From c765879e7a920c535c033cc659c05d1728d8c955 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 26 Jul 2023 18:00:39 +0000 Subject: [PATCH] Auto-Update: 2023-07-26T18:00:35.636136+00:00 --- CVE-2023/CVE-2023-13xx/CVE-2023-1380.json | 8 +- CVE-2023/CVE-2023-208xx/CVE-2023-20887.json | 12 ++- CVE-2023/CVE-2023-265xx/CVE-2023-26563.json | 73 ++++++++++++++-- CVE-2023/CVE-2023-29xx/CVE-2023-2960.json | 27 +++++- CVE-2023/CVE-2023-29xx/CVE-2023-2963.json | 27 +++++- CVE-2023/CVE-2023-304xx/CVE-2023-30456.json | 6 +- CVE-2023/CVE-2023-305xx/CVE-2023-30577.json | 20 +++++ CVE-2023/CVE-2023-312xx/CVE-2023-31248.json | 8 +- CVE-2023/CVE-2023-314xx/CVE-2023-31436.json | 6 +- CVE-2023/CVE-2023-326xx/CVE-2023-32657.json | 47 +++++++++- CVE-2023/CVE-2023-344xx/CVE-2023-34429.json | 59 ++++++++++++- CVE-2023/CVE-2023-350xx/CVE-2023-35001.json | 8 +- CVE-2023/CVE-2023-351xx/CVE-2023-35116.json | 6 +- CVE-2023/CVE-2023-351xx/CVE-2023-35134.json | 47 +++++++++- CVE-2023/CVE-2023-368xx/CVE-2023-36883.json | 40 ++++++++- CVE-2023/CVE-2023-368xx/CVE-2023-36887.json | 46 +++++++++- CVE-2023/CVE-2023-368xx/CVE-2023-36888.json | 40 ++++++++- CVE-2023/CVE-2023-36xx/CVE-2023-3635.json | 68 ++++++++++++++- CVE-2023/CVE-2023-372xx/CVE-2023-37223.json | 64 +++++++++++++- CVE-2023/CVE-2023-372xx/CVE-2023-37224.json | 64 +++++++++++++- CVE-2023/CVE-2023-373xx/CVE-2023-37362.json | 47 +++++++++- CVE-2023/CVE-2023-376xx/CVE-2023-37649.json | 70 +++++++++++++-- CVE-2023/CVE-2023-376xx/CVE-2023-37650.json | 70 +++++++++++++-- CVE-2023/CVE-2023-379xx/CVE-2023-37946.json | 70 +++++++++++++-- CVE-2023/CVE-2023-382xx/CVE-2023-38252.json | 96 +++++++++++++++++++-- CVE-2023/CVE-2023-382xx/CVE-2023-38253.json | 96 +++++++++++++++++++-- README.md | 69 +++++++-------- 27 files changed, 1071 insertions(+), 123 deletions(-) create mode 100644 CVE-2023/CVE-2023-305xx/CVE-2023-30577.json diff --git a/CVE-2023/CVE-2023-13xx/CVE-2023-1380.json b/CVE-2023/CVE-2023-13xx/CVE-2023-1380.json index d87f0802450..25cd68d9909 100644 --- a/CVE-2023/CVE-2023-13xx/CVE-2023-1380.json +++ b/CVE-2023/CVE-2023-13xx/CVE-2023-1380.json @@ -2,8 +2,8 @@ "id": "CVE-2023-1380", "sourceIdentifier": "secalert@redhat.com", "published": "2023-03-27T21:15:10.623", - "lastModified": "2023-07-20T15:12:11.260", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-26T17:15:09.893", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -323,6 +323,10 @@ "VDB Entry" ] }, + { + "url": "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "source": "secalert@redhat.com" + }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177883", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20887.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20887.json index 4b9a03d2db4..66e2d9c6b51 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20887.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20887.json @@ -2,8 +2,12 @@ "id": "CVE-2023-20887", "sourceIdentifier": "security@vmware.com", "published": "2023-06-07T15:15:09.190", - "lastModified": "2023-06-14T18:40:01.347", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-26T17:15:10.050", + "vulnStatus": "Modified", + "cisaExploitAdd": "2023-06-22", + "cisaActionDue": "2023-07-13", + "cisaRequiredAction": "Apply updates per vendor instructions.", + "cisaVulnerabilityName": "Vmware Aria Operations for Networks Command Injection Vulnerability", "descriptions": [ { "lang": "en", @@ -66,6 +70,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/173761/VMWare-Aria-Operations-For-Networks-Remote-Command-Execution.html", + "source": "security@vmware.com" + }, { "url": "https://www.vmware.com/security/advisories/VMSA-2023-0012.html", "source": "security@vmware.com", diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26563.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26563.json index 171b9ea489b..19bbce4978e 100644 --- a/CVE-2023/CVE-2023-265xx/CVE-2023-26563.json +++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26563.json @@ -2,27 +2,88 @@ "id": "CVE-2023-26563", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-12T21:15:08.990", - "lastModified": "2023-07-13T08:32:09.