From c4ca0c71b72a0781f652e7f9bbe6c650fd801e8d Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 12 Jul 2023 04:00:31 +0000 Subject: [PATCH] Auto-Update: 2023-07-12T04:00:27.415061+00:00 --- CVE-2017/CVE-2017-165xx/CVE-2017-16516.json | 8 +- CVE-2019/CVE-2019-72xx/CVE-2019-7214.json | 6 +- CVE-2021/CVE-2021-214xx/CVE-2021-21424.json | 16 +- CVE-2021/CVE-2021-39xx/CVE-2021-3979.json | 15 +- CVE-2021/CVE-2021-43xx/CVE-2021-4342.json | 595 +------------------- CVE-2022/CVE-2022-229xx/CVE-2022-22990.json | 4 +- CVE-2022/CVE-2022-229xx/CVE-2022-22992.json | 4 +- CVE-2022/CVE-2022-234xx/CVE-2022-23432.json | 4 +- CVE-2022/CVE-2022-234xx/CVE-2022-23471.json | 14 +- CVE-2022/CVE-2022-235xx/CVE-2022-23553.json | 14 +- CVE-2022/CVE-2022-235xx/CVE-2022-23554.json | 14 +- CVE-2022/CVE-2022-236xx/CVE-2022-23633.json | 22 +- CVE-2022/CVE-2022-236xx/CVE-2022-23648.json | 13 +- CVE-2022/CVE-2022-247xx/CVE-2022-24795.json | 8 +- CVE-2022/CVE-2022-248xx/CVE-2022-24894.json | 10 +- CVE-2022/CVE-2022-248xx/CVE-2022-24895.json | 18 +- CVE-2022/CVE-2022-258xx/CVE-2022-25883.json | 18 +- CVE-2022/CVE-2022-275xx/CVE-2022-27583.json | 4 +- CVE-2022/CVE-2022-281xx/CVE-2022-28127.json | 4 +- CVE-2022/CVE-2022-392xx/CVE-2022-39209.json | 4 +- CVE-2022/CVE-2022-392xx/CVE-2022-39219.json | 4 +- CVE-2022/CVE-2022-392xx/CVE-2022-39222.json | 10 +- CVE-2022/CVE-2022-392xx/CVE-2022-39232.json | 14 +- CVE-2022/CVE-2022-392xx/CVE-2022-39280.json | 10 +- CVE-2022/CVE-2022-392xx/CVE-2022-39284.json | 14 +- CVE-2022/CVE-2022-392xx/CVE-2022-39294.json | 4 +- CVE-2022/CVE-2022-393xx/CVE-2022-39397.json | 14 +- CVE-2022/CVE-2022-39xx/CVE-2022-3974.json | 14 +- CVE-2022/CVE-2022-412xx/CVE-2022-41263.json | 10 +- CVE-2022/CVE-2022-436xx/CVE-2022-43684.json | 6 +- CVE-2022/CVE-2022-463xx/CVE-2022-46334.json | 16 +- CVE-2022/CVE-2022-485xx/CVE-2022-48521.json | 20 + CVE-2023/CVE-2023-205xx/CVE-2023-20575.json | 20 + CVE-2023/CVE-2023-215xx/CVE-2023-21526.json | 43 ++ CVE-2023/CVE-2023-217xx/CVE-2023-21756.json | 43 ++ CVE-2023/CVE-2023-226xx/CVE-2023-22665.json | 8 +- CVE-2023/CVE-2023-237xx/CVE-2023-23756.json | 32 ++ CVE-2023/CVE-2023-244xx/CVE-2023-24491.json | 55 ++ CVE-2023/CVE-2023-244xx/CVE-2023-24492.json | 55 ++ CVE-2023/CVE-2023-253xx/CVE-2023-25399.json | 77 ++- CVE-2023/CVE-2023-271xx/CVE-2023-27197.json | 75 ++- CVE-2023/CVE-2023-275xx/CVE-2023-27590.json | 30 +- CVE-2023/CVE-2023-284xx/CVE-2023-28489.json | 6 +- CVE-2023/CVE-2023-293xx/CVE-2023-29347.json | 43 ++ CVE-2023/CVE-2023-294xx/CVE-2023-29406.json | 44 ++ CVE-2023/CVE-2023-298xx/CVE-2023-29824.json | 8 +- CVE-2023/CVE-2023-299xx/CVE-2023-29984.json | 28 + CVE-2023/CVE-2023-302xx/CVE-2023-30226.json | 24 + CVE-2023/CVE-2023-306xx/CVE-2023-30607.json | 58 +- CVE-2023/CVE-2023-312xx/CVE-2023-31248.json | 66 ++- CVE-2023/CVE-2023-31xx/CVE-2023-3127.json | 59 ++ CVE-2023/CVE-2023-320xx/CVE-2023-32033.json | 43 ++ CVE-2023/CVE-2023-320xx/CVE-2023-32034.json | 43 ++ CVE-2023/CVE-2023-320xx/CVE-2023-32035.json | 43 ++ CVE-2023/CVE-2023-320xx/CVE-2023-32037.json | 43 ++ CVE-2023/CVE-2023-320xx/CVE-2023-32038.json | 43 ++ CVE-2023/CVE-2023-320xx/CVE-2023-32039.json | 43 ++ CVE-2023/CVE-2023-320xx/CVE-2023-32040.json | 43 ++ CVE-2023/CVE-2023-320xx/CVE-2023-32041.json | 43 ++ CVE-2023/CVE-2023-320xx/CVE-2023-32042.json | 43 ++ CVE-2023/CVE-2023-320xx/CVE-2023-32043.json | 43 ++ CVE-2023/CVE-2023-320xx/CVE-2023-32044.json | 43 ++ CVE-2023/CVE-2023-320xx/CVE-2023-32045.json | 43 ++ CVE-2023/CVE-2023-320xx/CVE-2023-32046.json | 47 ++ CVE-2023/CVE-2023-320xx/CVE-2023-32047.json | 43 ++ CVE-2023/CVE-2023-320xx/CVE-2023-32049.json | 47 ++ CVE-2023/CVE-2023-320xx/CVE-2023-32050.json | 43 ++ CVE-2023/CVE-2023-320xx/CVE-2023-32051.json | 43 ++ CVE-2023/CVE-2023-320xx/CVE-2023-32052.json | 43 ++ CVE-2023/CVE-2023-320xx/CVE-2023-32053.json | 43 ++ CVE-2023/CVE-2023-320xx/CVE-2023-32054.json | 43 ++ CVE-2023/CVE-2023-320xx/CVE-2023-32055.json | 43 ++ CVE-2023/CVE-2023-320xx/CVE-2023-32056.json | 43 ++ CVE-2023/CVE-2023-320xx/CVE-2023-32057.json | 43 ++ CVE-2023/CVE-2023-320xx/CVE-2023-32083.json | 43 ++ CVE-2023/CVE-2023-320xx/CVE-2023-32084.json | 43 ++ CVE-2023/CVE-2023-320xx/CVE-2023-32085.json | 43 ++ CVE-2023/CVE-2023-326xx/CVE-2023-32693.json | 63 +++ CVE-2023/CVE-2023-32xx/CVE-2023-3269.json | 6 +- CVE-2023/CVE-2023-331xx/CVE-2023-33127.json | 43 ++ CVE-2023/CVE-2023-331xx/CVE-2023-33131.json | 8 +- CVE-2023/CVE-2023-331xx/CVE-2023-33134.json | 43 ++ CVE-2023/CVE-2023-331xx/CVE-2023-33148.json | 43 ++ CVE-2023/CVE-2023-331xx/CVE-2023-33149.json | 43 ++ CVE-2023/CVE-2023-331xx/CVE-2023-33150.json | 43 ++ CVE-2023/CVE-2023-331xx/CVE-2023-33151.json | 43 ++ CVE-2023/CVE-2023-331xx/CVE-2023-33152.json | 43 ++ CVE-2023/CVE-2023-331xx/CVE-2023-33153.json | 43 ++ CVE-2023/CVE-2023-331xx/CVE-2023-33154.json | 43 ++ CVE-2023/CVE-2023-331xx/CVE-2023-33155.json | 43 ++ CVE-2023/CVE-2023-331xx/CVE-2023-33156.json | 43 ++ CVE-2023/CVE-2023-331xx/CVE-2023-33157.json | 43 ++ CVE-2023/CVE-2023-331xx/CVE-2023-33158.json | 43 ++ CVE-2023/CVE-2023-331xx/CVE-2023-33159.json | 43 ++ CVE-2023/CVE-2023-331xx/CVE-2023-33160.json | 43 ++ CVE-2023/CVE-2023-331xx/CVE-2023-33161.json | 43 ++ CVE-2023/CVE-2023-331xx/CVE-2023-33162.json | 43 ++ CVE-2023/CVE-2023-331xx/CVE-2023-33163.json | 43 ++ CVE-2023/CVE-2023-331xx/CVE-2023-33164.json | 43 ++ CVE-2023/CVE-2023-331xx/CVE-2023-33165.json | 43 ++ CVE-2023/CVE-2023-331xx/CVE-2023-33166.json | 43 ++ CVE-2023/CVE-2023-331xx/CVE-2023-33167.json | 43 ++ CVE-2023/CVE-2023-331xx/CVE-2023-33168.json | 43 ++ CVE-2023/CVE-2023-331xx/CVE-2023-33169.json | 43 ++ CVE-2023/CVE-2023-331xx/CVE-2023-33170.json | 43 ++ CVE-2023/CVE-2023-331xx/CVE-2023-33171.json | 43 ++ CVE-2023/CVE-2023-331xx/CVE-2023-33172.json | 43 ++ CVE-2023/CVE-2023-331xx/CVE-2023-33173.json | 43 ++ CVE-2023/CVE-2023-331xx/CVE-2023-33174.json | 43 ++ CVE-2023/CVE-2023-333xx/CVE-2023-33335.json | 64 ++- CVE-2023/CVE-2023-334xx/CVE-2023-33460.json | 6 +- CVE-2023/CVE-2023-339xx/CVE-2023-33919.json | 6 +- CVE-2023/CVE-2023-339xx/CVE-2023-33920.json | 6 +- CVE-2023/CVE-2023-339xx/CVE-2023-33921.json | 6 +- CVE-2023/CVE-2023-340xx/CVE-2023-34089.json | 63 +++ CVE-2023/CVE-2023-340xx/CVE-2023-34090.json | 63 +++ CVE-2023/CVE-2023-341xx/CVE-2023-34118.json | 55 ++ CVE-2023/CVE-2023-341xx/CVE-2023-34119.json | 55 ++ CVE-2023/CVE-2023-348xx/CVE-2023-34834.json | 82 ++- CVE-2023/CVE-2023-352xx/CVE-2023-35296.json | 43 ++ CVE-2023/CVE-2023-352xx/CVE-2023-35297.json | 43 ++ CVE-2023/CVE-2023-352xx/CVE-2023-35298.json | 43 ++ CVE-2023/CVE-2023-352xx/CVE-2023-35299.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35300.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35302.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35303.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35304.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35305.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35306.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35308.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35309.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35310.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35311.json | 47 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35312.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35313.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35314.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35315.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35316.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35317.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35318.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35319.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35320.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35321.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35322.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35323.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35324.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35325.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35326.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35328.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35329.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35330.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35331.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35332.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35333.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35335.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35336.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35337.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35338.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35339.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35340.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35341.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35342.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35343.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35344.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35345.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35346.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35347.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35348.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35350.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35351.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35352.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35353.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35356.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35357.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35358.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35360.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35361.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35362.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35363.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35364.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35365.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35366.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35367.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35373.json | 43 ++ CVE-2023/CVE-2023-353xx/CVE-2023-35374.json | 43 ++ CVE-2023/CVE-2023-358xx/CVE-2023-35830.json | 122 +++- CVE-2023/CVE-2023-359xx/CVE-2023-35934.json | 6 +- CVE-2023/CVE-2023-359xx/CVE-2023-35974.json | 153 ++++- CVE-2023/CVE-2023-359xx/CVE-2023-35975.json | 153 ++++- CVE-2023/CVE-2023-359xx/CVE-2023-35976.json | 153 ++++- CVE-2023/CVE-2023-359xx/CVE-2023-35977.json | 153 ++++- CVE-2023/CVE-2023-361xx/CVE-2023-36163.json | 6 +- CVE-2023/CVE-2023-361xx/CVE-2023-36164.json | 6 +- CVE-2023/CVE-2023-361xx/CVE-2023-36167.json | 6 +- CVE-2023/CVE-2023-365xx/CVE-2023-36536.json | 55 ++ CVE-2023/CVE-2023-365xx/CVE-2023-36537.json | 55 ++ CVE-2023/CVE-2023-365xx/CVE-2023-36538.json | 55 ++ CVE-2023/CVE-2023-366xx/CVE-2023-36622.json | 82 ++- CVE-2023/CVE-2023-368xx/CVE-2023-36825.json | 59 ++ CVE-2023/CVE-2023-368xx/CVE-2023-36867.json | 43 ++ CVE-2023/CVE-2023-368xx/CVE-2023-36868.json | 43 ++ CVE-2023/CVE-2023-368xx/CVE-2023-36871.json | 43 ++ CVE-2023/CVE-2023-368xx/CVE-2023-36872.json | 43 ++ CVE-2023/CVE-2023-368xx/CVE-2023-36874.json | 47 ++ CVE-2023/CVE-2023-368xx/CVE-2023-36884.json | 43 ++ CVE-2023/CVE-2023-36xx/CVE-2023-3625.json | 88 +++ CVE-2023/CVE-2023-36xx/CVE-2023-3626.json | 88 +++ CVE-2023/CVE-2023-371xx/CVE-2023-37174.json | 20 + CVE-2023/CVE-2023-372xx/CVE-2023-37271.json | 59 ++ CVE-2023/CVE-2023-372xx/CVE-2023-37280.json | 63 +++ CVE-2023/CVE-2023-377xx/CVE-2023-37765.json | 20 + CVE-2023/CVE-2023-377xx/CVE-2023-37766.json | 20 + CVE-2023/CVE-2023-377xx/CVE-2023-37767.json | 20 + README.md | 104 ++-- 214 files changed, 8397 insertions(+), 814 deletions(-) create mode 100644 CVE-2022/CVE-2022-485xx/CVE-2022-48521.json create mode 100644 CVE-2023/CVE-2023-205xx/CVE-2023-20575.json create mode 100644 CVE-2023/CVE-2023-215xx/CVE-2023-21526.json create mode 100644 CVE-2023/CVE-2023-217xx/CVE-2023-21756.json create mode 100644 CVE-2023/CVE-2023-237xx/CVE-2023-23756.json create mode 100644 CVE-2023/CVE-2023-244xx/CVE-2023-24491.json create mode 100644 CVE-2023/CVE-2023-244xx/CVE-2023-24492.json create mode 100644 CVE-2023/CVE-2023-293xx/CVE-2023-29347.json create mode 100644 CVE-2023/CVE-2023-294xx/CVE-2023-29406.json create mode 100644 CVE-2023/CVE-2023-299xx/CVE-2023-29984.json create mode 100644 CVE-2023/CVE-2023-302xx/CVE-2023-30226.json create mode 100644 CVE-2023/CVE-2023-31xx/CVE-2023-3127.json create mode 100644 CVE-2023/CVE-2023-320xx/CVE-2023-32033.json create mode 100644 CVE-2023/CVE-2023-320xx/CVE-2023-32034.json create mode 100644 CVE-2023/CVE-2023-320xx/CVE-2023-32035.json create mode 100644 CVE-2023/CVE-2023-320xx/CVE-2023-32037.json create mode 100644 CVE-2023/CVE-2023-320xx/CVE-2023-32038.json create mode 100644 CVE-2023/CVE-2023-320xx/CVE-2023-32039.json create mode 100644 CVE-2023/CVE-2023-320xx/CVE-2023-32040.json create mode 100644 CVE-2023/CVE-2023-320xx/CVE-2023-32041.json create mode 100644 CVE-2023/CVE-2023-320xx/CVE-2023-32042.json create mode 100644 CVE-2023/CVE-2023-320xx/CVE-2023-32043.json create mode 100644 CVE-2023/CVE-2023-320xx/CVE-2023-32044.json create mode 100644 CVE-2023/CVE-2023-320xx/CVE-2023-32045.json create mode 100644 CVE-2023/CVE-2023-320xx/CVE-2023-32046.json create mode 100644 CVE-2023/CVE-2023-320xx/CVE-2023-32047.json create mode 100644 CVE-2023/CVE-2023-320xx/CVE-2023-32049.json create mode 100644 CVE-2023/CVE-2023-320xx/CVE-2023-32050.json create mode 100644 CVE-2023/CVE-2023-320xx/CVE-2023-32051.json create mode 100644 CVE-2023/CVE-2023-320xx/CVE-2023-32052.json create mode 100644 CVE-2023/CVE-2023-320xx/CVE-2023-32053.json create mode 100644 CVE-2023/CVE-2023-320xx/CVE-2023-32054.json create mode 100644 CVE-2023/CVE-2023-320xx/CVE-2023-32055.json create mode 100644 CVE-2023/CVE-2023-320xx/CVE-2023-32056.json create mode 100644 CVE-2023/CVE-2023-320xx/CVE-2023-32057.json create mode 100644 CVE-2023/CVE-2023-320xx/CVE-2023-32083.json create mode 100644 CVE-2023/CVE-2023-320xx/CVE-2023-32084.json create mode 100644 CVE-2023/CVE-2023-320xx/CVE-2023-32085.json create mode 100644 CVE-2023/CVE-2023-326xx/CVE-2023-32693.json create mode 100644 CVE-2023/CVE-2023-331xx/CVE-2023-33127.json create mode 100644 CVE-2023/CVE-2023-331xx/CVE-2023-33134.json create mode 100644 CVE-2023/CVE-2023-331xx/CVE-2023-33148.json create mode 100644 CVE-2023/CVE-2023-331xx/CVE-2023-33149.json create mode 100644 CVE-2023/CVE-2023-331xx/CVE-2023-33150.json create mode 100644 CVE-2023/CVE-2023-331xx/CVE-2023-33151.json create mode 100644 CVE-2023/CVE-2023-331xx/CVE-2023-33152.json create mode 100644 CVE-2023/CVE-2023-331xx/CVE-2023-33153.json create mode 100644 CVE-2023/CVE-2023-331xx/CVE-2023-33154.json create mode 100644 CVE-2023/CVE-2023-331xx/CVE-2023-33155.json create mode 100644 CVE-2023/CVE-2023-331xx/CVE-2023-33156.json create mode 100644 CVE-2023/CVE-2023-331xx/CVE-2023-33157.json create mode 100644 CVE-2023/CVE-2023-331xx/CVE-2023-33158.json create mode 100644 CVE-2023/CVE-2023-331xx/CVE-2023-33159.json create mode 100644 CVE-2023/CVE-2023-331xx/CVE-2023-33160.json create mode 100644 CVE-2023/CVE-2023-331xx/CVE-2023-33161.json create mode 100644 CVE-2023/CVE-2023-331xx/CVE-2023-33162.json create mode 100644 CVE-2023/CVE-2023-331xx/CVE-2023-33163.json create mode 100644 CVE-2023/CVE-2023-331xx/CVE-2023-33164.json create mode 100644 CVE-2023/CVE-2023-331xx/CVE-2023-33165.json create mode 100644 CVE-2023/CVE-2023-331xx/CVE-2023-33166.json create mode 100644 CVE-2023/CVE-2023-331xx/CVE-2023-33167.json create mode 100644 CVE-2023/CVE-2023-331xx/CVE-2023-33168.json create mode 100644 CVE-2023/CVE-2023-331xx/CVE-2023-33169.json create mode 100644 CVE-2023/CVE-2023-331xx/CVE-2023-33170.json create mode 100644 CVE-2023/CVE-2023-331xx/CVE-2023-33171.json create mode 100644 CVE-2023/CVE-2023-331xx/CVE-2023-33172.json create mode 100644 CVE-2023/CVE-2023-331xx/CVE-2023-33173.json create mode 100644 CVE-2023/CVE-2023-331xx/CVE-2023-33174.json create mode 100644 CVE-2023/CVE-2023-340xx/CVE-2023-34089.json create mode 100644 CVE-2023/CVE-2023-340xx/CVE-2023-34090.json create mode 100644 CVE-2023/CVE-2023-341xx/CVE-2023-34118.json create mode 100644 CVE-2023/CVE-2023-341xx/CVE-2023-34119.json create mode 100644 CVE-2023/CVE-2023-352xx/CVE-2023-35296.json create mode 100644 CVE-2023/CVE-2023-352xx/CVE-2023-35297.json create mode 100644 CVE-2023/CVE-2023-352xx/CVE-2023-35298.json create mode 100644 CVE-2023/CVE-2023-352xx/CVE-2023-35299.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35300.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35302.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35303.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35304.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35305.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35306.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35308.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35309.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35310.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35311.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35312.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35313.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35314.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35315.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35316.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35317.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35318.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35319.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35320.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35321.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35322.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35323.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35324.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35325.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35326.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35328.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35329.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35330.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35331.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35332.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35333.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35335.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35336.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35337.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35338.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35339.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35340.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35341.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35342.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35343.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35344.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35345.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35346.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35347.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35348.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35350.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35351.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35352.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35353.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35356.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35357.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35358.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35360.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35361.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35362.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35363.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35364.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35365.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35366.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35367.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35373.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35374.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36536.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36537.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36538.json create mode 100644 CVE-2023/CVE-2023-368xx/CVE-2023-36825.json create mode 100644 CVE-2023/CVE-2023-368xx/CVE-2023-36867.json create mode 100644 CVE-2023/CVE-2023-368xx/CVE-2023-36868.json create mode 100644 CVE-2023/CVE-2023-368xx/CVE-2023-36871.json create mode 100644 CVE-2023/CVE-2023-368xx/CVE-2023-36872.json create mode 100644 CVE-2023/CVE-2023-368xx/CVE-2023-36874.json create mode 100644 CVE-2023/CVE-2023-368xx/CVE-2023-36884.json create mode 100644 CVE-2023/CVE-2023-36xx/CVE-2023-3625.json create mode 100644 CVE-2023/CVE-2023-36xx/CVE-2023-3626.json create mode 100644 CVE-2023/CVE-2023-371xx/CVE-2023-37174.json create mode 100644 CVE-2023/CVE-2023-372xx/CVE-2023-37271.json create mode 100644 CVE-2023/CVE-2023-372xx/CVE-2023-37280.json create mode 100644 CVE-2023/CVE-2023-377xx/CVE-2023-37765.json create mode 100644 CVE-2023/CVE-2023-377xx/CVE-2023-37766.json create mode 100644 CVE-2023/CVE-2023-377xx/CVE-2023-37767.json diff --git a/CVE-2017/CVE-2017-165xx/CVE-2017-16516.json b/CVE-2017/CVE-2017-165xx/CVE-2017-16516.json index 79009df3f3b..3e619184af5 100644 --- a/CVE-2017/CVE-2017-165xx/CVE-2017-16516.json +++ b/CVE-2017/CVE-2017-165xx/CVE-2017-16516.json @@ -2,8 +2,8 @@ "id": "CVE-2017-16516", "sourceIdentifier": "cve@mitre.org", "published": "2017-11-03T15:29:00.233", - "lastModified": "2020-03-10T13:10:55.207", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-11T20:15:09.333", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -123,6 +123,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00013.html", + "source": "cve@mitre.org" + }, { "url": "https://rubygems.org/gems/yajl-ruby", "source": "cve@mitre.org", diff --git a/CVE-2019/CVE-2019-72xx/CVE-2019-7214.json b/CVE-2019/CVE-2019-72xx/CVE-2019-7214.json index d15734cfad9..4565a68d85a 100644 --- a/CVE-2019/CVE-2019-72xx/CVE-2019-7214.json +++ b/CVE-2019/CVE-2019-72xx/CVE-2019-7214.json @@ -2,7 +2,7 @@ "id": "CVE-2019-7214", "sourceIdentifier": "cve@mitre.org", "published": "2019-04-24T15:29:02.107", - "lastModified": "2020-12-09T19:15:11.157", + "lastModified": "2023-07-11T18:15:11.990", "vulnStatus": "Modified", "descriptions": [ { @@ -99,6 +99,10 @@ "url": "http://packetstormsecurity.com/files/160416/SmarterMail-6985-Remote-Code-Execution.html", "source": "cve@mitre.org" }, + { + "url": "http://packetstormsecurity.com/files/173388/SmarterTools-SmarterMail-Remote-Code-Execution.html", + "source": "cve@mitre.org" + }, { "url": "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/", "source": "cve@mitre.org", diff --git a/CVE-2021/CVE-2021-214xx/CVE-2021-21424.json b/CVE-2021/CVE-2021-214xx/CVE-2021-21424.json index 9c9b7e58af5..c4f698a26b8 100644 --- a/CVE-2021/CVE-2021-214xx/CVE-2021-21424.json +++ b/CVE-2021/CVE-2021-214xx/CVE-2021-21424.json @@ -2,8 +2,8 @@ "id": "CVE-2021-21424", "sourceIdentifier": "security-advisories@github.com", "published": "2021-05-13T16:15:07.777", - "lastModified": "2022-10-21T22:43:59.147", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-12T01:15:08.783", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -85,22 +85,22 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "security-advisories@github.com", "type": "Primary", "description": [ { "lang": "en", - "value": "CWE-203" + "value": "CWE-200" } ] }, { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-200" + "value": "CWE-203" } ] } @@ -175,6 +175,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html", + "source": "security-advisories@github.com" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4/", "source": "security-advisories@github.com", diff --git a/CVE-2021/CVE-2021-39xx/CVE-2021-3979.json b/CVE-2021/CVE-2021-39xx/CVE-2021-3979.json index 4dceaa2b97c..0909444c38b 100644 --- a/CVE-2021/CVE-2021-39xx/CVE-2021-3979.json +++ b/CVE-2021/CVE-2021-39xx/CVE-2021-3979.json @@ -2,8 +2,8 @@ "id": "CVE-2021-3979", "sourceIdentifier": "secalert@redhat.com", "published": "2022-08-25T20:15:09.473", - "lastModified": "2023-02-12T23:42:59.537", - "vulnStatus": "Modified", + "lastModified": "2023-07-11T20:21:32.900", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -40,17 +40,17 @@ }, "weaknesses": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", - "value": "CWE-327" + "value": "CWE-287" } ] }, { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Secondary", "description": [ { @@ -237,7 +237,10 @@ }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPOK44BESMIFW6BIOGCN452AKKOIIT6Q/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://tracker.ceph.com/issues/54006", diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4342.