From e362d714dc8729511c4aa54d04ddfc9a270cf3bb Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 22 Jun 2023 02:00:32 +0000 Subject: [PATCH] Auto-Update: 2023-06-22T02:00:28.536874+00:00 --- CVE-2023/CVE-2023-10xx/CVE-2023-1049.json | 85 +++++- CVE-2023/CVE-2023-264xx/CVE-2023-26427.json | 6 +- CVE-2023/CVE-2023-264xx/CVE-2023-26428.json | 6 +- CVE-2023/CVE-2023-264xx/CVE-2023-26429.json | 6 +- CVE-2023/CVE-2023-264xx/CVE-2023-26431.json | 6 +- CVE-2023/CVE-2023-264xx/CVE-2023-26432.json | 6 +- CVE-2023/CVE-2023-264xx/CVE-2023-26433.json | 6 +- CVE-2023/CVE-2023-264xx/CVE-2023-26434.json | 6 +- CVE-2023/CVE-2023-264xx/CVE-2023-26435.json | 6 +- CVE-2023/CVE-2023-264xx/CVE-2023-26436.json | 6 +- CVE-2023/CVE-2023-311xx/CVE-2023-31196.json | 278 +++++++++++++++++++- CVE-2023/CVE-2023-311xx/CVE-2023-31198.json | 278 +++++++++++++++++++- CVE-2023/CVE-2023-319xx/CVE-2023-31975.json | 6 +- CVE-2023/CVE-2023-31xx/CVE-2023-3161.json | 134 +++++++++- CVE-2023/CVE-2023-331xx/CVE-2023-33122.json | 7 +- CVE-2023/CVE-2023-334xx/CVE-2023-33476.json | 6 +- CVE-2023/CVE-2023-342xx/CVE-2023-34237.json | 75 +++++- CVE-2023/CVE-2023-342xx/CVE-2023-34238.json | 78 +++++- CVE-2023/CVE-2023-349xx/CVE-2023-34940.json | 76 +++++- README.md | 28 +- 20 files changed, 1050 insertions(+), 55 deletions(-) diff --git a/CVE-2023/CVE-2023-10xx/CVE-2023-1049.json b/CVE-2023/CVE-2023-10xx/CVE-2023-1049.json index a0eaa5f1fe5..a0679796c2b 100644 --- a/CVE-2023/CVE-2023-10xx/CVE-2023-1049.json +++ b/CVE-2023/CVE-2023-10xx/CVE-2023-1049.json @@ -2,8 +2,8 @@ "id": "CVE-2023-1049", "sourceIdentifier": "cybersecurity@se.com", "published": "2023-06-14T08:15:08.773", - "lastModified": "2023-06-14T12:54:19.587", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-22T00:57:14.267", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "cybersecurity@se.com", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "cybersecurity@se.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +64,69 @@ "value": "CWE-94" } ] + }, + { + "source": "cybersecurity@se.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:schneider-electric:ecostruxure_operator_terminal_expert:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.3", + "matchCriteriaId": "5705916B-E189-4314-AD32-C8D42991DFA2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:schneider-electric:ecostruxure_operator_terminal_expert:3.3:-:*:*:*:*:*:*", + "matchCriteriaId": "A6EAEC62-F689-43A2-8EDB-68867661ED92" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:schneider-electric:ecostruxure_operator_terminal_expert:3.3:sp1:*:*:*:*:*:*", + "matchCriteriaId": "17F5EDCD-B9E6-40D7-88FC-C2685384C5B4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:schneider-electric:pro-face_blue:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.3", + "matchCriteriaId": "297C4149-AA1F-4033-BD74-0FB908783399" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:schneider-electric:pro-face_blue:3.3:-:*:*:*:*:*:*", + "matchCriteriaId": "FB229476-7E0C-46ED-817D-C9A72250CC5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:schneider-electric:pro-face_blue:3.3:sp1:*:*:*:*:*:*", + "matchCriteriaId": "78D3C9DF-3354-47E0-881F-4B59CE22BCF7" + } + ] + } + ] } ], "references": [ { "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-164-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-164-01.pdf", - "source": "cybersecurity@se.com" + "source": "cybersecurity@se.