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-26T16:23:15.603", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesystem-server.js directory traversal. As a result, an unauthenticated attacker can: - On Windows, list files in any directory, read any file, delete any file, upload any file to any directory accessible by the web server. - On Linux, read any file, download any directory, delete any file, upload any file to any directory accessible by the web server." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:syncfusion:nodejs_file_system_provider:0102271:*:*:*:*:*:*:*", + "matchCriteriaId": "10DCA0D8-E72F-4774-80B1-153AF4A8AAA8" + } + ] + } + ] + } + ], "references": [ { "url": "https://ej2.syncfusion.com/documentation/file-manager/file-system-provider/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/RupturaInfoSec/CVE-2023-26563-26564-26565/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/SyncfusionExamples/ej2-filemanager-node-filesystem", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2960.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2960.json index 54dadcb0d8a..41cd3c121ad 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2960.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2960.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2960", "sourceIdentifier": "cve@usom.gov.tr", "published": "2023-07-17T14:15:10.237", - "lastModified": "2023-07-17T14:22:52.003", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-26T17:32:26.167", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,10 +46,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:olivaekspertiz:oliva_ekspertiz:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.2", + "matchCriteriaId": "D47D3210-173C-4C8C-95DF-D2270E25D2CA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.usom.gov.tr/bildirim/tr-23-0409", - "source": "cve@usom.gov.tr" + "source": "cve@usom.gov.tr", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2963.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2963.json index 676d711dc49..f1bc1541e29 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2963.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2963.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2963", "sourceIdentifier": "cve@usom.gov.tr", "published": "2023-07-17T14:15:10.310", - "lastModified": "2023-07-17T14:22:52.003", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-26T17:37:56.217", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,10 +46,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:olivaekspertiz:oliva_ekspertiz:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.2", + "matchCriteriaId": "D47D3210-173C-4C8C-95DF-D2270E25D2CA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.usom.gov.tr/bildirim/tr-23-0409", - "source": "cve@usom.gov.tr" + "source": "cve@usom.gov.tr", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-304xx/CVE-2023-30456.json b/CVE-2023/CVE-2023-304xx/CVE-2023-30456.json index 3ad626ec008..98e6683faa9 100644 --- a/CVE-2023/CVE-2023-304xx/CVE-2023-30456.json +++ b/CVE-2023/CVE-2023-304xx/CVE-2023-30456.json @@ -2,7 +2,7 @@ "id": "CVE-2023-30456", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-10T02:15:06.853", - "lastModified": "2023-05-11T15:15:12.000", + "lastModified": "2023-07-26T17:15:10.140", "vulnStatus": "Modified", "descriptions": [ { @@ -75,6 +75,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "source": "cve@mitre.org" + }, { "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.8", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-305xx/CVE-2023-30577.json b/CVE-2023/CVE-2023-305xx/CVE-2023-30577.json new file mode 100644 index 00000000000..3a75e5505ab --- /dev/null +++ b/CVE-2023/CVE-2023-305xx/CVE-2023-30577.