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4342.json index 33fbb446f17..c506fa7efc7 100644 --- a/CVE-2021/CVE-2021-43xx/CVE-2021-4342.json +++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4342.json @@ -2,599 +2,14 @@ "id": "CVE-2021-4342", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-07T02:15:13.190", - "lastModified": "2023-06-22T16:10:02.977", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-11T20:15:10.320", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Over 70 plugins and themes were vulnerable to Cross-Site Request Forgery due to improperly implemented nonce protection that could be bypassed." + "value": "** REJECT ** CVE split into individual CVE IDs for each software record." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "REQUIRED", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" - }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 - }, - { - "source": "security@wordfence.com", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "REQUIRED", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" - }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-352" - } - ] - }, - { - "source": "security@wordfence.com", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-352" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:10up:elasticpress:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "3.5.4", - "matchCriteriaId": "76483A4F-33B3-4C3B-A0B2-B26A2B8B790A" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:10web:10webanalytics:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "1.2.9", - "matchCriteriaId": "8C19ED2D-4B6F-463A-A75B-0732450AD92A" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:amministrazione_trasparente_project:amministrazione_trasparente:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "7.1.1", - "matchCriteriaId": "BB66A3CD-FA38-4FCC-B978-FCB83E4C79AE" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:analogwp:style_kits:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "1.8.1", - "matchCriteriaId": "A656A631-91A9-480B-A1E4-BBF514BB6E59" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:ashstonestudios:absolute_reviews:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "1.0.9", - "matchCriteriaId": "EB71E443-0FF2-4A32-8012-85EDE744CD1C" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:ashstonestudios:advanced_popups:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "1.1.2", - "matchCriteriaId": "F78E1F1F-C072-49A3-9D20-CB3B181EA180" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:brainstormforce:import_\\/_export_customizer_settings:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "1.0.4", - "matchCriteriaId": "92FE5F0E-6963-4EA7-9F5D-2F60B54CD34F" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:brainstormforce:lightweight_sidebar_manager:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "1.1.4", - "matchCriteriaId": "6FF22447-3DE1-4C1E-BCB6-AFB8DC114F5B" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:c7style:contact_form_7_style:*:*:*:*:*:wordpress:*:*", - "versionEndIncluding": "3.2", - "matchCriteriaId": "5271201F-DD29-49A2-BF23-30D0445782E2" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:cartflows:funnel_builder:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "1.5.16", - "matchCriteriaId": "6BDF68D5-6643-46F1-9DD2-DDD802F644BB" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:cm-wp:woody_code_snippets:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "2.3.10", - "matchCriteriaId": "B3A50441-F251-456A-8C4F-B1B325AF9F23" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:coolplugins:cool_timeline:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "2.0.3", - "matchCriteriaId": "4F98B8C9-83A9-4BCE-A0A6-7327B8402806" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:coolplugins:process_steps_template_designer:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "1.3", - "matchCriteriaId": "3BDC58F5-2A43-46C2-BC20-6857F9B773EE" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:designwall:dw_question_\\&_answer:*:*:*:*:pro:wordpress:*:*", - "versionEndIncluding": "1.5.7", - "matchCriteriaId": "482E557E-F6BE-4402-A601-6F68770CF274" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:edwiser:bridge:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "2.0.7", - "matchCriteriaId": "9BEFF9DC-954D-4A7E-A331-D4B5D0B907D9" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:eventespresso:event_espresso:*:*:*:*:*:wordpress:*:*", - "versionEndIncluding": "4.10.11.decaf", - "matchCriteriaId": "35143CE3-2DC1-4B32-9DB7-E2D625358257" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:ewww:image_optimizer:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "5.9.0", - "matchCriteriaId": "8A192470-C4D1-403A-979C-623C4A9478B8" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:exportfeed:woocommerce_etsy_integration:*:*:*:*:*:wordpress:*:*", - "versionEndIncluding": "3.3.1", - "matchCriteriaId": "CD0B8855-250A-42BF-AA73-A21506383B57" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:flippercode:custom_css-js-php:*:*:*:*:*:wordpress:*:*", - "versionEndIncluding": "2.0.7", - "matchCriteriaId": "16741D09-F7FB-4495-802D-EB54CF97E13C" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:flippercode:photo_gallery_-_image_gallery:*:*:*:*:*:wordpress:*:*", - "versionEndIncluding": "1.0.6", - "matchCriteriaId": "2C14BD79-119C-4389-89B5-90DC4D5F4EBB" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:flippercode:wp_security_question:*:*:*:*:*:wordpress:*:*", - "versionEndIncluding": "1.0.5", - "matchCriteriaId": "2168E8FA-E537-4026-9D2E-C9E465E106D5" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:goldplugins:custom_banners:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "3.3", - "matchCriteriaId": "2167B4A9-C6B5-47CC-BE4F-0B1005BCFAE4" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:goldplugins:easy_testimonials:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "3.7", - "matchCriteriaId": "B51C469A-DD80-4141-B183-BA20B6E7059B" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:goldplugins:locations:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "4.0", - "matchCriteriaId": "7E8EB9E1-E2AD-4F09-A41B-1EBC7B59D16D" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:goldplugins:staff_directory_plugin:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "4.0", - "matchCriteriaId": "BBDF2297-5EE3-4842-A404-FF0C4F010F14" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:goprayer:wp_prayer:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "1.6.6", - "matchCriteriaId": "CA4ED87A-193A-41E3-8070-2292FEBD3F78" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:graphpaperpress:sell_media:*:*:*:*:*:wordpress:*:*", - "versionEndIncluding": "2.5.5", - "matchCriteriaId": "9854AE9A-B2D2-4075-86DA-6367D760186F" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:implecode:ecommerce_product_catalog:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "2.9.44", - "matchCriteriaId": "CA5382C0-6626-493A-9545-DA9E93533FD3" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:implecode:ecommerce_product_catalog:*:*:*:*:*:wordpress:*:*", - "versionStartIncluding": "3.0.1", - "versionEndExcluding": "3.0.18", - "matchCriteriaId": "1152D381-B9E3-451E-B99A-256DC219E69B" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:implecode:product_catalog_simple:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "1.5.13", - "matchCriteriaId": "4EC3A9B2-3EE8-48DD-9838-92D3CF329C4F" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:incsub:forminator:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "1.13.5", - "matchCriteriaId": "399AF121-2EA4-4F53-8D46-63B8C528BEB7" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:incsub:forminator:*:*:*:*:*:wordpress:*:*", - "versionStartIncluding": "1.14.0", - "versionEndExcluding": "1.14.9", - "matchCriteriaId": "B9968B11-D2CB-4B57-8061-BDB76B7471F9" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:inoplugs:wp-backgrounds_lite:*:*:*:*:*:wordpress:*:*", - "versionEndIncluding": "2.3", - "matchCriteriaId": "5779C1F4-2A98-4950-AD46-3DFA5106CA4A" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:jesseeproductions:coupon_creator:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "3.1.1", - "matchCriteriaId": "21406ABF-1B7D-4E4A-943F-82607B8216FB" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:menu_swapper_project:menu_swapper:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "1.1.1", - "matchCriteriaId": "5EDE1F15-C493-4587-951C-43596E60FE2C" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:multiple_roles_project:multiple_roles:*:*:*:*:*:wordpress:*:*", - "versionEndIncluding": "1.3.1", - "matchCriteriaId": "F91F571D-9CD5-44B2-B87E-3014A1D2018B" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:multivendorx:multivendorx:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "3.5.8", - "matchCriteriaId": "B828FB80-4671-4C5A-BEA1-E4598C9C1BFD" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:multivendorx:multivendorx:*:*:*:*:*:wordpress:*:*", - "versionStartIncluding": "3.5.9", - "versionEndExcluding": "3.7.8", - "matchCriteriaId": "5D8CA1F9-6E76-4038-ACD3-70075A8FFC55" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:oceanwp:ocean_extra:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "1.6.6", - "matchCriteriaId": "997B75FE-42AD-42A2-A610-2DAAE3178269" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:paidmembershipspro:paid_memberships_pro:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "2.4.3", - "matchCriteriaId": "5199CAC6-EC4A-43CB-BF9B-2BC133CD4694" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:presscustomizr:customizr:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "4.3.1", - "matchCriteriaId": "D00DC651-C4C9-443F-B5BE-98F899860AFE" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:presscustomizr:hueman:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "3.6.2", - "matchCriteriaId": "C5B21252-4403-44B3-B5A5-6BE04A9FE35D" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:qtranslate_slug_project:qtranslate_slug:*:*:*:*:*:wordpress:*:*", - "versionEndIncluding": "1.1.18", - "matchCriteriaId": "203C24EE-0502-46A4-A8E9-DAAE5079F435" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:quantumcloud:slider_hero:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "8.2.1", - "matchCriteriaId": "521B20A4-4EF0-45D3-A71E-AD801F611945" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:radio_buttons_for_taxonomies_project:radio_buttons_for_taxonomies:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "2.0.6", - "matchCriteriaId": "6D11655A-3D0B-4B5E-8D97-689EAD60A343" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:rays_grid_project:rays_grid:*:*:*:*:*:wordpress:*:*", - "versionEndIncluding": "1.2.2", - "matchCriteriaId": "6503AB81-B673-40F3-9228-A5CCDF48FB3A" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:rucy_project:rucy:*:*:*:*:*:wordpress:*:*", - "versionEndIncluding": "0.4.4", - "matchCriteriaId": "664FD7AA-A9CF-4A31-9415-AF8762FB021F" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:slickremix:feed_them_social:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "2.8.7", - "matchCriteriaId": "1661552C-22B1-4EDD-92EA-E513E0DFE4D9" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:sunshinephotocart:sunshine_photo_cart:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "2.8.29", - "matchCriteriaId": "45365F1E-492A-4858-A551-8DAA8BCD64E7" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:themeisle:rss_aggregator_by_feedzy:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "3.4.3", - "matchCriteriaId": "CBAAD1F0-7F2B-4C88-9AFC-11AB78E443EB" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:thimpress:wp_hotel_booking:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "1.10.2", - "matchCriteriaId": "D9700448-3FDF-4832-9901-9E25BD29CD88" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:tychesoftwares:abandoned_cart_lite_for_woocommerce:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "5.8.6", - "matchCriteriaId": "E9A968A8-41D7-4553-BDBD-2001BFFEACF0" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:villatheme:abandoned_cart_recovery_for_woocommerce:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "1.0.4.1", - "matchCriteriaId": "5FDF3006-40FD-44F5-9B87-3BB682A01A7F" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:vuukle:vuukle_comments\\,_reactions\\,_share_bar\\,_revenue:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "4.0", - "matchCriteriaId": "7C482CEB-F521-4371-B681-35ACB104DE07" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:webberzone:better_search:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "2.5.3", - "matchCriteriaId": "71D7F44A-129A-4FA2-8834-1F7D363AF156" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:webberzone:top_10:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "2.9.5", - "matchCriteriaId": "3C40381E-5527-49AC-8F84-D328BCCBD668" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:websitescanner:remove_schema:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "1.6", - "matchCriteriaId": "BF02D93E-C46D-4041-9C1C-41F2173C4AF3" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:wedevs:dokan:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "3.0.9", - "matchCriteriaId": "E0FF6D6A-C648-4765-AD34-9345209DC2F9" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:wedevs:dokan:*:*:*:*:*:wordpress:*:*", - "versionStartIncluding": "3.1.0", - "versionEndExcluding": "3.2.1", - "matchCriteriaId": "777829E9-6994-4A66-AD10-6344A1E11964" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:wedevs:wp_erp:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "1.6.4", - "matchCriteriaId": "BF13C363-59EF-4A8A-B737-CFB00C01575B" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:wedevs:wp_erp:*:*:*:*:*:wordpress:*:*", - "versionStartIncluding": "1.7.0", - "versionEndExcluding": "1.7.5", - "matchCriteriaId": "03D19C1D-F61B-4A83-BA55-B2BD8EC21DD7" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:wedevs:wp_project_manager:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "2.4.1", - "matchCriteriaId": "69982CDA-49C2-45E5-9315-88030D68264D" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:wedevs:wp_project_manager:*:*:*:*:*:wordpress:*:*", - "versionStartIncluding": "2.4.2", - "versionEndExcluding": "2.4.10", - "matchCriteriaId": "44494FB5-828F-4F94-8F6F-4AA2DCE8C861" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:wmpudev:defender_security:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "2.4.6.1", - "matchCriteriaId": "5AD53D82-60A0-4C13-842C-E6179FCC1158" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:wp-mpdf_project:wp-mpdf:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "3.5.2", - "matchCriteriaId": "3440E9DF-69E8-418E-BC75-24118734EA2C" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:wpconcern:coming_soon_\\&_maintenance_mode_page:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "1.58", - "matchCriteriaId": "1610943D-0510-4414-AD5C-D49814BA5292" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:wpdeveloper:notificationx:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "1.8.3", - "matchCriteriaId": "94CC22BF-42C1-4E1D-965E-E782219287B7" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:wpeasypay:wp_easypay:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "3.2.3", - "matchCriteriaId": "3F44C639-EA09-4993-A956-7221648E8967" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:wpexpertdeveloper:wp_private_content_plus:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "3.2", - "matchCriteriaId": "CA5C9571-5F46-4A00-9283-3E3E79784F5C" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:wpexperts:post_smtp_mailer:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "2.0.21", - "matchCriteriaId": "0F1BA93E-B037-4BBB-92A2-F29BA1902FDC" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:wpgogo:custom_field_template:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "2.5.2", - "matchCriteriaId": "2D75ADDB-288B-4C07-8D18-5E2E10F28D88" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:wpopal:opal_estate:*:*:*:*:*:wordpress:*:*", - "versionEndIncluding": "1.6.11", - "matchCriteriaId": "475FC3B2-6A28-48F1-8975-734362398BEF" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:wpswings:ultimate_gift_cards_for_woocommerce:*:*:*:*:*:wordpress:*:*", - "versionEndExcluding": "2.1.2", - "matchCriteriaId": "0A1A9265-A4DB-4F57-BACD-C6F4639CE0E0" - } - ] - } - ] - } - ], - "references": [ - { - "url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/", - "source": "security@wordfence.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/", - "source": "security@wordfence.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/", - "source": "security@wordfence.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/", - "source": "security@wordfence.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/", - "source": "security@wordfence.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/", - "source": "security@wordfence.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/", - "source": "security@wordfence.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1b3d9251-9824-4bd0-aa2f-5a967ef01de3?source=cve", - "source": "security@wordfence.com", - "tags": [ - "Third Party Advisory" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-229xx/CVE-2022-22990.json b/CVE-2022/CVE-2022-229xx/CVE-2022-22990.json index 7d81d11cc81..10706ef8606 100644 --- a/CVE-2022/CVE-2022-229xx/CVE-2022-22990.json +++ b/CVE-2022/CVE-2022-229xx/CVE-2022-22990.json @@ -2,7 +2,7 @@ "id": "CVE-2022-22990", "sourceIdentifier": "psirt@wdc.com", "published": "2022-01-13T21:15:08.917", - "lastModified": "2022-03-17T17:57:34.557", + "lastModified": "2023-07-11T19:56:29.410", "vulnStatus": "Analyzed", "descriptions": [ { @@ -90,7 +90,7 @@ "description": [ { "lang": "en", - "value": "CWE-287" + "value": "CWE-697" } ] }, diff --git a/CVE-2022/CVE-2022-229xx/CVE-2022-22992.json b/CVE-2022/CVE-2022-229xx/CVE-2022-22992.json index d848fe268e6..a289d9f7ffa 100644 --- a/CVE-2022/CVE-2022-229xx/CVE-2022-22992.json +++ b/CVE-2022/CVE-2022-229xx/CVE-2022-22992.json @@ -2,7 +2,7 @@ "id": "CVE-2022-22992", "sourceIdentifier": "psirt@wdc.com", "published": "2022-01-28T20:15:12.707", - "lastModified": "2022-02-04T02:30:54.923", + "lastModified": "2023-07-11T20:21:53.707", "vulnStatus": "Analyzed", "descriptions": [ { @@ -90,7 +90,7 @@ "description": [ { "lang": "en", - "value": "CWE-77" + "value": "CWE-116" } ] } diff --git a/CVE-2022/CVE-2022-234xx/CVE-2022-23432.json b/CVE-2022/CVE-2022-234xx/CVE-2022-23432.json index a9fd3eda731..2949163cb61 100644 --- a/CVE-2022/CVE-2022-234xx/CVE-2022-23432.json +++ b/CVE-2022/CVE-2022-234xx/CVE-2022-23432.json @@ -2,7 +2,7 @@ "id": "CVE-2022-23432", "sourceIdentifier": "mobile.security@samsung.com", "published": "2022-02-11T18:15:11.637", - "lastModified": "2022-02-18T20:27:34.370", + "lastModified": "2023-07-11T20:41:17.567", "vulnStatus": "Analyzed", "descriptions": [ { @@ -90,7 +90,7 @@ "description": [ { "lang": "en", - "value": "CWE-20" + "value": "CWE-787" } ] }, diff --git a/CVE-2022/CVE-2022-234xx/CVE-2022-23471.json b/CVE-2022/CVE-2022-234xx/CVE-2022-23471.json index 389f40c2452..8aec8accaa0 100644 --- a/CVE-2022/CVE-2022-234xx/CVE-2022-23471.json +++ b/CVE-2022/CVE-2022-234xx/CVE-2022-23471.json @@ -2,7 +2,7 @@ "id": "CVE-2022-23471", "sourceIdentifier": "security-advisories@github.com", "published": "2022-12-07T23:15:09.763", - "lastModified": "2022-12-12T14:53:58.623", + "lastModified": "2023-07-11T21:02:41.090", "vulnStatus": "Analyzed", "descriptions": [ { @@ -56,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-235xx/CVE-2022-23553.json b/CVE-2022/CVE-2022-235xx/CVE-2022-23553.json index f46bdb58ddb..2c2c2b10995 100644 --- a/CVE-2022/CVE-2022-235xx/CVE-2022-23553.json +++ b/CVE-2022/CVE-2022-235xx/CVE-2022-23553.json @@ -2,7 +2,7 @@ "id": "CVE-2022-23553", "sourceIdentifier": "security-advisories@github.com", "published": "2022-12-28T19:15:09.163", - "lastModified": "2023-01-06T15:53:41.237", + "lastModified": "2023-07-11T20:42:40.767", "vulnStatus": "Analyzed", "descriptions": [ { @@ -56,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-235xx/CVE-2022-23554.json b/CVE-2022/CVE-2022-235xx/CVE-2022-23554.json index cc0d6b9b877..f3de980a43c 100644 --- a/CVE-2022/CVE-2022-235xx/CVE-2022-23554.json +++ b/CVE-2022/CVE-2022-235xx/CVE-2022-23554.json @@ -2,7 +2,7 @@ "id": "CVE-2022-23554", "sourceIdentifier": "security-advisories@github.com", "published": "2022-12-28T19:15:09.260", - "lastModified": "2023-01-06T15:47:34.523", + "lastModified": "2023-07-11T20:41:41.257", "vulnStatus": "Analyzed", "descriptions": [ { @@ -56,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-697" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-236xx/CVE-2022-23633.json b/CVE-2022/CVE-2022-236xx/CVE-2022-23633.json index 501ce7be2c7..c7e374950e8 100644 --- a/CVE-2022/CVE-2022-236xx/CVE-2022-23633.json +++ b/CVE-2022/CVE-2022-236xx/CVE-2022-23633.json @@ -2,8 +2,8 @@ "id": "CVE-2022-23633", "sourceIdentifier": "security-advisories@github.com", "published": "2022-02-11T21:15:11.990", - "lastModified": "2023-03-14T08:15:12.723", - "vulnStatus": "Modified", + "lastModified": "2023-07-11T20:41:55.303", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -85,22 +85,22 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", - "value": "CWE-200" + "value": "CWE-212" } ] }, { - "source": "nvd@nist.gov", + "source": "security-advisories@github.com", "type": "Secondary", "description": [ { "lang": "en", - "value": "NVD-CWE-noinfo" + "value": "CWE-200" } ] } @@ -154,6 +154,11 @@ "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" } ] } @@ -197,7 +202,10 @@ }, { "url": "https://www.debian.org/security/2023/dsa-5372", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-236xx/CVE-2022-23648.json b/CVE-2022/CVE-2022-236xx/CVE-2022-23648.json index 74c874fb1f4..b829052f760 100644 --- a/CVE-2022/CVE-2022-236xx/CVE-2022-23648.json +++ b/CVE-2022/CVE-2022-236xx/CVE-2022-23648.json @@ -2,7 +2,7 @@ "id": "CVE-2022-23648", "sourceIdentifier": "security-advisories@github.com", "published": "2022-03-03T14:15:07.973", - "lastModified": "2022-04-25T19:21:42.230", + "lastModified": "2023-07-11T20:51:40.870", "vulnStatus": "Analyzed", "descriptions": [ { @@ -85,22 +85,22 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", - "value": "CWE-200" + "value": "NVD-CWE-noinfo" } ] }, { - "source": "nvd@nist.gov", + "source": "security-advisories@github.com", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-287" + "value": "CWE-200" } ] } @@ -173,7 +173,8 @@ "source": "security-advisories@github.com", "tags": [ "Exploit", - "Third Party Advisory" + "Third Party Advisory", + "VDB Entry" ] }, { diff --git a/CVE-2022/CVE-2022-247xx/CVE-2022-24795.json b/CVE-2022/CVE-2022-247xx/CVE-2022-24795.json index f3a46d32ef8..8aed6629b70 100644 --- a/CVE-2022/CVE-2022-247xx/CVE-2022-24795.json +++ b/CVE-2022/CVE-2022-247xx/CVE-2022-24795.json @@ -2,8 +2,8 @@ "id": "CVE-2022-24795", "sourceIdentifier": "security-advisories@github.com", "published": "2022-04-05T16:15:14.050", - "lastModified": "2022-04-18T10:05:33.230", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-11T20:15:10.393", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -141,6 +141,10 @@ "Exploit", "Third Party Advisory" ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00013.html", + "source": "security-advisories@github.com" } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-248xx/CVE-2022-24894.json b/CVE-2022/CVE-2022-248xx/CVE-2022-24894.json index 73b53b7abea..e04e2e5c1f3 100644 --- a/CVE-2022/CVE-2022-248xx/CVE-2022-24894.json +++ b/CVE-2022/CVE-2022-248xx/CVE-2022-24894.json @@ -2,12 +2,12 @@ "id": "CVE-2022-24894", "sourceIdentifier": "security-advisories@github.com", "published": "2023-02-03T22:15:10.823", - "lastModified": "2023-02-14T16:24:34.673", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-12T01:15:08.913", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers) and returns them to the clients. In a recent change in the `AbstractSessionListener`, the response might contain a `Set-Cookie` header. If the Symfony HTTP cache system is enabled, this response might bill stored and return to the next clients. An attacker can use this vulnerability to retrieve the victim's session. This issue has been patched and is available for branch 4.4." + "value": "Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers) and returns them to the clients. In a recent change in the `AbstractSessionListener`, the response might contain a `Set-Cookie` header. If the Symfony HTTP cache system is enabled, this response might bill stored and return to the next clients. An attacker can use this vulnerability to retrieve the victim's session. This issue has been patched and is available for branch 4.4.