From c300a560bfbd647b331b3d67ab34483645800586 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 31 Jul 2023 18:00:35 +0000 Subject: [PATCH] Auto-Update: 2023-07-31T18:00:31.225433+00:00 --- CVE-2020/CVE-2020-367xx/CVE-2020-36763.json | 20 + CVE-2023/CVE-2023-15xx/CVE-2023-1547.json | 4 +- CVE-2023/CVE-2023-20xx/CVE-2023-2029.json | 11 +- CVE-2023/CVE-2023-225xx/CVE-2023-22505.json | 71 ++- CVE-2023/CVE-2023-225xx/CVE-2023-22506.json | 71 ++- CVE-2023/CVE-2023-225xx/CVE-2023-22508.json | 99 +++- CVE-2023/CVE-2023-23xx/CVE-2023-2309.json | 53 +- CVE-2023/CVE-2023-263xx/CVE-2023-26301.json | 580 +++++++++++++++++++- CVE-2023/CVE-2023-27xx/CVE-2023-2761.json | 53 +- CVE-2023/CVE-2023-29xx/CVE-2023-2958.json | 4 +- CVE-2023/CVE-2023-302xx/CVE-2023-30200.json | 65 ++- CVE-2023/CVE-2023-31xx/CVE-2023-3102.json | 68 ++- CVE-2023/CVE-2023-320xx/CVE-2023-32046.json | 9 +- CVE-2023/CVE-2023-322xx/CVE-2023-32265.json | 128 ++++- CVE-2023/CVE-2023-324xx/CVE-2023-32476.json | 46 +- CVE-2023/CVE-2023-327xx/CVE-2023-32712.json | 30 +- CVE-2023/CVE-2023-32xx/CVE-2023-3248.json | 53 +- CVE-2023/CVE-2023-331xx/CVE-2023-33170.json | 44 +- CVE-2023/CVE-2023-33xx/CVE-2023-3319.json | 4 +- CVE-2023/CVE-2023-33xx/CVE-2023-3344.json | 53 +- CVE-2023/CVE-2023-340xx/CVE-2023-34017.json | 47 +- CVE-2023/CVE-2023-342xx/CVE-2023-34236.json | 101 +++- CVE-2023/CVE-2023-343xx/CVE-2023-34369.json | 47 +- CVE-2023/CVE-2023-349xx/CVE-2023-34916.json | 24 + CVE-2023/CVE-2023-349xx/CVE-2023-34917.json | 24 + CVE-2023/CVE-2023-349xx/CVE-2023-34966.json | 124 ++++- CVE-2023/CVE-2023-34xx/CVE-2023-3484.json | 79 ++- CVE-2023/CVE-2023-350xx/CVE-2023-35069.json | 4 +- CVE-2023/CVE-2023-365xx/CVE-2023-36543.json | 4 +- CVE-2023/CVE-2023-36xx/CVE-2023-3600.json | 15 +- CVE-2023/CVE-2023-36xx/CVE-2023-3609.json | 95 +++- CVE-2023/CVE-2023-36xx/CVE-2023-3610.json | 121 +++- CVE-2023/CVE-2023-36xx/CVE-2023-3611.json | 71 ++- CVE-2023/CVE-2023-371xx/CVE-2023-37164.json | 65 ++- CVE-2023/CVE-2023-374xx/CVE-2023-37464.json | 64 ++- CVE-2023/CVE-2023-374xx/CVE-2023-37473.json | 56 +- CVE-2023/CVE-2023-375xx/CVE-2023-37580.json | 24 + CVE-2023/CVE-2023-376xx/CVE-2023-37600.json | 65 ++- CVE-2023/CVE-2023-376xx/CVE-2023-37601.json | 65 ++- CVE-2023/CVE-2023-376xx/CVE-2023-37602.json | 65 ++- CVE-2023/CVE-2023-376xx/CVE-2023-37629.json | 11 +- CVE-2023/CVE-2023-377xx/CVE-2023-37771.json | 20 + CVE-2023/CVE-2023-379xx/CVE-2023-37917.json | 60 +- CVE-2023/CVE-2023-379xx/CVE-2023-37918.json | 77 ++- CVE-2023/CVE-2023-37xx/CVE-2023-3776.json | 71 ++- CVE-2023/CVE-2023-37xx/CVE-2023-3786.json | 92 +++- CVE-2023/CVE-2023-384xx/CVE-2023-38408.json | 166 +++++- CVE-2023/CVE-2023-386xx/CVE-2023-38617.json | 65 ++- CVE-2023/CVE-2023-387xx/CVE-2023-38750.json | 24 + CVE-2023/CVE-2023-38xx/CVE-2023-3803.json | 71 ++- CVE-2023/CVE-2023-38xx/CVE-2023-3804.json | 60 +- CVE-2023/CVE-2023-38xx/CVE-2023-3805.json | 60 +- CVE-2023/CVE-2023-38xx/CVE-2023-3817.json | 36 ++ CVE-2023/CVE-2023-38xx/CVE-2023-3850.json | 55 +- CVE-2023/CVE-2023-38xx/CVE-2023-3853.json | 55 +- CVE-2023/CVE-2023-38xx/CVE-2023-3859.json | 55 +- CVE-2023/CVE-2023-38xx/CVE-2023-3860.json | 55 +- CVE-2023/CVE-2023-38xx/CVE-2023-3861.json | 55 +- CVE-2023/CVE-2023-38xx/CVE-2023-3862.json | 55 +- CVE-2023/CVE-2023-39xx/CVE-2023-3997.json | 43 ++ CVE-2023/CVE-2023-40xx/CVE-2023-4004.json | 51 ++ CVE-2023/CVE-2023-40xx/CVE-2023-4010.json | 51 ++ CVE-2023/CVE-2023-40xx/CVE-2023-4026.json | 15 + README.md | 81 +-- 64 files changed, 3738 insertions(+), 272 deletions(-) create mode 100644 CVE-2020/CVE-2020-367xx/CVE-2020-36763.json create mode 100644 CVE-2023/CVE-2023-349xx/CVE-2023-34916.json create mode 100644 CVE-2023/CVE-2023-349xx/CVE-2023-34917.json create mode 100644 CVE-2023/CVE-2023-375xx/CVE-2023-37580.json create mode 100644 CVE-2023/CVE-2023-377xx/CVE-2023-37771.json create mode 100644 CVE-2023/CVE-2023-387xx/CVE-2023-38750.json create mode 100644 CVE-2023/CVE-2023-38xx/CVE-2023-3817.json create mode 100644 CVE-2023/CVE-2023-39xx/CVE-2023-3997.json create mode 100644 CVE-2023/CVE-2023-40xx/CVE-2023-4004.json create mode 100644 CVE-2023/CVE-2023-40xx/CVE-2023-4010.json create mode 100644 CVE-2023/CVE-2023-40xx/CVE-2023-4026.json diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36763.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36763.json new file mode 100644 index 00000000000..f62fddc757f --- /dev/null +++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36763.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2020-36763", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-31T16:15:10.090", + "lastModified": "2023-07-31T17:30:17.057", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting (XSS) vulnerability in DuxCMS 2.1 allows remote attackers to run arbitrary code via the content, time, copyfrom parameters when adding or editing a post." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gitee.com/annyshow/DuxCMS2.1/issues/I183GG", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-15xx/CVE-2023-1547.json b/CVE-2023/CVE-2023-15xx/CVE-2023-1547.json index ff1fab21cde..af70ff002e6 100644 --- a/CVE-2023/CVE-2023-15xx/CVE-2023-1547.json +++ b/CVE-2023/CVE-2023-15xx/CVE-2023-1547.json @@ -2,8 +2,8 @@ "id": "CVE-2023-1547", "sourceIdentifier": "cve@usom.gov.tr", "published": "2023-07-13T08:15:10.400", - "lastModified": "2023-07-26T10:15:09.940", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-07-31T17:47:20.990", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2029.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2029.json index 561d4a8b290..9b1390d2e4c 100644 --- a/CVE-2023/CVE-2023-20xx/CVE-2023-2029.json +++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2029.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2029", "sourceIdentifier": "contact@wpscan.com", "published": "2023-07-10T16:15:50.930", - "lastModified": "2023-07-25T17:15:10.997", - "vulnStatus": "Modified", + "lastModified": "2023-07-31T17:48:07.683", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -67,7 +67,12 @@ "references": [ { "url": "http://packetstormsecurity.com/files/173729/WordPress-PrePost-SEO-3.0-Cross-Site-Scripting.html", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://wpscan.com/vulnerability/4889ad5a-c8c4-4958-b176-64560490497b", diff --git a/CVE-2023/CVE-2023-225xx/CVE-2023-22505.json b/CVE-2023/CVE-2023-225xx/CVE-2023-22505.json index 5302ae7f020..6982c80a8b0 100644 --- a/CVE-2023/CVE-2023-225xx/CVE-2023-22505.json +++ b/CVE-2023/CVE-2023-225xx/CVE-2023-22505.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22505", "sourceIdentifier": "security@atlassian.com", "published": "2023-07-18T21:15:15.583", - "lastModified": "2023-07-18T22:17:55.173", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T17:02:37.010", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "security@atlassian.com", @@ -34,10 +56,53 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "8.3.2", + "matchCriteriaId": "E4502C12-1DC4-41A0-91A5-4D105D21D9FB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "8.3.2", + "matchCriteriaId": "D643B5D8-E584-45E0-8112-2B0274213C34" + } + ] + } + ] + } + ], "references": [ { "url": "https://jira.atlassian.com/browse/CONFSERVER-88265", - "source": "security@atlassian.com" + "source": "security@atlassian.com", + "tags": [ + "Issue Tracking", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-225xx/CVE-2023-22506.json b/CVE-2023/CVE-2023-225xx/CVE-2023-22506.json index 7db279d8565..8089b3a13c7 100644 --- a/CVE-2023/CVE-2023-225xx/CVE-2023-22506.json +++ b/CVE-2023/CVE-2023-225xx/CVE-2023-22506.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22506", "sourceIdentifier": "security@atlassian.com", "published": "2023-07-19T00:15:09.447", - "lastModified": "2023-07-19T17:15:22.070", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T17:15:30.300", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "security@atlassian.com", @@ -34,10 +56,53 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:atlassian:bamboo_data_center:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "9.2.3", + "matchCriteriaId": "89C4682B-B5CC-4185-9380-4B39C3D7C40D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:atlassian:bamboo_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "9.2.3", + "matchCriteriaId": "D1970E16-C3C5-4326-835F-A11F38E9274B" + } + ] + } + ] + } + ], "references": [ { "url": "https://jira.atlassian.com/browse/BAM-22400", - "source": "security@atlassian.com" + "source": "security@atlassian.com", + "tags": [ + "Issue Tracking", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-225xx/CVE-2023-22508.json b/CVE-2023/CVE-2023-225xx/CVE-2023-22508.json index 2a66de1c6cc..691573cf682 100644 --- a/CVE-2023/CVE-2023-225xx/CVE-2023-22508.json +++ b/CVE-2023/CVE-2023-225xx/CVE-2023-22508.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22508", "sourceIdentifier": "security@atlassian.com", "published": "2023-07-18T23:15:09.297", - "lastModified": "2023-07-28T17:15:09.647", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-07-31T17:12:30.293", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "security@atlassian.com", @@ -34,10 +56,81 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.1.0", + "versionEndExcluding": "7.13.20", + "matchCriteriaId": "406C37DD-9A78-4BC3-B91B-C649B75DDC21" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.14.0", + "versionEndExcluding": "7.19.8", + "matchCriteriaId": "EBD124AD-097C-4F5C-978A-6070A539F220" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "8.2.0", + "matchCriteriaId": "0CFB6784-FD6E-4346-BC1E-3A53DFAAD9B0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.1.0", + "versionEndExcluding": "7.13.20", + "matchCriteriaId": "0E4CB719-B825-4ED0-B783-EF8DE9E1B5EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.14.0", + "versionEndExcluding": "7.19.8", + "matchCriteriaId": "4CE5A04D-2133-4E27-951F-C5F6BAB044AF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "8.2.0", + "matchCriteriaId": "61ABEF8D-B940-44CF-845B-238A23DBEA02" + } + ] + } + ] + } + ], "references": [ { "url": "https://jira.atlassian.com/browse/CONFSERVER-88221", - "source": "security@atlassian.com" + "source": "security@atlassian.com", + "tags": [ + "Issue Tracking", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2309.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2309.json index 3c5b94a36d7..9f17eae1cc7 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2309.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2309.json @@ -2,15 +2,38 @@ "id": "CVE-2023-2309", "sourceIdentifier": "contact@wpscan.com", "published": "2023-07-24T11:15:09.653", - "lastModified": "2023-07-24T13:09:06.