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-30577", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-26T17:15:10.227", + "lastModified": "2023-07-26T17:15:10.227", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.4", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31248.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31248.json index 153088bf97e..f0b74720809 100644 --- a/CVE-2023/CVE-2023-312xx/CVE-2023-31248.json +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31248.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31248", "sourceIdentifier": "security@ubuntu.com", "published": "2023-07-05T19:15:09.713", - "lastModified": "2023-07-23T03:15:09.363", - "vulnStatus": "Modified", + "lastModified": "2023-07-26T17:15:10.327", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -94,6 +94,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "source": "security@ubuntu.com" + }, { "url": "http://www.openwall.com/lists/oss-security/2023/07/05/2", "source": "security@ubuntu.com", diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31436.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31436.json index f4929157223..8b0e3fcf312 100644 --- a/CVE-2023/CVE-2023-314xx/CVE-2023-31436.json +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31436.json @@ -2,7 +2,7 @@ "id": "CVE-2023-31436", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-28T02:15:09.007", - "lastModified": "2023-06-22T15:15:12.903", + "lastModified": "2023-07-26T17:15:10.570", "vulnStatus": "Modified", "descriptions": [ { @@ -69,6 +69,10 @@ "url": "http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html", "source": "cve@mitre.org" }, + { + "url": "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "source": "cve@mitre.org" + }, { "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.13", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32657.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32657.json index cae72386f74..71b8aaf75c0 100644 --- a/CVE-2023/CVE-2023-326xx/CVE-2023-32657.json +++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32657.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32657", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-07-19T22:15:10.743", - "lastModified": "2023-07-20T11:19:25.143", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-26T16:17:06.170", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:weintek:weincloud:0.13.6:*:*:*:*:*:*:*", + "matchCriteriaId": "7FD4A8E7-45D6-459F-8701-4A8C676195B5" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-04", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-344xx/CVE-2023-34429.json b/CVE-2023/CVE-2023-344xx/CVE-2023-34429.json index 04967801a53..cd46294676a 100644 --- a/CVE-2023/CVE-2023-344xx/CVE-2023-34429.json +++ b/CVE-2023/CVE-2023-344xx/CVE-2023-34429.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34429", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-07-19T22:15:11.073", - "lastModified": "2023-07-20T11:19:25.143", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-26T16:17:36.467", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "ics-cert@hq.dhs.gov", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +76,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:weintek:weincloud:0.13.6:*:*:*:*:*:*:*", + "matchCriteriaId": "7FD4A8E7-45D6-459F-8701-4A8C676195B5" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-04", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35001.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35001.json index 26b3de5b844..d02127b0ec8 100644 --- a/CVE-2023/CVE-2023-350xx/CVE-2023-35001.json +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35001.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35001", "sourceIdentifier": "security@ubuntu.com", "published": "2023-07-05T19:15:10.147", - "lastModified": "2023-07-23T03:15:09.637", - "vulnStatus": "Modified", + "lastModified": "2023-07-26T17:15:10.780", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -94,6 +94,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html", + "source": "security@ubuntu.com" + }, { "url": "http://www.openwall.com/lists/oss-security/2023/07/05/3", "source": "security@ubuntu.com", diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35116.