diff --git a/CVE-2015/CVE-2015-201xx/CVE-2015-20107.json b/CVE-2015/CVE-2015-201xx/CVE-2015-20107.json index 6b575ee4e1d..26554a6ac5a 100644 --- a/CVE-2015/CVE-2015-201xx/CVE-2015-20107.json +++ b/CVE-2015/CVE-2015-201xx/CVE-2015-20107.json @@ -2,7 +2,7 @@ "id": "CVE-2015-20107", "sourceIdentifier": "cve@mitre.org", "published": "2022-04-13T16:15:08.937", - "lastModified": "2023-05-03T11:15:09.227", + "lastModified": "2023-05-24T21:15:09.160", "vulnStatus": "Modified", "descriptions": [ { @@ -188,6 +188,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "source": "cve@mitre.org" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46KWPTI72SSEOF53DOYQBQOCN4QQB2GE/", "source": "cve@mitre.org", diff --git a/CVE-2019/CVE-2019-209xx/CVE-2019-20907.json b/CVE-2019/CVE-2019-209xx/CVE-2019-20907.json index 35ca619b51f..d773fa4dc09 100644 --- a/CVE-2019/CVE-2019-209xx/CVE-2019-20907.json +++ b/CVE-2019/CVE-2019-209xx/CVE-2019-20907.json @@ -2,8 +2,8 @@ "id": "CVE-2019-20907", "sourceIdentifier": "cve@mitre.org", "published": "2020-07-13T13:15:10.763", - "lastModified": "2022-07-28T11:16:31.243", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-24T21:15:09.367", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -306,6 +306,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "source": "cve@mitre.org" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36XI3EEQNMHGOZEI63Y7UV6XZRELYEAU/", "source": "cve@mitre.org", diff --git a/CVE-2020/CVE-2020-261xx/CVE-2020-26116.json b/CVE-2020/CVE-2020-261xx/CVE-2020-26116.json index 068d676e87e..0b3e3cdb423 100644 --- a/CVE-2020/CVE-2020-261xx/CVE-2020-26116.json +++ b/CVE-2020/CVE-2020-261xx/CVE-2020-26116.json @@ -2,8 +2,8 @@ "id": "CVE-2020-26116", "sourceIdentifier": "cve@mitre.org", "published": "2020-09-27T04:15:11.587", - "lastModified": "2022-06-28T14:11:45.273", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-24T21:15:09.543", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -267,6 +267,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "source": "cve@mitre.org" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BW4GCLQISJCOEGQNIMVUZDQMIY6RR6CC/", "source": "cve@mitre.org", diff --git a/CVE-2020/CVE-2020-84xx/CVE-2020-8492.json b/CVE-2020/CVE-2020-84xx/CVE-2020-8492.json index cecf6c6c445..7ef83b9f499 100644 --- a/CVE-2020/CVE-2020-84xx/CVE-2020-8492.json +++ b/CVE-2020/CVE-2020-84xx/CVE-2020-8492.json @@ -2,8 +2,8 @@ "id": "CVE-2020-8492", "sourceIdentifier": "cve@mitre.org", "published": "2020-01-30T19:15:12.103", - "lastModified": "2021-09-16T15:46:26.457", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-24T21:15:09.687", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -260,6 +260,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "source": "cve@mitre.org" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WOKDEXLYW5UQ4S7PA7E37IITOC7C56J/", "source": "cve@mitre.org", diff --git a/CVE-2021/CVE-2021-31xx/CVE-2021-3177.json b/CVE-2021/CVE-2021-31xx/CVE-2021-3177.json index 78467574b67..3d6631d4efa 100644 --- a/CVE-2021/CVE-2021-31xx/CVE-2021-3177.json +++ b/CVE-2021/CVE-2021-31xx/CVE-2021-3177.json @@ -2,8 +2,8 @@ "id": "CVE-2021-3177", "sourceIdentifier": "cve@mitre.org", "published": "2021-01-19T06:15:12.967", - "lastModified": "2022-12-06T21:52:52.443", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-24T21:15:09.877", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -253,6 +253,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "source": "cve@mitre.org" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRHOCQYX3QLDGDQGTWQAUUT2GGIZCZUO/", "source": "cve@mitre.org", diff --git a/CVE-2021/CVE-2021-37xx/CVE-2021-3733.json b/CVE-2021/CVE-2021-37xx/CVE-2021-3733.json index 0d3b0806dd8..e572d747ac1 100644 --- a/CVE-2021/CVE-2021-37xx/CVE-2021-3733.json +++ b/CVE-2021/CVE-2021-37xx/CVE-2021-3733.json @@ -2,8 +2,8 @@ "id": "CVE-2021-3733", "sourceIdentifier": "secalert@redhat.com", "published": "2022-03-10T17:42:59.623", - "lastModified": "2022-10-26T13:35:24.583", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-24T21:15:10.037", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -304,6 +304,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "source": "secalert@redhat.com" + }, { "url": "https://security.netapp.com/advisory/ntap-20220407-0001/", "source": "secalert@redhat.com", diff --git a/CVE-2021/CVE-2021-37xx/CVE-2021-3737.json b/CVE-2021/CVE-2021-37xx/CVE-2021-3737.json index b5aa003ba9e..71f8fcd5104 100644 --- a/CVE-2021/CVE-2021-37xx/CVE-2021-3737.json +++ b/CVE-2021/CVE-2021-37xx/CVE-2021-3737.json @@ -2,8 +2,8 @@ "id": "CVE-2021-3737", "sourceIdentifier": "secalert@redhat.com", "published": "2022-03-04T19:15:08.730", - "lastModified": "2023-02-02T17:07:26.440", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-24T21:15:10.180", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -333,6 +333,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "source": "secalert@redhat.com" + }, { "url": "https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html", "source": "secalert@redhat.com", diff --git a/CVE-2021/CVE-2021-41xx/CVE-2021-4189.json b/CVE-2021/CVE-2021-41xx/CVE-2021-4189.json index 17f03a4b0cf..6c23b445006 100644 --- a/CVE-2021/CVE-2021-41xx/CVE-2021-4189.json +++ b/CVE-2021/CVE-2021-41xx/CVE-2021-4189.json @@ -2,8 +2,8 @@ "id": "CVE-2021-4189", "sourceIdentifier": "secalert@redhat.com", "published": "2022-08-24T16:15:09.827", - "lastModified": "2022-12-08T03:57:47.713", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-24T21:15:10.313", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -183,6 +183,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "source": "secalert@redhat.com" + }, { "url": "https://python-security.readthedocs.io/vuln/ftplib-pasv.html", "source": "secalert@redhat.com", diff --git a/CVE-2022/CVE-2022-300xx/CVE-2022-30025.json b/CVE-2022/CVE-2022-300xx/CVE-2022-30025.json new file mode 100644 index 00000000000..25e89a2115e --- /dev/null +++ b/CVE-2022/CVE-2022-300xx/CVE-2022-30025.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-30025", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-24T21:15:10.450", + "lastModified": "2023-05-24T21:15:10.450", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SQL injection in \"/Framewrk/Home.jsp\" file (POST method) in tCredence Analytics iDEAL Wealth and Funds - 1.0 iallows authenticated remote attackers to inject payload via \"v\" parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/fir3storm/c8a013d1231c22e22835566609620afd", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-310xx/CVE-2022-31001.json b/CVE-2022/CVE-2022-310xx/CVE-2022-31001.json index 578d42060c0..72af0436489 100644 --- a/CVE-2022/CVE-2022-310xx/CVE-2022-31001.json +++ b/CVE-2022/CVE-2022-310xx/CVE-2022-31001.json @@ -2,8 +2,8 @@ "id": "CVE-2022-31001", "sourceIdentifier": "security-advisories@github.com", "published": "2022-05-31T20:15:07.850", - "lastModified": "2022-11-16T20:00:03.037", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-24T21:15:10.540", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -85,7 +85,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "security-advisories@github.com", "type": "Primary", "description": [ { @@ -95,7 +95,7 @@ ] }, { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { @@ -169,6 +169,10 @@ "tags": [ "Third Party Advisory" ] + }, + { + "url": "https://www.debian.org/security/2023/dsa-5410", + "source": "security-advisories@github.com" } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-310xx/CVE-2022-31002.json