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T17:22:54.897", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The wpForo Forum WordPress plugin before 2.1.9 does not escape some request parameters while in debug mode, leading to a Reflected Cross-Site Scripting vulnerability." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gvectors:wpforo_forum:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.1.9", + "matchCriteriaId": "DF8AABB0-BB27-4B1F-ABE8-AB71D7025131" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/1b3f4558-ea41-4749-9aa2-d3971fc9ca0d", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-263xx/CVE-2023-26301.json b/CVE-2023/CVE-2023-263xx/CVE-2023-26301.json index 849c7cb95d0..fc686d7c9b7 100644 --- a/CVE-2023/CVE-2023-263xx/CVE-2023-26301.json +++ b/CVE-2023/CVE-2023-263xx/CVE-2023-26301.json @@ -2,19 +2,591 @@ "id": "CVE-2023-26301", "sourceIdentifier": "hp-security-alert@hp.com", "published": "2023-07-21T17:15:10.090", - "lastModified": "2023-07-24T13:09:06.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T17:29:04.590", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:color_laserjet_pro_4201-4203_4ra87f_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.12.1.12-202306030312", + "matchCriteriaId": "E8C9426B-61E7-40B2-BF42-812194F0E6B7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hp:color_laserjet_pro_4201-4203_4ra87f:-:*:*:*:*:*:*:*", + "matchCriteriaId": "203BBCA0-0378-484A-9CF0-40D24D3333F3" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:color_laserjet_pro_4201-4203_4ra88f_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.12.1.12-202306030312", + "matchCriteriaId": "DDF9A6CA-B766-45D5-BFA4-31D2568EF429" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hp:color_laserjet_pro_4201-4203_4ra88f:-:*:*:*:*:*:*:*", + "matchCriteriaId": "724B5880-1F1D-421F-841A-60F30890047B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:color_laserjet_pro_4201-4203_4ra89a_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.12.1.12-202306030312", + "matchCriteriaId": "F6FF21B5-CF98-4898-88AF-4FFB4E198EB8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hp:color_laserjet_pro_4201-4203_4ra89a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "61792274-0695-4D5E-AE00-8D4C51028256" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:color_laserjet_pro_4201-4203_5hh48a_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.12.1.12-202306030312", + "matchCriteriaId": "5A86EB5F-6155-43DE-945E-059ED13F20A0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hp:color_laserjet_pro_4201-4203_5hh48a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C74AC237-9736-4C3F-9F08-1AB2CEF3B4E4" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:color_laserjet_pro_4201-4203_5hh51a_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.12.1.12-202306030312", + "matchCriteriaId": "C298E58A-D415-4949-A52A-08FACD02EE45" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hp:color_laserjet_pro_4201-4203_5hh51a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA571804-094B-46E2-85B0-8D836F3B1BA5" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:color_laserjet_pro_4201-4203_5hh52a_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.12.1.12-202306030312", + "matchCriteriaId": "49B2EA8F-42FC-4333-8FE9-C3AFB9F9DD3E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hp:color_laserjet_pro_4201-4203_5hh52a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5B246003-485F-4EFA-BF1A-B8D5E5A2A3D2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:color_laserjet_pro_4201-4203_5hh53a_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.12.1.12-202306030312", + "matchCriteriaId": "AC990B4B-E53C-4B28-84F8-44450FB40F53" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hp:color_laserjet_pro_4201-4203_5hh53a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DBFE8E26-0811-4C77-866D-0F02F9BDF97E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:color_laserjet_pro_4201-4203_5hh59a_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.12.1.12-202306030312", + "matchCriteriaId": "4CEBA7D2-AF17-4EE2-B1F3-A3DA7093254D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hp:color_laserjet_pro_4201-4203_5hh59a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "00D66D0A-9C7B-44CE-8966-5AB271C27095" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:color_laserjet_pro_mfp_4301-4303_4ra80f_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.12.1.12-202306030312", + "matchCriteriaId": "EB01C76F-1BFC-472B-B6D0-B349A35F3446" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hp:color_laserjet_pro_mfp_4301-4303_4ra80f:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7C55EC1B-249D-4BFB-8D67-6D89EFD40353" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:color_laserjet_pro_mfp_4301-4303_4ra81f_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.12.1.12-202306030312", + "matchCriteriaId": "E1B3E42B-225A-47C2-8090-F756D40885E8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hp:color_laserjet_pro_mfp_4301-4303_4ra81f:-:*:*:*:*:*:*:*", + "matchCriteriaId": "712BE206-B380-4546-B8FC-AEB3869C8DB3" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:color_laserjet_pro_mfp_4301-4303_4ra82f_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.12.1.12-202306030312", + "matchCriteriaId": "F6678248-6587-4441-9412-5EF6BB18C8D0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hp:color_laserjet_pro_mfp_4301-4303_4ra82f:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C42B5079-558B-4A2A-A4D1-B63BDCC13467" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:color_laserjet_pro_mfp_4301-4303_4ra83f_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.12.1.12-202306030312", + "matchCriteriaId": "BE65F983-0423-4155-836F-1ED15F1B0380" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hp:color_laserjet_pro_mfp_4301-4303_4ra83f:-:*:*:*:*:*:*:*", + "matchCriteriaId": "362F5A19-AA44-4BA6-9CD9-C046044D7E78" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:color_laserjet_pro_mfp_4301-4303_4ra84f_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.12.1.12-202306030312", + "matchCriteriaId": "AFF82D9F-69E6-40B7-BEAC-29C074876DAA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hp:color_laserjet_pro_mfp_4301-4303_4ra84f:-:*:*:*:*:*:*:*", + "matchCriteriaId": "32106D22-7978-41F5-B139-7DA78475B865" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:color_laserjet_pro_mfp_4301-4303_5hh64f_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.12.1.12-202306030312", + "matchCriteriaId": "39AEEA62-5FF4-437F-8469-A99CE8E044E3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hp:color_laserjet_pro_mfp_4301-4303_5hh64f:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5EA192E2-B9BF-4909-8160-E2BD4D75E638" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:color_laserjet_pro_mfp_4301-4303_5hh65a_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.12.1.12-202306030312", + "matchCriteriaId": "58F8CE0A-EE2E-47F4-AACF-EC3175BBAF6D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hp:color_laserjet_pro_mfp_4301-4303_5hh65a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3AAFA834-935B-49FA-8BA4-853857E171BE" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:color_laserjet_pro_mfp_4301-4303_5hh66a_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.12.1.12-202306030312", + "matchCriteriaId": "8B28148B-6918-4956-A6DD-4A038E2A65D0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hp:color_laserjet_pro_mfp_4301-4303_5hh66a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5D413FC4-C4EE-4C7A-A70E-64892710F1D7" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:color_laserjet_pro_mfp_4301-4303_5hh67a_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.12.1.12-202306030312", + "matchCriteriaId": "4B8C7A23-A2E8-42AC-BA59-33758881A60B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hp:color_laserjet_pro_mfp_4301-4303_5hh67a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "69496710-B72E-4845-B16C-779C93B50236" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:color_laserjet_pro_mfp_4301-4303_5hh72a_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.12.1.12-202306030312", + "matchCriteriaId": "134C2D77-A199-4239-8A1F-5B41BC06F6FF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hp:color_laserjet_pro_mfp_4301-4303_5hh72a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "669FDBEE-6FC5-429B-ABA8-E379C7D5438E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:color_laserjet_pro_mfp_4301-4303_5hh73a_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.12.1.12-202306030312", + "matchCriteriaId": "2B0C4834-38A6-4729-8D3D-A6746DA3ADC1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hp:color_laserjet_pro_mfp_4301-4303_5hh73a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3C92DB95-37EA-4CD5-A66E-D7187379D5A7" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.hp.com/us-en/document/ish_8746769-8746795-16/hpsbpi03855", - "source": "hp-security-alert@hp.com" + "source": "hp-security-alert@hp.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2761.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2761.json index 401519d094c..4660a33390f 100644 --- a/CVE-2023/CVE-2023-27xx/CVE-2023-2761.json +++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2761.json @@ -2,15 +2,38 @@ "id": "CVE-2023-2761", "sourceIdentifier": "contact@wpscan.com", "published": "2023-07-24T11:15:09.733", - "lastModified": "2023-07-24T13:09:06.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T17:17:58.933", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The User Activity Log WordPress plugin before 1.6.3 does not properly sanitise and escape the `txtsearch` parameter before using it in a SQL statement in some admin pages, leading to a SQL injection exploitable by high privilege users such as admin." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:solwininfotech:user_activity_log:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.6.3", + "matchCriteriaId": "C1DC5EDB-D938-4B7F-8769-D7096BFEF4DE" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/8c82d317-f9f9-4e25-a7f1-43edb77e8aba", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2958.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2958.json index ca6aa88b0c6..a53b955401f 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2958.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2958.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2958", "sourceIdentifier": "cve@usom.gov.tr", "published": "2023-07-17T15:15:09.610", - "lastModified": "2023-07-26T10:15:11.257", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-07-31T17:46:45.333", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-302xx/CVE-2023-30200.json b/CVE-2023/CVE-2023-302xx/CVE-2023-30200.json index 85d17b4ed2b..be114f0601a 100644 --- a/CVE-2023/CVE-2023-302xx/CVE-2023-30200.json +++ b/CVE-2023/CVE-2023-302xx/CVE-2023-30200.