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-264xx/CVE-2023-26427.json b/CVE-2023/CVE-2023-264xx/CVE-2023-26427.json index fba66736e58..060d1d2c8ee 100644 --- a/CVE-2023/CVE-2023-264xx/CVE-2023-26427.json +++ b/CVE-2023/CVE-2023-264xx/CVE-2023-26427.json @@ -2,7 +2,7 @@ "id": "CVE-2023-26427", "sourceIdentifier": "security@open-xchange.com", "published": "2023-06-20T08:15:09.073", - "lastModified": "2023-06-20T13:03:08.293", + "lastModified": "2023-06-22T00:15:46.907", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -47,6 +47,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/Jun/8", + "source": "security@open-xchange.com" + }, { "url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0002.json", "source": "security@open-xchange.com" diff --git a/CVE-2023/CVE-2023-264xx/CVE-2023-26428.json b/CVE-2023/CVE-2023-264xx/CVE-2023-26428.json index 61987506d01..2e78fce8446 100644 --- a/CVE-2023/CVE-2023-264xx/CVE-2023-26428.json +++ b/CVE-2023/CVE-2023-264xx/CVE-2023-26428.json @@ -2,7 +2,7 @@ "id": "CVE-2023-26428", "sourceIdentifier": "security@open-xchange.com", "published": "2023-06-20T08:15:09.163", - "lastModified": "2023-06-20T13:03:08.293", + "lastModified": "2023-06-22T00:15:47.120", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -47,6 +47,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/Jun/8", + "source": "security@open-xchange.com" + }, { "url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0002.json", "source": "security@open-xchange.com" diff --git a/CVE-2023/CVE-2023-264xx/CVE-2023-26429.json b/CVE-2023/CVE-2023-264xx/CVE-2023-26429.json index d9e47ff85a9..ee731ebc4b2 100644 --- a/CVE-2023/CVE-2023-264xx/CVE-2023-26429.json +++ b/CVE-2023/CVE-2023-264xx/CVE-2023-26429.json @@ -2,7 +2,7 @@ "id": "CVE-2023-26429", "sourceIdentifier": "security@open-xchange.com", "published": "2023-06-20T08:15:09.230", - "lastModified": "2023-06-20T13:03:08.293", + "lastModified": "2023-06-22T00:15:47.190", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -47,6 +47,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/Jun/8", + "source": "security@open-xchange.com" + }, { "url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0002.json", "source": "security@open-xchange.com" diff --git a/CVE-2023/CVE-2023-264xx/CVE-2023-26431.json b/CVE-2023/CVE-2023-264xx/CVE-2023-26431.json index bb9cb67eee5..a26f5570ad0 100644 --- a/CVE-2023/CVE-2023-264xx/CVE-2023-26431.json +++ b/CVE-2023/CVE-2023-264xx/CVE-2023-26431.json @@ -2,7 +2,7 @@ "id": "CVE-2023-26431", "sourceIdentifier": "security@open-xchange.com", "published": "2023-06-20T08:15:09.297", - "lastModified": "2023-06-20T13:03:08.293", + "lastModified": "2023-06-22T00:15:47.260", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -47,6 +47,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/Jun/8", + "source": "security@open-xchange.com" + }, { "url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0002.json", "source": "security@open-xchange.com" diff --git a/CVE-2023/CVE-2023-264xx/CVE-2023-26432.json b/CVE-2023/CVE-2023-264xx/CVE-2023-26432.json index 8ed57df6c07..1c527cdf511 100644 --- a/CVE-2023/CVE-2023-264xx/CVE-2023-26432.json +++ b/CVE-2023/CVE-2023-264xx/CVE-2023-26432.json @@ -2,7 +2,7 @@ "id": "CVE-2023-26432", "sourceIdentifier": "security@open-xchange.com", "published": "2023-06-20T08:15:09.360", - "lastModified": "2023-06-20T13:03:08.293", + "lastModified": "2023-06-22T00:15:47.337", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -47,6 +47,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/Jun/8", + "source": "security@open-xchange.com" + }, { "url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0002.json", "source": "security@open-xchange.com" diff --git a/CVE-2023/CVE-2023-264xx/CVE-2023-26433.json b/CVE-2023/CVE-2023-264xx/CVE-2023-26433.json index 44cfee39fc1..1303982c321 100644 --- a/CVE-2023/CVE-2023-264xx/CVE-2023-26433.json +++ b/CVE-2023/CVE-2023-264xx/CVE-2023-26433.json @@ -2,7 +2,7 @@ "id": "CVE-2023-26433", "sourceIdentifier": "security@open-xchange.com", "published": "2023-06-20T08:15:09.427", - "lastModified": "2023-06-20T13:03:08.293", + "lastModified": "2023-06-22T00:15:47.413", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -47,6 +47,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/Jun/8", + "source": "security@open-xchange.com" + }, { "url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0002.json", "source": "security@open-xchange.com" diff --git a/CVE-2023/CVE-2023-264xx/CVE-2023-26434.json b/CVE-2023/CVE-2023-264xx/CVE-2023-26434.json index 3e73f11636f..53c5480864b 100644 --- a/CVE-2023/CVE-2023-264xx/CVE-2023-26434.json +++ b/CVE-2023/CVE-2023-264xx/CVE-2023-26434.json @@ -2,7 +2,7 @@ "id": "CVE-2023-26434", "sourceIdentifier": "security@open-xchange.com", "published": "2023-06-20T08:15:09.487", - "lastModified": "2023-06-20T13:03:08.293", + "lastModified": "2023-06-22T00:15:47.480", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -47,6 +47,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/Jun/8", + "source": "security@open-xchange.com" + }, { "url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0002.json", "source": "security@open-xchange.com" diff --git a/CVE-2023/CVE-2023-264xx/CVE-2023-26435.json b/CVE-2023/CVE-2023-264xx/CVE-2023-26435.json index cf2a9202836..fd68b92fc5e 100644 --- a/CVE-2023/CVE-2023-264xx/CVE-2023-26435.json +++ b/CVE-2023/CVE-2023-264xx/CVE-2023-26435.json @@ -2,7 +2,7 @@ "id": "CVE-2023-26435", "sourceIdentifier": "security@open-xchange.com", "published": "2023-06-20T08:15:09.547", - "lastModified": "2023-06-20T13:03:08.293", + "lastModified": "2023-06-22T00:15:47.550", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -47,6 +47,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/Jun/8", + "source": "security@open-xchange.com" + }, { "url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0002.json", "source": "security@open-xchange.com" diff --git a/CVE-2023/CVE-2023-264xx/CVE-2023-26436.json b/CVE-2023/CVE-2023-264xx/CVE-2023-26436.json index 5bb2deecdf3..14cd3732d17 100644 --- a/CVE-2023/CVE-2023-264xx/CVE-2023-26436.json +++ b/CVE-2023/CVE-2023-264xx/CVE-2023-26436.json @@ -2,7 +2,7 @@ "id": "CVE-2023-26436", "sourceIdentifier": "security@open-xchange.com", "published": "2023-06-20T08:15:09.607", - "lastModified": "2023-06-20T13:03:08.293", + "lastModified": "2023-06-22T00:15:47.627", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -47,6 +47,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/Jun/8", + "source": "security@open-xchange.com" + }, { "url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0002.json", "source": "security@open-xchange.com" diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31196.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31196.json index f8a7fd38fd9..1f853b9e564 100644 --- a/CVE-2023/CVE-2023-311xx/CVE-2023-31196.json +++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31196.json @@ -2,23 +2,291 @@ "id": "CVE-2023-31196", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-06-13T10:15:10.450", - "lastModified": "2023-06-13T13:00:37.647", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-22T00:39:39.483", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Missing authentication for critical function in Wi-Fi AP UNIT allows a remote unauthenticated attacker to obtain sensitive information of the affected products. Affected products and versions are as follows: AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM v1.05_B04 and earlier, AC-PD-WAPU-P v1.05_B04P and earlier, AC-PD-WAPUM-P v1.05_B04P and earlier, AC-WAPU-300 v1.00_B07 and earlier, AC-WAPUM-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B07 and earlier" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:inaba:ac-pd-wapu_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.05_b04", + "matchCriteriaId": "1EBA3293-0B06-49DA-98B0-6DBE377C33D3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:inaba:ac-pd-wapu:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0DD102C1-A095-40AE-8463-A75679CE4F38" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:inaba:ac-pd-wapum_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.05_b04", + "matchCriteriaId": "A895D9FC-2A3C-4988-802B-8669E18AF4F5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:inaba:ac-pd-wapum:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB9F8A92-34B5-4EB3-80A7-9A1835E6143A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:inaba:ac-pd-wapu-p_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.05_b04p", + "matchCriteriaId": "22AE9D59-9EE0-4286-99FD-87F8BEB5660E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:inaba:ac-pd-wapu-p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2E5CF9E1-B26F-430B-930A-43BF6A29F75B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:inaba:ac-pd-wapum-p_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.05_b04p", + "matchCriteriaId": "654D0464-B759-4D32-8DDD-81F59331C291" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:inaba:ac-pd-wapum-p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ADD85E35-1962-4B63-951D-AC6B35F240B7" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:inaba:ac-wapu-300_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.00_b07", + "matchCriteriaId": "68C8C3E3-E6C2-4CBE-B5ED-EC030060E692" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:inaba:ac-wapu-300:-:*:*:*:*:*:*:*", + "matchCriteriaId": "383369D2-D9D1-44F6-8323-712805103579" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:inaba:ac-wapum-300_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.00_b07", + "matchCriteriaId": "AA85541E-423A-4029-A5AF-AAA01A021DBD" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:inaba:ac-wapum-300:-:*:*:*:*:*:*:*", + "matchCriteriaId": "305906A3-AAA3-4CAD-A72D-B46838BA255F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:inaba:ac-wapum-300-p_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.00_b07", + "matchCriteriaId": "93F275F4-6102-4A82-A617-41CB6E711FA1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:inaba:ac-wapum-300-p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C1B508D0-8D80-4308-ABC0-77A2F20359AF" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:inaba:ac-wapu-300-p_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.00_b07", + "matchCriteriaId": "33A9129B-ACDB-4FFD-AD0F-6E6D53A8E254" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:inaba:ac-wapu-300-p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "962D58E3-E4AE-46B6-9788-156C6AD995EC" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN28412757/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Mitigation", + "Third Party Advisory" + ] }, { "url": "https://www.inaba.co.jp/abaniact/news/Wi-Fi_AP_UNIT%E3%81%AB%E3%81%8A%E3%81%91%E3%82%8B%E8%A4%87%E6%95%B0%E3%81%AE%E8%84%86%E5%BC%B1%E6%80%A7%E3%81%AB%E3%81%A4%E3%81%84%E3%81%A6.pdf", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31198.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31198.json index 80c4aed6846..c0163c60e73 100644 --- a/CVE-2023/CVE-2023-311xx/CVE-2023-31198.json +++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31198.json @@ -2,23 +2,291 @@ "id": "CVE-2023-31198", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-06-13T10:15:10.493", - "lastModified": "2023-06-13T13:00:37.647", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-22T00:46:57.240", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "OS command injection vulnerability exists in Wi-Fi AP UNIT allows. If this vulnerability is exploited, a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. Affected products and versions are as follows: AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM v1.05_B04 and earlier, AC-PD-WAPU-P v1.05_B04P and earlier, AC-PD-WAPUM-P v1.05_B04P and earlier, AC-WAPU-300 v1.00_B07 and earlier, AC-WAPUM-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B07 and