b/CVE-2022/CVE-2022-310xx/CVE-2022-31002.json index 11fa0ec81a5..1587bd2949c 100644 --- a/CVE-2022/CVE-2022-310xx/CVE-2022-31002.json +++ b/CVE-2022/CVE-2022-310xx/CVE-2022-31002.json @@ -2,8 +2,8 @@ "id": "CVE-2022-31002", "sourceIdentifier": "security-advisories@github.com", "published": "2022-05-31T19:15:07.717", - "lastModified": "2022-11-16T19:58:33.830", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-24T21:15:10.667", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -85,7 +85,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "security-advisories@github.com", "type": "Primary", "description": [ { @@ -95,7 +95,7 @@ ] }, { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { @@ -169,6 +169,10 @@ "tags": [ "Third Party Advisory" ] + }, + { + "url": "https://www.debian.org/security/2023/dsa-5410", + "source": "security-advisories@github.com" } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-310xx/CVE-2022-31003.json b/CVE-2022/CVE-2022-310xx/CVE-2022-31003.json index 7cd8dd62690..985c25b8dd0 100644 --- a/CVE-2022/CVE-2022-310xx/CVE-2022-31003.json +++ b/CVE-2022/CVE-2022-310xx/CVE-2022-31003.json @@ -2,8 +2,8 @@ "id": "CVE-2022-31003", "sourceIdentifier": "security-advisories@github.com", "published": "2022-05-31T20:15:07.910", - "lastModified": "2022-12-03T01:21:58.983", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-24T21:15:10.760", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -85,9 +85,13 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "security-advisories@github.com", "type": "Primary", "description": [ + { + "lang": "en", + "value": "CWE-122" + }, { "lang": "en", "value": "CWE-787" @@ -95,13 +99,9 @@ ] }, { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ - { - "lang": "en", - "value": "CWE-122" - }, { "lang": "en", "value": "CWE-787" @@ -173,6 +173,10 @@ "tags": [ "Third Party Advisory" ] + }, + { + "url": "https://www.debian.org/security/2023/dsa-5410", + "source": "security-advisories@github.com" } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41221.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41221.json new file mode 100644 index 00000000000..7eb13cc5dd2 --- /dev/null +++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41221.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-41221", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-24T21:15:10.870", + "lastModified": "2023-05-24T21:15:10.870", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The client in OpenText Archive Center Administration through 21.2 allows XXE attacks. Authenticated users of the OpenText Archive Center Administration client (Versions 16.2.3, 21.2, and older versions) could upload XML files to the application that it did not sufficiently validate. As a result, attackers could craft XML files that, when processed by the application, would cause a negative security impact such as data exfiltration or localized denial of service against the application instance and system of the user running it." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://labs.withsecure.com/advisories/opentext-archive-center-administration-client-xxe-vulnerability", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-422xx/CVE-2022-42225.json b/CVE-2022/CVE-2022-422xx/CVE-2022-42225.json new file mode 100644 index 00000000000..6022fc927e9 --- /dev/null +++ b/CVE-2022/CVE-2022-422xx/CVE-2022-42225.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2022-42225", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-24T20:15:09.763", + "lastModified": "2023-05-24T20:15:09.763", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Jumpserver 2.10.0 <= version <= 2.26.0 contains multiple stored XSS vulnerabilities because of improper filtering of user input, which can execute any javascript under admin's permission." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/bybit-sec/eb750c1d906c89e97092b29015472738", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/jumpserver/lina/blob/v2.10.0/src/views/settings/SystemMessageSubscription/SelectDialog.vue#L43", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/jumpserver/lina/blob/v2.11.0/src/layout/components/NavHeader/SiteMessages.vue#L40", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/jumpserver/lina/blob/v2.26.0/src/views/tickets/components/Comments.vue#L16", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-450xx/CVE-2022-45061.json b/CVE-2022/CVE-2022-450xx/CVE-2022-45061.json index 16756344bce..9ea7f138fbb 100644 --- a/CVE-2022/CVE-2022-450xx/CVE-2022-45061.json +++ b/CVE-2022/CVE-2022-450xx/CVE-2022-45061.json @@ -2,8 +2,8 @@ "id": "CVE-2022-45061", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-09T07:15:09.887", - "lastModified": "2023-05-16T23:04:21.670", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-24T21:15:10.923", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -270,6 +270,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "source": "cve@mitre.org" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/", "source": "cve@mitre.org", diff --git a/CVE-2022/CVE-2022-473xx/CVE-2022-47378.json b/CVE-2022/CVE-2022-473xx/CVE-2022-47378.json index e1570c67438..beb975978d1 100644 --- a/CVE-2022/CVE-2022-473xx/CVE-2022-47378.json +++ b/CVE-2022/CVE-2022-473xx/CVE-2022-47378.json @@ -2,8 +2,8 @@ "id": "CVE-2022-47378", "sourceIdentifier": "info@cert.vde.com", "published": "2023-05-15T10:15:09.460", - "lastModified": "2023-05-15T12:54:34.183", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-24T20:25:08.957", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,7 +13,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "info@cert.vde.com", + "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", @@ -31,12 +31,32 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.6 + }, + { + "source": "info@cert.vde.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 } ] }, "weaknesses": [ { - "source": "info@cert.vde.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +64,139 @@ "value": "CWE-20" } ] + }, + { + "source": "info@cert.vde.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.19.0", + "matchCriteriaId": "523FC1D5-2A13-4B4D-9EE6-7895A955F631" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.19.0", + "matchCriteriaId": "6E4DDA5F-C7CD-4ADE-AE44-B2F2C2F6B61C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.19.0", + "matchCriteriaId": "968E3873-9D42-4516-B884-56D49BB8BE8E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.19.0", + "matchCriteriaId": "8FD4E051-A23A-4214-A599-5EDFD40B4843" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.19.0", + "matchCriteriaId": "27B2E352-6ACE-4F3D-B462-4DE1197DAF04" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.19.0", + "matchCriteriaId": "3F20DC27-C98B-49CF-9C39-9FB483438FD4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.19.0", + "matchCriteriaId": "80A1AAE3-1A29-4B1E-8C50-0EA87D158371" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.19.0", + "matchCriteriaId": "9C58C0EB-17CF-4ACA-B691-BBB558A77B4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.19.0", + "matchCriteriaId": "00007AE1-3679-4D05-96E2-F0F45E73B2B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_rte_\\(for_beckhoff_cx\\)_sl:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.8.0.0", + "matchCriteriaId": "44E6A757-BB46-467E-B0DD-916672995584" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_rte_\\(sl\\):*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.8.0.0", + "matchCriteriaId": "C74B30D2-2653-4D2A-BEEC-0AB1843097AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.8.0.0", + "matchCriteriaId": "A9CF7388-0541-4CEA-B83B-127466DA6635" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_win_\\(sl\\):*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.8.0.0", + "matchCriteriaId": "0D2297BF-E19B-4FA6-841F-0D5915D345CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:development_system_v3:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.8.0.0", + "matchCriteriaId": "BBAA2041-8C65-4CC5-AC77-45DE2DEA458F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:hmi_\\(sl\\):*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.8.0.0", + "matchCriteriaId": "A2F76A22-9A91-4683-8F85-322E2AA00E28" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:safety_sil2_psp:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.8.0.0", + "matchCriteriaId": "B37C6669-08B9-4588-B871-3203E8ABFCE9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:safety_sil2_runtime_toolkit:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.8.0.0", + "matchCriteriaId": "B4E932B1-1475-40A0-AF58-D4F643A6A850" + } + ] + } + ] } ], "references": [ { "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=", - "source": "info@cert.vde.com" + "source": "info@cert.vde.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-473xx/CVE-2022-47391.json b/CVE-2022/CVE-2022-473xx/CVE-2022-47391.json index c061aa85ffe..17fc393c1da 100644 --- a/CVE-2022/CVE-2022-473xx/CVE-2022-47391.json +++ b/CVE-2022/CVE-2022-473xx/CVE-2022-47391.json @@ -2,8 +2,8 @@ "id": "CVE-2022-47391", "sourceIdentifier": "info@cert.vde.com", "published": "2023-05-15T10:15:10.390", - "lastModified": "2023-05-15T12:54:34.183", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-24T20:25:29.760", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,10 +46,109 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.7.0.0", + "matchCriteriaId": "194E2F1E-C70A-429E-B61C-B70902A6CDA7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.7.0.0", + "matchCriteriaId": "FEFBC44F-0969-4806-AABD-B02DFEBF8F01" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.7.0.0", + "matchCriteriaId": "7C405ECA-126C-4110-A18A-787D11377CE6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.7.0.0", + "matchCriteriaId": "7047C70D-268D-45B7-A095-39B5A8345ACB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.7.0.0", + "matchCriteriaId": "38F84368-415F-4C37-A988-C8DB540F1345" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.7.0.0", + "matchCriteriaId": "A0B6F1D2-8408-4172-B3E9-7C276CC71433" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.7.0.0", + "matchCriteriaId": "94383C92-CBC7-4941-B06C-00D889316FEF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.7.0.0", + "matchCriteriaId": "1785F440-BA92-4F37-9A72-F4AC971B3B8A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.7.0.0", + "matchCriteriaId": "A320BED3-0F2F-45C0-9D74-8A21158B8ED9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_rte_\\(for_beckhoff_cx\\)_sl:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.18.40", + "matchCriteriaId": "7BF25557-407B-4FD3-9694-92159C8094B8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_rte_\\(sl\\):*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.18.40", + "matchCriteriaId": "5BC8B234-3EC0-4737-8E12-CAA349FC7962" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.18.40", + "matchCriteriaId": "0C5905D5-B99C-4995-BEC7-A0E01D9E014B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:control_win_\\(sl\\):*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.18.40", + "matchCriteriaId": "34100446-7766-42D7-ACC4-D9C3193797C8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codesys:hmi_\\(sl\\):*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.5.18.40", + "matchCriteriaId": "2C7CEA77-B831-4047-BA85-B587DDF25C7C" + } + ] + } + ] + } + ], "references": [ { "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17555&token=212fc7e39bdd260cab6d6ca84333d42f50bcb3da&download=", - "source": "info@cert.vde.com" + "source": "info@cert.vde.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-475xx/CVE-2022-47516.json b/CVE-2022/CVE-2022-475xx/CVE-2022-47516.json index e60e0eef14e..e5581c7c118 100644 --- a/CVE-2022/CVE-2022-475xx/CVE-2022-47516.json +++ b/CVE-2022/CVE-2022-475xx/CVE-2022-47516.json @@ -2,7 +2,7 @@ "id": "CVE-2022-47516", "sourceIdentifier": "cve@mitre.org", "published": "2022-12-18T05:15:11.200", - "lastModified": "2023-02-23T00:15:11.220", + "lastModified": "2023-05-24T21:15:11.037", "vulnStatus": "Modified", "descriptions": [ { @@ -84,6 +84,10 @@ { "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00028.html", "source": "cve@mitre.org" + }, + { + "url": "https://www.debian.org/security/2023/dsa-5410", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-17xx/CVE-2023-1729.json b/CVE-2023/CVE-2023-17xx/CVE-2023-1729.json index 633ce19b533..08b582d2e2b 100644 --- a/CVE-2023/CVE-2023-17xx/CVE-2023-1729.json +++ b/CVE-2023/CVE-2023-17xx/CVE-2023-1729.json @@ -2,16 +2,49 @@ "id": "CVE-2023-1729", "sourceIdentifier": "secalert@redhat.com", "published": "2023-05-15T22:15:10.350", - "lastModified": "2023-05-19T03:15:08.623", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-24T20:55:15.687", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -27,22 +60,104 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023-01-14", + "matchCriteriaId": "87AF9485-5698-410D-96B7-591934CD978B" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", + "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188240", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://github.com/LibRaw/LibRaw/issues/557", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGZ6XF5WTPJ4GLXQ62JVRDZSVSJHXNQU/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E5ZJ3UBTJBZHNPJQFOSGM5L7WAHHE2GY/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20880.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20880.json index abee7bb3eea..32fb7fc4872 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20880.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20880.json @@ -2,19 +2,83 @@ "id": "CVE-2023-20880", "sourceIdentifier": "security@vmware.com", "published": "2023-05-12T21:15:09.173", - "lastModified": "2023-05-15T12:54:45.023", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-24T20:19:03.607", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:aria_operations:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.6.0", + "versionEndExcluding": "8.12.0", + "matchCriteriaId": "6CE1B0DC-3368-4158-8DC1-E793E11D8116" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0", + "versionEndIncluding": "4.5", + "matchCriteriaId": "4BF004A8-90A0-4804-97DA-C2C2005A54AA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.vmware.com/security/advisories/VMSA-2023-0009.html", - "source": "security@vmware.com" + "source": "security@vmware.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-227xx/CVE-2023-22741.json b/CVE-2023/CVE-2023-227xx/CVE-2023-22741.json index 89174827637..2a68e98fec6 100644 --- a/CVE-2023/CVE-2023-227xx/CVE-2023-22741.json +++ b/CVE-2023/CVE-2023-227xx/CVE-2023-22741.