From d92e078d74902d64d29a57d951a44febc0da1c64 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Helmke?= Date: Sat, 29 Apr 2023 04:00:26 +0200 Subject: [PATCH] Auto-Update: 2023-04-29T02:00:23.436102+00:00 --- CVE-2023/CVE-2023-209xx/CVE-2023-20941.json | 63 ++++++++++++++- CVE-2023/CVE-2023-210xx/CVE-2023-21082.json | 78 +++++++++++++++++- CVE-2023/CVE-2023-210xx/CVE-2023-21083.json | 78 +++++++++++++++++- CVE-2023/CVE-2023-210xx/CVE-2023-21084.json | 63 ++++++++++++++- CVE-2023/CVE-2023-210xx/CVE-2023-21092.json | 79 +++++++++++++++++- CVE-2023/CVE-2023-210xx/CVE-2023-21093.json | 79 +++++++++++++++++- CVE-2023/CVE-2023-210xx/CVE-2023-21097.json | 79 +++++++++++++++++- CVE-2023/CVE-2023-211xx/CVE-2023-21100.json | 74 ++++++++++++++++- CVE-2023/CVE-2023-24xx/CVE-2023-2412.json | 88 +++++++++++++++++++++ CVE-2023/CVE-2023-24xx/CVE-2023-2413.json | 88 +++++++++++++++++++++ CVE-2023/CVE-2023-24xx/CVE-2023-2417.json | 84 ++++++++++++++++++++ CVE-2023/CVE-2023-24xx/CVE-2023-2418.json | 88 +++++++++++++++++++++ CVE-2023/CVE-2023-24xx/CVE-2023-2419.json | 88 +++++++++++++++++++++ CVE-2023/CVE-2023-287xx/CVE-2023-28759.json | 13 ++- CVE-2023/CVE-2023-314xx/CVE-2023-31484.json | 32 ++++++++ CVE-2023/CVE-2023-314xx/CVE-2023-31485.json | 32 ++++++++ CVE-2023/CVE-2023-314xx/CVE-2023-31486.json | 32 ++++++++ README.md | 68 ++++++---------- 18 files changed, 1121 insertions(+), 85 deletions(-) create mode 100644 CVE-2023/CVE-2023-24xx/CVE-2023-2412.json create mode 100644 CVE-2023/CVE-2023-24xx/CVE-2023-2413.json create mode 100644 CVE-2023/CVE-2023-24xx/CVE-2023-2417.json create mode 100644 CVE-2023/CVE-2023-24xx/CVE-2023-2418.json create mode 100644 CVE-2023/CVE-2023-24xx/CVE-2023-2419.json create mode 100644 CVE-2023/CVE-2023-314xx/CVE-2023-31484.json create mode 100644 CVE-2023/CVE-2023-314xx/CVE-2023-31485.json create mode 100644 CVE-2023/CVE-2023-314xx/CVE-2023-31486.json diff --git a/CVE-2023/CVE-2023-209xx/CVE-2023-20941.json b/CVE-2023/CVE-2023-209xx/CVE-2023-20941.json index abd13c88596..9d1786a209b 100644 --- a/CVE-2023/CVE-2023-209xx/CVE-2023-20941.json +++ b/CVE-2023/CVE-2023-209xx/CVE-2023-20941.json @@ -2,19 +2,74 @@ "id": "CVE-2023-20941", "sourceIdentifier": "security@android.com", "published": "2023-04-19T20:15:11.033", - "lastModified": "2023-04-20T13:15:27.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-04-29T01:50:52.760", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In acc_ctrlrequest_composite of f_accessory.c, there is a possible out of bounds write due to a missing bounds check. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-264029575References: Upstream kernel" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.7, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2023-04-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-210xx/CVE-2023-21082.json b/CVE-2023/CVE-2023-210xx/CVE-2023-21082.json index f755931bb4f..72fa6aefa8d 100644 --- a/CVE-2023/CVE-2023-210xx/CVE-2023-21082.json +++ b/CVE-2023/CVE-2023-210xx/CVE-2023-21082.json @@ -2,19 +2,89 @@ "id": "CVE-2023-21082", "sourceIdentifier": "security@android.com", "published": "2023-04-19T20:15:11.260", - "lastModified": "2023-04-20T13:15:18.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-04-29T01:52:02.443", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In getNumberFromCallIntent of NewOutgoingCallIntentBroadcaster.java, there is a possible way to enumerate other user's contact phone number due to a confused deputy. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-257030107" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2023-04-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-210xx/CVE-2023-21083.json b/CVE-2023/CVE-2023-210xx/CVE-2023-21083.json index c4363692bf9..304561ee348 100644 --- a/CVE-2023/CVE-2023-210xx/CVE-2023-21083.json +++ b/CVE-2023/CVE-2023-210xx/CVE-2023-21083.json @@ -2,19 +2,89 @@ "id": "CVE-2023-21083", "sourceIdentifier": "security@android.com", "published": "2023-04-19T20:15:11.303", - "lastModified": "2023-04-20T13:15:18.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-04-29T01:52:38.117", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In onNullBinding of CallScreeningServiceHelper.java, there is a possible way to record audio without showing a privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-252762941" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2023-04-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-210xx/CVE-2023-21084.json b/CVE-2023/CVE-2023-210xx/CVE-2023-21084.json index a8be0e09d13..bfaac4ddee2 100644 --- a/CVE-2023/CVE-2023-210xx/CVE-2023-21084.json +++ b/CVE-2023/CVE-2023-210xx/CVE-2023-21084.json @@ -2,19 +2,74 @@ "id": "CVE-2023-21084", "sourceIdentifier": "security@android.com", "published": "2023-04-19T20:15:11.347", - "lastModified": "2023-04-20T13:15:18.