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35116.json index b21249f0ea3..fcfbab1cb70 100644 --- a/CVE-2023/CVE-2023-351xx/CVE-2023-35116.json +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35116.json @@ -2,12 +2,12 @@ "id": "CVE-2023-35116", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-14T14:15:10.960", - "lastModified": "2023-07-14T18:52:52.437", - "vulnStatus": "Analyzed", + "lastModified": "2023-07-26T17:15:12.867", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "** DISPUTED ** An issue was discovered jackson-databind thru 2.15.2 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that the product is not intended for use with untrusted input." + "value": "** DISPUTED ** jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35134.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35134.json index 4305c259b1d..775a26443c0 100644 --- a/CVE-2023/CVE-2023-351xx/CVE-2023-35134.json +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35134.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35134", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-07-19T22:15:11.170", - "lastModified": "2023-07-20T11:19:25.143", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-26T16:18:03.730", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:weintek:weincloud:0.13.6:*:*:*:*:*:*:*", + "matchCriteriaId": "7FD4A8E7-45D6-459F-8701-4A8C676195B5" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-04", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-368xx/CVE-2023-36883.json b/CVE-2023/CVE-2023-368xx/CVE-2023-36883.json index 24face4f82b..9e2fb7777d8 100644 --- a/CVE-2023/CVE-2023-368xx/CVE-2023-36883.json +++ b/CVE-2023/CVE-2023-368xx/CVE-2023-36883.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36883", "sourceIdentifier": "secure@microsoft.com", "published": "2023-07-14T18:15:10.627", - "lastModified": "2023-07-14T19:46:52.880", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-26T16:54:25.230", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -34,10 +34,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*", + "versionEndExcluding": "114.0.1823.82", + "matchCriteriaId": "67E0540B-6FB1-49E2-812B-693C214D0B32" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36883", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-368xx/CVE-2023-36887.json b/CVE-2023/CVE-2023-368xx/CVE-2023-36887.json index 64ed9ab2387..d7b3ad55e94 100644 --- a/CVE-2023/CVE-2023-368xx/CVE-2023-36887.json +++ b/CVE-2023/CVE-2023-368xx/CVE-2023-36887.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36887", "sourceIdentifier": "secure@microsoft.com", "published": "2023-07-14T18:15:10.690", - "lastModified": "2023-07-17T15:15:10.040", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-26T16:54:12.993", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -34,14 +34,52 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-843" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", + "versionEndExcluding": "114.0.1823.82", + "matchCriteriaId": "EBE5A361-F257-47DC-9E0D-6C803F3E1731" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36887", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] }, { "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1747", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-368xx/CVE-2023-36888.json b/CVE-2023/CVE-2023-368xx/CVE-2023-36888.json index 2bbd05a0efc..b488c9528dd 100644 --- a/CVE-2023/CVE-2023-368xx/CVE-2023-36888.json +++ b/CVE-2023/CVE-2023-368xx/CVE-2023-36888.