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22741", "sourceIdentifier": "security-advisories@github.com", "published": "2023-01-19T22:15:11.273", - "lastModified": "2023-01-27T12:54:08.137", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-24T21:15:11.190", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -56,22 +56,22 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "security-advisories@github.com", "type": "Primary", "description": [ { "lang": "en", - "value": "CWE-787" + "value": "CWE-120" } ] }, { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-120" + "value": "CWE-787" } ] } @@ -111,6 +111,10 @@ "Patch", "Third Party Advisory" ] + }, + { + "url": "https://www.debian.org/security/2023/dsa-5410", + "source": "security-advisories@github.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-255xx/CVE-2023-25598.json b/CVE-2023/CVE-2023-255xx/CVE-2023-25598.json new file mode 100644 index 00000000000..c7114c64bcd --- /dev/null +++ b/CVE-2023/CVE-2023-255xx/CVE-2023-25598.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-25598", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-24T20:15:09.913", + "lastModified": "2023-05-24T20:15:09.913", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the home.php page. A successful exploit could allow an attacker to execute arbitrary scripts." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.mitel.com/support/security-advisories", + "source": "cve@mitre.org" + }, + { + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0003", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-255xx/CVE-2023-25599.json b/CVE-2023/CVE-2023-255xx/CVE-2023-25599.json new file mode 100644 index 00000000000..308cdf57eb5 --- /dev/null +++ b/CVE-2023/CVE-2023-255xx/CVE-2023-25599.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-25599", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-24T21:15:11.380", + "lastModified": "2023-05-24T21:15:11.380", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the test_presenter.php page. A successful exploit could allow an attacker to execute arbitrary scripts." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.mitel.com/support/security-advisories", + "source": "cve@mitre.org" + }, + { + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0003", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-297xx/CVE-2023-29721.json b/CVE-2023/CVE-2023-297xx/CVE-2023-29721.json new file mode 100644 index 00000000000..979697fc045 --- /dev/null +++ b/CVE-2023/CVE-2023-297xx/CVE-2023-29721.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-29721", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-24T21:15:11.470", + "lastModified": "2023-05-24T21:15:11.470", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SofaWiki <= 3.8.9 has a file upload vulnerability that leads to command execution." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/bellenuit/sofawiki/issues/27", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/xul18/Showcase/issues/2", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-301xx/CVE-2023-30189.json b/CVE-2023/CVE-2023-301xx/CVE-2023-30189.json index 1a9255578b3..f69e2dabab6 100644 --- a/CVE-2023/CVE-2023-301xx/CVE-2023-30189.json +++ b/CVE-2023/CVE-2023-301xx/CVE-2023-30189.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30189", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-16T20:15:09.273", - "lastModified": "2023-05-17T12:46:50.773", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-24T20:41:34.643", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -34,10 +54,45 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:posthemes:posstaticblocks:*:*:*:*:*:prestashop:*:*", + "versionEndIncluding": "1.0.0", + "matchCriteriaId": "14081B16-6E49-46C2-AC14-38178E1B0B8C" + } + ] + } + ] + } + ], "references": [ { "url": "https://friends-of-presta.github.io/security-advisories/modules/2023/04/27/posstaticblocks.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-302xx/CVE-2023-30281.json b/CVE-2023/CVE-2023-302xx/CVE-2023-30281.json index 50b2f7bf3c0..8ef7814d9d0 100644 --- a/CVE-2023/CVE-2023-302xx/CVE-2023-30281.json +++ b/CVE-2023/CVE-2023-302xx/CVE-2023-30281.json @@ -2,19 +2,75 @@ "id": "CVE-2023-30281", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-16T20:15:09.323", - "lastModified": "2023-05-17T12:46:50.773", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-24T20:41:21.293", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Insecure permissions in the ps_customer table of Prestashop scquickaccounting before v3.7.3 allows attackers to access sensitive information stored in the component." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:storecommander:scquickaccounting:*:*:*:*:*:prestashop:*:*", + "versionEndExcluding": "3.7.3", + "matchCriteriaId": "68F7CD87-042E-4638-92F9-2CED66C93FAD" + } + ] + } + ] + } + ], "references": [ { "url": "https://friends-of-presta.github.io/security-advisories/modules/2023/05/04/scquickaccounting.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31145.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31145.json index a20337ea964..12226b4c73e 100644 --- a/CVE-2023/CVE-2023-311xx/CVE-2023-31145.json +++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31145.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31145", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-15T21:15:09.293", - "lastModified": "2023-05-16T10:46:36.147", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-24T20:59:00.897", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,10 +66,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:collabora:online:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.4.27", + "matchCriteriaId": "098C5EA7-08FA-4765-916B-4BDC839093FB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:collabora:online:*:*:*:*:*:*:*:*", + "versionStartIncluding": "21.06.2", + "versionEndExcluding": "21.11.9", + "matchCriteriaId": "2E9E333F-1435-4133-B77C-95A2BD557AB8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:collabora:online:*:*:*:*:*:*:*:*", + "versionStartIncluding": "22.05.0", + "versionEndExcluding": "22.05.13", + "matchCriteriaId": "3996A955-91D7-425D-AE9D-B7BDF4ED78C2" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-rqj2-2c2x-gjmm", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31457.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31457.json new file mode 100644 index 00000000000..bfd12d6f6b6 --- /dev/null +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31457.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-31457", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-24T20:15:09.977", + "lastModified": "2023-05-24T20:15:09.977", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.mitel.com/support/security-advisories", + "source": "cve@mitre.org" + }, + { + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0004", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31458.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31458.json new file mode 100644 index 00000000000..be7765bf46f --- /dev/null +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31458.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-31458", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-24T21:15:11.520", + "lastModified": "2023-05-24T21:15:11.520", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.mitel.com/support/security-advisories", + "source": "cve@mitre.org" + }, + { + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0005", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31459.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31459.json new file mode 100644 index 00000000000..427bb6afc2f --- /dev/null +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31459.