\n" } ], "metrics": { @@ -127,6 +127,10 @@ "tags": [ "Third Party Advisory" ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html", + "source": "security-advisories@github.com" } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-248xx/CVE-2022-24895.json b/CVE-2022/CVE-2022-248xx/CVE-2022-24895.json index 2769624764c..50556cbdf3c 100644 --- a/CVE-2022/CVE-2022-248xx/CVE-2022-24895.json +++ b/CVE-2022/CVE-2022-248xx/CVE-2022-24895.json @@ -2,12 +2,12 @@ "id": "CVE-2022-24895", "sourceIdentifier": "security-advisories@github.com", "published": "2023-02-03T22:15:11.273", - "lastModified": "2023-06-23T19:39:19.693", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-12T01:15:09.027", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. This issue has been fixed in the 4.4 branch." + "value": "Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. This issue has been fixed in the 4.4 branch. \n\n" } ], "metrics": { @@ -56,22 +56,22 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "security-advisories@github.com", "type": "Primary", "description": [ { "lang": "en", - "value": "CWE-613" + "value": "CWE-384" } ] }, { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-384" + "value": "CWE-613" } ] } @@ -152,6 +152,10 @@ "Patch", "Third Party Advisory" ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html", + "source": "security-advisories@github.com" } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-258xx/CVE-2022-25883.json b/CVE-2022/CVE-2022-258xx/CVE-2022-25883.json index 2de80dd1efe..b1ff2b8c73d 100644 --- a/CVE-2022/CVE-2022-258xx/CVE-2022-25883.json +++ b/CVE-2022/CVE-2022-258xx/CVE-2022-25883.json @@ -2,7 +2,7 @@ "id": "CVE-2022-25883", "sourceIdentifier": "report@snyk.io", "published": "2023-06-21T05:15:09.060", - "lastModified": "2023-07-05T15:49:56.963", + "lastModified": "2023-07-12T00:53:23.427", "vulnStatus": "Analyzed", "descriptions": [ { @@ -76,8 +76,22 @@ { "vulnerable": true, "criteria": "cpe:2.3:a:npmjs:semver:*:*:*:*:*:node.js:*:*", + "versionEndExcluding": "5.7.2", + "matchCriteriaId": "3DBCA81E-C65B-40E4-8274-83F6B4F07217" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:npmjs:semver:*:*:*:*:*:node.js:*:*", + "versionStartIncluding": "6.0.0", + "versionEndExcluding": "6.3.1", + "matchCriteriaId": "E9EE5F81-D456-411C-8E1F-9D0D555B6FEF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:npmjs:semver:*:*:*:*:*:node.js:*:*", + "versionStartIncluding": "7.0.0", "versionEndExcluding": "7.5.2", - "matchCriteriaId": "0567A5E5-9098-41E3-AB28-569127D89FA8" + "matchCriteriaId": "93EADF33-E83B-43EA-83CF-BC13AA5393EE" } ] } diff --git a/CVE-2022/CVE-2022-275xx/CVE-2022-27583.json b/CVE-2022/CVE-2022-275xx/CVE-2022-27583.json index e0115fd841d..d86db74c31a 100644 --- a/CVE-2022/CVE-2022-275xx/CVE-2022-27583.json +++ b/CVE-2022/CVE-2022-275xx/CVE-2022-27583.json @@ -2,7 +2,7 @@ "id": "CVE-2022-27583", "sourceIdentifier": "psirt@sick.de", "published": "2022-10-31T20:15:12.580", - "lastModified": "2022-11-02T15:49:10.723", + "lastModified": "2023-07-11T19:56:15.537", "vulnStatus": "Analyzed", "descriptions": [ { @@ -41,7 +41,7 @@ "description": [ { "lang": "en", - "value": "CWE-863" + "value": "NVD-CWE-Other" } ] }, diff --git a/CVE-2022/CVE-2022-281xx/CVE-2022-28127.json b/CVE-2022/CVE-2022-281xx/CVE-2022-28127.json index d5bd016843b..62242f0c66c 100644 --- a/CVE-2022/CVE-2022-281xx/CVE-2022-28127.json +++ b/CVE-2022/CVE-2022-281xx/CVE-2022-28127.json @@ -2,7 +2,7 @@ "id": "CVE-2022-28127", "sourceIdentifier": "talos-cna@cisco.com", "published": "2022-06-30T19:15:08.223", - "lastModified": "2022-07-12T19:31:42.473", + "lastModified": "2023-07-11T20:21:44.840", "vulnStatus": "Analyzed", "descriptions": [ { @@ -92,7 +92,7 @@ "description": [ { "lang": "en", - "value": "CWE-20" + "value": "CWE-22" } ] }, diff --git a/CVE-2022/CVE-2022-392xx/CVE-2022-39209.json b/CVE-2022/CVE-2022-392xx/CVE-2022-39209.json index ca97e1885b7..92210b27e89 100644 --- a/CVE-2022/CVE-2022-392xx/CVE-2022-39209.json +++ b/CVE-2022/CVE-2022-392xx/CVE-2022-39209.json @@ -2,7 +2,7 @@ "id": "CVE-2022-39209", "sourceIdentifier": "security-advisories@github.com", "published": "2022-09-15T18:15:12.260", - "lastModified": "2023-01-20T12:34:33.713", + "lastModified": "2023-07-11T20:54:13.747", "vulnStatus": "Analyzed", "descriptions": [ { @@ -65,7 +65,7 @@ "description": [ { "lang": "en", - "value": "CWE-400" + "value": "CWE-407" } ] }, diff --git a/CVE-2022/CVE-2022-392xx/CVE-2022-39219.json b/CVE-2022/CVE-2022-392xx/CVE-2022-39219.json index db2b57a2a37..a987b5b21b5 100644 --- a/CVE-2022/CVE-2022-392xx/CVE-2022-39219.json +++ b/CVE-2022/CVE-2022-392xx/CVE-2022-39219.json @@ -2,7 +2,7 @@ "id": "CVE-2022-39219", "sourceIdentifier": "security-advisories@github.com", "published": "2022-09-26T14:15:10.180", - "lastModified": "2022-09-28T13:31:34.443", + "lastModified": "2023-07-11T20:54:19.200", "vulnStatus": "Analyzed", "descriptions": [ { @@ -65,7 +65,7 @@ "description": [ { "lang": "en", - "value": "CWE-732" + "value": "CWE-287" } ] }, diff --git a/CVE-2022/CVE-2022-392xx/CVE-2022-39222.json b/CVE-2022/CVE-2022-392xx/CVE-2022-39222.json index 18b04c4bcb4..3808db73dcb 100644 --- a/CVE-2022/CVE-2022-392xx/CVE-2022-39222.json +++ b/CVE-2022/CVE-2022-392xx/CVE-2022-39222.json @@ -2,7 +2,7 @@ "id": "CVE-2022-39222", "sourceIdentifier": "security-advisories@github.com", "published": "2022-10-06T18:16:09.037", - "lastModified": "2022-12-03T02:33:47.447", + "lastModified": "2023-07-11T21:02:16.363", "vulnStatus": "Analyzed", "descriptions": [ { @@ -60,22 +60,22 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", - "value": "CWE-200" + "value": "CWE-862" } ] }, { - "source": "nvd@nist.gov", + "source": "security-advisories@github.com", "type": "Secondary", "description": [ { "lang": "en", - "value": "NVD-CWE-noinfo" + "value": "CWE-200" } ] } diff --git a/CVE-2022/CVE-2022-392xx/CVE-2022-39232.json b/CVE-2022/CVE-2022-392xx/CVE-2022-39232.json index a21e769e8a3..e3db80fabb0 100644 --- a/CVE-2022/CVE-2022-392xx/CVE-2022-39232.json +++ b/CVE-2022/CVE-2022-392xx/CVE-2022-39232.json @@ -2,7 +2,7 @@ "id": "CVE-2022-39232", "sourceIdentifier": "security-advisories@github.com", "published": "2022-09-29T21:15:11.210", - "lastModified": "2022-10-05T15:43:40.480", + "lastModified": "2023-07-11T21:02:11.580", "vulnStatus": "Analyzed", "descriptions": [ { @@ -60,8 +60,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-392xx/CVE-2022-39280.json b/CVE-2022/CVE-2022-392xx/CVE-2022-39280.json index 62352ae9fb1..e025afec1b2 100644 --- a/CVE-2022/CVE-2022-392xx/CVE-2022-39280.json +++ b/CVE-2022/CVE-2022-392xx/CVE-2022-39280.json @@ -2,7 +2,7 @@ "id": "CVE-2022-39280", "sourceIdentifier": "security-advisories@github.com", "published": "2022-10-06T18:16:18.007", - "lastModified": "2022-11-10T04:26:56.237", + "lastModified": "2023-07-11T21:01:55.217", "vulnStatus": "Analyzed", "descriptions": [ { @@ -60,22 +60,22 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", - "value": "CWE-400" + "value": "CWE-1333" } ] }, { - "source": "nvd@nist.gov", + "source": "security-advisories@github.com", "type": "Secondary", "description": [ { "lang": "en", - "value": "NVD-CWE-Other" + "value": "CWE-400" } ] } diff --git a/CVE-2022/CVE-2022-392xx/CVE-2022-39284.json b/CVE-2022/CVE-2022-392xx/CVE-2022-39284.json index 000df2b588e..f156e468244 100644 --- a/CVE-2022/CVE-2022-392xx/CVE-2022-39284.json +++ b/CVE-2022/CVE-2022-392xx/CVE-2022-39284.json @@ -2,7 +2,7 @@ "id": "CVE-2022-39284", "sourceIdentifier": "security-advisories@github.com", "published": "2022-10-06T20:15:35.560", - "lastModified": "2022-10-11T16:26:10.823", + "lastModified": "2023-07-11T20:51:50.347", "vulnStatus": "Analyzed", "descriptions": [ { @@ -60,8 +60,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-392xx/CVE-2022-39294.json b/CVE-2022/CVE-2022-392xx/CVE-2022-39294.json index 7383362c848..854bdc12161 100644 --- a/CVE-2022/CVE-2022-392xx/CVE-2022-39294.json +++ b/CVE-2022/CVE-2022-392xx/CVE-2022-39294.json @@ -2,7 +2,7 @@ "id": "CVE-2022-39294", "sourceIdentifier": "security-advisories@github.com", "published": "2022-10-31T19:15:10.593", - "lastModified": "2022-11-02T12:57:39.973", + "lastModified": "2023-07-11T20:51:44.913", "vulnStatus": "Analyzed", "descriptions": [ { @@ -61,7 +61,7 @@ "description": [ { "lang": "en", - "value": "CWE-400" + "value": "CWE-1284" } ] }, diff --git a/CVE-2022/CVE-2022-393xx/CVE-2022-39397.json b/CVE-2022/CVE-2022-393xx/CVE-2022-39397.json index 7722e228985..825e5bf9642 100644 --- a/CVE-2022/CVE-2022-393xx/CVE-2022-39397.json +++ b/CVE-2022/CVE-2022-393xx/CVE-2022-39397.json @@ -2,7 +2,7 @@ "id": "CVE-2022-39397", "sourceIdentifier": "security-advisories@github.com", "published": "2022-11-22T21:15:10.737", - "lastModified": "2022-11-28T14:56:16.053", + "lastModified": "2023-07-11T20:41:50.193", "vulnStatus": "Analyzed", "descriptions": [ { @@ -56,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-39xx/CVE-2022-3974.json b/CVE-2022/CVE-2022-39xx/CVE-2022-3974.json index c7744790d01..362f71c7033 100644 --- a/CVE-2022/CVE-2022-39xx/CVE-2022-3974.json +++ b/CVE-2022/CVE-2022-39xx/CVE-2022-3974.json @@ -2,7 +2,7 @@ "id": "CVE-2022-3974", "sourceIdentifier": "cna@vuldb.com", "published": "2022-11-13T10:15:10.333", - "lastModified": "2022-11-17T20:47:11.210", + "lastModified": "2023-07-11T20:41:59.450", "vulnStatus": "Analyzed", "descriptions": [ { @@ -56,8 +56,18 @@ }, "weaknesses": [ { - "source": "cna@vuldb.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41263.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41263.json index a265cf8288d..22a9da4b6d4 100644 --- a/CVE-2022/CVE-2022-412xx/CVE-2022-41263.json +++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41263.json @@ -2,8 +2,8 @@ "id": "CVE-2022-41263", "sourceIdentifier": "cna@sap.com", "published": "2022-12-12T22:15:10.417", - "lastModified": "2023-07-10T18:24:13.153", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-11T22:15:09.530", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -56,7 +56,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "cna@sap.com", "type": "Primary", "description": [ { @@ -66,12 +66,12 @@ ] }, { - "source": "cna@sap.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-287" + "value": "CWE-352" } ] } diff --git a/CVE-2022/CVE-2022-436xx/CVE-2022-43684.json b/CVE-2022/CVE-2022-436xx/CVE-2022-43684.json index d07b4e15d77..4dec48f70c0 100644 --- a/CVE-2022/CVE-2022-436xx/CVE-2022-43684.json +++ b/CVE-2022/CVE-2022-436xx/CVE-2022-43684.json @@ -2,7 +2,7 @@ "id": "CVE-2022-43684", "sourceIdentifier": "psirt@servicenow.com", "published": "2023-06-13T19:15:09.243", - "lastModified": "2023-07-08T02:15:09.343", + "lastModified": "2023-07-11T18:15:12.140", "vulnStatus": "Modified", "descriptions": [ { @@ -454,6 +454,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/173354/ServiceNow-Insecure-Access-Control-Full-Admin-Compromise.html", + "source": "psirt@servicenow.com" + }, { "url": "http://seclists.org/fulldisclosure/2023/Jul/11", "source": "psirt@servicenow.com" diff --git a/CVE-2022/CVE-2022-463xx/CVE-2022-46334.json b/CVE-2022/CVE-2022-463xx/CVE-2022-46334.json index a503100e6c7..c62ee545194 100644 --- a/CVE-2022/CVE-2022-463xx/CVE-2022-46334.json +++ b/CVE-2022/CVE-2022-463xx/CVE-2022-46334.json @@ -2,12 +2,12 @@ "id": "CVE-2022-46334", "sourceIdentifier": "security@proofpoint.com", "published": "2022-12-21T21:15:09.360", - "lastModified": "2023-01-04T02:33:52.347", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-11T22:15:09.647", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. This affects all versions 8.19.0 and below." + "value": "Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. This affects all versions 8.19.0 and below.\n\n" } ], "metrics": { @@ -37,19 +37,19 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", - "privilegesRequired": "HIGH", + "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 6.7, - "baseSeverity": "MEDIUM" + "baseScore": 7.8, + "baseSeverity": "HIGH" }, - "exploitabilityScore": 0.8, + "exploitabilityScore": 1.8, "impactScore": 5.9 } ] diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48521.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48521.json new file mode 100644 index 00000000000..471cbc17330 --- /dev/null +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48521.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-48521", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-11T20:15:10.523", + "lastModified": "2023-07-11T20:15:10.523", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x through 2.11.0-Beta2. It fails to keep track of ordinal numbers when removing fake Authentication-Results header fields, which allows a remote attacker to craft an e-mail message with a fake sender address such that programs that rely on Authentication-Results from OpenDKIM will treat the message as having a valid DKIM signature when in fact it has none." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/trusteddomainproject/OpenDKIM/issues/148", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-205xx/CVE-2023-20575.json b/CVE-2023/CVE-2023-205xx/CVE-2023-20575.json new file mode 100644 index 00000000000..bf8ce1e8075 --- /dev/null +++ b/CVE-2023/CVE-2023-205xx/CVE-2023-20575.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-20575", + "sourceIdentifier": "psirt@amd.com", + "published": "2023-07-11T19:15:09.547", + "lastModified": "2023-07-11T19:15:09.547", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nA potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program\u2019s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information.\n\n\n\n\n\n\n\n\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3004", + "source": "psirt@amd.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-215xx/CVE-2023-21526.json b/CVE-2023/CVE-2023-215xx/CVE-2023-21526.json new file mode 100644 index 00000000000..f0058633923 --- /dev/null +++ b/CVE-2023/CVE-2023-215xx/CVE-2023-21526.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-21526", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:12.260", + "lastModified": "2023-07-11T18:15:12.260", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Netlogon Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.2 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21526", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-217xx/CVE-2023-21756.json b/CVE-2023/CVE-2023-217xx/CVE-2023-21756.json new file mode 100644 index 00000000000..cd93717cb8b --- /dev/null +++ b/CVE-2023/CVE-2023-217xx/CVE-2023-21756.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-21756", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:12.320", + "lastModified": "2023-07-11T18:15:12.320", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Win32k Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21756", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-226xx/CVE-2023-22665.json b/CVE-2023/CVE-2023-226xx/CVE-2023-22665.json index 73a1d4a8b81..95d971760ae 100644 --- a/CVE-2023/CVE-2023-226xx/CVE-2023-22665.json +++ b/CVE-2023/CVE-2023-226xx/CVE-2023-22665.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22665", "sourceIdentifier": "security@apache.org", "published": "2023-04-25T07:15:08.137", - "lastModified": "2023-05-05T17:15:38.370", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-11T21:15:08.973", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -65,6 +65,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/07/11/11", + "source": "security@apache.org" + }, { "url": "https://lists.apache.org/thread/s0dmpsxcwqs57l4qfs415klkgmhdxq7s", "source": "security@apache.org", diff --git a/CVE-2023/CVE-2023-237xx/CVE-2023-23756.json b/CVE-2023/CVE-2023-237xx/CVE-2023-23756.json new file mode 100644 index 00000000000..ba09e0ebf58 --- /dev/null +++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23756.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-23756", + "sourceIdentifier": "security@joomla.org", + "published": "2023-07-11T20:15:10.573", + "lastModified": "2023-07-11T20:15:10.573", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script Elements." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@joomla.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://extensions.joomla.org/vulnerable-extensions/vulnerable/one-vote-1-7-xss-cross-site-scripting/", + "source": "security@joomla.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-244xx/CVE-2023-24491.json b/CVE-2023/CVE-2023-244xx/CVE-2023-24491.json new file mode 100644 index 00000000000..6144db37c95 --- /dev/null +++ b/CVE-2023/CVE-2023-244xx/CVE-2023-24491.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-24491", + "sourceIdentifier": "secure@citrix.com", + "published": "2023-07-11T22:15:09.750", + "lastModified": "2023-07-11T22:15:09.750", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nA vulnerability has been discovered in the Citrix Secure Access client for Windows\n\n\n\nwhich, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of\u00a0NT AUTHORITY\\SYSTEM.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@citrix.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secure@citrix.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://support.citrix.com/article/CTX561480/citrix-secure-access-client-for-windows-security-bulletin-for-cve202324491", + "source": "secure@citrix.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-244xx/CVE-2023-24492.json b/CVE-2023/CVE-2023-244xx/CVE-2023-24492.json new file mode 100644 index 00000000000..16f71c60a73 --- /dev/null +++ b/CVE-2023/CVE-2023-244xx/CVE-2023-24492.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-24492", + "sourceIdentifier": "secure@citrix.com", + "published": "2023-07-11T22:15:09.817", + "lastModified": "2023-07-11T22:15:09.817", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nA vulnerability has been discovered in the Citrix Secure Access client for Ubuntu\u00a0which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@citrix.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "secure@citrix.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://support.citrix.com/article/CTX564169/citrix-secure-access-client-for-ubuntu-security-bulletin-for-cve202324492", + "source": "secure@citrix.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-253xx/CVE-2023-25399.json b/CVE-2023/CVE-2023-253xx/CVE-2023-25399.json index 77e75fc7713..b1b6506be42 100644 --- a/CVE-2023/CVE-2023-253xx/CVE-2023-25399.json +++ b/CVE-2023/CVE-2023-253xx/CVE-2023-25399.json @@ -2,27 +2,92 @@ "id": "CVE-2023-25399", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-05T17:15:09.320", - "lastModified": "2023-07-05T20:14:23.587", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-11T19:14:10.753", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:scipy:scipy:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.11.1", + "matchCriteriaId": "DE57F752-50C6-4FEB-BBDB-340B6AFC0566" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.square16.org/achievement/cve-2023-25399/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/scipy/scipy/issues/16235", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Vendor Advisory" + ] }, { "url": "https://github.com/scipy/scipy/pull/16397", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-271xx/CVE-2023-27197.json b/CVE-2023/CVE-2023-271xx/CVE-2023-27197.json index 17d1e74ced0..35e1cc3ad12 100644 --- a/CVE-2023/CVE-2023-271xx/CVE-2023-27197.json +++ b/CVE-2023/CVE-2023-271xx/CVE-2023-27197.json @@ -2,19 +2,86 @@ "id": "CVE-2023-27197", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-05T20:15:10.013", - "lastModified": "2023-07-05T20:31:30.957", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-11T19:54:40.947", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow an attacker to gain root access by running a crafted binary leveraging an exported function from a shared library. The attacker must have shell access to the device in order to exploit this vulnerability." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:paxtechnology:pax_a930_firmware:paydroid_7.1.1_virgo_v04.5.02_20220722:*:*:*:*:*:*:*", + "matchCriteriaId": "357A0C6F-E5B5-4A3B-975F-9F8A1DEFEB3E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:paxtechnology:pax_a930:-:*:*:*:*:*:*:*", + "matchCriteriaId": "989E7380-5493-4A0D-81E9-3AEAA0F4FA73" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/wr3nchsr/PAX-Paydroid-Advisories/blob/master/advisories/2023/CVEs/CVE-2023-27197.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-275xx/CVE-2023-27590.json b/CVE-2023/CVE-2023-275xx/CVE-2023-27590.json index 11b9c11d6bf..ef3bc952fbf 100644 --- a/CVE-2023/CVE-2023-275xx/CVE-2023-27590.json +++ b/CVE-2023/CVE-2023-275xx/CVE-2023-27590.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27590", "sourceIdentifier": "security-advisories@github.com", "published": "2023-03-14T21:15:10.763", - "lastModified": "2023-03-21T15:00:44.043", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-12T03:15:08.943", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -55,19 +55,9 @@ ] }, "weaknesses": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-787" - } - ] - }, { "source": "security-advisories@github.com", - "type": "Secondary", + "type": "Primary", "description": [ { "lang": "en", @@ -78,6 +68,16 @@ "value": "CWE-121" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ @@ -135,6 +135,10 @@ "Patch", "Vendor Advisory" ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW3JXI4TIJIR7PGFP74SN7GQYHW2F46Y/", + "source": "security-advisories@github.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-284xx/CVE-2023-28489.json b/CVE-2023/CVE-2023-284xx/CVE-2023-28489.json index a18f6652d01..aa9da5aad2f 100644 --- a/CVE-2023/CVE-2023-284xx/CVE-2023-28489.json +++ b/CVE-2023/CVE-2023-284xx/CVE-2023-28489.json @@ -2,7 +2,7 @@ "id": "CVE-2023-28489", "sourceIdentifier": "productcert@siemens.com", "published": "2023-04-11T10:15:18.280", - "lastModified": "2023-07-07T20:15:10.007", + "lastModified": "2023-07-11T18:15:12.383", "vulnStatus": "Modified", "descriptions": [ { @@ -135,6 +135,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html", + "source": "productcert@siemens.com" + }, { "url": "http://seclists.org/fulldisclosure/2023/Jul/14", "source": "productcert@siemens.com" diff --git a/CVE-2023/CVE-2023-293xx/CVE-2023-29347.json b/CVE-2023/CVE-2023-293xx/CVE-2023-29347.json new file mode 100644 index 00000000000..5f5556e417d --- /dev/null +++ b/CVE-2023/CVE-2023-293xx/CVE-2023-29347.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-29347", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:12.477", + "lastModified": "2023-07-11T18:15:12.477", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Admin Center Spoofing Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.3, + "impactScore": 5.8 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29347", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29406.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29406.json new file mode 100644 index 00000000000..423b27a3361 --- /dev/null +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29406.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2023-29406", + "sourceIdentifier": "security@golang.org", + "published": "2023-07-11T20:15:10.643", + "lastModified": "2023-07-11T20:15:10.643", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@golang.