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36888", "sourceIdentifier": "secure@microsoft.com", "published": "2023-07-14T18:15:10.750", - "lastModified": "2023-07-14T19:46:52.880", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-26T16:53:23.367", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -34,10 +34,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:android:*:*", + "versionEndExcluding": "114.0.1823.82", + "matchCriteriaId": "D1961AA6-9AAE-4C47-89C7-C7845121F91A" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36888", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3635.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3635.json index 3c7bebf4715..72cb606614f 100644 --- a/CVE-2023/CVE-2023-36xx/CVE-2023-3635.json +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3635.json @@ -2,16 +2,40 @@ "id": "CVE-2023-3635", "sourceIdentifier": "reefs@jfrog.com", "published": "2023-07-12T19:15:08.983", - "lastModified": "2023-07-13T08:32:09.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-26T16:24:46.917", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.\n\n" + }, + { + "lang": "es", + "value": "GzipSource no maneja una excepci\u00f3n que podr\u00eda surgir al analizar un b\u00fafer gzip malformado. Esto puede conducir a la denegaci\u00f3n de servicio del cliente Okio cuando se maneja un archivo GZIP manipulado, mediante el uso de la clase \"GzipSource\"." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "reefs@jfrog.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-681" + } + ] + }, { "source": "reefs@jfrog.com", "type": "Secondary", @@ -46,14 +80,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:squareup:okio:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.4.0", + "matchCriteriaId": "BA7992EF-23C5-476A-854B-562FE1C3742A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/square/okio/commit/81bce1a30af244550b0324597720e4799281da7b", - "source": "reefs@jfrog.com" + "source": "reefs@jfrog.com", + "tags": [ + "Patch" + ] }, { "url": "https://research.jfrog.com/vulnerabilities/okio-gzip-source-unhandled-exception-dos-xray-523195/", - "source": "reefs@jfrog.com" + "source": "reefs@jfrog.com", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37223.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37223.json index 207579a60ff..fd36af72ce5 100644 --- a/CVE-2023/CVE-2023-372xx/CVE-2023-37223.json +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37223.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37223", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-14T18:15:10.847", - "lastModified": "2023-07-14T19:46:52.880", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-26T17:31:44.957", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -34,14 +54,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:archerirm:archer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.13.0", + "matchCriteriaId": "EDE4D3D4-271C-4D83-865A-A097D7E50A4B" + } + ] + } + ] + } + ], "references": [ { "url": "https://archerirm.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://www.archerirm.community/t5/security-advisories/archer-update-for-multiple-vulnerabilities/ta-p/702362", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37224.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37224.json index b0a472a7189..80d1efcd6fd 100644 --- a/CVE-2023/CVE-2023-372xx/CVE-2023-37224.json +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37224.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37224", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-14T18:15:10.920", - "lastModified": "2023-07-14T19:46:52.880", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-26T17:19:57.800", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -34,14 +54,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:archerirm:archer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.13.0.1", + "matchCriteriaId": "0821EB2D-F429-4BE3-B94A-6CC10EF54ECC" + } + ] + } + ] + } + ], "references": [ { "url": "https://archerirm.