From c4dcf29469a76dcddd313597417ec972a3cd033f Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 9 Aug 2023 12:00:33 +0000 Subject: [PATCH] Auto-Update: 2023-08-09T12:00:30.167809+00:00 --- CVE-2021/CVE-2021-346xx/CVE-2021-34600.json | 30 ++++----- CVE-2022/CVE-2022-225xx/CVE-2022-22521.json | 12 ++-- CVE-2022/CVE-2022-42xx/CVE-2022-4224.json | 12 ++-- CVE-2023/CVE-2023-239xx/CVE-2023-23903.json | 55 ++++++++++++++++ CVE-2023/CVE-2023-240xx/CVE-2023-24015.json | 55 ++++++++++++++++ CVE-2023/CVE-2023-27xx/CVE-2023-2760.json | 14 ++--- CVE-2023/CVE-2023-333xx/CVE-2023-33365.json | 70 +++++++++++++++++++-- CVE-2023/CVE-2023-333xx/CVE-2023-33366.json | 69 ++++++++++++++++++-- README.md | 34 ++++------ 9 files changed, 285 insertions(+), 66 deletions(-) create mode 100644 CVE-2023/CVE-2023-239xx/CVE-2023-23903.json create mode 100644 CVE-2023/CVE-2023-240xx/CVE-2023-24015.json diff --git a/CVE-2021/CVE-2021-346xx/CVE-2021-34600.json b/CVE-2021/CVE-2021-346xx/CVE-2021-34600.json index 4b5351992f0..9fd4025709d 100644 --- a/CVE-2021/CVE-2021-346xx/CVE-2021-34600.json +++ b/CVE-2021/CVE-2021-346xx/CVE-2021-34600.json @@ -2,12 +2,12 @@ "id": "CVE-2021-34600", "sourceIdentifier": "info@cert.vde.com", "published": "2022-01-20T12:15:08.240", - "lastModified": "2023-07-07T19:14:06.390", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-09T11:15:09.560", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installation." + "value": "Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installation.\n\n" }, { "lang": "es", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "info@cert.vde.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -37,24 +37,24 @@ "impactScore": 3.6 }, { - "source": "info@cert.vde.com", + "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "REQUIRED", + "privilegesRequired": "LOW", + "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", + "integrityImpact": "NONE", "availabilityImpact": "NONE", - "baseScore": 7.1, - "baseSeverity": "HIGH" + "baseScore": 5.5, + "baseSeverity": "MEDIUM" }, "exploitabilityScore": 1.8, - "impactScore": 5.2 + "impactScore": 3.6 } ], "cvssMetricV2": [ @@ -85,7 +85,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "info@cert.vde.com", "type": "Primary", "description": [ { @@ -95,12 +95,12 @@ ] }, { - "source": "info@cert.vde.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-338" + "value": "CWE-335" } ] } diff --git a/CVE-2022/CVE-2022-225xx/CVE-2022-22521.json b/CVE-2022/CVE-2022-225xx/CVE-2022-22521.json index ab3aa107e7f..c3b01cbe34b 100644 --- a/CVE-2022/CVE-2022-225xx/CVE-2022-22521.json +++ b/CVE-2022/CVE-2022-225xx/CVE-2022-22521.json @@ -2,12 +2,12 @@ "id": "CVE-2022-22521", "sourceIdentifier": "info@cert.vde.com", "published": "2022-04-27T16:15:11.737", - "lastModified": "2023-06-27T19:00:38.817", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-09T11:15:09.867", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a user with administrative privileges to execute these binaries as admin." + "value": "In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a user with administrative privileges to execute these binaries as admin.\n\n" }, { "lang": "es", @@ -85,7 +85,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "info@cert.vde.com", "type": "Primary", "description": [ { @@ -95,12 +95,12 @@ ] }, { - "source": "info@cert.vde.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-269" + "value": "CWE-732" } ] } diff --git a/CVE-2022/CVE-2022-42xx/CVE-2022-4224.json b/CVE-2022/CVE-2022-42xx/CVE-2022-4224.json index cba21b0c9c1..b84179d1cba 100644 --- a/CVE-2022/CVE-2022-42xx/CVE-2022-4224.json +++ b/CVE-2022/CVE-2022-42xx/CVE-2022-4224.json @@ -2,12 +2,12 @@ "id": "CVE-2022-4224", "sourceIdentifier": "info@cert.vde.com", "published": "2023-03-23T12:15:12.990", - "lastModified": "2023-07-06T14:37:16.910", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-09T11:15:10.067", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device." + "value": "In multiple products of CODESYS v3 in multiple versions a remote low privileged user\u00a0could utilize this vulnerability to read and modify system files and OS resources or DoS the device." } ], "metrics": { @@ -36,7 +36,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "info@cert.vde.com", "type": "Primary", "description": [ { @@ -46,12 +46,12 @@ ] }, { - "source": "info@cert.vde.