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-113" + } + ] + } + ], + "references": [ + { + "url": "https://go.dev/cl/506996", + "source": "security@golang.org" + }, + { + "url": "https://go.dev/issue/60374", + "source": "security@golang.org" + }, + { + "url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0", + "source": "security@golang.org" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2023-1878", + "source": "security@golang.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-298xx/CVE-2023-29824.json b/CVE-2023/CVE-2023-298xx/CVE-2023-29824.json index 91181dba2f5..3cfd705bf9f 100644 --- a/CVE-2023/CVE-2023-298xx/CVE-2023-29824.json +++ b/CVE-2023/CVE-2023-298xx/CVE-2023-29824.json @@ -2,12 +2,12 @@ "id": "CVE-2023-29824", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-06T21:15:09.060", - "lastModified": "2023-07-07T12:50:22.490", + "lastModified": "2023-07-11T18:15:12.537", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0." + "value": "** DISPUTED ** A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue." } ], "metrics": {}, @@ -20,6 +20,10 @@ "url": "https://github.com/scipy/scipy/issues/14713", "source": "cve@mitre.org" }, + { + "url": "https://github.com/scipy/scipy/issues/14713#issuecomment-1629468565", + "source": "cve@mitre.org" + }, { "url": "https://github.com/scipy/scipy/pull/15013", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-299xx/CVE-2023-29984.json b/CVE-2023/CVE-2023-299xx/CVE-2023-29984.json new file mode 100644 index 00000000000..525a92b3e9a --- /dev/null +++ b/CVE-2023/CVE-2023-299xx/CVE-2023-29984.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-29984", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-11T20:15:10.700", + "lastModified": "2023-07-11T20:15:10.700", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Null pointer dereference vulnerability exists in multiple vendors MFPs and printers which implement Debut web server 1.2 or 1.3. Processing a specially crafted request may lead an affected product to a denial-of-service (DoS) condition. As for the affected products/models/versions, see the detailed information provided by each vendor." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://brother.com", + "source": "cve@mitre.org" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU93767756/index.html", + "source": "cve@mitre.org" + }, + { + "url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2023/browser_announce.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-302xx/CVE-2023-30226.json b/CVE-2023/CVE-2023-302xx/CVE-2023-30226.json new file mode 100644 index 00000000000..98f76d42e9f --- /dev/null +++ b/CVE-2023/CVE-2023-302xx/CVE-2023-30226.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-30226", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-12T02:15:09.090", + "lastModified": "2023-07-12T02:15:09.090", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in function get_gnu_verneed in rizinorg Rizin prior to 0.5.0 verneed_entry allows attackers to cause a denial of service via crafted elf file." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/ifyGecko/CVE-2023-30226", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/rizinorg/rizin/commit/a6d89de0d44e776f9bccc3a168fdc79f604e14ed", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30607.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30607.json index d529b65ea96..b582a338991 100644 --- a/CVE-2023/CVE-2023-306xx/CVE-2023-30607.json +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30607.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30607", "sourceIdentifier": "security-advisories@github.com", "published": "2023-07-05T18:15:10.070", - "lastModified": "2023-07-05T20:14:23.587", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-11T18:16:32.070", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +66,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:icinga:icinga_web_jira_integration:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.3.0", + "versionEndExcluding": "1.3.2", + "matchCriteriaId": "D88AABE1-39B8-4D52-AE35-33C401F14E34" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Icinga/icingaweb2-module-jira/commit/7f0c53b7a3e87be2f4c2e8840805d7b7c9762424", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/Icinga/icingaweb2-module-jira/releases/tag/v1.3.2", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/Icinga/icingaweb2-module-jira/security/advisories/GHSA-gh7w-7f7j-gwp5", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31248.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31248.json index e6867f2895a..26bce5ce8d1 100644 --- a/CVE-2023/CVE-2023-312xx/CVE-2023-31248.json +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31248.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31248", "sourceIdentifier": "security@ubuntu.com", "published": "2023-07-05T19:15:09.713", - "lastModified": "2023-07-05T21:15:09.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-11T18:53:22.787", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security@ubuntu.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + }, { "source": "security@ubuntu.com", "type": "Secondary", @@ -46,18 +76,44 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.9.0:rc1:*:*:*:*:*:*", + "matchCriteriaId": "21F51360-AF61-433B-9FD9-D7DE742FABF9" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/07/05/2", - "source": "security@ubuntu.com" + "source": "security@ubuntu.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/", - "source": "security@ubuntu.com" + "source": "security@ubuntu.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.openwall.com/lists/oss-security/2023/07/05/2", - "source": "security@ubuntu.com" + "source": "security@ubuntu.com", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3127.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3127.json new file mode 100644 index 00000000000..6b981485507 --- /dev/null +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3127.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3127", + "sourceIdentifier": "productsecurity@jci.com", + "published": "2023-07-11T22:15:09.907", + "lastModified": "2023-07-11T22:15:09.907", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "productsecurity@jci.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.3 + } + ] + }, + "weaknesses": [ + { + "source": "productsecurity@jci.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-02", + "source": "productsecurity@jci.com" + }, + { + "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories", + "source": "productsecurity@jci.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32033.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32033.json new file mode 100644 index 00000000000..8314ffbb5f5 --- /dev/null +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32033.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-32033", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:12.590", + "lastModified": "2023-07-11T18:15:12.590", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Failover Cluster Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.7, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32033", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32034.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32034.json new file mode 100644 index 00000000000..cac049bcebe --- /dev/null +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32034.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-32034", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:12.650", + "lastModified": "2023-07-11T18:15:12.650", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Remote Procedure Call Runtime Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32034", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32035.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32035.json new file mode 100644 index 00000000000..acfbbf0bf4c --- /dev/null +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32035.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-32035", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:12.710", + "lastModified": "2023-07-11T18:15:12.710", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Remote Procedure Call Runtime Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32035", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32037.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32037.json new file mode 100644 index 00000000000..6a47aac9592 --- /dev/null +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32037.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-32037", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:12.777", + "lastModified": "2023-07-11T18:15:12.777", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32037", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32038.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32038.json new file mode 100644 index 00000000000..1ec1928733b --- /dev/null +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32038.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-32038", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:12.840", + "lastModified": "2023-07-11T18:15:12.840", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft ODBC Driver Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32038", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32039.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32039.json new file mode 100644 index 00000000000..edc973fbb7d --- /dev/null +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32039.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-32039", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:12.900", + "lastModified": "2023-07-11T18:15:12.900", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32039", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32040.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32040.json new file mode 100644 index 00000000000..747cb9f718f --- /dev/null +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32040.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-32040", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:12.957", + "lastModified": "2023-07-11T18:15:12.957", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32040", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32041.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32041.json new file mode 100644 index 00000000000..7c641c8bfd7 --- /dev/null +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32041.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-32041", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:13.017", + "lastModified": "2023-07-11T18:15:13.017", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Update Orchestrator Service Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32041", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32042.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32042.json new file mode 100644 index 00000000000..b37bc326deb --- /dev/null +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32042.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-32042", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:13.077", + "lastModified": "2023-07-11T18:15:13.077", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "OLE Automation Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32042", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32043.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32043.json new file mode 100644 index 00000000000..96d4a1e7f60 --- /dev/null +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32043.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-32043", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:13.133", + "lastModified": "2023-07-11T18:15:13.133", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Remote Desktop Security Feature Bypass Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.2 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32043", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32044.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32044.json new file mode 100644 index 00000000000..869c0705958 --- /dev/null +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32044.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-32044", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:13.190", + "lastModified": "2023-07-11T18:15:13.190", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Message Queuing Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32044", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32045.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32045.json new file mode 100644 index 00000000000..21947c7d55f --- /dev/null +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32045.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-32045", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:13.253", + "lastModified": "2023-07-11T18:15:13.253", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Message Queuing Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32045", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32046.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32046.json new file mode 100644 index 00000000000..6820595bfc1 --- /dev/null +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32046.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-32046", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:13.313", + "lastModified": "2023-07-11T18:15:13.313", + "vulnStatus": "Received", + "cisaExploitAdd": "2023-07-11", + "cisaActionDue": "2023-08-01", + "cisaRequiredAction": "Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.", + "cisaVulnerabilityName": "Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability", + "descriptions": [ + { + "lang": "en", + "value": "Windows MSHTML Platform Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32046", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32047.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32047.json new file mode 100644 index 00000000000..864c02397e4 --- /dev/null +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32047.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-32047", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:13.367", + "lastModified": "2023-07-11T18:15:13.367", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Paint 3D Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32047", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32049.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32049.json new file mode 100644 index 00000000000..8d956469a96 --- /dev/null +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32049.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-32049", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:13.430", + "lastModified": "2023-07-11T18:15:13.430", + "vulnStatus": "Received", + "cisaExploitAdd": "2023-07-11", + "cisaActionDue": "2023-08-01", + "cisaRequiredAction": "Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.", + "cisaVulnerabilityName": "Microsoft Windows Defender SmartScreen Security Feature Bypass Vulnerability", + "descriptions": [ + { + "lang": "en", + "value": "Windows SmartScreen Security Feature Bypass Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32049", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32050.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32050.json new file mode 100644 index 00000000000..09577254493 --- /dev/null +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32050.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-32050", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:13.490", + "lastModified": "2023-07-11T18:15:13.490", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Installer Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32050", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32051.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32051.json new file mode 100644 index 00000000000..0743911bfb9 --- /dev/null +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32051.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-32051", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:13.547", + "lastModified": "2023-07-11T18:15:13.547", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Raw Image Extension Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32051", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32052.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32052.json new file mode 100644 index 00000000000..46d586ebee5 --- /dev/null +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32052.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-32052", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:13.607", + "lastModified": "2023-07-11T18:15:13.607", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Power Apps Spoofing Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32052", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32053.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32053.json new file mode 100644 index 00000000000..16e5039f2ab --- /dev/null +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32053.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-32053", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:13.667", + "lastModified": "2023-07-11T18:15:13.667", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Installer Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32053", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32054.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32054.json new file mode 100644 index 00000000000..a5f53067016 --- /dev/null +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32054.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-32054", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:13.723", + "lastModified": "2023-07-11T18:15:13.723", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Volume Shadow Copy Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32054", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32055.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32055.json new file mode 100644 index 00000000000..16c04935875 --- /dev/null +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32055.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-32055", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:13.780", + "lastModified": "2023-07-11T18:15:13.780", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Active Template Library Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32055", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32056.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32056.json new file mode 100644 index 00000000000..7943337be89 --- /dev/null +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32056.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-32056", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:13.843", + "lastModified": "2023-07-11T18:15:13.843", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32056", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32057.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32057.json new file mode 100644 index 00000000000..ae8c0ade1aa --- /dev/null +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32057.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-32057", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:13.903", + "lastModified": "2023-07-11T18:15:13.903", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Message Queuing Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32057", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32083.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32083.json new file mode 100644 index 00000000000..a99aafad0e6 --- /dev/null +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32083.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-32083", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:13.967", + "lastModified": "2023-07-11T18:15:13.967", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Failover Cluster Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.2 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32083", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32084.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32084.json new file mode 100644 index 00000000000..02026c079ed --- /dev/null +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32084.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-32084", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:14.023", + "lastModified": "2023-07-11T18:15:14.023", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "HTTP.sys Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32084", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32085.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32085.json new file mode 100644 index 00000000000..7ceb4a8d4c5 --- /dev/null +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32085.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-32085", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:14.087", + "lastModified": "2023-07-11T18:15:14.087", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32085", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32693.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32693.json new file mode 100644 index 00000000000..2a7e56604a3 --- /dev/null +++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32693.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-32693", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-07-11T18:15:14.147", + "lastModified": "2023-07-11T18:15:14.147", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in versions 0.27.3 and 0.26.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/decidim/decidim/releases/tag/v0.26.6", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/decidim/decidim/releases/tag/v0.27.3", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/decidim/decidim/security/advisories/GHSA-469h-mqg8-535r", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3269.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3269.json index b18fc5cf7bc..fe321621647 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3269.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3269.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3269", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-11T12:15:10.047", - "lastModified": "2023-07-11T12:43:16.387", + "lastModified": "2023-07-12T03:15:09.210", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -43,6 +43,10 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215268", "source": "secalert@redhat.com" }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6AAA64CUPSMBW6XDTXPQJ3KQWYQ4K7L/", + "source": "secalert@redhat.com" + }, { "url": "https://www.openwall.com/lists/oss-security/2023/07/05/1", "source": "secalert@redhat.com" diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33127.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33127.json new file mode 100644 index 00000000000..a624818cc32 --- /dev/null +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33127.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-33127", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:14.213", + "lastModified": "2023-07-11T18:15:14.213", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": ".NET and Visual Studio Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33127", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33131.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33131.json index 3da878d14a3..ffb222b230f 100644 --- a/CVE-2023/CVE-2023-331xx/CVE-2023-33131.json +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33131.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33131", "sourceIdentifier": "secure@microsoft.com", "published": "2023-06-14T00:15:12.087", - "lastModified": "2023-06-21T19:42:39.463", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-11T18:15:14.270", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -104,6 +104,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/173361/Microsoft-365-MSO-2306-Build-16.0.16529.20100-Remote-Code-Execution.html", + "source": "secure@microsoft.com" + }, { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33131", "source": "secure@microsoft.com", diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33134.