diff --git a/CVE-2020/CVE-2020-207xx/CVE-2020-20718.json b/CVE-2020/CVE-2020-207xx/CVE-2020-20718.json index d0592cf791c..686967abae8 100644 --- a/CVE-2020/CVE-2020-207xx/CVE-2020-20718.json +++ b/CVE-2020/CVE-2020-207xx/CVE-2020-20718.json @@ -2,19 +2,76 @@ "id": "CVE-2020-20718", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-20T15:15:10.627", - "lastModified": "2023-06-20T15:49:15.587", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T01:32:42.637", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote attacker to execute arbitrary code via a crafted image file to the the save_file() parameter." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pluck-cms:pluckcms:4.7.10:dev:*:*:*:*:*:*", + "matchCriteriaId": "F81490FE-D8E4-42ED-9D60-7D44697E52AB" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/pluck-cms/pluck/issues/79", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2400.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2400.json index 43385ea11bb..db7d9c837eb 100644 --- a/CVE-2023/CVE-2023-24xx/CVE-2023-2400.json +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2400.json @@ -2,19 +2,75 @@ "id": "CVE-2023-2400", "sourceIdentifier": "security@devolutions.net", "published": "2023-06-20T17:15:09.573", - "lastModified": "2023-06-20T17:51:32.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T01:42:38.987", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and earlier allows an administrator to view users vaults of deleted users via database access.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 2.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-459" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.2.1", + "matchCriteriaId": "E4B602CC-F082-469F-B465-C22326D04932" + } + ] + } + ] + } + ], "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2023-0014", - "source": "security@devolutions.net" + "source": "security@devolutions.net", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32274.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32274.json index f9a6851675c..a68c9ac7a69 100644 --- a/CVE-2023/CVE-2023-322xx/CVE-2023-32274.json +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32274.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32274", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-06-20T20:15:09.413", - "lastModified": "2023-06-21T12:29:48.917", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-28T01:47:20.540", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:enphase:installer_toolkit:3.27.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BF9F2564-D826-4296-90A2-78DD15EABB29" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-171-02", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index cf448737540..963706c40cb 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-06-27T23:55:27.402679+00:00 +2023-06-28T02:00:28.097247+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-06-27T23:31:19.107000+00:00 +2023-06-28T01:47:20.540000+00:00 ``` ### Last Data Feed Release @@ -23,7 +23,7 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-06-27T00:00:13.554507+00:00 +2023-06-28T00:00:13.574288+00:00 ``` ### Total Number of included CVEs @@ -34,30 +34,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `0` -* [CVE-2023-36464](CVE-2023/CVE-2023-364xx/CVE-2023-36464.json) (`2023-06-27T22:15:11.790`) -* [CVE-2023-25001](CVE-2023/CVE-2023-250xx/CVE-2023-25001.json) (`2023-06-27T23:15:09.537`) -* [CVE-2023-25002](CVE-2023/CVE-2023-250xx/CVE-2023-25002.json) (`2023-06-27T23:15:09.590`) -* [CVE-2023-3327](CVE-2023/CVE-2023-33xx/CVE-2023-3327.json) (`2023-06-27T23:15:09.657`) ### CVEs modified in the last Commit -Recently modified CVEs: `12` +Recently modified CVEs: `3` -* [CVE-2022-32885](CVE-2022/CVE-2022-328xx/CVE-2022-32885.json) (`2023-06-27T23:15:09.447`) -* [CVE-2023-33137](CVE-2023/CVE-2023-331xx/CVE-2023-33137.json) (`2023-06-27T22:15:11.607`) -* [CVE-2023-25938](CVE-2023/CVE-2023-259xx/CVE-2023-25938.json) (`2023-06-27T23:29:40.213`) -* [CVE-2023-28060](CVE-2023/CVE-2023-280xx/CVE-2023-28060.json) (`2023-06-27T23:30:04.077`) -* [CVE-2023-28058](CVE-2023/CVE-2023-280xx/CVE-2023-28058.json) (`2023-06-27T23:30:17.987`) -* [CVE-2023-28050](CVE-2023/CVE-2023-280xx/CVE-2023-28050.json) (`2023-06-27T23:30:31.847`) -* [CVE-2023-28044](CVE-2023/CVE-2023-280xx/CVE-2023-28044.json) (`2023-06-27T23:30:45.577`) -* [CVE-2023-28036](CVE-2023/CVE-2023-280xx/CVE-2023-28036.json) (`2023-06-27T23:30:48.873`) -* [CVE-2023-28034](CVE-2023/CVE-2023-280xx/CVE-2023-28034.json) (`2023-06-27T23:30:51.980`) -* [CVE-2023-28031](CVE-2023/CVE-2023-280xx/CVE-2023-28031.json) (`2023-06-27T23:31:09.543`) -* [CVE-2023-28027](CVE-2023/CVE-2023-280xx/CVE-2023-28027.json) (`2023-06-27T23:31:14.353`) -* [CVE-2023-28026](CVE-2023/CVE-2023-280xx/CVE-2023-28026.json) (`2023-06-27T23:31:19.107`) +* [CVE-2020-20718](CVE-2020/CVE-2020-207xx/CVE-2020-20718.json) (`2023-06-28T01:32:42.637`) +* [CVE-2023-2400](CVE-2023/CVE-2023-24xx/CVE-2023-2400.json) (`2023-06-28T01:42:38.987`) +* [CVE-2023-32274](CVE-2023/CVE-2023-322xx/CVE-2023-32274.json) (`2023-06-28T01:47:20.540`) ## Download and Usage