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-04-29T01:53:20.123", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In buildPropFile of filesystem.go, there is a possible insecure hash due to an improperly used crypto. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262892300" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2023-04-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-210xx/CVE-2023-21092.json b/CVE-2023/CVE-2023-210xx/CVE-2023-21092.json index a8998aff545..4c3e5ee1390 100644 --- a/CVE-2023/CVE-2023-210xx/CVE-2023-21092.json +++ b/CVE-2023/CVE-2023-210xx/CVE-2023-21092.json @@ -2,19 +2,90 @@ "id": "CVE-2023-21092", "sourceIdentifier": "security@android.com", "published": "2023-04-19T20:15:11.727", - "lastModified": "2023-04-20T13:15:18.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-04-29T01:54:37.017", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In retrieveServiceLocked of ActiveServices.java, there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242040055" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2023-04-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-210xx/CVE-2023-21093.json b/CVE-2023/CVE-2023-210xx/CVE-2023-21093.json index 30b4fd38085..d1bcd73f6c2 100644 --- a/CVE-2023/CVE-2023-210xx/CVE-2023-21093.json +++ b/CVE-2023/CVE-2023-210xx/CVE-2023-21093.json @@ -2,19 +2,90 @@ "id": "CVE-2023-21093", "sourceIdentifier": "security@android.com", "published": "2023-04-19T20:15:11.770", - "lastModified": "2023-04-20T13:15:18.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-04-29T01:55:20.210", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In extractRelativePath of FileUtils.java, there is a possible way to access files in a directory belonging to other applications due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-228450832" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2023-04-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-210xx/CVE-2023-21097.json b/CVE-2023/CVE-2023-210xx/CVE-2023-21097.json index 3436370f96e..d3b7b863561 100644 --- a/CVE-2023/CVE-2023-210xx/CVE-2023-21097.json +++ b/CVE-2023/CVE-2023-210xx/CVE-2023-21097.json @@ -2,19 +2,90 @@ "id": "CVE-2023-21097", "sourceIdentifier": "security@android.com", "published": "2023-04-19T20:15:11.890", - "lastModified": "2023-04-20T13:15:18.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-04-29T01:57:29.637", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261858325" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-610" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2023-04-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-211xx/CVE-2023-21100.json b/CVE-2023/CVE-2023-211xx/CVE-2023-21100.json index ec2ffe35bd6..4f22fefbe1e 100644 --- a/CVE-2023/CVE-2023-211xx/CVE-2023-21100.json +++ b/CVE-2023/CVE-2023-211xx/CVE-2023-21100.json @@ -2,19 +2,85 @@ "id": "CVE-2023-21100", "sourceIdentifier": "security@android.com", "published": "2023-04-19T20:15:12.023", - "lastModified": "2023-04-20T13:15:13.917", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-04-29T01:58:12.903", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-242544249" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + } + ] + } + ], "references": [ { "url": "https://source.android.com/security/bulletin/2023-04-01", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2412.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2412.json new file mode 100644 index 00000000000..c6f7358c2b0 --- /dev/null +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2412.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-2412", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-04-29T00:15:08.857", + "lastModified": "2023-04-29T00:15:08.857", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227706 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Yp1oneer/cve_hub/blob/main/AC%20Repair%20and%20Services%20System/SQL-Injection-5.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.227706", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.227706", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2413.