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://www.archerirm.community/t5/security-advisories/archer-update-for-multiple-vulnerabilities/ta-p/702362", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-373xx/CVE-2023-37362.json b/CVE-2023/CVE-2023-373xx/CVE-2023-37362.json index eef39ff367e..0c914dc5755 100644 --- a/CVE-2023/CVE-2023-373xx/CVE-2023-37362.json +++ b/CVE-2023/CVE-2023-373xx/CVE-2023-37362.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37362", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-07-19T22:15:11.380", - "lastModified": "2023-07-20T11:19:25.143", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-26T16:18:40.663", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:weintek:weincloud:0.13.6:*:*:*:*:*:*:*", + "matchCriteriaId": "7FD4A8E7-45D6-459F-8701-4A8C676195B5" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-04", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-376xx/CVE-2023-37649.json b/CVE-2023/CVE-2023-376xx/CVE-2023-37649.json index 2a9b0eaec80..2812b7a69fc 100644 --- a/CVE-2023/CVE-2023-376xx/CVE-2023-37649.json +++ b/CVE-2023/CVE-2023-376xx/CVE-2023-37649.json @@ -2,23 +2,83 @@ "id": "CVE-2023-37649", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-20T20:15:10.447", - "lastModified": "2023-07-21T12:52:32.633", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-26T16:18:27.370", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Incorrect access control in the component /models/Content of Cockpit CMS v2.5.2 allows unauthorized attackers to access sensitive data." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:agentejo:cockpit:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.5.2", + "matchCriteriaId": "BD2017D1-E9AB-44E3-BCC6-6164AB4CB5C7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Cockpit-HQ/Cockpit/releases/tag/2.6.0", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.ghostccamm.com/blog/multi_cockpit_vulns/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-376xx/CVE-2023-37650.json b/CVE-2023/CVE-2023-376xx/CVE-2023-37650.json index e6cecc5f222..10644e84c03 100644 --- a/CVE-2023/CVE-2023-376xx/CVE-2023-37650.json +++ b/CVE-2023/CVE-2023-376xx/CVE-2023-37650.json @@ -2,23 +2,83 @@ "id": "CVE-2023-37650", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-20T20:15:10.503", - "lastModified": "2023-07-21T12:52:32.633", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-26T16:18:15.067", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administrator commands." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:agentejo:cockpit:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.5.2", + "matchCriteriaId": "BD2017D1-E9AB-44E3-BCC6-6164AB4CB5C7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Cockpit-HQ/Cockpit/releases/tag/2.6.0", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.ghostccamm.com/blog/multi_cockpit_vulns/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37946.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37946.json index d7db6a02e1c..67b1f7a4329 100644 --- a/CVE-2023/CVE-2023-379xx/CVE-2023-37946.json +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37946.json @@ -2,23 +2,83 @@ "id": "CVE-2023-37946", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-07-12T16:15:13.227", - "lastModified": "2023-07-13T23:15:11.453", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-26T16:26:02.550", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier does not invalidate the previous session on login." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-384" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:openshift_login:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "1.1.0.230.v5d7030b_f5432", + "matchCriteriaId": "308AD760-A6A9-4855-92ED-AB2E7B5F6D36" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/07/12/2", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-2998", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-382xx/CVE-2023-38252.json b/CVE-2023/CVE-2023-382xx/CVE-2023-38252.json index 8c1fc600b3c..7ed378b9b46 100644 --- a/CVE-2023/CVE-2023-382xx/CVE-2023-38252.json +++ b/CVE-2023/CVE-2023-382xx/CVE-2023-38252.