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30200", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-20T20:15:10.177", - "lastModified": "2023-07-21T12:52:36.740", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T16:32:13.183", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -34,14 +54,51 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:advancedplugins:ultimateimagetool:*:*:*:*:*:prestashop:*:*", + "versionEndExcluding": "2.1.03", + "matchCriteriaId": "2A73AAAE-178B-46E9-AEC1-411DB5988A17" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/PrestaShop/PrestaShop/blob/6c05518b807d014ee8edb811041e3de232520c28/classes/Tools.php#L1247", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://security.friendsofpresta.org/modules/2023/07/20/ultimateimagetool.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3102.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3102.json index 66190a7f7d3..89036ab776d 100644 --- a/CVE-2023/CVE-2023-31xx/CVE-2023-3102.json +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3102.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3102", "sourceIdentifier": "cve@gitlab.com", "published": "2023-07-21T16:15:10.053", - "lastModified": "2023-07-24T13:09:06.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T17:04:35.893", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -46,14 +76,44 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "16.0.0", + "versionEndExcluding": "16.0.6", + "matchCriteriaId": "8D33EB2F-DB0F-40DA-9C1C-4A33856EABDD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:16.1.0:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "5E6C33D0-3B6E-434F-A1B9-5495B1C35308" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/414269", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://hackerone.com/reports/2012073", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32046.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32046.json index 84e221d94a1..2eb59276945 100644 --- a/CVE-2023/CVE-2023-320xx/CVE-2023-32046.json +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32046.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32046", "sourceIdentifier": "secure@microsoft.com", "published": "2023-07-11T18:15:13.313", - "lastModified": "2023-07-26T07:15:09.427", - "vulnStatus": "Modified", + "lastModified": "2023-07-31T17:48:02.057", + "vulnStatus": "Analyzed", "cisaExploitAdd": "2023-07-11", "cisaActionDue": "2023-08-01", "cisaRequiredAction": "Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.", @@ -142,7 +142,10 @@ "references": [ { "url": "http://seclists.org/fulldisclosure/2023/Jul/43", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32046", diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32265.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32265.json index eecb6b68326..4f124e4baaa 100644 --- a/CVE-2023/CVE-2023-322xx/CVE-2023-32265.json +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32265.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32265", "sourceIdentifier": "security@opentext.com", "published": "2023-07-20T14:15:11.193", - "lastModified": "2023-07-20T16:45:55.920", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T17:06:15.177", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security@opentext.com", "type": "Secondary", @@ -34,10 +54,112 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microfocus:cobol_server:6.0:-:*:*:*:*:*:*", + "matchCriteriaId": "3126671E-BE13-4240-B51F-C6FC9F3BABCE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microfocus:cobol_server:7.0:-:*:*:*:*:*:*", + "matchCriteriaId": "BD7DBDAA-E0C3-44E7-897F-59ED52990741" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microfocus:cobol_server:8.0:-:*:*:*:*:*:*", + "matchCriteriaId": "1A2BBD33-F853-494F-98FA-F5436AA6D4B0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microfocus:enterprise_developer:6.0:-:*:*:*:*:*:*", + "matchCriteriaId": "EF035EDF-2882-49C0-BABA-BA74169077CA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microfocus:enterprise_developer:7.0:-:*:*:*:*:*:*", + "matchCriteriaId": "9E523EE6-1949-4890-97AD-6C06062115B3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microfocus:enterprise_developer:8.0:-:*:*:*:*:*:*", + "matchCriteriaId": "2E411AFF-F1FF-4548-B2F0-DC15016FCACF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microfocus:enterprise_server:6.0:-:*:*:*:*:*:*", + "matchCriteriaId": "681ED2CA-D5DE-4828-AD4C-22042927AD56" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microfocus:enterprise_server:7.0:-:*:*:*:*:*:*", + "matchCriteriaId": "B43620BE-A850-4CB8-958E-802744DAE5EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microfocus:enterprise_server:8.0:-:*:*:*:*:*:*", + "matchCriteriaId": "1F47D3F3-6779-4501-B53D-A423F325BC7A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microfocus:enterprise_test_server:6.0:-:*:*:*:*:*:*", + "matchCriteriaId": "F25363C5-6E2E-4A96-A6C7-4111ECCDC452" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microfocus:enterprise_test_server:7.0:-:*:*:*:*:*:*", + "matchCriteriaId": "ADC1491E-5BCB-4FB2-864E-3246C5F2ABEF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microfocus:enterprise_test_server:8.0:-:*:*:*:*:*:*", + "matchCriteriaId": "08FD4630-9410-4335-9F07-A05D92CAB9B7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microfocus:visual_cobol:6.0:-:*:*:*:*:*:*", + "matchCriteriaId": "A60B87CD-A7FC-4761-A2F3-702EDE8AFA2C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microfocus:visual_cobol:7.0:-:*:*:*:*:*:*", + "matchCriteriaId": "3440F8D5-194F-4592-A847-859353250DC2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microfocus:visual_cobol:8.0:-:*:*:*:*:*:*", + "matchCriteriaId": "512DEAD9-6ABF-42FC-AD28-6F1BD039B8D9" + } + ] + } + ] + } + ], "references": [ { "url": "https://portal.microfocus.com/s/article/KM000019323?language=en_US", - "source": "security@opentext.com" + "source": "security@opentext.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32476.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32476.json index b6cbc08554c..c5ef917ddd6 100644 --- a/CVE-2023/CVE-2023-324xx/CVE-2023-32476.json +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32476.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32476", "sourceIdentifier": "security_alert@emc.com", "published": "2023-07-20T14:15:11.713", - "lastModified": "2023-07-20T16:45:55.920", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T17:05:59.917", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -46,10 +66,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:hybrid_client:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DE66F8C1-D98F-4011-BBDC-386A1DCF2BEC" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000215862/dsa-2023-258-dell", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32712.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32712.json index a4b7263b30e..7b7504b338f 100644 --- a/CVE-2023/CVE-2023-327xx/CVE-2023-32712.json +++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32712.json @@ -2,12 +2,12 @@ "id": "CVE-2023-32712", "sourceIdentifier": "prodsec@splunk.com", "published": "2023-06-01T17:15:10.397", - "lastModified": "2023-06-07T14:23:31.040", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-31T17:15:09.927", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an attacker can use a specially crafted web URL in their browser to cause log file poisoning. The attack requires the attacker to have secure shell (SSH) access to the instance and use a terminal program that supports a certain feature set to execute the attack successfully." + "value": "In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk log files that, when a vulnerable terminal application reads them, can potentially result in possible code execution in the vulnerable application. This attack requires a user to use a terminal application that supports the translation of ANSI escape codes, to read the malicious log file locally in the vulnerable terminal, and to perform additional user interaction to exploit.\u00a0 The vulnerability does not affect Splunk Cloud Platform instances. The vulnerability does not directly affect Splunk Enterprise. The indirect impact on the Splunk Enterprise instance can vary significantly depending on the permissions in the vulnerable terminal application and where and how the user reads the malicious log file. For example, users can copy the malicious file from the Splunk Enterprise instance and read it on their local machine." } ], "metrics": { @@ -37,20 +37,20 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N", - "attackVector": "NETWORK", - "attackComplexity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", - "confidentialityImpact": "NONE", - "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 3.4, - "baseSeverity": "LOW" + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH" }, - "exploitabilityScore": 1.6, - "impactScore": 1.4 + "exploitabilityScore": 1.8, + "impactScore": 6.0 } ] }, @@ -106,6 +106,10 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://research.splunk.com/application/de3908dc-1298-446d-84b9-fa81d37e959b", + "source": "prodsec@splunk.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3248.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3248.json index 98c9a5e7a1f..bb549442555 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3248.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3248.json @@ -2,15 +2,38 @@ "id": "CVE-2023-3248", "sourceIdentifier": "contact@wpscan.com", "published": "2023-07-24T11:15:09.810", - "lastModified": "2023-07-24T13:09:06.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T17:12:18.987", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The All-in-one Floating Contact Form WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:premio:my_sticky_elements:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.1.2", + "matchCriteriaId": "A8CE1FE6-1721-4930-969C-46F9430CF164" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/90c7496b-552f-4566-b7ae-8c953c965352", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33170.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33170.json index b567ff1ee1f..2a200f0bf69 100644 --- a/CVE-2023/CVE-2023-331xx/CVE-2023-33170.json +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33170.