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-31459", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-24T20:15:10.033", + "lastModified": "2023-05-24T20:15:10.033", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because the initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.mitel.com/support/security-advisories", + "source": "cve@mitre.org" + }, + { + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0006", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31460.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31460.json new file mode 100644 index 00000000000..5903bb1ea43 --- /dev/null +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31460.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-31460", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-24T20:15:10.093", + "lastModified": "2023-05-24T20:15:10.093", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the Connect Mobility Router component of MiVoice Connect versions 9.6.2208.101 and earlier could allow an authenticated attacker with internal network access to conduct a command injection attack due to insufficient restriction on URL parameters." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.mitel.com/support/security-advisories", + "source": "cve@mitre.org" + }, + { + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0007", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-315xx/CVE-2023-31544.json b/CVE-2023/CVE-2023-315xx/CVE-2023-31544.json index 4a78988d213..759b2ac1db6 100644 --- a/CVE-2023/CVE-2023-315xx/CVE-2023-31544.json +++ b/CVE-2023/CVE-2023-315xx/CVE-2023-31544.json @@ -2,23 +2,98 @@ "id": "CVE-2023-31544", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-16T21:15:09.027", - "lastModified": "2023-05-17T12:46:50.773", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-24T20:41:01.150", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:alkacon:opencms:11.0:-:*:*:*:*:*:*", + "matchCriteriaId": "745FD94C-C000-4E6B-B294-2805AC3616F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:alkacon:opencms:11.0:beta:*:*:*:*:*:*", + "matchCriteriaId": "62CE8688-6DE4-4474-A4C5-407B35C7A981" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:alkacon:opencms:11.0:beta2:*:*:*:*:*:*", + "matchCriteriaId": "E88DB6B7-D5DC-464C-B8D7-A364448A5B13" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:alkacon:opencms:11.0:rc:*:*:*:*:*:*", + "matchCriteriaId": "C051CC98-D045-481C-84D3-A86350BCAE42" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/alkacon/opencms-core/commit/21bfbeaf6b038e2c03bb421ce7f0933dd7a7633e", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/alkacon/opencms-core/issues/652", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-315xx/CVE-2023-31595.json b/CVE-2023/CVE-2023-315xx/CVE-2023-31595.json new file mode 100644 index 00000000000..3b450cc5091 --- /dev/null +++ b/CVE-2023/CVE-2023-315xx/CVE-2023-31595.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-31595", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-24T20:15:10.150", + "lastModified": "2023-05-24T20:15:10.150", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via unauthenticated port access." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://ic.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Yozarseef95/CVE-2023-31595", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-316xx/CVE-2023-31611.json b/CVE-2023/CVE-2023-316xx/CVE-2023-31611.json index 57f90aedaec..bd4a8c00123 100644 --- a/CVE-2023/CVE-2023-316xx/CVE-2023-31611.json +++ b/CVE-2023/CVE-2023-316xx/CVE-2023-31611.json @@ -2,19 +2,76 @@ "id": "CVE-2023-31611", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-15T15:15:11.770", - "lastModified": "2023-05-15T15:20:32.293", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-24T20:34:37.210", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue in the __libc_longjmp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openlinksw:virtuoso:7.2.9:*:*:*:open_source:*:*:*", + "matchCriteriaId": "75FD7F91-D201-4286-8F97-D2D1C7C9D4C3" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/openlink/virtuoso-opensource/issues/1119", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-316xx/CVE-2023-31677.json b/CVE-2023/CVE-2023-316xx/CVE-2023-31677.json index c62d18a48b1..f9c5675289e 100644 --- a/CVE-2023/CVE-2023-316xx/CVE-2023-31677.json +++ b/CVE-2023/CVE-2023-316xx/CVE-2023-31677.json @@ -2,19 +2,75 @@ "id": "CVE-2023-31677", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-16T22:15:13.913", - "lastModified": "2023-05-17T12:46:50.773", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-24T20:40:42.440", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Insecure permissions in luowice 3.5.18 allow attackers to view information for other alarm devices via modification of the eseeid parameter." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:luowice:luowice:3.5.18:*:*:*:*:android:*:*", + "matchCriteriaId": "7FDFAFAB-A294-4CCF-8D5C-9C7672BBDE4E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/zzh-newlearner/record/blob/main/luowice.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-316xx/CVE-2023-31679.json b/CVE-2023/CVE-2023-316xx/CVE-2023-31679.json index a94710e5b7c..311d3fe0143 100644 --- a/CVE-2023/CVE-2023-316xx/CVE-2023-31679.json +++ b/CVE-2023/CVE-2023-316xx/CVE-2023-31679.json @@ -2,19 +2,75 @@ "id": "CVE-2023-31679", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-16T22:15:14.003", - "lastModified": "2023-05-17T12:46:46.567", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-24T20:39:39.120", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Incorrect access control in Videogo v6.8.1 allows attackers to access images from other devices via modification of the Device Id parameter." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:videogo_project:videogo:6.8.1:*:*:*:*:android:*:*", + "matchCriteriaId": "0832E72D-15E3-4C6C-BE94-B95F99EB8253" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/zzh-newlearner/record/blob/main/yingshi_privacy.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-317xx/CVE-2023-31724.json b/CVE-2023/CVE-2023-317xx/CVE-2023-31724.json index e1d6615eeec..f29addc977d 100644 --- a/CVE-2023/CVE-2023-317xx/CVE-2023-31724.json +++ b/CVE-2023/CVE-2023-317xx/CVE-2023-31724.json @@ -2,23 +2,84 @@ "id": "CVE-2023-31724", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-17T15:15:08.917", - "lastModified": "2023-05-17T17:00:54.967", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-24T21:17:19.583", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function do_directive at /nasm/nasm-pp.c." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yasm_project:yasm:1.3.0.55.g101bc:*:*:*:*:*:*:*", + "matchCriteriaId": "4A03B4FD-736D-40B7-87B0-AC4EF2660C4B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/DaisyPo/fuzzing-vulncollect/tree/main/yasm/SEGV/nasm-pp.c:3570%20in%20do_directive", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/yasm/yasm/issues/222", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-317xx/CVE-2023-31725.json b/CVE-2023/CVE-2023-317xx/CVE-2023-31725.json index e3ebe9194a6..936c54da17b 100644 --- a/CVE-2023/CVE-2023-317xx/CVE-2023-31725.json +++ b/CVE-2023/CVE-2023-317xx/CVE-2023-31725.json @@ -2,23 +2,84 @@ "id": "CVE-2023-31725", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-17T15:15:08.957", - "lastModified": "2023-05-17T17:00:54.967", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-24T21:03:41.430", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "yasm 1.3.0.55.g101bc was discovered to contain a heap-use-after-free via the function expand_mmac_params at yasm/modules/preprocs/nasm/nasm-pp.c." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yasm_project:yasm:1.3.0.55.g101bc:*:*:*:*:*:*:*", + "matchCriteriaId": "4A03B4FD-736D-40B7-87B0-AC4EF2660C4B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/DaisyPo/fuzzing-vulncollect/tree/main/yasm/heap-use-after-free/nasm-pp.c:3878%20in%20expand_mmac_params", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/yasm/yasm/issues/221", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32068.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32068.json index ed56d5a54fe..6c21270c23e 100644 --- a/CVE-2023/CVE-2023-320xx/CVE-2023-32068.json +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32068.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32068", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-15T21:15:09.367", - "lastModified": "2023-05-16T10:46:36.147", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-24T21:02:50.490", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,22 +66,57 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.10.4", + "matchCriteriaId": "8F237F1D-24B8-40CA-964D-6AD68EE14722" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:xwiki:15.0:rc1:*:*:*:*:*:*", + "matchCriteriaId": "88E41345-F81E-401A-BD67-66AF4B3925D4" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/xwiki/xwiki-platform/commit/e4f7f68e93cb08c25632c126356d218abf192d1e", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6gvj-8vc5-8v3j", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://jira.xwiki.org/browse/XWIKI-20096", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://jira.xwiki.org/browse/XWIKI-20549", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32313.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32313.json index 87051ac1346..18f989a2f42 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32313.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32313.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32313", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-15T20:15:09.070", - "lastModified": "2023-05-16T10:46:36.147", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-24T20:43:19.080", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,22 +76,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vm2_project:vm2:*:*:*:*:*:node.js:*:*", + "versionEndExcluding": "3.9.18", + "matchCriteriaId": "80ED3198-E3DA-4ACD-883B-10CDB835BA33" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/arkark/c1c57eaf3e0a649af1a70c2b93b17550", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/patriksimek/vm2/commit/5206ba25afd86ef547a2c9d48d46ca7a9e6ec238", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/patriksimek/vm2/releases/tag/3.9.18", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-p5gc-c584-jj6v", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32314.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32314.json index 02d667de47b..a61cd1d3d1d 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32314.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32314.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32314", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-15T20:15:09.177", - "lastModified": "2023-05-16T10:46:36.147", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-24T20:50:46.247", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,22 +76,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vm2_project:vm2:*:*:*:*:*:node.js:*:*", + "versionEndExcluding": "3.9.18", + "matchCriteriaId": "80ED3198-E3DA-4ACD-883B-10CDB835BA33" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/patriksimek/vm2/releases/tag/3.9.18", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32787.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32787.json index 326a466f0f8..325350c05ca 100644 --- a/CVE-2023/CVE-2023-327xx/CVE-2023-32787.json +++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32787.json @@ -2,27 +2,90 @@ "id": "CVE-2023-32787", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-15T15:15:12.823", - "lastModified": "2023-05-15T15:20:32.293", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-24T20:41:17.287", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The OPC UA Legacy Java Stack before 6f176f2 enables an attacker to block OPC UA server applications via uncontrolled resource consumption so that they can no longer serve client applications." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opcfoundation:ua_java_legacy:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023-04-28", + "matchCriteriaId": "A87006B3-496C-4A85-A1BE-4F2B18C5438C" + } + ] + } + ] + } + ], "references": [ { "url": "https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-32787.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Vendor Advisory" + ] }, { "url": "https://github.com/OPCFoundation/UA-Java-Legacy", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/OPCFoundation/UA-Java-Legacy/commit/6f176f2b445a27c157f1a32f225accc9ce8873c0", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33785.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33785.json new file mode 100644 index 00000000000..19e647ec4e9 --- /dev/null +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33785.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33785", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-24T20:15:10.210", + "lastModified": "2023-05-24T20:15:10.210", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability in the Create Rack Roles (/dcim/rack-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/anhdq201/netbox/issues/8", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33786.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33786.json new file mode 100644 index 00000000000..8dec437d16b --- /dev/null +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33786.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33786", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-24T20:15:10.263", + "lastModified": "2023-05-24T20:15:10.263", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability in the Create Circuit Types (/circuits/circuit-types/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/anhdq201/netbox/issues/2", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33787.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33787.json new file mode 100644 index 00000000000..babb510cdac --- /dev/null +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33787.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33787", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-24T20:15:10.317", + "lastModified": "2023-05-24T20:15:10.317", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability in the Create Tenant Groups (/tenancy/tenant-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/anhdq201/netbox/issues/6", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33788.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33788.json new file mode 100644 index 00000000000..8c5c03cdd6c --- /dev/null +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33788.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33788", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-24T20:15:10.373", + "lastModified": "2023-05-24T20:15:10.373", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability in the Create Providers (/circuits/providers/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/anhdq201/netbox/issues/3", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33789.