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38252", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-14T18:15:10.990", - "lastModified": "2023-07-14T19:46:52.880", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-26T17:10:12.897", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -34,18 +54,84 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:w3m_project:w3m:0.5.3\\+git20230121:*:*:*:*:*:*:*", + "matchCriteriaId": "FB330C30-67B9-481F-B334-B985FD38EB24" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BB176AC3-3CDA-4DDA-9089-C67B2F73AA62" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-38252", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222775", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://github.com/tats/w3m/issues/270", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-382xx/CVE-2023-38253.json b/CVE-2023/CVE-2023-382xx/CVE-2023-38253.json index 1ef0d6d892b..161eed9f147 100644 --- a/CVE-2023/CVE-2023-382xx/CVE-2023-38253.json +++ b/CVE-2023/CVE-2023-382xx/CVE-2023-38253.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38253", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-14T18:15:11.047", - "lastModified": "2023-07-14T19:46:52.880", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-26T17:14:50.187", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -34,18 +54,84 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:w3m_project:w3m:0.5.3\\+git20230121:*:*:*:*:*:*:*", + "matchCriteriaId": "FB330C30-67B9-481F-B334-B985FD38EB24" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BB176AC3-3CDA-4DDA-9089-C67B2F73AA62" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-38253", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222779", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://github.com/tats/w3m/issues/271", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 75a27779879..6f56db7f2f1 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-07-26T16:00:25.377948+00:00 +2023-07-26T18:00:35.636136+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-07-26T15:15:10.883000+00:00 +2023-07-26T17:37:56.217000+00:00 ``` ### Last Data Feed Release @@ -29,52 +29,45 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -221074 +221075 ``` ### CVEs added in the last Commit -Recently added CVEs: `20` +Recently added CVEs: `1` -* [CVE-2022-43710](CVE-2022/CVE-2022-437xx/CVE-2022-43710.json) (`2023-07-26T14:15:09.767`) -* [CVE-2022-43711](CVE-2022/CVE-2022-437xx/CVE-2022-43711.json) (`2023-07-26T14:15:09.823`) -* [CVE-2022-43712](CVE-2022/CVE-2022-437xx/CVE-2022-43712.json) (`2023-07-26T14:15:09.880`) -* [CVE-2022-43713](CVE-2022/CVE-2022-437xx/CVE-2022-43713.json) (`2023-07-26T14:15:09.930`) -* [CVE-2023-23843](CVE-2023/CVE-2023-238xx/CVE-2023-23843.json) (`2023-07-26T14:15:10.070`) -* [CVE-2023-23844](CVE-2023/CVE-2023-238xx/CVE-2023-23844.json) (`2023-07-26T14:15:10.150`) -* [CVE-2023-26859](CVE-2023/CVE-2023-268xx/CVE-2023-26859.json) (`2023-07-26T14:15:10.230`) -* [CVE-2023-26911](CVE-2023/CVE-2023-269xx/CVE-2023-26911.json) (`2023-07-26T14:15:10.283`) -* [CVE-2023-33224](CVE-2023/CVE-2023-332xx/CVE-2023-33224.json) (`2023-07-26T14:15:10.340`) -* [CVE-2023-33225](CVE-2023/CVE-2023-332xx/CVE-2023-33225.json) (`2023-07-26T14:15:10.417`) -* [CVE-2023-23842](CVE-2023/CVE-2023-238xx/CVE-2023-23842.json) (`2023-07-26T15:15:10.167`) -* [CVE-2023-33229](CVE-2023/CVE-2023-332xx/CVE-2023-33229.json) (`2023-07-26T15:15:10.257`) -* [CVE-2023-33308](CVE-2023/CVE-2023-333xx/CVE-2023-33308.json) (`2023-07-26T15:15:10.347`) -* [CVE-2023-39151](CVE-2023/CVE-2023-391xx/CVE-2023-39151.json) (`2023-07-26T14:15:10.493`) -* [CVE-2023-39152](CVE-2023/CVE-2023-391xx/CVE-2023-39152.json) (`2023-07-26T14:15:10.550`) -* [CVE-2023-39153](CVE-2023/CVE-2023-391xx/CVE-2023-39153.json) (`2023-07-26T14:15:10.597`) -* [CVE-2023-39154](CVE-2023/CVE-2023-391xx/CVE-2023-39154.json) (`2023-07-26T14:15:10.647`) -* [CVE-2023-39155](CVE-2023/CVE-2023-391xx/CVE-2023-39155.json) (`2023-07-26T14:15:10.700`) -* [CVE-2023-39156](CVE-2023/CVE-2023-391xx/CVE-2023-39156.json) (`2023-07-26T14:15:10.750`) -* [CVE-2023-3622](CVE-2023/CVE-2023-36xx/CVE-2023-3622.json) (`2023-07-26T15:15:10.803`) +* [CVE-2023-30577](CVE-2023/CVE-2023-305xx/CVE-2023-30577.json) (`2023-07-26T17:15:10.227`) ### CVEs