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33134.json new file mode 100644 index 00000000000..768bbae88a2 --- /dev/null +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33134.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-33134", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:14.343", + "lastModified": "2023-07-11T18:15:14.343", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft SharePoint Server Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33134", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33148.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33148.json new file mode 100644 index 00000000000..87b535b4357 --- /dev/null +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33148.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-33148", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:14.403", + "lastModified": "2023-07-11T18:15:14.403", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Office Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33148", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33149.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33149.json new file mode 100644 index 00000000000..0a839574157 --- /dev/null +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33149.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-33149", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:14.457", + "lastModified": "2023-07-11T18:15:14.457", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Office Graphics Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33149", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33150.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33150.json new file mode 100644 index 00000000000..b429df08601 --- /dev/null +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33150.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-33150", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:14.513", + "lastModified": "2023-07-11T18:15:14.513", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Office Security Feature Bypass Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33150", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33151.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33151.json new file mode 100644 index 00000000000..cfdabc97a50 --- /dev/null +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33151.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-33151", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:14.570", + "lastModified": "2023-07-11T18:15:14.570", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Outlook Spoofing Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33151", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33152.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33152.json new file mode 100644 index 00000000000..276862c562c --- /dev/null +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33152.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-33152", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:14.627", + "lastModified": "2023-07-11T18:15:14.627", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft ActiveX Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33152", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33153.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33153.json new file mode 100644 index 00000000000..ed4b074c770 --- /dev/null +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33153.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-33153", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:14.680", + "lastModified": "2023-07-11T18:15:14.680", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Outlook Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.2 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33153", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33154.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33154.json new file mode 100644 index 00000000000..d17f391527f --- /dev/null +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33154.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-33154", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:14.737", + "lastModified": "2023-07-11T18:15:14.737", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Partition Management Driver Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33154", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33155.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33155.json new file mode 100644 index 00000000000..3f5aab3dcbb --- /dev/null +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33155.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-33155", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:14.793", + "lastModified": "2023-07-11T18:15:14.793", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33155", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33156.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33156.json new file mode 100644 index 00000000000..539b2842a99 --- /dev/null +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33156.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-33156", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:14.850", + "lastModified": "2023-07-11T18:15:14.850", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Defender Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.2 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33156", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33157.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33157.json new file mode 100644 index 00000000000..f6100213f18 --- /dev/null +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33157.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-33157", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:14.910", + "lastModified": "2023-07-11T18:15:14.910", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft SharePoint Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33157", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33158.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33158.json new file mode 100644 index 00000000000..3aa4d525a85 --- /dev/null +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33158.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-33158", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:14.970", + "lastModified": "2023-07-11T18:15:14.970", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Excel Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33158", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33159.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33159.json new file mode 100644 index 00000000000..08c9139c137 --- /dev/null +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33159.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-33159", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:15.030", + "lastModified": "2023-07-11T18:15:15.030", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft SharePoint Server Spoofing Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33159", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33160.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33160.json new file mode 100644 index 00000000000..f03d6f66e9a --- /dev/null +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33160.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-33160", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:15.090", + "lastModified": "2023-07-11T18:15:15.090", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft SharePoint Server Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33160", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33161.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33161.json new file mode 100644 index 00000000000..542a3c873fd --- /dev/null +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33161.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-33161", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:15.150", + "lastModified": "2023-07-11T18:15:15.150", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Excel Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33161", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33162.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33162.json new file mode 100644 index 00000000000..8f5137f12a9 --- /dev/null +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33162.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-33162", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:15.200", + "lastModified": "2023-07-11T18:15:15.200", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Excel Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33162", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33163.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33163.json new file mode 100644 index 00000000000..0f22542b424 --- /dev/null +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33163.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-33163", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:15.257", + "lastModified": "2023-07-11T18:15:15.257", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Network Load Balancing Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33163", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33164.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33164.json new file mode 100644 index 00000000000..ea591d290f5 --- /dev/null +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33164.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-33164", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:15.317", + "lastModified": "2023-07-11T18:15:15.317", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Remote Procedure Call Runtime Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33164", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33165.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33165.json new file mode 100644 index 00000000000..207e3b494e2 --- /dev/null +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33165.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-33165", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:15.373", + "lastModified": "2023-07-11T18:15:15.373", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft SharePoint Server Security Feature Bypass Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33165", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33166.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33166.json new file mode 100644 index 00000000000..70e83680803 --- /dev/null +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33166.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-33166", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:15.433", + "lastModified": "2023-07-11T18:15:15.433", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Remote Procedure Call Runtime Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33166", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33167.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33167.json new file mode 100644 index 00000000000..1506da4bb76 --- /dev/null +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33167.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-33167", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:15.487", + "lastModified": "2023-07-11T18:15:15.487", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Remote Procedure Call Runtime Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33167", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33168.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33168.json new file mode 100644 index 00000000000..e8941b75616 --- /dev/null +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33168.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-33168", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:15.543", + "lastModified": "2023-07-11T18:15:15.543", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Remote Procedure Call Runtime Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33168", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33169.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33169.json new file mode 100644 index 00000000000..c46747803b3 --- /dev/null +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33169.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-33169", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:15.603", + "lastModified": "2023-07-11T18:15:15.603", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Remote Procedure Call Runtime Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33169", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33170.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33170.json new file mode 100644 index 00000000000..c72586fbfed --- /dev/null +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33170.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-33170", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:15.660", + "lastModified": "2023-07-11T18:15:15.660", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "ASP.NET and Visual Studio Security Feature Bypass Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33170", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33171.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33171.json new file mode 100644 index 00000000000..2d07e600d77 --- /dev/null +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33171.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-33171", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:15.717", + "lastModified": "2023-07-11T18:15:15.717", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.7 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33171", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33172.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33172.json new file mode 100644 index 00000000000..a41132b27e2 --- /dev/null +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33172.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-33172", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:15.770", + "lastModified": "2023-07-11T18:15:15.770", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Remote Procedure Call Runtime Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33172", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33173.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33173.json new file mode 100644 index 00000000000..258c9447073 --- /dev/null +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33173.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-33173", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:15.827", + "lastModified": "2023-07-11T18:15:15.827", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Remote Procedure Call Runtime Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33173", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33174.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33174.json new file mode 100644 index 00000000000..f3ee2702579 --- /dev/null +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33174.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-33174", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:15.883", + "lastModified": "2023-07-11T18:15:15.883", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Cryptographic Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33174", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33335.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33335.json index f611158a83a..15b80c2b631 100644 --- a/CVE-2023/CVE-2023-333xx/CVE-2023-33335.json +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33335.json @@ -2,19 +2,75 @@ "id": "CVE-2023-33335", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-05T18:15:10.277", - "lastModified": "2023-07-05T20:14:23.587", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-11T18:08:31.507", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting (XSS) in Sophos Sophos iView (The EOL was December 31st 2020) in grpname parameter that allows arbitrary script to be executed." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sophos:iview:-:*:*:*:*:*:*:*", + "matchCriteriaId": "99E792F3-706D-4A7C-A5EC-C326B328D0CB" + } + ] + } + ] + } + ], "references": [ { "url": "https://inf0seq.github.io/cve/2023/05/03/Cross-Site-scripting-(XSS)-in-Sophos-iView.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-334xx/CVE-2023-33460.json b/CVE-2023/CVE-2023-334xx/CVE-2023-33460.json index b15a028f222..ed8a0038350 100644 --- a/CVE-2023/CVE-2023-334xx/CVE-2023-33460.json +++ b/CVE-2023/CVE-2023-334xx/CVE-2023-33460.json @@ -2,7 +2,7 @@ "id": "CVE-2023-33460", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-06T12:15:09.447", - "lastModified": "2023-07-02T13:15:41.470", + "lastModified": "2023-07-11T20:15:10.757", "vulnStatus": "Modified", "descriptions": [ { @@ -77,6 +77,10 @@ { "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00000.html", "source": "cve@mitre.org" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00013.html", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33919.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33919.json index 5e35a26ace1..a2a8229545e 100644 --- a/CVE-2023/CVE-2023-339xx/CVE-2023-33919.json +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33919.json @@ -2,7 +2,7 @@ "id": "CVE-2023-33919", "sourceIdentifier": "productcert@siemens.com", "published": "2023-06-13T09:15:18.620", - "lastModified": "2023-07-07T20:15:10.323", + "lastModified": "2023-07-11T18:15:15.943", "vulnStatus": "Modified", "descriptions": [ { @@ -135,6 +135,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html", + "source": "productcert@siemens.com" + }, { "url": "http://seclists.org/fulldisclosure/2023/Jul/14", "source": "productcert@siemens.com" diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33920.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33920.json index 0cc3741be6b..08358001d5f 100644 --- a/CVE-2023/CVE-2023-339xx/CVE-2023-33920.json +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33920.json @@ -2,7 +2,7 @@ "id": "CVE-2023-33920", "sourceIdentifier": "productcert@siemens.com", "published": "2023-06-13T09:15:18.677", - "lastModified": "2023-07-07T20:15:10.423", + "lastModified": "2023-07-11T18:15:16.023", "vulnStatus": "Modified", "descriptions": [ { @@ -135,6 +135,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html", + "source": "productcert@siemens.com" + }, { "url": "http://seclists.org/fulldisclosure/2023/Jul/14", "source": "productcert@siemens.com" diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33921.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33921.json index 2d12d914460..310366a4438 100644 --- a/CVE-2023/CVE-2023-339xx/CVE-2023-33921.json +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33921.json @@ -2,7 +2,7 @@ "id": "CVE-2023-33921", "sourceIdentifier": "productcert@siemens.com", "published": "2023-06-13T09:15:18.733", - "lastModified": "2023-07-07T20:15:10.523", + "lastModified": "2023-07-11T18:15:16.093", "vulnStatus": "Modified", "descriptions": [ { @@ -135,6 +135,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html", + "source": "productcert@siemens.com" + }, { "url": "http://seclists.org/fulldisclosure/2023/Jul/14", "source": "productcert@siemens.com" diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34089.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34089.json new file mode 100644 index 00000000000..25b046618e2 --- /dev/null +++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34089.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-34089", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-07-11T18:15:16.170", + "lastModified": "2023-07-11T18:15:16.170", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in version 0.27.3 and 0.26.6.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/decidim/decidim/releases/tag/v0.26.6", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/decidim/decidim/releases/tag/v0.27.3", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/decidim/decidim/security/advisories/GHSA-5652-92r9-3fx9", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34090.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34090.json new file mode 100644 index 00000000000..f1180a0e85b --- /dev/null +++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34090.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-34090", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-07-11T18:15:16.233", + "lastModified": "2023-07-11T18:15:16.233", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Decidim uses a third-party library named Ransack for filtering certain database collections (e.g., public meetings). By default, this library allows filtering on all data attributes and associations. This allows an unauthenticated remote attacker to exfiltrate non-public data from the underlying database of a Decidim instance (e.g., exfiltrating data from the user table). This issue may lead to Sensitive Data Disclosure. The problem was patched in version 0.27.3. " + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/decidim/decidim/releases/tag/v0.27.3", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/decidim/decidim/security/advisories/GHSA-jm79-9pm4-vrw9", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/decidim/decidim/security/advisories/GHSA-jm79-9pm4-vrw9#advisory-comment-81110", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34118.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34118.json new file mode 100644 index 00000000000..fcd033e036a --- /dev/null +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34118.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-34118", + "sourceIdentifier": "security@zoom.us", + "published": "2023-07-11T18:15:16.300", + "lastModified": "2023-07-11T18:15:16.300", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper privilege management in Zoom Rooms before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@zoom.us", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.0, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@zoom.us", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", + "source": "security@zoom.us" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34119.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34119.json new file mode 100644 index 00000000000..267354ef2fb --- /dev/null +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34119.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-34119", + "sourceIdentifier": "security@zoom.us", + "published": "2023-07-11T18:15:16.363", + "lastModified": "2023-07-11T18:15:16.363", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": " Insecure temporary file in the installer for Zoom Rooms before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@zoom.us", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.5, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@zoom.us", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-377" + } + ] + } + ], + "references": [ + { + "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", + "source": "security@zoom.us" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-348xx/CVE-2023-34834.json b/CVE-2023/CVE-2023-348xx/CVE-2023-34834.json index 6279c679161..4473d3c1a7f 100644 --- a/CVE-2023/CVE-2023-348xx/CVE-2023-34834.json +++ b/CVE-2023/CVE-2023-348xx/CVE-2023-34834.json @@ -2,23 +2,95 @@ "id": "CVE-2023-34834", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-29T03:15:09.563", - "lastModified": "2023-06-29T15:35:43.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-11T18:59:16.717", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A Directory Browsing vulnerability in MCL-Net version 4.3.5.8788 webserver running on default port 5080, allows attackers to gain sensitive information about the configured databases via the \"/file\" endpoint." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mcl-collection:mcl-net_firmware:4.3.5.8788:*:*:*:*:*:*:*", + "matchCriteriaId": "2E3A120C-9DC1-46AC-BE65-E9082B64DE54" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mcl-collection:mcl-net:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6E7CA504-1A26-4F94-AF47-68ED6BBE42FA" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.mclv4.mcl-collection.com/index.php", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://www.exploit-db.com/exploits/51542", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-352xx/CVE-2023-35296.json b/CVE-2023/CVE-2023-352xx/CVE-2023-35296.json new file mode 100644 index 00000000000..2d8ff2170fc --- /dev/null +++ b/CVE-2023/CVE-2023-352xx/CVE-2023-35296.