diff --git a/CVE-2021/CVE-2021-42xx/CVE-2021-4235.json b/CVE-2021/CVE-2021-42xx/CVE-2021-4235.json index a30032f9c0e..f8ca5d3c411 100644 --- a/CVE-2021/CVE-2021-42xx/CVE-2021-4235.json +++ b/CVE-2021/CVE-2021-42xx/CVE-2021-4235.json @@ -2,8 +2,8 @@ "id": "CVE-2021-4235", "sourceIdentifier": "security@golang.org", "published": "2022-12-27T22:15:11.960", - "lastModified": "2023-01-06T01:28:42.380", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-06T00:15:09.707", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -82,6 +82,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00001.html", + "source": "security@golang.org" + }, { "url": "https://pkg.go.dev/vuln/GO-2021-0061", "source": "security@golang.org", diff --git a/CVE-2022/CVE-2022-30xx/CVE-2022-3064.json b/CVE-2022/CVE-2022-30xx/CVE-2022-3064.json index efcc012398e..6687d334f25 100644 --- a/CVE-2022/CVE-2022-30xx/CVE-2022-3064.json +++ b/CVE-2022/CVE-2022-30xx/CVE-2022-3064.json @@ -2,8 +2,8 @@ "id": "CVE-2022-3064", "sourceIdentifier": "security@golang.org", "published": "2022-12-27T22:15:14.507", - "lastModified": "2023-01-06T13:51:52.930", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-06T00:15:09.797", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -81,6 +81,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00001.html", + "source": "security@golang.org" + }, { "url": "https://pkg.go.dev/vuln/GO-2022-0956", "source": "security@golang.org", diff --git a/CVE-2023/CVE-2023-211xx/CVE-2023-21161.json b/CVE-2023/CVE-2023-211xx/CVE-2023-21161.json index cd48cc24072..547f170ae6f 100644 --- a/CVE-2023/CVE-2023-211xx/CVE-2023-21161.json +++ b/CVE-2023/CVE-2023-211xx/CVE-2023-21161.json @@ -2,19 +2,74 @@ "id": "CVE-2023-21161", "sourceIdentifier": "security@android.com", "published": "2023-06-28T18:15:14.090", - "lastModified": "2023-06-28T19:27:43.520", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-06T00:54:01.350", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-263783702References: N/A" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2023-06-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-211xx/CVE-2023-21167.json b/CVE-2023/CVE-2023-211xx/CVE-2023-21167.json index cba89a2b665..25853af9825 100644 --- a/CVE-2023/CVE-2023-211xx/CVE-2023-21167.json +++ b/CVE-2023/CVE-2023-211xx/CVE-2023-21167.json @@ -2,19 +2,74 @@ "id": "CVE-2023-21167", "sourceIdentifier": "security@android.com", "published": "2023-06-28T18:15:14.137", - "lastModified": "2023-06-28T19:27:43.520", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-06T00:56:31.923", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In setProfileName of DevicePolicyManagerService.java, there is a possible way to crash the SystemUI menu due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-259942964" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2023-06-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-211xx/CVE-2023-21180.json b/CVE-2023/CVE-2023-211xx/CVE-2023-21180.json index 0a675631864..4ec5dd5b787 100644 --- a/CVE-2023/CVE-2023-211xx/CVE-2023-21180.json +++ b/CVE-2023/CVE-2023-211xx/CVE-2023-21180.json @@ -2,19 +2,74 @@ "id": "CVE-2023-21180", "sourceIdentifier": "security@android.com", "published": "2023-06-28T18:15:14.767", - "lastModified": "2023-06-28T19:27:43.520", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-06T00:58:29.557", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In xmlParseTryOrFinish of parser.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261365944" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2023-06-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-211xx/CVE-2023-21181.json b/CVE-2023/CVE-2023-211xx/CVE-2023-21181.json index fe477831fdf..9a1d4f53403 100644 --- a/CVE-2023/CVE-2023-211xx/CVE-2023-21181.json +++ b/CVE-2023/CVE-2023-211xx/CVE-2023-21181.json @@ -2,19 +2,74 @@ "id": "CVE-2023-21181", "sourceIdentifier": "security@android.com", "published": "2023-06-28T18:15:14.810", - "lastModified": "2023-06-28T19:27:43.520", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-06T01:01:36.910", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In btm_ble_update_inq_result of btm_ble_gap.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-264880969" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2023-06-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-211xx/CVE-2023-21182.json b/CVE-2023/CVE-2023-211xx/CVE-2023-21182.json index 7e00ffe2c97..33768770c43 100644 --- a/CVE-2023/CVE-2023-211xx/CVE-2023-21182.json +++ b/CVE-2023/CVE-2023-211xx/CVE-2023-21182.json @@ -2,19 +2,74 @@ "id": "CVE-2023-21182", "sourceIdentifier": "security@android.com", "published": "2023-06-28T18:15:14.857", - "lastModified": "2023-06-28T19:27:43.520", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-06T00:59:12.937", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Exynos_parsing_user_data_registered_itu_t_t35 of VendorVideoAPI.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-252764175" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2023-06-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-211xx/CVE-2023-21183.json b/CVE-2023/CVE-2023-211xx/CVE-2023-21183.json index 0e2e8a6e468..de4a60e9e23 100644 --- a/CVE-2023/CVE-2023-211xx/CVE-2023-21183.json +++ b/CVE-2023/CVE-2023-211xx/CVE-2023-21183.json @@ -2,19 +2,74 @@ "id": "CVE-2023-21183", "sourceIdentifier": "security@android.com", "published": "2023-06-28T18:15:14.907", - "lastModified": "2023-06-28T19:27:43.520", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-06T01:03:37.963", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In ForegroundUtils of ForegroundUtils.java, there is a possible way to read NFC tag data while the app is still in the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235863754" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2023-06-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21210.