earlier" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:inaba:ac-pd-wapu_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.05_b04", + "matchCriteriaId": "1EBA3293-0B06-49DA-98B0-6DBE377C33D3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:inaba:ac-pd-wapu:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0DD102C1-A095-40AE-8463-A75679CE4F38" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:inaba:ac-pd-wapum_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.05_b04", + "matchCriteriaId": "A895D9FC-2A3C-4988-802B-8669E18AF4F5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:inaba:ac-pd-wapum:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB9F8A92-34B5-4EB3-80A7-9A1835E6143A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:inaba:ac-pd-wapu-p_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.05_b04p", + "matchCriteriaId": "22AE9D59-9EE0-4286-99FD-87F8BEB5660E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:inaba:ac-pd-wapu-p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2E5CF9E1-B26F-430B-930A-43BF6A29F75B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:inaba:ac-pd-wapum-p_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.05_b04p", + "matchCriteriaId": "654D0464-B759-4D32-8DDD-81F59331C291" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:inaba:ac-pd-wapum-p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ADD85E35-1962-4B63-951D-AC6B35F240B7" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:inaba:ac-wapu-300_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.00_b07", + "matchCriteriaId": "68C8C3E3-E6C2-4CBE-B5ED-EC030060E692" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:inaba:ac-wapu-300:-:*:*:*:*:*:*:*", + "matchCriteriaId": "383369D2-D9D1-44F6-8323-712805103579" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:inaba:ac-wapum-300_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.00_b07", + "matchCriteriaId": "AA85541E-423A-4029-A5AF-AAA01A021DBD" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:inaba:ac-wapum-300:-:*:*:*:*:*:*:*", + "matchCriteriaId": "305906A3-AAA3-4CAD-A72D-B46838BA255F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:inaba:ac-wapum-300-p_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.00_b07", + "matchCriteriaId": "93F275F4-6102-4A82-A617-41CB6E711FA1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:inaba:ac-wapum-300-p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C1B508D0-8D80-4308-ABC0-77A2F20359AF" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:inaba:ac-wapu-300-p_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.00_b07", + "matchCriteriaId": "33A9129B-ACDB-4FFD-AD0F-6E6D53A8E254" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:inaba:ac-wapu-300-p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "962D58E3-E4AE-46B6-9788-156C6AD995EC" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN28412757/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Mitigation", + "Third Party Advisory" + ] }, { "url": "https://www.inaba.co.jp/abaniact/news/Wi-Fi_AP_UNIT%E3%81%AB%E3%81%8A%E3%81%91%E3%82%8B%E8%A4%87%E6%95%B0%E3%81%AE%E8%84%86%E5%BC%B1%E6%80%A7%E3%81%AB%E3%81%A4%E3%81%84%E3%81%A6.pdf", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-319xx/CVE-2023-31975.json b/CVE-2023/CVE-2023-319xx/CVE-2023-31975.json index b19c50e8a69..60e1c09ad26 100644 --- a/CVE-2023/CVE-2023-319xx/CVE-2023-31975.json +++ b/CVE-2023/CVE-2023-319xx/CVE-2023-31975.json @@ -2,7 +2,7 @@ "id": "CVE-2023-31975", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-09T13:15:18.590", - "lastModified": "2023-06-21T21:15:11.250", + "lastModified": "2023-06-22T00:15:47.717", "vulnStatus": "Modified", "descriptions": [ { @@ -72,6 +72,10 @@ "url": "http://www.openwall.com/lists/oss-security/2023/06/21/10", "source": "cve@mitre.org" }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/06/21/13", + "source": "cve@mitre.org" + }, { "url": "http://www.openwall.com/lists/oss-security/2023/06/21/2", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3161.