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33170", "sourceIdentifier": "secure@microsoft.com", "published": "2023-07-11T18:15:15.660", - "lastModified": "2023-07-22T03:15:09.810", - "vulnStatus": "Modified", + "lastModified": "2023-07-31T17:47:49.250", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -98,24 +98,56 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", + "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] } ], "references": [ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVZVMMCCBBCSCPAW2CRQGOTKIHVFCMRO/", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5CFOR6ID2HP45E7ZOGQNX76FPIWP7XR/", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TLWNIIA2I6YCYVCXYBPBRSZ3UH6KILTG/", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3VJRGNYJXGPF5LXUG3NL45QPK2UU6PL/", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33170", diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3319.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3319.json index 84846a157e6..501ae3a91b0 100644 --- a/CVE-2023/CVE-2023-33xx/CVE-2023-3319.json +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3319.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3319", "sourceIdentifier": "cve@usom.gov.tr", "published": "2023-07-13T08:15:10.837", - "lastModified": "2023-07-26T10:15:11.750", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-07-31T17:47:00.347", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3344.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3344.json index 56999759046..be243fe47e9 100644 --- a/CVE-2023/CVE-2023-33xx/CVE-2023-3344.json +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3344.json @@ -2,15 +2,38 @@ "id": "CVE-2023-3344", "sourceIdentifier": "contact@wpscan.com", "published": "2023-07-24T11:15:09.883", - "lastModified": "2023-07-24T13:09:06.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T17:14:32.107", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Auto Location for WP Job Manager via Google WordPress plugin before 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:auto_location_for_wp_job_manager_via_google_project:auto_location_for_wp_job_manager_via_google:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.1", + "matchCriteriaId": "CF59DB6B-AABD-419B-98B6-BB2D76B11778" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/d27bc628-3de1-421e-8a67-150e9d7a96dd", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34017.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34017.json index 229940d7d5a..5c12b6bd2c1 100644 --- a/CVE-2023/CVE-2023-340xx/CVE-2023-34017.json +++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34017.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34017", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-25T14:15:10.527", - "lastModified": "2023-07-25T17:22:14.780", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T18:00:08.770", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fivestarplugins:five_star_restaurant_menu:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.6.7", + "matchCriteriaId": "8779B297-1223-4BBB-8ACB-B9E5B966EFFD" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/restaurant-reservations/wordpress-five-star-restaurant-reservations-plugin-2-6-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34236.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34236.json index 7ab972d4fdf..1faef0c1f83 100644 --- a/CVE-2023/CVE-2023-342xx/CVE-2023-34236.json +++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34236.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34236", "sourceIdentifier": "security-advisories@github.com", "published": "2023-07-14T22:15:09.083", - "lastModified": "2023-07-17T13:02:46.340", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T17:07:37.223", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,34 +66,97 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:weave:gitops_terraform_controller:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.14.4", + "matchCriteriaId": "5015875D-5A93-4B98-B98C-4D68ADFFFFBE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:weave:gitops_terraform_controller:0.15.0:rc1:*:*:*:*:*:*", + "matchCriteriaId": "47372AC4-D67E-47DA-8785-92867A513798" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:weave:gitops_terraform_controller:0.15.0:rc2:*:*:*:*:*:*", + "matchCriteriaId": "2860AB73-484B-4BC4-831D-5D1F47A4CD88" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:weave:gitops_terraform_controller:0.15.0:rc3:*:*:*:*:*:*", + "matchCriteriaId": "D02C71DF-5978-4E0B-B16B-40E9D41A43BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:weave:gitops_terraform_controller:0.15.0:rc4:*:*:*:*:*:*", + "matchCriteriaId": "95E8F1FB-185A-4351-A382-2815B90215EF" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/weaveworks/tf-controller/commit/28282bc644054e157c3b9a3d38f1f9551ce09074", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/weaveworks/tf-controller/commit/6323b355bd7f5d2ce85d0244fe0883af3881df4e", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/weaveworks/tf-controller/commit/9708fda28ccd0466cb0a8fd409854ab4d92f7dca", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/weaveworks/tf-controller/commit/98a0688036e9dbcf43fa84960d9a1ef3e09a69cf", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/weaveworks/tf-controller/issues/637", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Issue Tracking" + ] }, { "url": "https://github.com/weaveworks/tf-controller/issues/649", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch" + ] }, { "url": "https://github.com/weaveworks/tf-controller/security/advisories/GHSA-6hvv-j432-23cv", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34369.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34369.json index d0ce176c441..e8fd7d70c67 100644 --- a/CVE-2023/CVE-2023-343xx/CVE-2023-34369.json +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34369.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34369", "sourceIdentifier": "audit@patchstack.com", "published": "2023-07-25T14:15:10.633", - "lastModified": "2023-07-25T17:22:14.780", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T17:59:43.260", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:login_configurator_project:login_configurator:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.1", + "matchCriteriaId": "4D1F3C1F-E34A-467B-8939-DBB7C01CC574" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/login-configurator/wordpress-login-configurator-plugin-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34916.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34916.json new file mode 100644 index 00000000000..02f95f1600a --- /dev/null +++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34916.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-34916", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-31T16:15:10.213", + "lastModified": "2023-07-31T17:30:17.057", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/ProcessAct.java." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/fuge/cms/issues/4", + "source": "cve@mitre.org" + }, + { + "url": "https://payatu.com/advisory/unvalidated-open-redirection-fuge-cms-v1-0/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34917.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34917.json new file mode 100644 index 00000000000..0a4b5bd295e --- /dev/null +++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34917.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-34917", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-31T16:15:10.270", + "lastModified": "2023-07-31T17:30:17.057", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Fuge CMS v1.0 contains an Open Redirect vulnerability in member/RegisterAct.java." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/fuge/cms/issues/3", + "source": "cve@mitre.org" + }, + { + "url": "https://payatu.com/advisory/unvalidated-redirection-vulnerability-in-fuge-cms-v1-0/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34966.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34966.json index 77e7c8f24fb..48a16167809 100644 --- a/CVE-2023/CVE-2023-349xx/CVE-2023-34966.json +++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34966.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34966", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-20T15:15:11.333", - "lastModified": "2023-07-22T03:15:09.920", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T17:02:32.120", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -34,22 +54,114 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-835" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.16.11", + "matchCriteriaId": "7744EB5C-BA2E-4B42-9C28-DD0D4C234C3B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.17.0", + "versionEndExcluding": "4.17.10", + "matchCriteriaId": "96A197EF-100E-4683-AA59-E0855CBCE38B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.18.0", + "versionEndExcluding": "4.18.5", + "matchCriteriaId": "55333C2A-E0E6-40A7-B655-93F05D6745AD" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-34966", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222793", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://www.samba.org/samba/security/CVE-2023-34966", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3484.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3484.json index 2af8c745b09..1259d1bebad 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3484.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3484.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3484", "sourceIdentifier": "cve@gitlab.com", "published": "2023-07-21T14:15:10.010", - "lastModified": "2023-07-24T13:09:06.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T17:03:19.533", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -46,14 +76,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "12.8.0", + "versionEndExcluding": "15.11.11", + "matchCriteriaId": "32F2AE09-2A49-4C15-AA12-2A3921C0299A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "16.0.0", + "versionEndExcluding": "16.0.7", + "matchCriteriaId": "9BEC60C3-6725-4F2A-ABCF-E536C8DD4D63" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "16.1.0", + "versionEndExcluding": "16.1.2", + "matchCriteriaId": "A33FDEA1-2885-400D-BCE7-C1EEE80A6E3E" + } + ] + } + ] + } + ], "references": [ { - "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/416773", - "source": "cve@gitlab.com" + "url": "https://about.gitlab.com/releases/2023/07/05/security-release-gitlab-16-1-2-released/", + "source": "nvd@nist.gov", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://hackerone.com/reports/2035687", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35069.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35069.json index 22f0bc443ad..dbfcba877a6 100644 --- a/CVE-2023/CVE-2023-350xx/CVE-2023-35069.json +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35069.