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21210.json index 96229e984e0..d570863dcbf 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21210.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21210.json @@ -2,19 +2,74 @@ "id": "CVE-2023-21210", "sourceIdentifier": "security@android.com", "published": "2023-06-28T18:15:15.997", - "lastModified": "2023-06-28T19:27:43.520", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-06T01:06:42.483", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In initiateHs20IconQueryInternal of sta_iface.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262236331" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2023-06-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21211.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21211.json index 01670ec5b14..fac818a8ddf 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21211.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21211.json @@ -2,19 +2,74 @@ "id": "CVE-2023-21211", "sourceIdentifier": "security@android.com", "published": "2023-06-28T18:15:16.037", - "lastModified": "2023-06-28T19:27:43.520", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-06T01:10:07.350", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In multiple files, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262235998" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2023-06-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3411.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3411.json index 6b21c51578f..7fffa1a4707 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3411.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3411.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3411", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-27T04:15:10.267", - "lastModified": "2023-06-27T16:15:38.897", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-06T00:52:22.923", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,8 +13,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", @@ -46,14 +66,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:imagemappro:image_map_pro:1.0.0:*:*:*:lite:wordpress:*:*", + "matchCriteriaId": "FA8D81C8-A09F-469B-B671-23A9CFBB80F1" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/image-map-pro-lite/trunk/image-map-pro-wordpress-lite.php#L410", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/63e108f4-5d9d-4bcf-aef9-aa856f4241ea?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3520.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3520.json new file mode 100644 index 00000000000..390f8d1e07a --- /dev/null +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3520.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3520", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-07-06T01:15:08.930", + "lastModified": "2023-07-06T01:15:08.930", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-614" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/it-novum/openitcockpit/commit/6c717f3c352e55257fc3fef2c5dec111f7d2ee6b", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/f3b277bb-91db-419e-bcc4-fe0b055d2551", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 48213eee4bc..136fd736631 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-07-05T23:55:25.329051+00:00 +2023-07-06T02:00:28.257896+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-07-05T22:15:10.113000+00:00 +2023-07-06T01:15:08.930000+00:00 ``` ### Last Data Feed Release @@ -23,31 +23,37 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-07-05T00:00:13.566749+00:00 +2023-07-06T00:00:13.551397+00:00 ``` ### Total Number of included CVEs ```plain -219232 +219233 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` +Recently added CVEs: `1` -* [CVE-2023-36809](CVE-2023/CVE-2023-368xx/CVE-2023-36809.json) (`2023-07-05T22:15:09.670`) -* [CVE-2023-36813](CVE-2023/CVE-2023-368xx/CVE-2023-36813.json) (`2023-07-05T22:15:09.770`) -* [CVE-2023-36821](CVE-2023/CVE-2023-368xx/CVE-2023-36821.json) (`2023-07-05T22:15:09.860`) -* [CVE-2023-36822](CVE-2023/CVE-2023-368xx/CVE-2023-36822.json) (`2023-07-05T22:15:09.947`) -* [CVE-2023-36827](CVE-2023/CVE-2023-368xx/CVE-2023-36827.json) (`2023-07-05T22:15:10.033`) -* [CVE-2023-36828](CVE-2023/CVE-2023-368xx/CVE-2023-36828.json) (`2023-07-05T22:15:10.113`) +* [CVE-2023-3520](CVE-2023/CVE-2023-35xx/CVE-2023-3520.json) (`2023-07-06T01:15:08.930`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `11` +* [CVE-2021-4235](CVE-2021/CVE-2021-42xx/CVE-2021-4235.json) (`2023-07-06T00:15:09.707`) +* [CVE-2022-3064](CVE-2022/CVE-2022-30xx/CVE-2022-3064.json) (`2023-07-06T00:15:09.797`) +* [CVE-2023-3411](CVE-2023/CVE-2023-34xx/CVE-2023-3411.json) (`2023-07-06T00:52:22.923`) +* [CVE-2023-21161](CVE-2023/CVE-2023-211xx/CVE-2023-21161.json) (`2023-07-06T00:54:01.350`) +* [CVE-2023-21167](CVE-2023/CVE-2023-211xx/CVE-2023-21167.json) (`2023-07-06T00:56:31.923`) +* [CVE-2023-21180](CVE-2023/CVE-2023-211xx/CVE-2023-21180.json) (`2023-07-06T00:58:29.557`) +* [CVE-2023-21182](CVE-2023/CVE-2023-211xx/CVE-2023-21182.json) (`2023-07-06T00:59:12.937`) +* [CVE-2023-21181](CVE-2023/CVE-2023-211xx/CVE-2023-21181.json) (`2023-07-06T01:01:36.910`) +* [CVE-2023-21183](CVE-2023/CVE-2023-211xx/CVE-2023-21183.json) (`2023-07-06T01:03:37.963`) +* [CVE-2023-21210](CVE-2023/CVE-2023-212xx/CVE-2023-21210.json) (`2023-07-06T01:06:42.483`) +* [CVE-2023-21211](CVE-2023/CVE-2023-212xx/CVE-2023-21211.json) (`2023-07-06T01:10:07.350`) ## Download and Usage