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-668" + "value": "CWE-1188" } ] } diff --git a/CVE-2023/CVE-2023-239xx/CVE-2023-23903.json b/CVE-2023/CVE-2023-239xx/CVE-2023-23903.json new file mode 100644 index 00000000000..192e8a32055 --- /dev/null +++ b/CVE-2023/CVE-2023-239xx/CVE-2023-23903.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-23903", + "sourceIdentifier": "prodsec@nozominetworks.com", + "published": "2023-08-09T10:15:09.687", + "lastModified": "2023-08-09T10:15:09.687", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error.\n\nThe whole application in rendered unusable until a console intervention.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://security.nozominetworks.com/NN-2023:7-01", + "source": "prodsec@nozominetworks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-240xx/CVE-2023-24015.json b/CVE-2023/CVE-2023-240xx/CVE-2023-24015.json new file mode 100644 index 00000000000..6e8cef5f146 --- /dev/null +++ b/CVE-2023/CVE-2023-240xx/CVE-2023-24015.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-24015", + "sourceIdentifier": "prodsec@nozominetworks.com", + "published": "2023-08-09T10:15:09.890", + "lastModified": "2023-08-09T10:15:09.890", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null.\n\nThe reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://security.nozominetworks.com/NN-2023:6-01", + "source": "prodsec@nozominetworks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2760.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2760.json index cab4f4b1511..8e3f5ad298e 100644 --- a/CVE-2023/CVE-2023-27xx/CVE-2023-2760.json +++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2760.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2760", "sourceIdentifier": "info@cert.vde.com", "published": "2023-07-17T07:15:08.953", - "lastModified": "2023-07-27T04:09:37.207", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-09T11:15:10.280", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -13,7 +13,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "info@cert.vde.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -33,7 +33,7 @@ "impactScore": 4.7 }, { - "source": "info@cert.vde.com", + "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", @@ -56,7 +56,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "info@cert.vde.com", "type": "Primary", "description": [ { @@ -66,12 +66,12 @@ ] }, { - "source": "info@cert.vde.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-74" + "value": "CWE-89" } ] } diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33365.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33365.json index 9e8db67a156..15390d9dc0a 100644 --- a/CVE-2023/CVE-2023-333xx/CVE-2023-33365.json +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33365.json @@ -2,23 +2,83 @@ "id": "CVE-2023-33365", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-03T16:15:11.870", - "lastModified": "2023-08-03T16:56:53.333", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T11:34:28.953", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated attackers to fetch arbitrary files from the server's web server." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:supremainc:biostar_2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.9.1", + "matchCriteriaId": "EB816219-172E-445F-9175-938D9B8A4602" + } + ] + } + ] + } + ], "references": [ { "url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33365", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://kb.supremainc.com/knowledge/doku.php?id=en:release_note_291", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33366.