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33789.json new file mode 100644 index 00000000000..3714ab9b259 --- /dev/null +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33789.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33789", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-24T20:15:10.430", + "lastModified": "2023-05-24T20:15:10.430", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability in the Create Contact Groups (/tenancy/contact-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/anhdq201/netbox/issues/7", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33790.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33790.json new file mode 100644 index 00000000000..101032b3db2 --- /dev/null +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33790.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33790", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-24T20:15:10.487", + "lastModified": "2023-05-24T20:15:10.487", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability in the Create Locations (/dcim/locations/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/anhdq201/netbox/issues/9", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33791.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33791.json new file mode 100644 index 00000000000..f0d1e5d4e19 --- /dev/null +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33791.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33791", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-24T20:15:10.543", + "lastModified": "2023-05-24T20:15:10.543", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability in the Create Provider Accounts (/circuits/provider-accounts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/anhdq201/netbox/issues/4", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33792.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33792.json new file mode 100644 index 00000000000..153a7c6172d --- /dev/null +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33792.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33792", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-24T20:15:10.607", + "lastModified": "2023-05-24T20:15:10.607", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability in the Create Site Groups (/dcim/site-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/anhdq201/netbox/issues/10", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33793.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33793.json new file mode 100644 index 00000000000..3202d5c3499 --- /dev/null +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33793.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33793", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-24T20:15:10.663", + "lastModified": "2023-05-24T20:15:10.663", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability in the Create Power Panels (/dcim/power-panels/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/anhdq201/netbox/issues/1", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33794.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33794.json new file mode 100644 index 00000000000..baf1098da11 --- /dev/null +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33794.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33794", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-24T20:15:10.717", + "lastModified": "2023-05-24T20:15:10.717", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability in the Create Tenants (/tenancy/tenants/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/anhdq201/netbox/issues/5", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33795.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33795.json new file mode 100644 index 00000000000..dd6515ca39e --- /dev/null +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33795.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33795", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-24T20:15:10.773", + "lastModified": "2023-05-24T20:15:10.773", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability in the Create Contact Roles (/tenancy/contact-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/anhdq201/netbox/issues/15", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33796.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33796.json new file mode 100644 index 00000000000..290afa21457 --- /dev/null +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33796.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33796", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-24T20:15:10.827", + "lastModified": "2023-05-24T20:15:10.827", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/anhdq201/netbox/issues/16", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33797.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33797.json new file mode 100644 index 00000000000..dd08d021aff --- /dev/null +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33797.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33797", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-24T20:15:10.893", + "lastModified": "2023-05-24T20:15:10.893", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability in the Create Sites (/dcim/sites/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/anhdq201/netbox/issues/12", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33798.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33798.json new file mode 100644 index 00000000000..2ce29df8e9b --- /dev/null +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33798.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33798", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-24T20:15:10.947", + "lastModified": "2023-05-24T20:15:10.947", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability in the Create Rack (/dcim/rack/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/anhdq201/netbox/issues/13", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33799.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33799.json new file mode 100644 index 00000000000..aa5311a5306 --- /dev/null +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33799.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33799", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-24T20:15:11.003", + "lastModified": "2023-05-24T20:15:11.003", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability in the Create Contacts (/tenancy/contacts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/anhdq201/netbox/issues/14", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33800.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33800.json new file mode 100644 index 00000000000..0aaf897b552 --- /dev/null +++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33800.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-33800", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-24T20:15:11.060", + "lastModified": "2023-05-24T20:15:11.060", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability in the Create Regions (/dcim/regions/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/anhdq201/netbox/issues/11", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33829.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33829.json new file mode 100644 index 00000000000..ae257d476c7 --- /dev/null +++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33829.