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35069", "sourceIdentifier": "cve@usom.gov.tr", "published": "2023-07-13T08:15:10.683", - "lastModified": "2023-07-26T10:15:11.360", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-07-31T17:47:16.497", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36543.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36543.json index 42bcea5f96a..0d56dc6ecb6 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36543.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36543.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36543", "sourceIdentifier": "security@apache.org", "published": "2023-07-12T10:15:10.157", - "lastModified": "2023-07-21T11:15:09.637", - "vulnStatus": "Modified", + "lastModified": "2023-07-31T17:47:45.703", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3600.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3600.json index 933a4938599..b96df465454 100644 --- a/CVE-2023/CVE-2023-36xx/CVE-2023-3600.json +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3600.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3600", "sourceIdentifier": "security@mozilla.org", "published": "2023-07-12T14:15:10.143", - "lastModified": "2023-07-24T11:15:10.013", - "vulnStatus": "Modified", + "lastModified": "2023-07-31T17:47:39.910", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -64,6 +64,12 @@ "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "versionEndExcluding": "115.0.2", "matchCriteriaId": "9896CC90-D9A1-4C8C-A4FD-43E916A1AB91" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.0.1", + "matchCriteriaId": "F9464DF3-94EA-4B34-B786-05BD86337C55" } ] } @@ -89,7 +95,10 @@ }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-27/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3609.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3609.json index 3fdad13b4d3..45051bc51b8 100644 --- a/CVE-2023/CVE-2023-36xx/CVE-2023-3609.json +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3609.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3609", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-07-21T21:15:11.743", - "lastModified": "2023-07-24T13:09:06.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T17:25:47.483", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "cve-coordination@google.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + }, { "source": "cve-coordination@google.com", "type": "Secondary", @@ -46,14 +76,71 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.14", + "versionEndExcluding": "6.4", + "matchCriteriaId": "AD5A233A-2C1B-4397-AACC-92FE4E062AA9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc1:*:*:*:*:*:*", + "matchCriteriaId": "38BC6744-7D25-4C02-9966-B224CD071D30" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc2:*:*:*:*:*:*", + "matchCriteriaId": "76061B41-CAE9-4467-BEDE-0FFC7956F2A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc3:*:*:*:*:*:*", + "matchCriteriaId": "A717BA5B-D535-46A0-A329-A25FE5CEC588" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc4:*:*:*:*:*:*", + "matchCriteriaId": "89CC80C6-F1EE-4AC7-BD21-DB3217BADE87" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc5:*:*:*:*:*:*", + "matchCriteriaId": "41EACEA1-FB69-4AF2-BC52-D39489858D42" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc6:*:*:*:*:*:*", + "matchCriteriaId": "9E1C36BE-F9D8-40B6-8281-5B8F9B42322D" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=04c55383fa5689357bcdd2c8036725a55ed632bc", - "source": "cve-coordination@google.com" + "source": "cve-coordination@google.com", + "tags": [ + "Mailing List", + "Patch", + "Vendor Advisory" + ] }, { "url": "https://kernel.dance/04c55383fa5689357bcdd2c8036725a55ed632bc", - "source": "cve-coordination@google.com" + "source": "cve-coordination@google.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3610.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3610.json index f07d2321980..b1d7b8447c7 100644 --- a/CVE-2023/CVE-2023-36xx/CVE-2023-3610.json +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3610.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3610", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-07-21T21:15:11.820", - "lastModified": "2023-07-30T21:15:10.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T17:28:13.483", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "cve-coordination@google.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + }, { "source": "cve-coordination@google.com", "type": "Secondary", @@ -46,18 +76,99 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.9", + "versionEndExcluding": "6.4", + "matchCriteriaId": "DEC7A3D5-B782-43D1-9EC8-3D58EEA1AE60" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc1:*:*:*:*:*:*", + "matchCriteriaId": "38BC6744-7D25-4C02-9966-B224CD071D30" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc2:*:*:*:*:*:*", + "matchCriteriaId": "76061B41-CAE9-4467-BEDE-0FFC7956F2A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc3:*:*:*:*:*:*", + "matchCriteriaId": "A717BA5B-D535-46A0-A329-A25FE5CEC588" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc4:*:*:*:*:*:*", + "matchCriteriaId": "89CC80C6-F1EE-4AC7-BD21-DB3217BADE87" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc5:*:*:*:*:*:*", + "matchCriteriaId": "41EACEA1-FB69-4AF2-BC52-D39489858D42" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc6:*:*:*:*:*:*", + "matchCriteriaId": "9E1C36BE-F9D8-40B6-8281-5B8F9B42322D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc7:*:*:*:*:*:*", + "matchCriteriaId": "1D6CAA59-F0EF-4E0B-8C23-EC9535008572" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=4bedf9eee016286c835e3d8fa981ddece5338795", - "source": "cve-coordination@google.com" + "source": "cve-coordination@google.com", + "tags": [ + "Mailing List", + "Patch", + "Vendor Advisory" + ] }, { "url": "https://kernel.dance/4bedf9eee016286c835e3d8fa981ddece5338795", - "source": "cve-coordination@google.com" + "source": "cve-coordination@google.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5461", - "source": "cve-coordination@google.com" + "source": "cve-coordination@google.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3611.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3611.json index 24fd2d0b2f0..a335d66c054 100644 --- a/CVE-2023/CVE-2023-36xx/CVE-2023-3611.json +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3611.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3611", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-07-21T21:15:11.897", - "lastModified": "2023-07-24T13:09:06.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T17:20:02.640", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "cve-coordination@google.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "cve-coordination@google.com", "type": "Secondary", @@ -46,14 +76,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.8", + "versionEndExcluding": "6.5", + "matchCriteriaId": "CF31EEDA-1400-421A-BE85-493473C7CD70" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:*", + "matchCriteriaId": "0B3E6E4D-E24E-4630-B00C-8C9901C597B0" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e337087c3b5805fe0b8a46ba622a962880b5d64", - "source": "cve-coordination@google.com" + "source": "cve-coordination@google.com", + "tags": [ + "Mailing List", + "Patch", + "Vendor Advisory" + ] }, { "url": "https://kernel.dance/3e337087c3b5805fe0b8a46ba622a962880b5d64", - "source": "cve-coordination@google.com" + "source": "cve-coordination@google.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-371xx/CVE-2023-37164.json b/CVE-2023/CVE-2023-371xx/CVE-2023-37164.json index 3ca89769732..2f3332fa4da 100644 --- a/CVE-2023/CVE-2023-371xx/CVE-2023-37164.json +++ b/CVE-2023/CVE-2023-371xx/CVE-2023-37164.json @@ -2,19 +2,76 @@ "id": "CVE-2023-37164", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-20T19:15:10.460", - "lastModified": "2023-07-21T12:52:36.740", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T17:00:03.897", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Diafan CMS v6.0 was discovered to contain a reflected cross-site scripting via the cat_id parameter at /shop/?module=shop&action=search." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:diafan:diafan.cms:6.0:*:*:*:*:*:*:*", + "matchCriteriaId": "8B76CE66-EA11-4C34-A6B5-F523959DDD3A" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.exploit-db.com/exploits/51529", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-374xx/CVE-2023-37464.json b/CVE-2023/CVE-2023-374xx/CVE-2023-37464.json index 23b3c6d90c4..41754450488 100644 --- a/CVE-2023/CVE-2023-374xx/CVE-2023-37464.json +++ b/CVE-2023/CVE-2023-374xx/CVE-2023-37464.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37464", "sourceIdentifier": "security-advisories@github.com", "published": "2023-07-14T21:15:08.903", - "lastModified": "2023-07-17T13:02:46.340", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T17:15:47.223", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,22 +66,54 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:cjose:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.6.2.2", + "matchCriteriaId": "03D82D74-C8C8-4602-933C-DD2940EF4E2C" + } + ] + } + ] + } + ], "references": [ { "url": "https://datatracker.ietf.org/doc/html/rfc7518#section-4.7", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/OpenIDC/cjose/commit/7325e9a5e71e2fc0e350487ecac7d84acdf0ed5e", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/OpenIDC/cjose/releases/tag/v0.6.2.2", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/OpenIDC/cjose/security/advisories/GHSA-3rhg-3gf2-6xgj", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-374xx/CVE-2023-37473.json b/CVE-2023/CVE-2023-374xx/CVE-2023-37473.json index df2b3c453be..ccf24e3bb8a 100644 --- a/CVE-2023/CVE-2023-374xx/CVE-2023-37473.json +++ b/CVE-2023/CVE-2023-374xx/CVE-2023-37473.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37473", "sourceIdentifier": "security-advisories@github.com", "published": "2023-07-14T21:15:09.047", - "lastModified": "2023-07-17T13:02:46.340", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T17:12:55.187", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +66,44 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zenstruck:collection:0.2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "E1467BC0-DA70-402B-A066-205A6D03F1A8" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/zenstruck/collection/commit/f4b1c488206e1b1581b06fcd331686846f13f19c", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/zenstruck/collection/releases/tag/v0.2.1", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/zenstruck/collection/security/advisories/GHSA-7xr2-8ff7-6fjq", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mitigation" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-375xx/CVE-2023-37580.json b/CVE-2023/CVE-2023-375xx/CVE-2023-37580.json new file mode 100644 index 00000000000..239ae2d318a --- /dev/null +++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37580.