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3161.json index 56e79cecd6f..f56ee52288b 100644 --- a/CVE-2023/CVE-2023-31xx/CVE-2023-3161.json +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3161.json @@ -2,16 +2,49 @@ "id": "CVE-2023-3161", "sourceIdentifier": "secalert@redhat.com", "published": "2023-06-12T20:15:12.910", - "lastModified": "2023-06-13T13:00:53.777", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-22T00:17:17.553", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-682" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -23,14 +56,105 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.2", + "matchCriteriaId": "108695B6-7133-4B6C-80AF-0F66880FE858" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:*", + "matchCriteriaId": "FF501633-2F44-4913-A8EE-B021929F49F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:*", + "matchCriteriaId": "2BDA597B-CAC1-4DF0-86F0-42E142C654E9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:*", + "matchCriteriaId": "725C78C9-12CE-406F-ABE8-0813A01D66E8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc4:*:*:*:*:*:*", + "matchCriteriaId": "A127C155-689C-4F67-B146-44A57F4BFD85" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc5:*:*:*:*:*:*", + "matchCriteriaId": "D34127CC-68F5-4703-A5F6-5006F803E4AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc6:*:*:*:*:*:*", + "matchCriteriaId": "4AB8D555-648E-4F2F-98BD-3E7F45BD12A8" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213485", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://github.com/torvalds/linux/commit/2b09d5d364986f724f17001ccfe4126b9b43a0be", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33122.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33122.json index ce4ec399a6f..10ba47e47eb 100644 --- a/CVE-2023/CVE-2023-331xx/CVE-2023-33122.json +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33122.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33122", "sourceIdentifier": "productcert@siemens.com", "published": "2023-06-13T09:15:18.380", - "lastModified": "2023-06-21T20:32:43.770", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-06-22T00:05:51.170", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -92,8 +92,9 @@ { "vulnerable": true, "criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.2.0", "versionEndExcluding": "13.2.0.13", - "matchCriteriaId": "29CAB414-2971-4974-9F19-1809F33B9715" + "matchCriteriaId": "FC06105E-8D31-4AFD-88C6-2E58D01CFFE8" }, { "vulnerable": true, diff --git a/CVE-2023/CVE-2023-334xx/CVE-2023-33476.json b/CVE-2023/CVE-2023-334xx/CVE-2023-33476.json index 07a8bb62550..4922e71a54d 100644 --- a/CVE-2023/CVE-2023-334xx/CVE-2023-33476.json +++ b/CVE-2023/CVE-2023-334xx/CVE-2023-33476.json @@ -2,7 +2,7 @@ "id": "CVE-2023-33476", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-02T14:15:09.437", - "lastModified": "2023-06-21T22:15:09.430", + "lastModified": "2023-06-22T00:15:47.853", "vulnStatus": "Modified", "descriptions": [ { @@ -91,6 +91,10 @@ "tags": [ "Product" ] + }, + { + "url": "https://www.debian.org/security/2023/dsa-5434", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34237.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34237.json index 0ee827ce0ee..ee93fa204a7 100644 --- a/CVE-2023/CVE-2023-342xx/CVE-2023-34237.json +++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34237.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34237", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-07T20:15:10.097", - "lastModified": "2023-06-07T20:24:12.193", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-22T00:05:35.827", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,22 +76,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sabnzbd:sabnzbd:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.1.0", + "versionEndExcluding": "4.0.2", + "matchCriteriaId": "0793A3BA-34F2-4029-8CF1-CDAB4F72F1B5" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/sabnzbd/sabnzbd/commit/422b4fce7bfd56e95a315be0400cdfdc585df7cc", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/sabnzbd/sabnzbd/commit/e3a722664819d1c7c8fab97144cc299b1c18b429", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-hhgh-xgh3-985r", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://sabnzbd.org/wiki/configuration/4.0/general", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34238.