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-33829", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-24T21:15:11.567", + "lastModified": "2023-05-24T21:15:11.567", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability in Cloudogu GmbH SCM Manager v1.2 to v1.60 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bitbucket.org/sdorra/docker-scm-manager/src/master/", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/n3gox/Stored-XSS-on-SCM-Manager-1.60", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 287a6e46ae8..3de3d191618 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-05-24T20:00:34.588212+00:00 +2023-05-24T22:00:26.529692+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-05-24T19:28:04.420000+00:00 +2023-05-24T21:17:19.583000+00:00 ``` ### Last Data Feed Release @@ -29,39 +29,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -215941 +215969 ``` ### CVEs added in the last Commit -Recently added CVEs: `11` +Recently added CVEs: `28` -* [CVE-2023-2870](CVE-2023/CVE-2023-28xx/CVE-2023-2870.json) (`2023-05-24T18:15:10.217`) -* [CVE-2023-2871](CVE-2023/CVE-2023-28xx/CVE-2023-2871.json) (`2023-05-24T18:15:10.337`) -* [CVE-2023-2872](CVE-2023/CVE-2023-28xx/CVE-2023-2872.json) (`2023-05-24T18:15:10.413`) -* [CVE-2023-2873](CVE-2023/CVE-2023-28xx/CVE-2023-2873.json) (`2023-05-24T18:15:10.493`) -* [CVE-2023-33980](CVE-2023/CVE-2023-339xx/CVE-2023-33980.json) (`2023-05-24T18:15:10.827`) -* [CVE-2023-33981](CVE-2023/CVE-2023-339xx/CVE-2023-33981.json) (`2023-05-24T18:15:10.877`) -* [CVE-2023-33982](CVE-2023/CVE-2023-339xx/CVE-2023-33982.json) (`2023-05-24T18:15:10.927`) -* [CVE-2023-33983](CVE-2023/CVE-2023-339xx/CVE-2023-33983.json) (`2023-05-24T18:15:10.983`) -* [CVE-2023-2868](CVE-2023/CVE-2023-28xx/CVE-2023-2868.json) (`2023-05-24T19:15:09.363`) -* [CVE-2023-2874](CVE-2023/CVE-2023-28xx/CVE-2023-2874.json) (`2023-05-24T19:15:09.443`) -* [CVE-2023-2875](CVE-2023/CVE-2023-28xx/CVE-2023-2875.json) (`2023-05-24T19:15:09.517`) +* [CVE-2023-25598](CVE-2023/CVE-2023-255xx/CVE-2023-25598.json) (`2023-05-24T20:15:09.913`) +* [CVE-2023-31457](CVE-2023/CVE-2023-314xx/CVE-2023-31457.json) (`2023-05-24T20:15:09.977`) +* [CVE-2023-31459](CVE-2023/CVE-2023-314xx/CVE-2023-31459.json) (`2023-05-24T20:15:10.033`) +* [CVE-2023-31460](CVE-2023/CVE-2023-314xx/CVE-2023-31460.json) (`2023-05-24T20:15:10.093`) +* [CVE-2023-31595](CVE-2023/CVE-2023-315xx/CVE-2023-31595.json) (`2023-05-24T20:15:10.150`) +* [CVE-2023-33785](CVE-2023/CVE-2023-337xx/CVE-2023-33785.json) (`2023-05-24T20:15:10.210`) +* [CVE-2023-33786](CVE-2023/CVE-2023-337xx/CVE-2023-33786.json) (`2023-05-24T20:15:10.263`) +* [CVE-2023-33787](CVE-2023/CVE-2023-337xx/CVE-2023-33787.json) (`2023-05-24T20:15:10.317`) +* [CVE-2023-33788](CVE-2023/CVE-2023-337xx/CVE-2023-33788.json) (`2023-05-24T20:15:10.373`) +* [CVE-2023-33789](CVE-2023/CVE-2023-337xx/CVE-2023-33789.json) (`2023-05-24T20:15:10.430`) +* [CVE-2023-33790](CVE-2023/CVE-2023-337xx/CVE-2023-33790.json) (`2023-05-24T20:15:10.487`) +* [CVE-2023-33791](CVE-2023/CVE-2023-337xx/CVE-2023-33791.json) (`2023-05-24T20:15:10.543`) +* [CVE-2023-33792](CVE-2023/CVE-2023-337xx/CVE-2023-33792.json) (`2023-05-24T20:15:10.607`) +* [CVE-2023-33793](CVE-2023/CVE-2023-337xx/CVE-2023-33793.json) (`2023-05-24T20:15:10.663`) +* [CVE-2023-33794](CVE-2023/CVE-2023-337xx/CVE-2023-33794.json) (`2023-05-24T20:15:10.717`) +* [CVE-2023-33795](CVE-2023/CVE-2023-337xx/CVE-2023-33795.json) (`2023-05-24T20:15:10.773`) +* [CVE-2023-33796](CVE-2023/CVE-2023-337xx/CVE-2023-33796.json) (`2023-05-24T20:15:10.827`) +* [CVE-2023-33797](CVE-2023/CVE-2023-337xx/CVE-2023-33797.json) (`2023-05-24T20:15:10.893`) +* [CVE-2023-33798](CVE-2023/CVE-2023-337xx/CVE-2023-33798.json) (`2023-05-24T20:15:10.947`) +* [CVE-2023-33799](CVE-2023/CVE-2023-337xx/CVE-2023-33799.json) (`2023-05-24T20:15:11.003`) +* [CVE-2023-33800](CVE-2023/CVE-2023-338xx/CVE-2023-33800.json) (`2023-05-24T20:15:11.060`) +* [CVE-2023-25599](CVE-2023/CVE-2023-255xx/CVE-2023-25599.json) (`2023-05-24T21:15:11.380`) +* [CVE-2023-29721](CVE-2023/CVE-2023-297xx/CVE-2023-29721.json) (`2023-05-24T21:15:11.470`) +* [CVE-2023-31458](CVE-2023/CVE-2023-314xx/CVE-2023-31458.json) (`2023-05-24T21:15:11.520`) +* [CVE-2023-33829](CVE-2023/CVE-2023-338xx/CVE-2023-33829.json) (`2023-05-24T21:15:11.567`) ### CVEs modified in the last Commit -Recently modified CVEs: `9` +Recently modified CVEs: `31` -* [CVE-2022-31137](CVE-2022/CVE-2022-311xx/CVE-2022-31137.json) (`2023-05-24T18:15:09.563`) -* [CVE-2022-41544](CVE-2022/CVE-2022-415xx/CVE-2022-41544.json) (`2023-05-24T18:15:09.777`) -* [CVE-2023-1934](CVE-2023/CVE-2023-19xx/CVE-2023-1934.json) (`2023-05-24T18:15:09.877`) -* [CVE-2023-27350](CVE-2023/CVE-2023-273xx/CVE-2023-27350.json) (`2023-05-24T18:15:09.980`) -* [CVE-2023-27524](CVE-2023/CVE-2023-275xx/CVE-2023-27524.json) (`2023-05-24T18:15:10.103`) -* [CVE-2023-30256](CVE-2023/CVE-2023-302xx/CVE-2023-30256.json) (`2023-05-24T18:15:10.593`) -* [CVE-2023-31702](CVE-2023/CVE-2023-317xx/CVE-2023-31702.json) (`2023-05-24T18:15:10.673`) -* [CVE-2023-31703](CVE-2023/CVE-2023-317xx/CVE-2023-31703.json) (`2023-05-24T18:15:10.753`) -* [CVE-2023-27979](CVE-2023/CVE-2023-279xx/CVE-2023-27979.json) (`2023-05-24T19:28:04.420`) +* [CVE-2021-3737](CVE-2021/CVE-2021-37xx/CVE-2021-3737.json) (`2023-05-24T21:15:10.180`) +* [CVE-2021-4189](CVE-2021/CVE-2021-41xx/CVE-2021-4189.json) (`2023-05-24T21:15:10.313`) +* [CVE-2022-47378](CVE-2022/CVE-2022-473xx/CVE-2022-47378.json) (`2023-05-24T20:25:08.957`) +* [CVE-2022-47391](CVE-2022/CVE-2022-473xx/CVE-2022-47391.json) (`2023-05-24T20:25:29.760`) +* [CVE-2022-31001](CVE-2022/CVE-2022-310xx/CVE-2022-31001.json) (`2023-05-24T21:15:10.540`) +* [CVE-2022-31002](CVE-2022/CVE-2022-310xx/CVE-2022-31002.json) (`2023-05-24T21:15:10.667`) +* [CVE-2022-31003](CVE-2022/CVE-2022-310xx/CVE-2022-31003.json) (`2023-05-24T21:15:10.760`) +* [CVE-2022-45061](CVE-2022/CVE-2022-450xx/CVE-2022-45061.json) (`2023-05-24T21:15:10.923`) +* [CVE-2022-47516](CVE-2022/CVE-2022-475xx/CVE-2022-47516.json) (`2023-05-24T21:15:11.037`) +* [CVE-2023-20880](CVE-2023/CVE-2023-208xx/CVE-2023-20880.json) (`2023-05-24T20:19:03.607`) +* [CVE-2023-31611](CVE-2023/CVE-2023-316xx/CVE-2023-31611.json) (`2023-05-24T20:34:37.210`) +* [CVE-2023-31679](CVE-2023/CVE-2023-316xx/CVE-2023-31679.json) (`2023-05-24T20:39:39.120`) +* [CVE-2023-31677](CVE-2023/CVE-2023-316xx/CVE-2023-31677.json) (`2023-05-24T20:40:42.440`) +* [CVE-2023-31544](CVE-2023/CVE-2023-315xx/CVE-2023-31544.json) (`2023-05-24T20:41:01.150`) +* [CVE-2023-32787](CVE-2023/CVE-2023-327xx/CVE-2023-32787.json) (`2023-05-24T20:41:17.287`) +* [CVE-2023-30281](CVE-2023/CVE-2023-302xx/CVE-2023-30281.json) (`2023-05-24T20:41:21.293`) +* [CVE-2023-30189](CVE-2023/CVE-2023-301xx/CVE-2023-30189.json) (`2023-05-24T20:41:34.643`) +* [CVE-2023-32313](CVE-2023/CVE-2023-323xx/CVE-2023-32313.json) (`2023-05-24T20:43:19.080`) +* [CVE-2023-32314](CVE-2023/CVE-2023-323xx/CVE-2023-32314.json) (`2023-05-24T20:50:46.247`) +* [CVE-2023-1729](CVE-2023/CVE-2023-17xx/CVE-2023-1729.json) (`2023-05-24T20:55:15.687`) +* [CVE-2023-31145](CVE-2023/CVE-2023-311xx/CVE-2023-31145.json) (`2023-05-24T20:59:00.897`) +* [CVE-2023-32068](CVE-2023/CVE-2023-320xx/CVE-2023-32068.json) (`2023-05-24T21:02:50.490`) +* [CVE-2023-31725](CVE-2023/CVE-2023-317xx/CVE-2023-31725.json) (`2023-05-24T21:03:41.430`) +* [CVE-2023-22741](CVE-2023/CVE-2023-227xx/CVE-2023-22741.json) (`2023-05-24T21:15:11.190`) +* [CVE-2023-31724](CVE-2023/CVE-2023-317xx/CVE-2023-31724.json) (`2023-05-24T21:17:19.583`) ## Download and Usage