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35296", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:16.427", + "lastModified": "2023-07-11T18:15:16.427", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35296", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-352xx/CVE-2023-35297.json b/CVE-2023/CVE-2023-352xx/CVE-2023-35297.json new file mode 100644 index 00000000000..c61b4d0d7b2 --- /dev/null +++ b/CVE-2023/CVE-2023-352xx/CVE-2023-35297.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35297", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:16.487", + "lastModified": "2023-07-11T18:15:16.487", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35297", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-352xx/CVE-2023-35298.json b/CVE-2023/CVE-2023-352xx/CVE-2023-35298.json new file mode 100644 index 00000000000..9921451ab06 --- /dev/null +++ b/CVE-2023/CVE-2023-352xx/CVE-2023-35298.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35298", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:16.543", + "lastModified": "2023-07-11T18:15:16.543", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "HTTP.sys Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35298", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-352xx/CVE-2023-35299.json b/CVE-2023/CVE-2023-352xx/CVE-2023-35299.json new file mode 100644 index 00000000000..3acc26fca77 --- /dev/null +++ b/CVE-2023/CVE-2023-352xx/CVE-2023-35299.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35299", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:16.603", + "lastModified": "2023-07-11T18:15:16.603", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Common Log File System Driver Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35299", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35300.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35300.json new file mode 100644 index 00000000000..b9041b7586f --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35300.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35300", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:16.660", + "lastModified": "2023-07-11T18:15:16.660", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Remote Procedure Call Runtime Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35300", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35302.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35302.json new file mode 100644 index 00000000000..c58bee37f03 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35302.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35302", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:16.717", + "lastModified": "2023-07-11T18:15:16.717", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35302", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35303.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35303.json new file mode 100644 index 00000000000..629748dfca8 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35303.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35303", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:16.773", + "lastModified": "2023-07-11T18:15:16.773", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "USB Audio Class System Driver Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35303", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35304.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35304.json new file mode 100644 index 00000000000..d6bdf2e7ebb --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35304.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35304", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:16.830", + "lastModified": "2023-07-11T18:15:16.830", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Kernel Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35304", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35305.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35305.json new file mode 100644 index 00000000000..8efc3519bfe --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35305.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35305", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:16.890", + "lastModified": "2023-07-11T18:15:16.890", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Kernel Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35305", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35306.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35306.json new file mode 100644 index 00000000000..a1c26711620 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35306.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35306", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:16.953", + "lastModified": "2023-07-11T18:15:16.953", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35306", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35308.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35308.json new file mode 100644 index 00000000000..b5de067788b --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35308.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35308", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:17.010", + "lastModified": "2023-07-11T18:15:17.010", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows MSHTML Platform Security Feature Bypass Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35308", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35309.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35309.json new file mode 100644 index 00000000000..140b4153d8c --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35309.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35309", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:17.067", + "lastModified": "2023-07-11T18:15:17.067", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Message Queuing Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35309", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35310.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35310.json new file mode 100644 index 00000000000..c16f952213d --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35310.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35310", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:17.123", + "lastModified": "2023-07-11T18:15:17.123", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows DNS Server Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.7, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35310", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35311.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35311.json new file mode 100644 index 00000000000..fde0c5005f2 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35311.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-35311", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:17.177", + "lastModified": "2023-07-11T18:15:17.177", + "vulnStatus": "Received", + "cisaExploitAdd": "2023-07-11", + "cisaActionDue": "2023-08-01", + "cisaRequiredAction": "Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.", + "cisaVulnerabilityName": "Microsoft Outlook Security Feature Bypass Vulnerability", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Outlook Security Feature Bypass Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35311", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35312.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35312.json new file mode 100644 index 00000000000..26e2b162552 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35312.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35312", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:17.233", + "lastModified": "2023-07-11T18:15:17.233", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35312", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35313.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35313.json new file mode 100644 index 00000000000..4272f116f40 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35313.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35313", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:17.287", + "lastModified": "2023-07-11T18:15:17.287", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35313", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35314.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35314.json new file mode 100644 index 00000000000..39af0360d66 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35314.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35314", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:17.343", + "lastModified": "2023-07-11T18:15:17.343", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Remote Procedure Call Runtime Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35314", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35315.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35315.json new file mode 100644 index 00000000000..81364de00ff --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35315.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35315", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:17.397", + "lastModified": "2023-07-11T18:15:17.397", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35315", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35316.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35316.json new file mode 100644 index 00000000000..91330621add --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35316.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35316", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:17.457", + "lastModified": "2023-07-11T18:15:17.457", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Remote Procedure Call Runtime Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35316", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35317.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35317.json new file mode 100644 index 00000000000..1d6e38732aa --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35317.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35317", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:17.513", + "lastModified": "2023-07-11T18:15:17.513", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35317", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35318.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35318.json new file mode 100644 index 00000000000..4c9e325ae48 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35318.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35318", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:17.577", + "lastModified": "2023-07-11T18:15:17.577", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Remote Procedure Call Runtime Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35318", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35319.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35319.json new file mode 100644 index 00000000000..c79c55276b7 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35319.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35319", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:17.633", + "lastModified": "2023-07-11T18:15:17.633", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Remote Procedure Call Runtime Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35319", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35320.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35320.json new file mode 100644 index 00000000000..cc3e01e00fa --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35320.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35320", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:17.690", + "lastModified": "2023-07-11T18:15:17.690", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Connected User Experiences and Telemetry Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35320", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35321.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35321.json new file mode 100644 index 00000000000..eac5addf4d2 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35321.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35321", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:17.747", + "lastModified": "2023-07-11T18:15:17.747", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Deployment Services Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35321", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35322.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35322.json new file mode 100644 index 00000000000..bc33a4e8af4 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35322.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35322", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:17.797", + "lastModified": "2023-07-11T18:15:17.797", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Deployment Services Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35322", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35323.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35323.json new file mode 100644 index 00000000000..06e2d1f3358 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35323.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35323", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:17.857", + "lastModified": "2023-07-11T18:15:17.857", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows OLE Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35323", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35324.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35324.json new file mode 100644 index 00000000000..2c9b4add852 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35324.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35324", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:17.907", + "lastModified": "2023-07-11T18:15:17.907", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35324", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35325.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35325.json new file mode 100644 index 00000000000..c765cd3136b --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35325.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35325", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:17.967", + "lastModified": "2023-07-11T18:15:17.967", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Print Spooler Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35325", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35326.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35326.json new file mode 100644 index 00000000000..48096bf63e8 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35326.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35326", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:18.023", + "lastModified": "2023-07-11T18:15:18.023", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows CDP User Components Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35326", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35328.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35328.json new file mode 100644 index 00000000000..cd47385700c --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35328.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35328", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:18.083", + "lastModified": "2023-07-11T18:15:18.083", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Transaction Manager Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35328", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35329.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35329.json new file mode 100644 index 00000000000..833858975a5 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35329.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35329", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:18.140", + "lastModified": "2023-07-11T18:15:18.140", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Authentication Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35329", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35330.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35330.json new file mode 100644 index 00000000000..e8b1d4e778e --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35330.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35330", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:18.193", + "lastModified": "2023-07-11T18:15:18.193", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Extended Negotiation Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35330", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35331.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35331.json new file mode 100644 index 00000000000..ebd1311c848 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35331.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35331", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:18.250", + "lastModified": "2023-07-11T18:15:18.250", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Local Security Authority (LSA) Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35331", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35332.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35332.json new file mode 100644 index 00000000000..73b8fd9ceb5 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35332.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35332", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:18.307", + "lastModified": "2023-07-11T18:15:18.307", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Remote Desktop Protocol Security Feature Bypass" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.2 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35332", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35333.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35333.json new file mode 100644 index 00000000000..1aa2b940867 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35333.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35333", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:18.360", + "lastModified": "2023-07-11T18:15:18.360", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "MediaWiki PandocUpload Extension Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35333", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35335.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35335.json new file mode 100644 index 00000000000..3297aab2d2a --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35335.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35335", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:18.417", + "lastModified": "2023-07-11T18:15:18.417", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.7 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35335", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35336.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35336.json new file mode 100644 index 00000000000..a8b5d0eeef0 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35336.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35336", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:18.470", + "lastModified": "2023-07-11T18:15:18.470", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows MSHTML Platform Security Feature Bypass Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35336", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35337.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35337.json new file mode 100644 index 00000000000..b1e4f8a1ccb --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35337.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35337", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:18.523", + "lastModified": "2023-07-11T18:15:18.523", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Win32k Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35337", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35338.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35338.json new file mode 100644 index 00000000000..5bc3dd2f94e --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35338.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35338", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:18.583", + "lastModified": "2023-07-11T18:15:18.583", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Peer Name Resolution Protocol Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35338", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35339.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35339.json new file mode 100644 index 00000000000..d1896764448 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35339.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35339", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:18.637", + "lastModified": "2023-07-11T18:15:18.637", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows CryptoAPI Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35339", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35340.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35340.json new file mode 100644 index 00000000000..fc40828c428 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35340.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35340", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:18.687", + "lastModified": "2023-07-11T18:15:18.687", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows CNG Key Isolation Service Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.1, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35340", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35341.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35341.json new file mode 100644 index 00000000000..38a3d60afb8 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35341.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35341", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:18.743", + "lastModified": "2023-07-11T18:15:18.743", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft DirectMusic Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35341", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35342.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35342.json new file mode 100644 index 00000000000..8f8312d7c62 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35342.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35342", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:18.797", + "lastModified": "2023-07-11T18:15:18.797", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Image Acquisition Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35342", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35343.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35343.json new file mode 100644 index 00000000000..8a944a02ad2 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35343.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35343", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:18.853", + "lastModified": "2023-07-11T18:15:18.853", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Geolocation Service Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35343", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35344.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35344.json new file mode 100644 index 00000000000..204f4bdff1d --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35344.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35344", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:18.907", + "lastModified": "2023-07-11T18:15:18.907", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows DNS Server Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.7, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35344", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35345.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35345.json new file mode 100644 index 00000000000..64ce43e19bc --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35345.