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33366.json index 85c7f4bde7a..bd905a69377 100644 --- a/CVE-2023/CVE-2023-333xx/CVE-2023-33366.json +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33366.json @@ -2,23 +2,82 @@ "id": "CVE-2023-33366", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-03T16:15:11.937", - "lastModified": "2023-08-03T16:56:53.333", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-09T11:53:38.847", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A SQL injection vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows authenticated users to inject arbitrary SQL directives into an SQL statement and execute arbitrary SQL commands." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:supremainc:biostar_2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.9.1", + "matchCriteriaId": "EB816219-172E-445F-9175-938D9B8A4602" + } + ] + } + ] + } + ], "references": [ { "url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33366", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://kb.supremainc.com/knowledge/doku.php?id=en:release_note_291", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index d3a6f9be82c..f04a03b17bb 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-09T10:00:31.779394+00:00 +2023-08-09T12:00:30.167809+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-09T09:15:14.297000+00:00 +2023-08-09T11:53:38.847000+00:00 ``` ### Last Data Feed Release @@ -29,37 +29,27 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -222147 +222149 ``` ### CVEs added in the last Commit -Recently added CVEs: `12` +Recently added CVEs: `2` -* [CVE-2023-24477](CVE-2023/CVE-2023-244xx/CVE-2023-24477.json) (`2023-08-09T08:15:09.280`) -* [CVE-2023-38207](CVE-2023/CVE-2023-382xx/CVE-2023-38207.json) (`2023-08-09T08:15:09.443`) -* [CVE-2023-38208](CVE-2023/CVE-2023-382xx/CVE-2023-38208.json) (`2023-08-09T08:15:09.563`) -* [CVE-2023-38209](CVE-2023/CVE-2023-382xx/CVE-2023-38209.json) (`2023-08-09T08:15:09.660`) -* [CVE-2023-22378](CVE-2023/CVE-2023-223xx/CVE-2023-22378.json) (`2023-08-09T09:15:13.507`) -* [CVE-2023-22843](CVE-2023/CVE-2023-228xx/CVE-2023-22843.json) (`2023-08-09T09:15:13.667`) -* [CVE-2023-23574](CVE-2023/CVE-2023-235xx/CVE-2023-23574.json) (`2023-08-09T09:15:13.767`) -* [CVE-2023-24471](CVE-2023/CVE-2023-244xx/CVE-2023-24471.json) (`2023-08-09T09:15:13.860`) -* [CVE-2023-38211](CVE-2023/CVE-2023-382xx/CVE-2023-38211.json) (`2023-08-09T09:15:13.957`) -* [CVE-2023-38212](CVE-2023/CVE-2023-382xx/CVE-2023-38212.json) (`2023-08-09T09:15:14.077`) -* [CVE-2023-38213](CVE-2023/CVE-2023-382xx/CVE-2023-38213.json) (`2023-08-09T09:15:14.183`) -* [CVE-2023-3632](CVE-2023/CVE-2023-36xx/CVE-2023-3632.json) (`2023-08-09T09:15:14.297`) +* [CVE-2023-23903](CVE-2023/CVE-2023-239xx/CVE-2023-23903.json) (`2023-08-09T10:15:09.687`) +* [CVE-2023-24015](CVE-2023/CVE-2023-240xx/CVE-2023-24015.json) (`2023-08-09T10:15:09.890`) ### CVEs modified in the last Commit Recently modified CVEs: `6` -* [CVE-2018-11206](CVE-2018/CVE-2018-112xx/CVE-2018-11206.json) (`2023-08-09T09:15:12.113`) -* [CVE-2018-17233](CVE-2018/CVE-2018-172xx/CVE-2018-17233.json) (`2023-08-09T09:15:12.920`) -* [CVE-2018-17234](CVE-2018/CVE-2018-172xx/CVE-2018-17234.json) (`2023-08-09T09:15:13.037`) -* [CVE-2018-17237](CVE-2018/CVE-2018-172xx/CVE-2018-17237.json) (`2023-08-09T09:15:13.130`) -* [CVE-2018-17434](CVE-2018/CVE-2018-174xx/CVE-2018-17434.json) (`2023-08-09T09:15:13.223`) -* [CVE-2018-17437](CVE-2018/CVE-2018-174xx/CVE-2018-17437.json) (`2023-08-09T09:15:13.330`) +* [CVE-2021-34600](CVE-2021/CVE-2021-346xx/CVE-2021-34600.json) (`2023-08-09T11:15:09.560`) +* [CVE-2022-22521](CVE-2022/CVE-2022-225xx/CVE-2022-22521.json) (`2023-08-09T11:15:09.867`) +* [CVE-2022-4224](CVE-2022/CVE-2022-42xx/CVE-2022-4224.json) (`2023-08-09T11:15:10.067`) +* [CVE-2023-2760](CVE-2023/CVE-2023-27xx/CVE-2023-2760.json) (`2023-08-09T11:15:10.280`) +* [CVE-2023-33365](CVE-2023/CVE-2023-333xx/CVE-2023-33365.json) (`2023-08-09T11:34:28.953`) +* [CVE-2023-33366](CVE-2023/CVE-2023-333xx/CVE-2023-33366.json) (`2023-08-09T11:53:38.847`) ## Download and Usage