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-37580", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-31T16:15:10.327", + "lastModified": "2023-07-31T17:30:17.057", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wiki.zimbra.com/wiki/Security_Center", + "source": "cve@mitre.org" + }, + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-376xx/CVE-2023-37600.json b/CVE-2023/CVE-2023-376xx/CVE-2023-37600.json index 35ac2e0df72..8b18b6a8a27 100644 --- a/CVE-2023/CVE-2023-376xx/CVE-2023-37600.json +++ b/CVE-2023/CVE-2023-376xx/CVE-2023-37600.json @@ -2,19 +2,76 @@ "id": "CVE-2023-37600", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-20T19:15:10.597", - "lastModified": "2023-07-21T12:52:36.740", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T16:59:18.893", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /api?path=profile." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mobisystems:office_suite:10.9.1.42602:*:*:*:premium:iphone_os:*:*", + "matchCriteriaId": "32506B33-3E41-4371-810E-5EAE0B0CB3AB" + } + ] + } + ] + } + ], "references": [ { "url": "https://packetstormsecurity.com/files/173143/Office-Suite-Premium-10.9.1.42602-Cross-Site-Scripting.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-376xx/CVE-2023-37601.json b/CVE-2023/CVE-2023-376xx/CVE-2023-37601.json index 46a7ddb19ce..48363282a7a 100644 --- a/CVE-2023/CVE-2023-376xx/CVE-2023-37601.json +++ b/CVE-2023/CVE-2023-376xx/CVE-2023-37601.json @@ -2,19 +2,76 @@ "id": "CVE-2023-37601", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-20T19:15:10.663", - "lastModified": "2023-07-21T12:52:36.740", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T16:59:07.327", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Office Suite Premium v10.9.1.42602 was discovered to contain a local file inclusion (LFI) vulnerability via the component /etc/hosts." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mobisystems:office_suite:10.9.1.42602:*:*:*:premium:iphone_os:*:*", + "matchCriteriaId": "32506B33-3E41-4371-810E-5EAE0B0CB3AB" + } + ] + } + ] + } + ], "references": [ { "url": "https://packetstormsecurity.com/files/173146/Office-Suite-Premium-10.9.1.42602-Local-File-Inclusion.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-376xx/CVE-2023-37602.json b/CVE-2023/CVE-2023-376xx/CVE-2023-37602.json index ed6a2b49ded..701b392549e 100644 --- a/CVE-2023/CVE-2023-376xx/CVE-2023-37602.json +++ b/CVE-2023/CVE-2023-376xx/CVE-2023-37602.json @@ -2,19 +2,76 @@ "id": "CVE-2023-37602", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-20T19:15:10.727", - "lastModified": "2023-07-21T12:52:36.740", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T16:51:03.140", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An arbitrary file upload vulnerability in the component /workplace#!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:alkacon:opencms:15.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BDE3297B-7CD7-46CB-903D-780705E6E726" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.exploit-db.com/exploits/51564", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-376xx/CVE-2023-37629.json b/CVE-2023/CVE-2023-376xx/CVE-2023-37629.json index d9a9ee862c6..bf90c7d5aa8 100644 --- a/CVE-2023/CVE-2023-376xx/CVE-2023-37629.json +++ b/CVE-2023/CVE-2023-376xx/CVE-2023-37629.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37629", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-12T17:15:08.777", - "lastModified": "2023-07-20T18:15:12.037", - "vulnStatus": "Modified", + "lastModified": "2023-07-31T17:47:32.963", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -66,7 +66,12 @@ "references": [ { "url": "http://packetstormsecurity.com/files/173656/Online-Piggery-Management-System-1.0-Shell-Upload.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/1337kid/Piggery_CMS_multiple_vulns_PoC/tree/main/CVE-2023-37629", diff --git a/CVE-2023/CVE-2023-377xx/CVE-2023-37771.json b/CVE-2023/CVE-2023-377xx/CVE-2023-37771.json new file mode 100644 index 00000000000..42ccd6baf58 --- /dev/null +++ b/CVE-2023/CVE-2023-377xx/CVE-2023-37771.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-37771", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-31T16:15:10.380", + "lastModified": "2023-07-31T17:30:17.057", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/anky-123/CVE-2023-37771/blob/main/CVE", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37917.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37917.json index 5fd5464f5e1..e9e1d97dbd0 100644 --- a/CVE-2023/CVE-2023-379xx/CVE-2023-37917.json +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37917.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37917", "sourceIdentifier": "security-advisories@github.com", "published": "2023-07-21T21:15:11.570", - "lastModified": "2023-07-24T13:09:06.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T17:33:23.983", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +76,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fit2cloud:kubepi:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.6.5", + "matchCriteriaId": "D4BB3977-890B-4BB8-B6CB-593788B37E94" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/1Panel-dev/KubePi/security/advisories/GHSA-757p-vx43-fp9r", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37918.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37918.json index d43bf3a2fa5..db5d78a7774 100644 --- a/CVE-2023/CVE-2023-379xx/CVE-2023-37918.json +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37918.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37918", "sourceIdentifier": "security-advisories@github.com", "published": "2023-07-21T21:15:11.657", - "lastModified": "2023-07-24T13:09:06.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T17:30:24.003", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,20 +64,65 @@ "value": "CWE-287" } ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:dapr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.10.9", + "matchCriteriaId": "B132174A-53F6-44DE-9E4D-0EFA56B77D7E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:dapr:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.11.0", + "versionEndExcluding": "1.11.2", + "matchCriteriaId": "DD6E2E5B-FB46-4726-B10F-6FDE8F949D37" + } + ] + } + ] } ], "references": [ { "url": "https://docs.dapr.io/operations/security/api-token/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/dapr/dapr/commit/83ca1abb11ffe34211db55dcd36d96b94252827a", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/dapr/dapr/security/advisories/GHSA-59m6-82qm-vqgj", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3776.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3776.json index 7440d974768..1a2553a335b 100644 --- a/CVE-2023/CVE-2023-37xx/CVE-2023-3776.json +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3776.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3776", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-07-21T21:15:11.973", - "lastModified": "2023-07-24T13:09:06.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T17:26:27.057", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "cve-coordination@google.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + }, { "source": "cve-coordination@google.com", "type": "Secondary", @@ -46,14 +76,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.6", + "versionEndExcluding": "6.5", + "matchCriteriaId": "6CC235BB-2BE9-4F58-993C-D5A1C422818E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:*", + "matchCriteriaId": "0B3E6E4D-E24E-4630-B00C-8C9901C597B0" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=0323bce598eea038714f941ce2b22541c46d488f", - "source": "cve-coordination@google.com" + "source": "cve-coordination@google.com", + "tags": [ + "Mailing List", + "Patch", + "Vendor Advisory" + ] }, { "url": "https://kernel.dance/0323bce598eea038714f941ce2b22541c46d488f", - "source": "cve-coordination@google.com" + "source": "cve-coordination@google.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3786.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3786.json index 6aa6ad1c5d5..120ed62940e 100644 --- a/CVE-2023/CVE-2023-37xx/CVE-2023-3786.json +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3786.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3786", "sourceIdentifier": "cna@vuldb.com", "published": "2023-07-20T13:15:11.200", - "lastModified": "2023-07-20T16:45:55.920", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T17:06:41.653", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -61,8 +83,18 @@ }, "weaknesses": [ { - "source": "cna@vuldb.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -71,22 +103,68 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:aures:komet_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "20230509", + "matchCriteriaId": "751CDE65-E245-4C2D-93A1-FD1DCBFE5AF8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:aures:komet:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B4BD13C9-E30B-445C-8C2B-FBCD2D038E73" + } + ] + } + ] + } + ], "references": [ { "url": "https://seclists.org/fulldisclosure/2023/Jul/40", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.235053", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.235053", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.vulnerability-lab.com/get_content.php?id=2323", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-384xx/CVE-2023-38408.json b/CVE-2023/CVE-2023-384xx/CVE-2023-38408.json index 2faf8cc1d14..e3769e0e08c 100644 --- a/CVE-2023/CVE-2023-384xx/CVE-2023-38408.json +++ b/CVE-2023/CVE-2023-384xx/CVE-2023-38408.json @@ -2,71 +2,203 @@ "id": "CVE-2023-38408", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-20T03:15:10.170", - "lastModified": "2023-07-28T04:15:10.777", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T17:07:07.353", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-428" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.3", + "matchCriteriaId": "BF546253-FE80-4416-A138-D79D7288229F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openbsd:openssh:9.3:-:*:*:*:*:*:*", + "matchCriteriaId": "031E80CD-A7CF-447A-AEEF-EB97EB99A762" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openbsd:openssh:9.3:p1:*:*:*:*:*:*", + "matchCriteriaId": "97FEC052-52ED-464F-AF19-3621775292D6" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", + "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2023/07/20/1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2023/07/20/2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://news.ycombinator.com/item?id=36790196", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://security.gentoo.org/glsa/202307-01", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.openssh.com/security.