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35345", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:18.963", + "lastModified": "2023-07-11T18:15:18.963", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows DNS Server Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.7, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35345", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35346.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35346.json new file mode 100644 index 00000000000..ebca2b50014 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35346.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35346", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:19.017", + "lastModified": "2023-07-11T18:15:19.017", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows DNS Server Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.7, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35346", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35347.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35347.json new file mode 100644 index 00000000000..bf54a791b44 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35347.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35347", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:19.073", + "lastModified": "2023-07-11T18:15:19.073", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Install Service Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35347", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35348.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35348.json new file mode 100644 index 00000000000..b97e16b4470 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35348.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35348", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:19.137", + "lastModified": "2023-07-11T18:15:19.137", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Active Directory Federation Service Security Feature Bypass Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35348", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35350.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35350.json new file mode 100644 index 00000000000..86c2bceff7b --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35350.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35350", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:19.197", + "lastModified": "2023-07-11T18:15:19.197", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35350", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35351.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35351.json new file mode 100644 index 00000000000..2a90ad9f4c4 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35351.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35351", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:19.250", + "lastModified": "2023-07-11T18:15:19.250", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.7, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35351", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35352.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35352.json new file mode 100644 index 00000000000..bb449f48a78 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35352.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35352", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:19.307", + "lastModified": "2023-07-11T18:15:19.307", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Remote Desktop Security Feature Bypass Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35352", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35353.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35353.json new file mode 100644 index 00000000000..6c6e2fa028f --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35353.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35353", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:19.360", + "lastModified": "2023-07-11T18:15:19.360", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Connected User Experiences and Telemetry Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35353", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35356.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35356.json new file mode 100644 index 00000000000..e1529fc6763 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35356.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35356", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:19.413", + "lastModified": "2023-07-11T18:15:19.413", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Kernel Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35356", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35357.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35357.json new file mode 100644 index 00000000000..88b18cc60a2 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35357.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35357", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:19.467", + "lastModified": "2023-07-11T18:15:19.467", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Kernel Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35357", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35358.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35358.json new file mode 100644 index 00000000000..d4e3f868251 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35358.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35358", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:19.520", + "lastModified": "2023-07-11T18:15:19.520", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Kernel Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35358", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35360.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35360.json new file mode 100644 index 00000000000..a39279be3ed --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35360.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35360", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:19.577", + "lastModified": "2023-07-11T18:15:19.577", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Kernel Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35360", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35361.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35361.json new file mode 100644 index 00000000000..0c7984768fc --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35361.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35361", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:19.633", + "lastModified": "2023-07-11T18:15:19.633", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Kernel Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35361", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35362.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35362.json new file mode 100644 index 00000000000..09887c172ba --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35362.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35362", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:19.687", + "lastModified": "2023-07-11T18:15:19.687", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Clip Service Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.1, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35362", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35363.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35363.json new file mode 100644 index 00000000000..15dd95fffb6 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35363.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35363", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:19.740", + "lastModified": "2023-07-11T18:15:19.740", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Kernel Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35363", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35364.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35364.json new file mode 100644 index 00000000000..bcffc164a68 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35364.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35364", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:19.797", + "lastModified": "2023-07-11T18:15:19.797", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Kernel Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.0, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35364", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35365.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35365.json new file mode 100644 index 00000000000..649a428d8fe --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35365.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35365", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:19.850", + "lastModified": "2023-07-11T18:15:19.850", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35365", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35366.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35366.json new file mode 100644 index 00000000000..afa215d7a5d --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35366.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35366", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:19.907", + "lastModified": "2023-07-11T18:15:19.907", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35366", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35367.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35367.json new file mode 100644 index 00000000000..222a207acdc --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35367.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35367", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:19.957", + "lastModified": "2023-07-11T18:15:19.957", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35367", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35373.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35373.json new file mode 100644 index 00000000000..0121d32d61d --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35373.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35373", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:20.007", + "lastModified": "2023-07-11T18:15:20.007", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Mono Authenticode Validation Spoofing Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35373", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35374.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35374.json new file mode 100644 index 00000000000..42635d10f3f --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35374.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35374", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:20.063", + "lastModified": "2023-07-11T18:15:20.063", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Paint 3D Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35374", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-358xx/CVE-2023-35830.json b/CVE-2023/CVE-2023-358xx/CVE-2023-35830.json index 6451028b8a1..3f40b0440ee 100644 --- a/CVE-2023/CVE-2023-358xx/CVE-2023-35830.json +++ b/CVE-2023/CVE-2023-358xx/CVE-2023-35830.json @@ -2,23 +2,135 @@ "id": "CVE-2023-35830", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-29T16:15:09.897", - "lastModified": "2023-06-29T18:16:42.100", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-11T19:25:28.647", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "STW (aka Sensor-Technik Wiedemann) TCG-4 Connectivity Module DeploymentPackage_v3.03r0-Impala and DeploymentPackage_v3.04r2-Jellyfish and TCG-4lite Connectivity Module DeploymentPackage_v3.04r2-Jellyfish allow an attacker to gain full remote access with root privileges without the need for authentication, giving an attacker arbitrary remote code execution over LTE / 4G network via SMS." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:stw-mobile-machines:tcg-4_firmware:3.01r1:*:*:*:*:*:*:*", + "matchCriteriaId": "9AFBF793-6B08-4D93-A6C3-310217A53423" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:stw-mobile-machines:tcg-4_firmware:3.02r0:*:*:*:*:*:*:*", + "matchCriteriaId": "516BE3EC-957D-4227-A7E9-FD27878C248E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:stw-mobile-machines:tcg-4_firmware:3.03r0:*:*:*:*:*:*:*", + "matchCriteriaId": "3B7C2981-3322-4141-8EE3-53C544DAB147" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:stw-mobile-machines:tcg-4_firmware:3.04r2:*:*:*:*:*:*:*", + "matchCriteriaId": "EDD8DEB6-12B8-4333-B5AE-0DC56B438335" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:stw-mobile-machines:tcg-4:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C423C3BB-8E62-4DF8-91E7-FCE8D946C4BB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:stw-mobile-machines:tcg-4lite_firmware:3.04r2:*:*:*:*:*:*:*", + "matchCriteriaId": "4A240F0A-9C36-4E51-B65B-A2307AC56761" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:stw-mobile-machines:tcg-4lite:-:*:*:*:*:*:*:*", + "matchCriteriaId": "431ACC05-E1AB-4D7E-A838-D797589BAF8B" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.stw-mobile-machines.com/fileadmin/user_upload/content/STW/PSIRT/STW-IR-23-001.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.stw-mobile-machines.com/psirt/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-359xx/CVE-2023-35934.json b/CVE-2023/CVE-2023-359xx/CVE-2023-35934.json index 55d76297356..41aff8b804b 100644 --- a/CVE-2023/CVE-2023-359xx/CVE-2023-35934.json +++ b/CVE-2023/CVE-2023-359xx/CVE-2023-35934.json @@ -2,7 +2,7 @@ "id": "CVE-2023-35934", "sourceIdentifier": "security-advisories@github.com", "published": "2023-07-06T20:15:09.333", - "lastModified": "2023-07-10T16:15:53.187", + "lastModified": "2023-07-12T03:15:09.077", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -71,6 +71,10 @@ "url": "https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-v8mc-9377-rwjj", "source": "security-advisories@github.com" }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5X6YT6AQE5FHM5VTQLKKJXSYBLLJF26W/", + "source": "security-advisories@github.com" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IM44RJL2MR2WG3ZY354C5IUEEZUJGEVA/", "source": "security-advisories@github.com" diff --git a/CVE-2023/CVE-2023-359xx/CVE-2023-35974.json b/CVE-2023/CVE-2023-359xx/CVE-2023-35974.json index 80190d88a84..e092c6a38fd 100644 --- a/CVE-2023/CVE-2023-359xx/CVE-2023-35974.json +++ b/CVE-2023/CVE-2023-359xx/CVE-2023-35974.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35974", "sourceIdentifier": "security-alert@hpe.com", "published": "2023-07-05T15:15:09.507", - "lastModified": "2023-07-05T16:25:41.353", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-11T18:21:21.137", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security-alert@hpe.com", "type": "Secondary", @@ -34,10 +54,137 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.5.4.0", + "versionEndExcluding": "8.6.0.21", + "matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.7.0.0", + "versionEndExcluding": "8.10.0.7", + "matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.11.0.0", + "versionEndExcluding": "8.11.1.1", + "matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.4.0.0", + "versionEndExcluding": "10.4.0.2", + "matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*", + "matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*", + "matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*", + "matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt", - "source": "security-alert@hpe.com" + "source": "security-alert@hpe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-359xx/CVE-2023-35975.json b/CVE-2023/CVE-2023-359xx/CVE-2023-35975.json index ac757586900..4808688a952 100644 --- a/CVE-2023/CVE-2023-359xx/CVE-2023-35975.json +++ b/CVE-2023/CVE-2023-359xx/CVE-2023-35975.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35975", "sourceIdentifier": "security-alert@hpe.com", "published": "2023-07-05T15:15:09.580", - "lastModified": "2023-07-05T16:25:41.353", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-11T19:21:44.270", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + }, { "source": "security-alert@hpe.com", "type": "Secondary", @@ -34,10 +54,137 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.5.4.0", + "versionEndExcluding": "8.6.0.21", + "matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.7.0.0", + "versionEndExcluding": "8.10.0.7", + "matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.11.0.0", + "versionEndExcluding": "8.11.1.1", + "matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.4.0.0", + "versionEndExcluding": "10.4.0.2", + "matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*", + "matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*", + "matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*", + "matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt", - "source": "security-alert@hpe.com" + "source": "security-alert@hpe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-359xx/CVE-2023-35976.json b/CVE-2023/CVE-2023-359xx/CVE-2023-35976.json index 45a57d67712..b83e490a054 100644 --- a/CVE-2023/CVE-2023-359xx/CVE-2023-35976.json +++ b/CVE-2023/CVE-2023-359xx/CVE-2023-35976.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35976", "sourceIdentifier": "security-alert@hpe.com", "published": "2023-07-05T15:15:09.650", - "lastModified": "2023-07-05T16:25:41.353", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-11T19:26:15.043", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security-alert@hpe.com", "type": "Secondary", @@ -34,10 +54,137 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.5.4.0", + "versionEndExcluding": "8.6.0.21", + "matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.7.0.0", + "versionEndExcluding": "8.10.0.7", + "matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.11.0.0", + "versionEndExcluding": "8.11.1.1", + "matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.4.0.0", + "versionEndExcluding": "10.4.0.2", + "matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*", + "matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*", + "matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*", + "matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt", - "source": "security-alert@hpe.com" + "source": "security-alert@hpe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-359xx/CVE-2023-35977.json b/CVE-2023/CVE-2023-359xx/CVE-2023-35977.json index 13895222314..967af24c55b 100644 --- a/CVE-2023/CVE-2023-359xx/CVE-2023-35977.json +++ b/CVE-2023/CVE-2023-359xx/CVE-2023-35977.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35977", "sourceIdentifier": "security-alert@hpe.com", "published": "2023-07-05T15:15:09.720", - "lastModified": "2023-07-05T16:25:41.353", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-11T19:28:16.093", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security-alert@hpe.com", "type": "Secondary", @@ -34,10 +54,137 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.5.4.0", + "versionEndExcluding": "8.6.0.21", + "matchCriteriaId": "F16AFF8F-596A-4153-8529-36AD2E142066" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.7.0.0", + "versionEndExcluding": "8.10.0.7", + "matchCriteriaId": "DC566921-54C3-4368-A7FB-1F68F964975C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.11.0.0", + "versionEndExcluding": "8.11.1.1", + "matchCriteriaId": "A22E7E61-B318-47C8-8C72-498A17031997" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.4.0.0", + "versionEndExcluding": "10.4.0.2", + "matchCriteriaId": "6418722E-304A-46EF-8D9E-EB42596F0DFC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mc-va-10:-:*:*:*:*:*:*:*", + "matchCriteriaId": "51A31372-168E-4182-BFE0-440403454DC5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mc-va-1k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F519E5CF-474B-4564-9DC4-AE6FC58A48A7" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mc-va-250:-:*:*:*:*:*:*:*", + "matchCriteriaId": "51478694-008E-47A4-B8AF-497BA81EC80D" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mc-va-50:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A10EF4D1-35E8-41BB-8453-19F0F3623D25" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mcr-va-10k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FA5AF43C-F2E3-44E7-B4E3-AC315B0B0DB2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mcr-va-1k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "276FF1F2-7353-4AF4-8BDA-8B78B5DCF688" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mcr-va-50:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBCAB5D5-EB6D-460A-A8C7-0A2A9E813776" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mcr-va-500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "413B049C-8B7F-4BAC-8170-2BF3B0EEA43F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:mcr-va-5k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F87B24FC-9C99-4CF7-9481-74686E48E800" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:arubanetworks:sd-wan:-:*:*:*:*:*:*:*", + "matchCriteriaId": "47E812E5-4476-4335-97D7-3D0E2A5E9E9B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-10k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2CA9CA7B-AC2C-408A-B759-E2F4778B20ED" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-1k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "38A42369-3558-4015-AF7B-7F2E2465AE61" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:mcr-hw-5k:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0D8DDC4-17FB-4A9D-BB01-E8C130B04ED2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt", - "source": "security-alert@hpe.com" + "source": "security-alert@hpe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-361xx/CVE-2023-36163.json b/CVE-2023/CVE-2023-361xx/CVE-2023-36163.json index a3a6227d04b..d96779289f2 100644 --- a/CVE-2023/CVE-2023-361xx/CVE-2023-36163.json +++ b/CVE-2023/CVE-2023-361xx/CVE-2023-36163.json @@ -2,7 +2,7 @@ "id": "CVE-2023-36163", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-11T14:15:09.537", - "lastModified": "2023-07-11T14:27:23.147", + "lastModified": "2023-07-11T18:15:20.117", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -12,6 +12,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://packetstormsecurity.com/files/173366/BuildaGate5-Cross-Site-Scripting.html", + "source": "cve@mitre.org" + }, { "url": "http://www.levi-coins.co.il/BuildaGate5/general2/company_search_tree.php?SiteName=levicoins", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-361xx/CVE-2023-36164.json b/CVE-2023/CVE-2023-361xx/CVE-2023-36164.json index 072769abdb5..410e83b772d 100644 --- a/CVE-2023/CVE-2023-361xx/CVE-2023-36164.json +++ b/CVE-2023/CVE-2023-361xx/CVE-2023-36164.json @@ -2,7 +2,7 @@ "id": "CVE-2023-36164", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-11T14:15:09.587", - "lastModified": "2023-07-11T14:27:23.147", + "lastModified": "2023-07-11T18:15:20.160", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -16,6 +16,10 @@ "url": "http://minitool.com", "source": "cve@mitre.org" }, + { + "url": "http://packetstormsecurity.com/files/173363/MiniTool-Partition-Wizard-ShadowMaker-12.7-Unquoted-Service-Path.html", + "source": "cve@mitre.org" + }, { "url": "https://github.com/TraiLeR2?tab=overview&from=2023-05-01&to=2023-05-31", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-361xx/CVE-2023-36167.json b/CVE-2023/CVE-2023-361xx/CVE-2023-36167.json index 8507a8911a6..bc54e0c5691 100644 --- a/CVE-2023/CVE-2023-361xx/CVE-2023-36167.json +++ b/CVE-2023/CVE-2023-361xx/CVE-2023-36167.json @@ -2,7 +2,7 @@ "id": "CVE-2023-36167", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-11T14:15:09.630", - "lastModified": "2023-07-11T14:27:23.147", + "lastModified": "2023-07-11T18:15:20.203", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -16,6 +16,10 @@ "url": "http://avg.com", "source": "cve@mitre.org" }, + { + "url": "http://packetstormsecurity.com/files/173380/AVG-Anti-Spyware-7.5-Unquoted-Service-Path.html", + "source": "cve@mitre.org" + }, { "url": "https://github.com/TraiLeR2?tab=overview&from=2023-05-01&to=2023-05-31", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36536.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36536.json new file mode 100644 index 00000000000..eb01a18056b --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36536.