Auto-Update: 2023-06-28T02:00:28.097247+00:00

2025-07-09 16:05:11 +00:00 · 2023-06-28 02:00:31 +00:00 · 2023-06-28 02:00:31 +00:00 · d4c26b3648
commit d4c26b3648
parent 805a7c73ed
4 changed files with 173 additions and 32 deletions
--- a/CVE-2020/CVE-2020-207xx/CVE-2020-20718.json
+++ b/CVE-2020/CVE-2020-207xx/CVE-2020-20718.json
@ -2,19 +2,76 @@
  "id": "CVE-2020-20718",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-06-20T15:15:10.627",
-  "lastModified": "2023-06-20T15:49:15.587",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2023-06-28T01:32:42.637",
+  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote attacker to execute arbitrary code via a crafted image file to the the save_file() parameter."
    }
  ],
-  "metrics": {},
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "nvd@nist.gov",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "nvd@nist.gov",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-434"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:pluck-cms:pluckcms:4.7.10:dev:*:*:*:*:*:*",
+              "matchCriteriaId": "F81490FE-D8E4-42ED-9D60-7D44697E52AB"
+            }
+          ]
+        }
+      ]
+    }
+  ],
  "references": [
    {
      "url": "https://github.com/pluck-cms/pluck/issues/79",
-      "source": "cve@mitre.org"
+      "source": "cve@mitre.org",
+      "tags": [
+        "Exploit",
+        "Issue Tracking",
+        "Patch"
+      ]
    }
  ]
 }
--- a/CVE-2023/CVE-2023-24xx/CVE-2023-2400.json
+++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2400.json
@ -2,19 +2,75 @@
  "id": "CVE-2023-2400",
  "sourceIdentifier": "security@devolutions.net",
  "published": "2023-06-20T17:15:09.573",
-  "lastModified": "2023-06-20T17:51:32.923",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2023-06-28T01:42:38.987",
+  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8  and earlier allows an administrator to view users vaults of deleted users via database access.\n\n"
    }
  ],
-  "metrics": {},
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "nvd@nist.gov",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 2.7,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "nvd@nist.gov",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-459"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*",
+              "versionEndExcluding": "2023.2.1",
+              "matchCriteriaId": "E4B602CC-F082-469F-B465-C22326D04932"
+            }
+          ]
+        }
+      ]
+    }
+  ],
  "references": [
    {
      "url": "https://devolutions.net/security/advisories/DEVO-2023-0014",
-      "source": "security@devolutions.net"
+      "source": "security@devolutions.net",
+      "tags": [
+        "Vendor Advisory"
+      ]
    }
  ]
 }
--- a/CVE-2023/CVE-2023-322xx/CVE-2023-32274.json
+++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32274.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-32274",
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "published": "2023-06-20T20:15:09.413",
-  "lastModified": "2023-06-21T12:29:48.917",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2023-06-28T01:47:20.540",
+  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
@ -12,6 +12,26 @@
  ],
  "metrics": {
    "cvssMetricV31": [
+      {
+        "source": "nvd@nist.gov",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
+      },
      {
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary",
@ -46,10 +66,31 @@
      ]
    }
  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:enphase:installer_toolkit:3.27.0:*:*:*:*:*:*:*",
+              "matchCriteriaId": "BF9F2564-D826-4296-90A2-78DD15EABB29"
+            }
+          ]
+        }
+      ]
+    }
+  ],
  "references": [
    {
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-171-02",
-      "source": "ics-cert@hq.dhs.gov"
+      "source": "ics-cert@hq.dhs.gov",
+      "tags": [
+        "Third Party Advisory",
+        "US Government Resource"
+      ]
    }
  ]
 }
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-06-27T23:55:27.402679+00:00
+2023-06-28T02:00:28.097247+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-06-27T23:31:19.107000+00:00
+2023-06-28T01:47:20.540000+00:00
 ```

 ### Last Data Feed Release
@ -23,7 +23,7 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)

 ```plain
-2023-06-27T00:00:13.554507+00:00
+2023-06-28T00:00:13.574288+00:00
 ```

 ### Total Number of included CVEs
@ -34,30 +34,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/

 ### CVEs added in the last Commit

-Recently added CVEs: `4`
+Recently added CVEs: `0`

-* [CVE-2023-36464](CVE-2023/CVE-2023-364xx/CVE-2023-36464.json) (`2023-06-27T22:15:11.790`)
-* [CVE-2023-25001](CVE-2023/CVE-2023-250xx/CVE-2023-25001.json) (`2023-06-27T23:15:09.537`)
-* [CVE-2023-25002](CVE-2023/CVE-2023-250xx/CVE-2023-25002.json) (`2023-06-27T23:15:09.590`)
-* [CVE-2023-3327](CVE-2023/CVE-2023-33xx/CVE-2023-3327.json) (`2023-06-27T23:15:09.657`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `12`
+Recently modified CVEs: `3`

-* [CVE-2022-32885](CVE-2022/CVE-2022-328xx/CVE-2022-32885.json) (`2023-06-27T23:15:09.447`)
-* [CVE-2023-33137](CVE-2023/CVE-2023-331xx/CVE-2023-33137.json) (`2023-06-27T22:15:11.607`)
-* [CVE-2023-25938](CVE-2023/CVE-2023-259xx/CVE-2023-25938.json) (`2023-06-27T23:29:40.213`)
-* [CVE-2023-28060](CVE-2023/CVE-2023-280xx/CVE-2023-28060.json) (`2023-06-27T23:30:04.077`)
-* [CVE-2023-28058](CVE-2023/CVE-2023-280xx/CVE-2023-28058.json) (`2023-06-27T23:30:17.987`)
-* [CVE-2023-28050](CVE-2023/CVE-2023-280xx/CVE-2023-28050.json) (`2023-06-27T23:30:31.847`)
-* [CVE-2023-28044](CVE-2023/CVE-2023-280xx/CVE-2023-28044.json) (`2023-06-27T23:30:45.577`)
-* [CVE-2023-28036](CVE-2023/CVE-2023-280xx/CVE-2023-28036.json) (`2023-06-27T23:30:48.873`)
-* [CVE-2023-28034](CVE-2023/CVE-2023-280xx/CVE-2023-28034.json) (`2023-06-27T23:30:51.980`)
-* [CVE-2023-28031](CVE-2023/CVE-2023-280xx/CVE-2023-28031.json) (`2023-06-27T23:31:09.543`)
-* [CVE-2023-28027](CVE-2023/CVE-2023-280xx/CVE-2023-28027.json) (`2023-06-27T23:31:14.353`)
-* [CVE-2023-28026](CVE-2023/CVE-2023-280xx/CVE-2023-28026.json) (`2023-06-27T23:31:19.107`)
+* [CVE-2020-20718](CVE-2020/CVE-2020-207xx/CVE-2020-20718.json) (`2023-06-28T01:32:42.637`)
+* [CVE-2023-2400](CVE-2023/CVE-2023-24xx/CVE-2023-2400.json) (`2023-06-28T01:42:38.987`)
+* [CVE-2023-32274](CVE-2023/CVE-2023-322xx/CVE-2023-32274.json) (`2023-06-28T01:47:20.540`)


 ## Download and Usage