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.openssh.com/txt/release-9.3p2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-386xx/CVE-2023-38617.json b/CVE-2023/CVE-2023-386xx/CVE-2023-38617.json index 73b9699c52a..f4b95f903e6 100644 --- a/CVE-2023/CVE-2023-386xx/CVE-2023-38617.json +++ b/CVE-2023/CVE-2023-386xx/CVE-2023-38617.json @@ -2,19 +2,76 @@ "id": "CVE-2023-38617", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-20T19:15:10.867", - "lastModified": "2023-07-21T12:52:36.740", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T17:54:17.547", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the filter parameter at /api?path=files." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mobisystems:office_suite:10.9.1.42602:*:*:*:premium:iphone_os:*:*", + "matchCriteriaId": "32506B33-3E41-4371-810E-5EAE0B0CB3AB" + } + ] + } + ] + } + ], "references": [ { "url": "https://packetstormsecurity.com/files/173143/Office-Suite-Premium-10.9.1.42602-Cross-Site-Scripting.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-387xx/CVE-2023-38750.json b/CVE-2023/CVE-2023-387xx/CVE-2023-38750.json new file mode 100644 index 00000000000..3d18a2dad48 --- /dev/null +++ b/CVE-2023/CVE-2023-387xx/CVE-2023-38750.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-38750", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-31T16:15:10.437", + "lastModified": "2023-07-31T17:30:17.057", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wiki.zimbra.com/wiki/Security_Center", + "source": "cve@mitre.org" + }, + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-38xx/CVE-2023-3803.json b/CVE-2023/CVE-2023-38xx/CVE-2023-3803.json index 9a9688a4ca5..fcb6db9e7da 100644 --- a/CVE-2023/CVE-2023-38xx/CVE-2023-3803.json +++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3803.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3803", "sourceIdentifier": "cna@vuldb.com", "published": "2023-07-21T01:15:11.000", - "lastModified": "2023-07-21T12:52:32.633", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T16:54:47.033", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -61,8 +83,18 @@ }, "weaknesses": [ { - "source": "cna@vuldb.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -71,18 +103,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cdwanjiang:flash_flood_disaster_monitoring_and_warning_system:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "80BB5315-77A8-4369-84A4-D29CA1622991" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/GUIqizsq/cve/blob/main/upload_2.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.235071", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.235071", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-38xx/CVE-2023-3804.json b/CVE-2023/CVE-2023-38xx/CVE-2023-3804.json index 2ef9181f019..e58a3e7af91 100644 --- a/CVE-2023/CVE-2023-38xx/CVE-2023-3804.json +++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3804.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3804", "sourceIdentifier": "cna@vuldb.com", "published": "2023-07-21T01:15:11.093", - "lastModified": "2023-07-21T12:52:32.633", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T16:39:24.350", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cdwanjiang:flash_flood_disaster_monitoring_and_warning_system:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "80BB5315-77A8-4369-84A4-D29CA1622991" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/yueying638/cve/blob/main/upload.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.235072", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.235072", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-38xx/CVE-2023-3805.json b/CVE-2023/CVE-2023-38xx/CVE-2023-3805.json index f4a4c4a5b6b..020bf71a6b4 100644 --- a/CVE-2023/CVE-2023-38xx/CVE-2023-3805.json +++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3805.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3805", "sourceIdentifier": "cna@vuldb.com", "published": "2023-07-21T02:15:09.957", - "lastModified": "2023-07-21T12:52:26.790", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T16:54:55.313", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:four-faith:video_surveillance_management_system:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2023-07-12", + "matchCriteriaId": "F216B3FE-B878-4FBF-AF52-472D24C4D33C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/GUIqizsq/cve/blob/main/login.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.235073", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.235073", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-38xx/CVE-2023-3817.json b/CVE-2023/CVE-2023-38xx/CVE-2023-3817.json new file mode 100644 index 00000000000..77bacf714bb --- /dev/null +++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3817.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-3817", + "sourceIdentifier": "openssl-security@openssl.org", + "published": "2023-07-31T16:15:10.497", + "lastModified": "2023-07-31T17:30:17.057", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the \"-check\" option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5", + "source": "openssl-security@openssl.org" + }, + { + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644", + "source": "openssl-security@openssl.org" + }, + { + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f", + "source": "openssl-security@openssl.org" + }, + { + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5", + "source": "openssl-security@openssl.org" + }, + { + "url": "https://www.openssl.org/news/secadv/20230731.txt", + "source": "openssl-security@openssl.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-38xx/CVE-2023-3850.json b/CVE-2023/CVE-2023-38xx/CVE-2023-3850.json index c2644f6cba3..80628424817 100644 --- a/CVE-2023/CVE-2023-38xx/CVE-2023-3850.json +++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3850.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3850", "sourceIdentifier": "cna@vuldb.com", "published": "2023-07-23T10:15:09.657", - "lastModified": "2023-07-24T13:09:06.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T17:05:56.350", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,14 +93,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lost_and_found_information_system_project:lost_and_found_information_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "E7B84257-5F4C-48D4-8097-A6FA541667BE" + } + ] + } + ] + } + ], "references": [ { "url": "https://vuldb.com/?ctiid.235201", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.235201", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-38xx/CVE-2023-3853.json b/CVE-2023/CVE-2023-38xx/CVE-2023-3853.json index 060f74dbb7e..4faf0677e29 100644 --- a/CVE-2023/CVE-2023-38xx/CVE-2023-3853.json +++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3853.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3853", "sourceIdentifier": "cna@vuldb.com", "published": "2023-07-23T23:15:09.243", - "lastModified": "2023-07-24T13:09:06.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T17:07:43.177", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,14 +93,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpscriptpoint:bloodbank:1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "9FCF1FCF-DFFA-41C0-B9D5-94174C2A2457" + } + ] + } + ] + } + ], "references": [ { "url": "https://vuldb.com/?ctiid.235205", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.235205", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-38xx/CVE-2023-3859.json b/CVE-2023/CVE-2023-38xx/CVE-2023-3859.json index 3e43c4e4074..4d53f742e66 100644 --- a/CVE-2023/CVE-2023-38xx/CVE-2023-3859.json +++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3859.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3859", "sourceIdentifier": "cna@vuldb.com", "published": "2023-07-24T02:15:09.220", - "lastModified": "2023-07-24T13:09:06.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T17:48:33.497", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,14 +93,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpscriptpoint:car_listing:1.6:*:*:*:*:*:*:*", + "matchCriteriaId": "BA15BB97-C046-4FFD-AF6E-D507D8AC756B" + } + ] + } + ] + } + ], "references": [ { "url": "https://vuldb.com/?ctiid.235211", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.235211", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-38xx/CVE-2023-3860.json b/CVE-2023/CVE-2023-38xx/CVE-2023-3860.json index 455fa0135a4..e6fb07e93c7 100644 --- a/CVE-2023/CVE-2023-38xx/CVE-2023-3860.json +++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3860.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3860", "sourceIdentifier": "cna@vuldb.com", "published": "2023-07-24T03:15:09.033", - "lastModified": "2023-07-24T13:09:06.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T17:43:21.477", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -75,14 +97,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpscriptpoint:insurance:1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "E4941BE3-B924-4EAF-8F9C-4472B9341691" + } + ] + } + ] + } + ], "references": [ { "url": "https://vuldb.com/?ctiid.235212", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.235212", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-38xx/CVE-2023-3861.json b/CVE-2023/CVE-2023-38xx/CVE-2023-3861.json index 7abac8a9830..3e3d87aa3f7 100644 --- a/CVE-2023/CVE-2023-38xx/CVE-2023-3861.json +++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3861.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3861", "sourceIdentifier": "cna@vuldb.com", "published": "2023-07-24T03:15:09.120", - "lastModified": "2023-07-24T13:09:06.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T17:27:06.473", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -75,14 +97,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpscriptpoint:insurance:1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "E4941BE3-B924-4EAF-8F9C-4472B9341691" + } + ] + } + ] + } + ], "references": [ { "url": "https://vuldb.com/?ctiid.235213", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.235213", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-38xx/CVE-2023-3862.json b/CVE-2023/CVE-2023-38xx/CVE-2023-3862.json index e18ac8b7b0e..824624c930f 100644 --- a/CVE-2023/CVE-2023-38xx/CVE-2023-3862.json +++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3862.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3862", "sourceIdentifier": "cna@vuldb.com", "published": "2023-07-24T04:15:09.670", - "lastModified": "2023-07-24T13:09:06.