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-36536", + "sourceIdentifier": "security@zoom.us", + "published": "2023-07-11T18:15:20.247", + "lastModified": "2023-07-11T18:15:20.247", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": " Untrusted search path in the installer for Zoom Rooms before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@zoom.us", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.5, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@zoom.us", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-426" + } + ] + } + ], + "references": [ + { + "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", + "source": "security@zoom.us" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36537.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36537.json new file mode 100644 index 00000000000..63ee567ac05 --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36537.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-36537", + "sourceIdentifier": "security@zoom.us", + "published": "2023-07-11T18:15:20.307", + "lastModified": "2023-07-11T18:15:20.307", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": " Improper privilege management in Zoom Rooms before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@zoom.us", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.0, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@zoom.us", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", + "source": "security@zoom.us" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36538.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36538.json new file mode 100644 index 00000000000..9b59f794a98 --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36538.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-36538", + "sourceIdentifier": "security@zoom.us", + "published": "2023-07-11T18:15:20.357", + "lastModified": "2023-07-11T18:15:20.357", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": " Improper access control in Zoom Rooms before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@zoom.us", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.0, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "security@zoom.us", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", + "source": "security@zoom.us" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36622.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36622.json index ab0042204fb..4ae2df5e22d 100644 --- a/CVE-2023/CVE-2023-366xx/CVE-2023-36622.json +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36622.json @@ -2,23 +2,95 @@ "id": "CVE-2023-36622", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-05T20:15:10.567", - "lastModified": "2023-07-05T20:31:30.957", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-11T20:09:49.050", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:loxone:miniserver_go_gen_2_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.1.5.9", + "matchCriteriaId": "65513F92-9577-46CD-81C5-8B9032485DD3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:loxone:miniserver_go_gen_2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2D9F60F4-A4B9-4AC5-ABA9-CF543860BC48" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-012.txt", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.syss.de/pentest-blog/root-zugang-zu-smarthome-server-loxone-miniserver-go-gen-2-syss-2023-004/-012/-013", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-368xx/CVE-2023-36825.json b/CVE-2023/CVE-2023-368xx/CVE-2023-36825.json new file mode 100644 index 00000000000..21c7cd41a00 --- /dev/null +++ b/CVE-2023/CVE-2023-368xx/CVE-2023-36825.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-36825", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-07-11T18:15:20.417", + "lastModified": "2023-07-11T18:15:20.417", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. This vulnerability is related to the deserialization of untrusted data from the `_state` query parameter, which can result in remote code execution. The issue has been addressed in version `14.5.0`. Users are advised to upgrade their software to this version or any subsequent versions that include the patch.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/orchidsoftware/platform/releases/tag/14.5.0", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/orchidsoftware/platform/security/advisories/GHSA-ph6g-p72v-pc3p", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-368xx/CVE-2023-36867.json b/CVE-2023/CVE-2023-368xx/CVE-2023-36867.json new file mode 100644 index 00000000000..2055660d7ae --- /dev/null +++ b/CVE-2023/CVE-2023-368xx/CVE-2023-36867.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36867", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:20.477", + "lastModified": "2023-07-11T18:15:20.477", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36867", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-368xx/CVE-2023-36868.json b/CVE-2023/CVE-2023-368xx/CVE-2023-36868.json new file mode 100644 index 00000000000..ca4ab2b8507 --- /dev/null +++ b/CVE-2023/CVE-2023-368xx/CVE-2023-36868.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36868", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:20.533", + "lastModified": "2023-07-11T18:15:20.533", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Azure Service Fabric on Windows Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36868", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-368xx/CVE-2023-36871.json b/CVE-2023/CVE-2023-368xx/CVE-2023-36871.json new file mode 100644 index 00000000000..70e9c4caaed --- /dev/null +++ b/CVE-2023/CVE-2023-368xx/CVE-2023-36871.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36871", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:20.597", + "lastModified": "2023-07-11T18:15:20.597", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Azure Active Directory Security Feature Bypass Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36871", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-368xx/CVE-2023-36872.json b/CVE-2023/CVE-2023-368xx/CVE-2023-36872.json new file mode 100644 index 00000000000..2099e531d0d --- /dev/null +++ b/CVE-2023/CVE-2023-368xx/CVE-2023-36872.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36872", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:20.667", + "lastModified": "2023-07-11T18:15:20.667", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "VP9 Video Extensions Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36872", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-368xx/CVE-2023-36874.json b/CVE-2023/CVE-2023-368xx/CVE-2023-36874.json new file mode 100644 index 00000000000..8d63f8bbdb3 --- /dev/null +++ b/CVE-2023/CVE-2023-368xx/CVE-2023-36874.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-36874", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T18:15:20.733", + "lastModified": "2023-07-11T18:15:20.733", + "vulnStatus": "Received", + "cisaExploitAdd": "2023-07-11", + "cisaActionDue": "2023-08-01", + "cisaRequiredAction": "Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.", + "cisaVulnerabilityName": "Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability", + "descriptions": [ + { + "lang": "en", + "value": "Windows Error Reporting Service Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36874", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-368xx/CVE-2023-36884.json b/CVE-2023/CVE-2023-368xx/CVE-2023-36884.json new file mode 100644 index 00000000000..277a9fd0cea --- /dev/null +++ b/CVE-2023/CVE-2023-368xx/CVE-2023-36884.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36884", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-07-11T19:15:09.623", + "lastModified": "2023-07-11T19:15:09.623", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft is investigating reports of a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents.\n\nAn attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. However, an attacker would have to convince the victim to open the malicious file.\n\nUpon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This might include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.\n\nPlease see the Microsoft Threat Intelligence Blog https://aka.ms/Storm-0978 \u00a0Entry for important information about steps you can take to protect your system from this vulnerability.\n\nThis CVE will be updated with new information and links to security updates when they become available.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 0.0, + "baseSeverity": "NONE" + }, + "exploitabilityScore": 0.1, + "impactScore": 0.0 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3625.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3625.json new file mode 100644 index 00000000000..3dfcf515702 --- /dev/null +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3625.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-3625", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-07-11T18:15:20.903", + "lastModified": "2023-07-11T18:15:20.903", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230706. This vulnerability affects unknown code of the file /Duty/AjaxHandle/Write/UploadFile.ashx of the component Duty Write-UploadFile. The manipulation of the argument Filedata leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-233578 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/MoeMion233/cve/blob/main/1.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.233578", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.233578", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3626.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3626.json new file mode 100644 index 00000000000..e0f99edd93f --- /dev/null +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3626.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-3626", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-07-11T18:15:20.967", + "lastModified": "2023-07-11T18:15:20.967", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230706. This issue affects some unknown processing of the file /Duty/AjaxHandle/UpLoadFloodPlanFile.ashx of the component UpLoadFloodPlanFile. The manipulation of the argument Filedata leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-233579. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/MoeMion233/cve/blob/main/2.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.233579", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.233579", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-371xx/CVE-2023-37174.json b/CVE-2023/CVE-2023-371xx/CVE-2023-37174.json new file mode 100644 index 00000000000..c775a457513 --- /dev/null +++ b/CVE-2023/CVE-2023-371xx/CVE-2023-37174.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-37174", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-11T23:15:09.120", + "lastModified": "2023-07-11T23:15:09.120", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dump_isom_scene function at /mp4box/filedump.c." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/gpac/gpac/issues/2505", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37271.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37271.json new file mode 100644 index 00000000000..14cbb11db2a --- /dev/null +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37271.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-37271", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-07-11T18:15:20.787", + "lastModified": "2023-07-11T18:15:20.787", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generator expressions, which are allowed inside RestrictedPython. Prior to versions 6.1 and 5.3, an attacker with access to a RestrictedPython environment can write code that gets the current stack frame in a generator and then walk the stack all the way beyond the RestrictedPython invocation boundary, thus breaking out of the restricted sandbox and potentially allowing arbitrary code execution in the Python interpreter. All RestrictedPython deployments that allow untrusted users to write Python code in the RestrictedPython environment are at risk. In terms of Zope and Plone, this would mean deployments where the administrator allows untrusted users to create and/or edit objects of type `Script (Python)`, `DTML Method`, `DTML Document` or `Zope Page Template`. This is a non-default configuration and likely to be extremely rare. The problem has been fixed in versions 6.1 and 5.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-913" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/zopefoundation/RestrictedPython/commit/c8eca66ae49081f0016d2e1f094c3d72095ef531", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-wqc8-x2pr-7jqh", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37280.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37280.json new file mode 100644 index 00000000000..0f43015d421 --- /dev/null +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37280.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-37280", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-07-11T19:15:09.687", + "lastModified": "2023-07-11T19:15:09.687", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. An admin who has not setup two factor authentication before is vulnerable for this attack, without need for any form of privilege, causing the application to execute arbitrary scripts/HTML content. This vulnerability has been patched in version 1.0.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/5fcd19bdc89a3fe4cb8ad8c356590e1e4740c743", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/pimcore/admin-ui-classic-bundle/pull/147", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-hqv9-6jqw-9g8m", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-377xx/CVE-2023-37765.json b/CVE-2023/CVE-2023-377xx/CVE-2023-37765.json new file mode 100644 index 00000000000..d47efd93663 --- /dev/null +++ b/CVE-2023/CVE-2023-377xx/CVE-2023-37765.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-37765", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-11T23:15:09.167", + "lastModified": "2023-07-11T23:15:09.167", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_dump_vrml_sffield function at /lib/libgpac.so." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/gpac/gpac/issues/2515", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-377xx/CVE-2023-37766.json b/CVE-2023/CVE-2023-377xx/CVE-2023-37766.json new file mode 100644 index 00000000000..2b124c6afeb --- /dev/null +++ b/CVE-2023/CVE-2023-377xx/CVE-2023-37766.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-37766", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-11T23:15:09.210", + "lastModified": "2023-07-11T23:15:09.210", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_isom_remove_user_data function at /lib/libgpac.so." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/gpac/gpac/issues/2516", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-377xx/CVE-2023-37767.json b/CVE-2023/CVE-2023-377xx/CVE-2023-37767.json new file mode 100644 index 00000000000..f439c8b1d11 --- /dev/null +++ b/CVE-2023/CVE-2023-377xx/CVE-2023-37767.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-37767", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-11T23:15:09.250", + "lastModified": "2023-07-11T23:15:09.250", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the BM_ParseIndexValueReplace function at /lib/libgpac.so." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/gpac/gpac/issues/2514", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 1fdd930ddc3..19f0614e57e 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-07-11T18:00:42.247516+00:00 +2023-07-12T04:00:27.415061+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-07-11T17:54:58.410000+00:00 +2023-07-12T03:15:09.210000+00:00 ``` ### Last Data Feed Release @@ -23,67 +23,75 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-07-11T00:00:13.555672+00:00 +2023-07-12T00:00:13.565727+00:00 ``` ### Total Number of included CVEs ```plain -219776 +219932 ``` ### CVEs added in the last Commit -Recently added CVEs: `17` +Recently added CVEs: `156` -* [CVE-2022-23447](CVE-2022/CVE-2022-234xx/CVE-2022-23447.json) (`2023-07-11T17:15:10.383`) -* [CVE-2023-3108](CVE-2023/CVE-2023-31xx/CVE-2023-3108.json) (`2023-07-11T16:15:12.083`) -* [CVE-2023-3619](CVE-2023/CVE-2023-36xx/CVE-2023-3619.json) (`2023-07-11T16:15:12.150`) -* [CVE-2023-3621](CVE-2023/CVE-2023-36xx/CVE-2023-3621.json) (`2023-07-11T16:15:12.210`) -* [CVE-2023-24881](CVE-2023/CVE-2023-248xx/CVE-2023-24881.json) (`2023-07-11T17:15:12.610`) -* [CVE-2023-25606](CVE-2023/CVE-2023-256xx/CVE-2023-25606.json) (`2023-07-11T17:15:12.780`) -* [CVE-2023-26861](CVE-2023/CVE-2023-268xx/CVE-2023-26861.json) (`2023-07-11T17:15:12.837`) -* [CVE-2023-28001](CVE-2023/CVE-2023-280xx/CVE-2023-28001.json) (`2023-07-11T17:15:12.883`) -* [CVE-2023-34116](CVE-2023/CVE-2023-341xx/CVE-2023-34116.json) (`2023-07-11T17:15:13.097`) -* [CVE-2023-34117](CVE-2023/CVE-2023-341xx/CVE-2023-34117.json) (`2023-07-11T17:15:13.170`) -* [CVE-2023-36824](CVE-2023/CVE-2023-368xx/CVE-2023-36824.json) (`2023-07-11T17:15:13.223`) -* [CVE-2023-37596](CVE-2023/CVE-2023-375xx/CVE-2023-37596.json) (`2023-07-11T17:15:13.307`) -* [CVE-2023-37597](CVE-2023/CVE-2023-375xx/CVE-2023-37597.json) (`2023-07-11T17:15:13.347`) -* [CVE-2023-3354](CVE-2023/CVE-2023-33xx/CVE-2023-3354.json) (`2023-07-11T17:15:13.387`) -* [CVE-2023-3623](CVE-2023/CVE-2023-36xx/CVE-2023-3623.json) (`2023-07-11T17:15:13.440`) -* [CVE-2023-3624](CVE-2023/CVE-2023-36xx/CVE-2023-3624.json) (`2023-07-11T17:15:13.510`) -* [CVE-2023-3627](CVE-2023/CVE-2023-36xx/CVE-2023-3627.json) (`2023-07-11T17:15:13.570`) +* [CVE-2023-36537](CVE-2023/CVE-2023-365xx/CVE-2023-36537.json) (`2023-07-11T18:15:20.307`) +* [CVE-2023-36538](CVE-2023/CVE-2023-365xx/CVE-2023-36538.json) (`2023-07-11T18:15:20.357`) +* [CVE-2023-36825](CVE-2023/CVE-2023-368xx/CVE-2023-36825.json) (`2023-07-11T18:15:20.417`) +* [CVE-2023-36867](CVE-2023/CVE-2023-368xx/CVE-2023-36867.json) (`2023-07-11T18:15:20.477`) +* [CVE-2023-36868](CVE-2023/CVE-2023-368xx/CVE-2023-36868.json) (`2023-07-11T18:15:20.533`) +* [CVE-2023-36871](CVE-2023/CVE-2023-368xx/CVE-2023-36871.json) (`2023-07-11T18:15:20.597`) +* [CVE-2023-36872](CVE-2023/CVE-2023-368xx/CVE-2023-36872.json) (`2023-07-11T18:15:20.667`) +* [CVE-2023-36874](CVE-2023/CVE-2023-368xx/CVE-2023-36874.json) (`2023-07-11T18:15:20.733`) +* [CVE-2023-37271](CVE-2023/CVE-2023-372xx/CVE-2023-37271.json) (`2023-07-11T18:15:20.787`) +* [CVE-2023-3625](CVE-2023/CVE-2023-36xx/CVE-2023-3625.json) (`2023-07-11T18:15:20.903`) +* [CVE-2023-3626](CVE-2023/CVE-2023-36xx/CVE-2023-3626.json) (`2023-07-11T18:15:20.967`) +* [CVE-2023-20575](CVE-2023/CVE-2023-205xx/CVE-2023-20575.json) (`2023-07-11T19:15:09.547`) +* [CVE-2023-36884](CVE-2023/CVE-2023-368xx/CVE-2023-36884.json) (`2023-07-11T19:15:09.623`) +* [CVE-2023-37280](CVE-2023/CVE-2023-372xx/CVE-2023-37280.json) (`2023-07-11T19:15:09.687`) +* [CVE-2023-23756](CVE-2023/CVE-2023-237xx/CVE-2023-23756.json) (`2023-07-11T20:15:10.573`) +* [CVE-2023-29406](CVE-2023/CVE-2023-294xx/CVE-2023-29406.json) (`2023-07-11T20:15:10.643`) +* [CVE-2023-29984](CVE-2023/CVE-2023-299xx/CVE-2023-29984.json) (`2023-07-11T20:15:10.700`) +* [CVE-2023-24491](CVE-2023/CVE-2023-244xx/CVE-2023-24491.json) (`2023-07-11T22:15:09.750`) +* [CVE-2023-24492](CVE-2023/CVE-2023-244xx/CVE-2023-24492.json) (`2023-07-11T22:15:09.817`) +* [CVE-2023-3127](CVE-2023/CVE-2023-31xx/CVE-2023-3127.json) (`2023-07-11T22:15:09.907`) +* [CVE-2023-37174](CVE-2023/CVE-2023-371xx/CVE-2023-37174.json) (`2023-07-11T23:15:09.120`) +* [CVE-2023-37765](CVE-2023/CVE-2023-377xx/CVE-2023-37765.json) (`2023-07-11T23:15:09.167`) +* [CVE-2023-37766](CVE-2023/CVE-2023-377xx/CVE-2023-37766.json) (`2023-07-11T23:15:09.210`) +* [CVE-2023-37767](CVE-2023/CVE-2023-377xx/CVE-2023-37767.json) (`2023-07-11T23:15:09.250`) +* [CVE-2023-30226](CVE-2023/CVE-2023-302xx/CVE-2023-30226.json) (`2023-07-12T02:15:09.090`) ### CVEs modified in the last Commit -Recently modified CVEs: `39` +Recently modified CVEs: `57` -* [CVE-2023-3313](CVE-2023/CVE-2023-33xx/CVE-2023-3313.json) (`2023-07-11T16:09:51.087`) -* [CVE-2023-31818](CVE-2023/CVE-2023-318xx/CVE-2023-31818.json) (`2023-07-11T16:16:52.790`) -* [CVE-2023-36293](CVE-2023/CVE-2023-362xx/CVE-2023-36293.json) (`2023-07-11T16:16:52.790`) -* [CVE-2023-37657](CVE-2023/CVE-2023-376xx/CVE-2023-37657.json) (`2023-07-11T16:16:52.790`) -* [CVE-2023-37658](CVE-2023/CVE-2023-376xx/CVE-2023-37658.json) (`2023-07-11T16:16:52.790`) -* [CVE-2023-37659](CVE-2023/CVE-2023-376xx/CVE-2023-37659.json) (`2023-07-11T16:16:52.790`) -* [CVE-2023-3617](CVE-2023/CVE-2023-36xx/CVE-2023-3617.json) (`2023-07-11T16:16:52.790`) -* [CVE-2023-3620](CVE-2023/CVE-2023-36xx/CVE-2023-3620.json) (`2023-07-11T16:16:52.790`) -* [CVE-2023-31997](CVE-2023/CVE-2023-319xx/CVE-2023-31997.json) (`2023-07-11T16:19:54.627`) -* [CVE-2023-1273](CVE-2023/CVE-2023-12xx/CVE-2023-1273.json) (`2023-07-11T16:38:08.717`) -* [CVE-2023-2010](CVE-2023/CVE-2023-20xx/CVE-2023-2010.json) (`2023-07-11T16:39:22.963`) -* [CVE-2023-2320](CVE-2023/CVE-2023-23xx/CVE-2023-2320.json) (`2023-07-11T16:44:56.187`) -* [CVE-2023-2321](CVE-2023/CVE-2023-23xx/CVE-2023-2321.json) (`2023-07-11T16:46:26.013`) -* [CVE-2023-2324](CVE-2023/CVE-2023-23xx/CVE-2023-2324.json) (`2023-07-11T16:49:40.517`) -* [CVE-2023-2333](CVE-2023/CVE-2023-23xx/CVE-2023-2333.json) (`2023-07-11T16:52:07.420`) -* [CVE-2023-3133](CVE-2023/CVE-2023-31xx/CVE-2023-3133.json) (`2023-07-11T16:58:06.320`) -* [CVE-2023-2974](CVE-2023/CVE-2023-29xx/CVE-2023-2974.json) (`2023-07-11T17:00:14.667`) -* [CVE-2023-3515](CVE-2023/CVE-2023-35xx/CVE-2023-3515.json) (`2023-07-11T17:06:52.807`) -* [CVE-2023-32022](CVE-2023/CVE-2023-320xx/CVE-2023-32022.json) (`2023-07-11T17:15:13.013`) -* [CVE-2023-30589](CVE-2023/CVE-2023-305xx/CVE-2023-30589.json) (`2023-07-11T17:21:27.627`) -* [CVE-2023-35971](CVE-2023/CVE-2023-359xx/CVE-2023-35971.json) (`2023-07-11T17:38:31.910`) -* [CVE-2023-3243](CVE-2023/CVE-2023-32xx/CVE-2023-3243.json) (`2023-07-11T17:42:20.547`) -* [CVE-2023-26966](CVE-2023/CVE-2023-269xx/CVE-2023-26966.json) (`2023-07-11T17:48:18.733`) -* [CVE-2023-25433](CVE-2023/CVE-2023-254xx/CVE-2023-25433.json) (`2023-07-11T17:48:50.450`) -* [CVE-2023-35979](CVE-2023/CVE-2023-359xx/CVE-2023-35979.json) (`2023-07-11T17:49:51.277`) +* [CVE-2023-28489](CVE-2023/CVE-2023-284xx/CVE-2023-28489.json) (`2023-07-11T18:15:12.383`) +* [CVE-2023-29824](CVE-2023/CVE-2023-298xx/CVE-2023-29824.json) (`2023-07-11T18:15:12.537`) +* [CVE-2023-33131](CVE-2023/CVE-2023-331xx/CVE-2023-33131.json) (`2023-07-11T18:15:14.270`) +* [CVE-2023-33919](CVE-2023/CVE-2023-339xx/CVE-2023-33919.json) (`2023-07-11T18:15:15.943`) +* [CVE-2023-33920](CVE-2023/CVE-2023-339xx/CVE-2023-33920.json) (`2023-07-11T18:15:16.023`) +* [CVE-2023-33921](CVE-2023/CVE-2023-339xx/CVE-2023-33921.json) (`2023-07-11T18:15:16.093`) +* [CVE-2023-36163](CVE-2023/CVE-2023-361xx/CVE-2023-36163.json) (`2023-07-11T18:15:20.117`) +* [CVE-2023-36164](CVE-2023/CVE-2023-361xx/CVE-2023-36164.json) (`2023-07-11T18:15:20.160`) +* [CVE-2023-36167](CVE-2023/CVE-2023-361xx/CVE-2023-36167.json) (`2023-07-11T18:15:20.203`) +* [CVE-2023-30607](CVE-2023/CVE-2023-306xx/CVE-2023-30607.json) (`2023-07-11T18:16:32.070`) +* [CVE-2023-35974](CVE-2023/CVE-2023-359xx/CVE-2023-35974.json) (`2023-07-11T18:21:21.137`) +* [CVE-2023-31248](CVE-2023/CVE-2023-312xx/CVE-2023-31248.json) (`2023-07-11T18:53:22.787`) +* [CVE-2023-34834](CVE-2023/CVE-2023-348xx/CVE-2023-34834.json) (`2023-07-11T18:59:16.717`) +* [CVE-2023-25399](CVE-2023/CVE-2023-253xx/CVE-2023-25399.json) (`2023-07-11T19:14:10.753`) +* [CVE-2023-35975](CVE-2023/CVE-2023-359xx/CVE-2023-35975.json) (`2023-07-11T19:21:44.270`) +* [CVE-2023-35830](CVE-2023/CVE-2023-358xx/CVE-2023-35830.json) (`2023-07-11T19:25:28.647`) +* [CVE-2023-35976](CVE-2023/CVE-2023-359xx/CVE-2023-35976.json) (`2023-07-11T19:26:15.043`) +* [CVE-2023-35977](CVE-2023/CVE-2023-359xx/CVE-2023-35977.json) (`2023-07-11T19:28:16.093`) +* [CVE-2023-27197](CVE-2023/CVE-2023-271xx/CVE-2023-27197.json) (`2023-07-11T19:54:40.947`) +* [CVE-2023-36622](CVE-2023/CVE-2023-366xx/CVE-2023-36622.json) (`2023-07-11T20:09:49.050`) +* [CVE-2023-33460](CVE-2023/CVE-2023-334xx/CVE-2023-33460.json) (`2023-07-11T20:15:10.757`) +* [CVE-2023-22665](CVE-2023/CVE-2023-226xx/CVE-2023-22665.json) (`2023-07-11T21:15:08.973`) +* [CVE-2023-27590](CVE-2023/CVE-2023-275xx/CVE-2023-27590.json) (`2023-07-12T03:15:08.943`) +* [CVE-2023-35934](CVE-2023/CVE-2023-359xx/CVE-2023-35934.json) (`2023-07-12T03:15:09.077`) +* [CVE-2023-3269](CVE-2023/CVE-2023-32xx/CVE-2023-3269.json) (`2023-07-12T03:15:09.210`) ## Download and Usage