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2413.json new file mode 100644 index 00000000000..c7cc37cbdf3 --- /dev/null +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2413.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-2413", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-04-29T00:15:08.937", + "lastModified": "2023-04-29T00:15:08.937", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/bookings/manage_booking.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227707." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Yp1oneer/cve_hub/blob/main/AC%20Repair%20and%20Services%20System/SQL-Injection-6.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.227707", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.227707", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2417.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2417.json new file mode 100644 index 00000000000..e2c5753fd28 --- /dev/null +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2417.json @@ -0,0 +1,84 @@ +{ + "id": "CVE-2023-2417", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-04-29T01:15:08.867", + "lastModified": "2023-04-29T01:15:08.867", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in ks-soft Advanced Host Monitor up to 12.56 and classified as problematic. Affected by this issue is some unknown functionality of the file C:\\Program Files (x86)\\HostMonitor\\RMA-Win\\rma_active.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 12.60 is able to address this issue. It is recommended to upgrade the affected component. VDB-227714 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 4.3 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 3.1, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-428" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.227714", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.227714", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2418.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2418.json new file mode 100644 index 00000000000..f9e6207dc67 --- /dev/null +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2418.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-2418", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-04-29T01:15:08.980", + "lastModified": "2023-04-29T01:15:08.980", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. The associated identifier of this vulnerability is VDB-227715." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.6, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:H/Au:N/C:P/I:N/A:N", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "HIGH", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 1.8 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 3.2, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-330" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.227715", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.227715", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.cnblogs.com/andao/p/17330864.html", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2419.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2419.json new file mode 100644 index 00000000000..f7ad2d66a1f --- /dev/null +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2419.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-2419", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-04-29T01:15:09.063", + "lastModified": "2023-04-29T01:15:09.063", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Zhong Bang CRMEB 4.6.0. It has been declared as critical. This vulnerability affects the function videoUpload of the file \\crmeb\\app\\services\\system\\attachment\\SystemAttachmentServices.php. The manipulation of the argument filename leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227716." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/crmeb/CRMEB/issues/77", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.227716", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.227716", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28759.