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-31T17:53:03.660", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -75,14 +97,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:travelable_trek_management_solution_project:travelable_trek_management_solution:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A5863682-E09D-400E-956B-B4108AA65465" + } + ] + } + ] + } + ], "references": [ { "url": "https://vuldb.com/?ctiid.235214", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.235214", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3997.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3997.json new file mode 100644 index 00000000000..27430deb3d1 --- /dev/null +++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3997.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-3997", + "sourceIdentifier": "prodsec@splunk.com", + "published": "2023-07-31T17:15:10.110", + "lastModified": "2023-07-31T17:30:17.057", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Splunk SOAR versions 6.0.2 and earlier are indirectly affected by a potential vulnerability accessed through the user\u2019s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal user\u2019s action." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "prodsec@splunk.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://advisory.splunk.com/advisories/SVD-2023-0702", + "source": "prodsec@splunk.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4004.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4004.json new file mode 100644 index 00000000000..d4eb408a74b --- /dev/null +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4004.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2023-4004", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-07-31T17:15:10.203", + "lastModified": "2023-07-31T17:30:17.057", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-4004", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225275", + "source": "secalert@redhat.com" + }, + { + "url": "https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230719190824.21196-1-fw@strlen.de/", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4010.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4010.json new file mode 100644 index 00000000000..70ae708f375 --- /dev/null +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4010.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2023-4010", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-07-31T17:15:10.277", + "lastModified": "2023-07-31T17:30:17.057", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, so it falls into an endless loop, resulting in a denial of service." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-4010", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2227726", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/wanrenmi/a-usb-kernel-bug", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4026.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4026.json new file mode 100644 index 00000000000..0ca3309ee95 --- /dev/null +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4026.json @@ -0,0 +1,15 @@ +{ + "id": "CVE-2023-4026", + "sourceIdentifier": "security@wordfence.com", + "published": "2023-07-31T17:15:10.350", + "lastModified": "2023-07-31T17:15:10.350", + "vulnStatus": "Rejected", + "descriptions": [ + { + "lang": "en", + "value": "** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-4024. Reason: This record is a duplicate of CVE-2023-4024. Notes: All CVE users should reference CVE-2023-4024 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage." + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/README.md b/README.md index 52537f168db..4b5a0e41847 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-07-31T16:00:27.607746+00:00 +2023-07-31T18:00:31.225433+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-07-31T15:33:35.323000+00:00 +2023-07-31T18:00:08.770000+00:00 ``` ### Last Data Feed Release @@ -29,54 +29,55 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -221329 +221340 ``` ### CVEs added in the last Commit -Recently added CVEs: `25` +Recently added CVEs: `11` -* [CVE-2020-21662](CVE-2020/CVE-2020-216xx/CVE-2020-21662.json) (`2023-07-31T14:15:09.900`) -* [CVE-2020-21881](CVE-2020/CVE-2020-218xx/CVE-2020-21881.json) (`2023-07-31T14:15:09.957`) -* [CVE-2021-31651](CVE-2021/CVE-2021-316xx/CVE-2021-31651.json) (`2023-07-31T14:15:10.027`) -* [CVE-2021-31680](CVE-2021/CVE-2021-316xx/CVE-2021-31680.json) (`2023-07-31T14:15:10.080`) -* [CVE-2021-31681](CVE-2021/CVE-2021-316xx/CVE-2021-31681.json) (`2023-07-31T14:15:10.130`) -* [CVE-2023-33534](CVE-2023/CVE-2023-335xx/CVE-2023-33534.json) (`2023-07-31T14:15:10.223`) -* [CVE-2023-34635](CVE-2023/CVE-2023-346xx/CVE-2023-34635.json) (`2023-07-31T14:15:10.273`) -* [CVE-2023-34644](CVE-2023/CVE-2023-346xx/CVE-2023-34644.json) (`2023-07-31T14:15:10.323`) -* [CVE-2023-34842](CVE-2023/CVE-2023-348xx/CVE-2023-34842.json) (`2023-07-31T14:15:10.373`) -* [CVE-2023-34872](CVE-2023/CVE-2023-348xx/CVE-2023-34872.json) (`2023-07-31T14:15:10.427`) -* [CVE-2023-36089](CVE-2023/CVE-2023-360xx/CVE-2023-36089.json) (`2023-07-31T14:15:10.480`) -* [CVE-2023-36090](CVE-2023/CVE-2023-360xx/CVE-2023-36090.json) (`2023-07-31T14:15:10.533`) -* [CVE-2023-36091](CVE-2023/CVE-2023-360xx/CVE-2023-36091.json) (`2023-07-31T14:15:10.583`) -* [CVE-2023-36092](CVE-2023/CVE-2023-360xx/CVE-2023-36092.json) (`2023-07-31T14:15:10.633`) -* [CVE-2023-35791](CVE-2023/CVE-2023-357xx/CVE-2023-35791.json) (`2023-07-31T15:15:10.327`) -* [CVE-2023-35792](CVE-2023/CVE-2023-357xx/CVE-2023-35792.json) (`2023-07-31T15:15:10.403`) -* [CVE-2023-38303](CVE-2023/CVE-2023-383xx/CVE-2023-38303.json) (`2023-07-31T15:15:10.487`) -* [CVE-2023-38304](CVE-2023/CVE-2023-383xx/CVE-2023-38304.json) (`2023-07-31T15:15:10.547`) -* [CVE-2023-38305](CVE-2023/CVE-2023-383xx/CVE-2023-38305.json) (`2023-07-31T15:15:10.607`) -* [CVE-2023-38306](CVE-2023/CVE-2023-383xx/CVE-2023-38306.json) (`2023-07-31T15:15:10.663`) -* [CVE-2023-38307](CVE-2023/CVE-2023-383xx/CVE-2023-38307.json) (`2023-07-31T15:15:10.723`) -* [CVE-2023-38308](CVE-2023/CVE-2023-383xx/CVE-2023-38308.json) (`2023-07-31T15:15:10.787`) -* [CVE-2023-38309](CVE-2023/CVE-2023-383xx/CVE-2023-38309.json) (`2023-07-31T15:15:10.847`) -* [CVE-2023-38310](CVE-2023/CVE-2023-383xx/CVE-2023-38310.json) (`2023-07-31T15:15:10.907`) -* [CVE-2023-38311](CVE-2023/CVE-2023-383xx/CVE-2023-38311.json) (`2023-07-31T15:15:10.963`) +* [CVE-2020-36763](CVE-2020/CVE-2020-367xx/CVE-2020-36763.json) (`2023-07-31T16:15:10.090`) +* [CVE-2023-4026](CVE-2023/CVE-2023-40xx/CVE-2023-4026.json) (`2023-07-31T17:15:10.350`) +* [CVE-2023-34916](CVE-2023/CVE-2023-349xx/CVE-2023-34916.json) (`2023-07-31T16:15:10.213`) +* [CVE-2023-34917](CVE-2023/CVE-2023-349xx/CVE-2023-34917.json) (`2023-07-31T16:15:10.270`) +* [CVE-2023-37580](CVE-2023/CVE-2023-375xx/CVE-2023-37580.json) (`2023-07-31T16:15:10.327`) +* [CVE-2023-37771](CVE-2023/CVE-2023-377xx/CVE-2023-37771.json) (`2023-07-31T16:15:10.380`) +* [CVE-2023-38750](CVE-2023/CVE-2023-387xx/CVE-2023-38750.json) (`2023-07-31T16:15:10.437`) +* [CVE-2023-3817](CVE-2023/CVE-2023-38xx/CVE-2023-3817.json) (`2023-07-31T16:15:10.497`) +* [CVE-2023-3997](CVE-2023/CVE-2023-39xx/CVE-2023-3997.json) (`2023-07-31T17:15:10.110`) +* [CVE-2023-4004](CVE-2023/CVE-2023-40xx/CVE-2023-4004.json) (`2023-07-31T17:15:10.203`) +* [CVE-2023-4010](CVE-2023/CVE-2023-40xx/CVE-2023-4010.json) (`2023-07-31T17:15:10.277`) ### CVEs modified in the last Commit -Recently modified CVEs: `10` +Recently modified CVEs: `52` -* [CVE-2021-39425](CVE-2021/CVE-2021-394xx/CVE-2021-39425.json) (`2023-07-31T15:11:04.167`) -* [CVE-2023-35861](CVE-2023/CVE-2023-358xx/CVE-2023-35861.json) (`2023-07-31T14:45:51.850`) -* [CVE-2023-37647](CVE-2023/CVE-2023-376xx/CVE-2023-37647.json) (`2023-07-31T14:45:51.850`) -* [CVE-2023-32478](CVE-2023/CVE-2023-324xx/CVE-2023-32478.json) (`2023-07-31T15:08:44.263`) -* [CVE-2023-3815](CVE-2023/CVE-2023-38xx/CVE-2023-3815.json) (`2023-07-31T15:09:38.633`) -* [CVE-2023-25837](CVE-2023/CVE-2023-258xx/CVE-2023-25837.json) (`2023-07-31T15:10:15.310`) -* [CVE-2023-25835](CVE-2023/CVE-2023-258xx/CVE-2023-25835.json) (`2023-07-31T15:10:35.843`) -* [CVE-2023-20593](CVE-2023/CVE-2023-205xx/CVE-2023-20593.json) (`2023-07-31T15:15:10.230`) -* [CVE-2023-3347](CVE-2023/CVE-2023-33xx/CVE-2023-3347.json) (`2023-07-31T15:15:11.023`) -* [CVE-2023-36884](CVE-2023/CVE-2023-368xx/CVE-2023-36884.json) (`2023-07-31T15:33:35.323`) +* [CVE-2023-3611](CVE-2023/CVE-2023-36xx/CVE-2023-3611.json) (`2023-07-31T17:20:02.640`) +* [CVE-2023-2309](CVE-2023/CVE-2023-23xx/CVE-2023-2309.json) (`2023-07-31T17:22:54.897`) +* [CVE-2023-3609](CVE-2023/CVE-2023-36xx/CVE-2023-3609.json) (`2023-07-31T17:25:47.483`) +* [CVE-2023-3776](CVE-2023/CVE-2023-37xx/CVE-2023-3776.json) (`2023-07-31T17:26:27.057`) +* [CVE-2023-3861](CVE-2023/CVE-2023-38xx/CVE-2023-3861.json) (`2023-07-31T17:27:06.473`) +* [CVE-2023-3610](CVE-2023/CVE-2023-36xx/CVE-2023-3610.json) (`2023-07-31T17:28:13.483`) +* [CVE-2023-26301](CVE-2023/CVE-2023-263xx/CVE-2023-26301.json) (`2023-07-31T17:29:04.590`) +* [CVE-2023-37918](CVE-2023/CVE-2023-379xx/CVE-2023-37918.json) (`2023-07-31T17:30:24.003`) +* [CVE-2023-37917](CVE-2023/CVE-2023-379xx/CVE-2023-37917.json) (`2023-07-31T17:33:23.983`) +* [CVE-2023-3860](CVE-2023/CVE-2023-38xx/CVE-2023-3860.json) (`2023-07-31T17:43:21.477`) +* [CVE-2023-2958](CVE-2023/CVE-2023-29xx/CVE-2023-2958.json) (`2023-07-31T17:46:45.333`) +* [CVE-2023-3319](CVE-2023/CVE-2023-33xx/CVE-2023-3319.json) (`2023-07-31T17:47:00.347`) +* [CVE-2023-35069](CVE-2023/CVE-2023-350xx/CVE-2023-35069.json) (`2023-07-31T17:47:16.497`) +* [CVE-2023-1547](CVE-2023/CVE-2023-15xx/CVE-2023-1547.json) (`2023-07-31T17:47:20.990`) +* [CVE-2023-37629](CVE-2023/CVE-2023-376xx/CVE-2023-37629.json) (`2023-07-31T17:47:32.963`) +* [CVE-2023-3600](CVE-2023/CVE-2023-36xx/CVE-2023-3600.json) (`2023-07-31T17:47:39.910`) +* [CVE-2023-36543](CVE-2023/CVE-2023-365xx/CVE-2023-36543.json) (`2023-07-31T17:47:45.703`) +* [CVE-2023-33170](CVE-2023/CVE-2023-331xx/CVE-2023-33170.json) (`2023-07-31T17:47:49.250`) +* [CVE-2023-32046](CVE-2023/CVE-2023-320xx/CVE-2023-32046.json) (`2023-07-31T17:48:02.057`) +* [CVE-2023-2029](CVE-2023/CVE-2023-20xx/CVE-2023-2029.json) (`2023-07-31T17:48:07.683`) +* [CVE-2023-3859](CVE-2023/CVE-2023-38xx/CVE-2023-3859.json) (`2023-07-31T17:48:33.497`) +* [CVE-2023-3862](CVE-2023/CVE-2023-38xx/CVE-2023-3862.json) (`2023-07-31T17:53:03.660`) +* [CVE-2023-38617](CVE-2023/CVE-2023-386xx/CVE-2023-38617.json) (`2023-07-31T17:54:17.547`) +* [CVE-2023-34369](CVE-2023/CVE-2023-343xx/CVE-2023-34369.json) (`2023-07-31T17:59:43.260`) +* [CVE-2023-34017](CVE-2023/CVE-2023-340xx/CVE-2023-34017.json) (`2023-07-31T18:00:08.770`) ## Download and Usage