVE-2023-31xx/CVE-2023-3130.json) (`2023-08-03T21:24:30.280`) ## Download and Usage