modified in the last Commit -Recently modified CVEs: `13` +Recently modified CVEs: `25` -* [CVE-2022-47758](CVE-2022/CVE-2022-477xx/CVE-2022-47758.json) (`2023-07-26T14:15:09.987`) -* [CVE-2022-21951](CVE-2022/CVE-2022-219xx/CVE-2022-21951.json) (`2023-07-26T15:15:09.833`) -* [CVE-2022-21952](CVE-2022/CVE-2022-219xx/CVE-2022-21952.json) (`2023-07-26T15:15:09.960`) -* [CVE-2023-3433](CVE-2023/CVE-2023-34xx/CVE-2023-3433.json) (`2023-07-26T14:04:40.907`) -* [CVE-2023-3434](CVE-2023/CVE-2023-34xx/CVE-2023-3434.json) (`2023-07-26T14:05:19.787`) -* [CVE-2023-3673](CVE-2023/CVE-2023-36xx/CVE-2023-3673.json) (`2023-07-26T14:05:43.037`) -* [CVE-2023-36119](CVE-2023/CVE-2023-361xx/CVE-2023-36119.json) (`2023-07-26T14:06:18.543`) -* [CVE-2023-36831](CVE-2023/CVE-2023-368xx/CVE-2023-36831.json) (`2023-07-26T14:06:53.920`) -* [CVE-2023-35692](CVE-2023/CVE-2023-356xx/CVE-2023-35692.json) (`2023-07-26T14:07:19.537`) -* [CVE-2023-36832](CVE-2023/CVE-2023-368xx/CVE-2023-36832.json) (`2023-07-26T14:07:43.457`) -* [CVE-2023-3486](CVE-2023/CVE-2023-34xx/CVE-2023-3486.json) (`2023-07-26T14:15:10.810`) -* [CVE-2023-20593](CVE-2023/CVE-2023-205xx/CVE-2023-20593.json) (`2023-07-26T15:15:10.097`) -* [CVE-2023-3637](CVE-2023/CVE-2023-36xx/CVE-2023-3637.json) (`2023-07-26T15:15:10.883`) +* [CVE-2023-32657](CVE-2023/CVE-2023-326xx/CVE-2023-32657.json) (`2023-07-26T16:17:06.170`) +* [CVE-2023-34429](CVE-2023/CVE-2023-344xx/CVE-2023-34429.json) (`2023-07-26T16:17:36.467`) +* [CVE-2023-35134](CVE-2023/CVE-2023-351xx/CVE-2023-35134.json) (`2023-07-26T16:18:03.730`) +* [CVE-2023-37650](CVE-2023/CVE-2023-376xx/CVE-2023-37650.json) (`2023-07-26T16:18:15.067`) +* [CVE-2023-37649](CVE-2023/CVE-2023-376xx/CVE-2023-37649.json) (`2023-07-26T16:18:27.370`) +* [CVE-2023-37362](CVE-2023/CVE-2023-373xx/CVE-2023-37362.json) (`2023-07-26T16:18:40.663`) +* [CVE-2023-26563](CVE-2023/CVE-2023-265xx/CVE-2023-26563.json) (`2023-07-26T16:23:15.603`) +* [CVE-2023-3635](CVE-2023/CVE-2023-36xx/CVE-2023-3635.json) (`2023-07-26T16:24:46.917`) +* [CVE-2023-37946](CVE-2023/CVE-2023-379xx/CVE-2023-37946.json) (`2023-07-26T16:26:02.550`) +* [CVE-2023-36888](CVE-2023/CVE-2023-368xx/CVE-2023-36888.json) (`2023-07-26T16:53:23.367`) +* [CVE-2023-36887](CVE-2023/CVE-2023-368xx/CVE-2023-36887.json) (`2023-07-26T16:54:12.993`) +* [CVE-2023-36883](CVE-2023/CVE-2023-368xx/CVE-2023-36883.json) (`2023-07-26T16:54:25.230`) +* [CVE-2023-38252](CVE-2023/CVE-2023-382xx/CVE-2023-38252.json) (`2023-07-26T17:10:12.897`) +* [CVE-2023-38253](CVE-2023/CVE-2023-382xx/CVE-2023-38253.json) (`2023-07-26T17:14:50.187`) +* [CVE-2023-1380](CVE-2023/CVE-2023-13xx/CVE-2023-1380.json) (`2023-07-26T17:15:09.893`) +* [CVE-2023-20887](CVE-2023/CVE-2023-208xx/CVE-2023-20887.json) (`2023-07-26T17:15:10.050`) +* [CVE-2023-30456](CVE-2023/CVE-2023-304xx/CVE-2023-30456.json) (`2023-07-26T17:15:10.140`) +* [CVE-2023-31248](CVE-2023/CVE-2023-312xx/CVE-2023-31248.json) (`2023-07-26T17:15:10.327`) +* [CVE-2023-31436](CVE-2023/CVE-2023-314xx/CVE-2023-31436.json) (`2023-07-26T17:15:10.570`) +* [CVE-2023-35001](CVE-2023/CVE-2023-350xx/CVE-2023-35001.json) (`2023-07-26T17:15:10.780`) +* [CVE-2023-35116](CVE-2023/CVE-2023-351xx/CVE-2023-35116.json) (`2023-07-26T17:15:12.867`) +* [CVE-2023-37224](CVE-2023/CVE-2023-372xx/CVE-2023-37224.json) (`2023-07-26T17:19:57.800`) +* [CVE-2023-37223](CVE-2023/CVE-2023-372xx/CVE-2023-37223.json) (`2023-07-26T17:31:44.957`) +* [CVE-2023-2960](CVE-2023/CVE-2023-29xx/CVE-2023-2960.json) (`2023-07-26T17:32:26.167`) +* [CVE-2023-2963](CVE-2023/CVE-2023-29xx/CVE-2023-2963.json) (`2023-07-26T17:37:56.217`) ## Download and Usage