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28759.json index 48e53fa241c..c8dc3d264b4 100644 --- a/CVE-2023/CVE-2023-287xx/CVE-2023-28759.json +++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28759.json @@ -2,12 +2,12 @@ "id": "CVE-2023-28759", "sourceIdentifier": "cve@mitre.org", "published": "2023-03-23T04:17:13.260", - "lastModified": "2023-03-27T16:08:32.570", - "vulnStatus": "Analyzed", + "lastModified": "2023-04-29T01:15:08.770", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An issue was discovered in Veritas NetBackup before 10.0. A vulnerability in the way NetBackup validates the path to a DLL prior to loading may allow a lower level user to elevate privileges and compromise the system." + "value": "An issue was discovered in Veritas NetBackup before 10.0 on Windows. A vulnerability in the way the client validates the path to a DLL prior to loading may allow a lower-level user to elevate privileges and compromise the system." } ], "metrics": { @@ -86,11 +86,8 @@ ], "references": [ { - "url": "https://www.veritas.com/content/support/en_US/security/VTS22-010#M2", - "source": "cve@mitre.org", - "tags": [ - "Vendor Advisory" - ] + "url": "https://www.veritas.com/content/support/en_US/security/VTS23-006", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31484.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31484.json new file mode 100644 index 00000000000..bed76fbe57e --- /dev/null +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31484.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-31484", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-04-29T00:15:09.000", + "lastModified": "2023-04-29T00:15:09.000", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/andk/cpanpm/pull/175", + "source": "cve@mitre.org" + }, + { + "url": "https://metacpan.org/dist/CPAN/changes", + "source": "cve@mitre.org" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2023/04/18/14", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31485.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31485.json new file mode 100644 index 00000000000..0e154d95c36 --- /dev/null +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31485.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-31485", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-04-29T00:15:09.043", + "lastModified": "2023-04-29T00:15:09.043", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/bluefeet/GitLab-API-v4/pull/57", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/chansen/p5-http-tiny/pull/151", + "source": "cve@mitre.org" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2023/04/18/14", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31486.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31486.json new file mode 100644 index 00000000000..0d01a05a567 --- /dev/null +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31486.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-31486", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-04-29T00:15:09.083", + "lastModified": "2023-04-29T00:15:09.083", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/", + "source": "cve@mitre.org" + }, + { + "url": "https://hackeriet.github.io/cpan-http-tiny-overview/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2023/04/18/14", + "source": "cve@mitre.org" + }, + { + "url": "https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 67256e6669c..47e5ca81267 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-04-29T00:00:23.699412+00:00 +2023-04-29T02:00:23.436102+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-04-28T23:15:08.520000+00:00 +2023-04-29T01:58:12.903000+00:00 ``` ### Last Data Feed Release @@ -23,64 +23,42 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](releases/latest) ```plain -2023-04-28T00:00:20.952519+00:00 +2023-04-29T00:00:20.963379+00:00 ``` ### Total Number of included CVEs ```plain -213817 +213825 ``` ### CVEs added in the last Commit -Recently added CVEs: `12` +Recently added CVEs: `8` -* [CVE-2023-2395](CVE-2023/CVE-2023-23xx/CVE-2023-2395.json) (`2023-04-28T22:15:09.130`) -* [CVE-2023-2396](CVE-2023/CVE-2023-23xx/CVE-2023-2396.json) (`2023-04-28T22:15:09.190`) -* [CVE-2023-2397](CVE-2023/CVE-2023-23xx/CVE-2023-2397.json) (`2023-04-28T22:15:09.247`) -* [CVE-2023-2408](CVE-2023/CVE-2023-24xx/CVE-2023-2408.json) (`2023-04-28T23:15:08.267`) -* [CVE-2023-2409](CVE-2023/CVE-2023-24xx/CVE-2023-2409.json) (`2023-04-28T23:15:08.337`) -* [CVE-2023-2410](CVE-2023/CVE-2023-24xx/CVE-2023-2410.json) (`2023-04-28T23:15:08.397`) -* [CVE-2023-2411](CVE-2023/CVE-2023-24xx/CVE-2023-2411.json) (`2023-04-28T23:15:08.460`) -* [CVE-2023-24269](CVE-2023/CVE-2023-242xx/CVE-2023-24269.json) (`2023-04-28T22:15:08.887`) -* [CVE-2023-25495](CVE-2023/CVE-2023-254xx/CVE-2023-25495.json) (`2023-04-28T22:15:08.950`) -* [CVE-2023-25496](CVE-2023/CVE-2023-254xx/CVE-2023-25496.json) (`2023-04-28T22:15:09.013`) -* [CVE-2023-29056](CVE-2023/CVE-2023-290xx/CVE-2023-29056.json) (`2023-04-28T22:15:09.073`) -* [CVE-2023-31483](CVE-2023/CVE-2023-314xx/CVE-2023-31483.json) (`2023-04-28T23:15:08.520`) +* [CVE-2023-2412](CVE-2023/CVE-2023-24xx/CVE-2023-2412.json) (`2023-04-29T00:15:08.857`) +* [CVE-2023-2413](CVE-2023/CVE-2023-24xx/CVE-2023-2413.json) (`2023-04-29T00:15:08.937`) +* [CVE-2023-2417](CVE-2023/CVE-2023-24xx/CVE-2023-2417.json) (`2023-04-29T01:15:08.867`) +* [CVE-2023-2418](CVE-2023/CVE-2023-24xx/CVE-2023-2418.json) (`2023-04-29T01:15:08.980`) +* [CVE-2023-2419](CVE-2023/CVE-2023-24xx/CVE-2023-2419.json) (`2023-04-29T01:15:09.063`) +* [CVE-2023-31484](CVE-2023/CVE-2023-314xx/CVE-2023-31484.json) (`2023-04-29T00:15:09.000`) +* [CVE-2023-31485](CVE-2023/CVE-2023-314xx/CVE-2023-31485.json) (`2023-04-29T00:15:09.043`) +* [CVE-2023-31486](CVE-2023/CVE-2023-314xx/CVE-2023-31486.json) (`2023-04-29T00:15:09.083`) ### CVEs modified in the last Commit -Recently modified CVEs: `27` +Recently modified CVEs: `9` -* [CVE-2020-21643](CVE-2020/CVE-2020-216xx/CVE-2020-21643.json) (`2023-04-28T22:22:40.580`) -* [CVE-2020-23647](CVE-2020/CVE-2020-236xx/CVE-2020-23647.json) (`2023-04-28T22:22:40.580`) -* [CVE-2023-1966](CVE-2023/CVE-2023-19xx/CVE-2023-1966.json) (`2023-04-28T22:22:40.580`) -* [CVE-2023-1968](CVE-2023/CVE-2023-19xx/CVE-2023-1968.json) (`2023-04-28T22:22:40.580`) -* [CVE-2023-2386](CVE-2023/CVE-2023-23xx/CVE-2023-2386.json) (`2023-04-28T22:22:40.580`) -* [CVE-2023-2387](CVE-2023/CVE-2023-23xx/CVE-2023-2387.json) (`2023-04-28T22:22:40.580`) -* [CVE-2023-2388](CVE-2023/CVE-2023-23xx/CVE-2023-2388.json) (`2023-04-28T22:22:40.580`) -* [CVE-2023-2389](CVE-2023/CVE-2023-23xx/CVE-2023-2389.json) (`2023-04-28T22:22:40.580`) -* [CVE-2023-2390](CVE-2023/CVE-2023-23xx/CVE-2023-2390.json) (`2023-04-28T22:22:40.580`) -* [CVE-2023-2391](CVE-2023/CVE-2023-23xx/CVE-2023-2391.json) (`2023-04-28T22:22:40.580`) -* [CVE-2023-2392](CVE-2023/CVE-2023-23xx/CVE-2023-2392.json) (`2023-04-28T22:22:40.580`) -* [CVE-2023-2393](CVE-2023/CVE-2023-23xx/CVE-2023-2393.json) (`2023-04-28T22:22:40.580`) -* [CVE-2023-2394](CVE-2023/CVE-2023-23xx/CVE-2023-2394.json) (`2023-04-28T22:22:40.580`) -* [CVE-2023-26021](CVE-2023/CVE-2023-260xx/CVE-2023-26021.json) (`2023-04-28T22:22:40.580`) -* [CVE-2023-26022](CVE-2023/CVE-2023-260xx/CVE-2023-26022.json) (`2023-04-28T22:22:40.580`) -* [CVE-2023-26781](CVE-2023/CVE-2023-267xx/CVE-2023-26781.json) (`2023-04-28T22:22:40.580`) -* [CVE-2023-26782](CVE-2023/CVE-2023-267xx/CVE-2023-26782.json) (`2023-04-28T22:22:40.580`) -* [CVE-2023-26812](CVE-2023/CVE-2023-268xx/CVE-2023-26812.json) (`2023-04-28T22:22:40.580`) -* [CVE-2023-26813](CVE-2023/CVE-2023-268xx/CVE-2023-26813.json) (`2023-04-28T22:22:40.580`) -* [CVE-2023-29057](CVE-2023/CVE-2023-290xx/CVE-2023-29057.json) (`2023-04-28T22:22:40.580`) -* [CVE-2023-29058](CVE-2023/CVE-2023-290xx/CVE-2023-29058.json) (`2023-04-28T22:22:40.580`) -* [CVE-2023-30405](CVE-2023/CVE-2023-304xx/CVE-2023-30405.json) (`2023-04-28T22:22:40.580`) -* [CVE-2023-30454](CVE-2023/CVE-2023-304xx/CVE-2023-30454.json) (`2023-04-28T22:22:40.580`) -* [CVE-2023-30857](CVE-2023/CVE-2023-308xx/CVE-2023-30857.json) (`2023-04-28T22:22:40.580`) -* [CVE-2023-30858](CVE-2023/CVE-2023-308xx/CVE-2023-30858.json) (`2023-04-28T22:22:40.580`) -* [CVE-2023-31444](CVE-2023/CVE-2023-314xx/CVE-2023-31444.json) (`2023-04-28T22:22:40.580`) -* [CVE-2023-31470](CVE-2023/CVE-2023-314xx/CVE-2023-31470.json) (`2023-04-28T22:22:40.580`) +* [CVE-2023-20941](CVE-2023/CVE-2023-209xx/CVE-2023-20941.json) (`2023-04-29T01:50:52.760`) +* [CVE-2023-21082](CVE-2023/CVE-2023-210xx/CVE-2023-21082.json) (`2023-04-29T01:52:02.443`) +* [CVE-2023-21083](CVE-2023/CVE-2023-210xx/CVE-2023-21083.json) (`2023-04-29T01:52:38.117`) +* [CVE-2023-21084](CVE-2023/CVE-2023-210xx/CVE-2023-21084.json) (`2023-04-29T01:53:20.123`) +* [CVE-2023-21092](CVE-2023/CVE-2023-210xx/CVE-2023-21092.json) (`2023-04-29T01:54:37.017`) +* [CVE-2023-21093](CVE-2023/CVE-2023-210xx/CVE-2023-21093.json) (`2023-04-29T01:55:20.210`) +* [CVE-2023-21097](CVE-2023/CVE-2023-210xx/CVE-2023-21097.json) (`2023-04-29T01:57:29.637`) +* [CVE-2023-21100](CVE-2023/CVE-2023-211xx/CVE-2023-21100.json) (`2023-04-29T01:58:12.903`) +* [CVE-2023-28759](CVE-2023/CVE-2023-287xx/CVE-2023-28759.json) (`2023-04-29T01:15:08.770`) ## Download and Usage