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34238.json index a6977c2e03c..263d8554a9a 100644 --- a/CVE-2023/CVE-2023-342xx/CVE-2023-34238.json +++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34238.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34238", "sourceIdentifier": "security-advisories@github.com", "published": "2023-06-08T00:15:09.907", - "lastModified": "2023-06-08T02:44:28.663", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-22T00:11:42.943", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,18 +76,54 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gatsbyjs:gatsby:*:*:*:*:*:node.js:*:*", + "versionEndExcluding": "4.25.7", + "matchCriteriaId": "1440439C-1B43-4FD0-827C-494618E603FE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gatsbyjs:gatsby:*:*:*:*:*:node.js:*:*", + "versionStartIncluding": "5.0.0", + "versionEndExcluding": "5.9.1", + "matchCriteriaId": "5884BD00-9554-40D4-9191-11FD8B156579" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/gatsbyjs/gatsby/commit/ae5a654eb346b2e7a9d341b809b2f82d34c0f17c", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/gatsbyjs/gatsby/commit/fc22f4ba3ad7ca5fb3592f38f4f0ca8ae60b4bf7", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/gatsbyjs/gatsby/security/advisories/GHSA-c6f8-8r25-c4gc", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34940.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34940.json index 57f04a4aae9..a87115e1b98 100644 --- a/CVE-2023/CVE-2023-349xx/CVE-2023-34940.json +++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34940.json @@ -2,19 +2,87 @@ "id": "CVE-2023-34940", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-12T20:15:12.723", - "lastModified": "2023-06-13T13:01:10.377", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-22T00:25:59.467", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED ** Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the url parameter at /start-apply.html. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:asus:rt-n10lx_firmware:2.0.0.39:*:*:*:*:*:*:*", + "matchCriteriaId": "F5EC1456-4577-4859-BD0F-92730E14A953" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:asus:rt-n10lx:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2D86D41E-35A2-4713-BDFE-5577586D0DE1" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/OlivierLaflamme/cve/blob/main/ASUS-N10LX_2.0.0.39/URLFilterList_Stack_BOF.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 9c2192b9c29..23369b09f02 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-06-21T23:55:26.618815+00:00 +2023-06-22T02:00:28.536874+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-06-21T22:15:09.430000+00:00 +2023-06-22T00:57:14.267000+00:00 ``` ### Last Data Feed Release @@ -23,7 +23,7 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-06-21T00:00:13.655453+00:00 +2023-06-22T00:00:13.547547+00:00 ``` ### Total Number of included CVEs @@ -40,9 +40,27 @@ Recently added CVEs: `0` ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `19` -* [CVE-2023-33476](CVE-2023/CVE-2023-334xx/CVE-2023-33476.json) (`2023-06-21T22:15:09.430`) +* [CVE-2023-34237](CVE-2023/CVE-2023-342xx/CVE-2023-34237.json) (`2023-06-22T00:05:35.827`) +* [CVE-2023-33122](CVE-2023/CVE-2023-331xx/CVE-2023-33122.json) (`2023-06-22T00:05:51.170`) +* [CVE-2023-34238](CVE-2023/CVE-2023-342xx/CVE-2023-34238.json) (`2023-06-22T00:11:42.943`) +* [CVE-2023-26427](CVE-2023/CVE-2023-264xx/CVE-2023-26427.json) (`2023-06-22T00:15:46.907`) +* [CVE-2023-26428](CVE-2023/CVE-2023-264xx/CVE-2023-26428.json) (`2023-06-22T00:15:47.120`) +* [CVE-2023-26429](CVE-2023/CVE-2023-264xx/CVE-2023-26429.json) (`2023-06-22T00:15:47.190`) +* [CVE-2023-26431](CVE-2023/CVE-2023-264xx/CVE-2023-26431.json) (`2023-06-22T00:15:47.260`) +* [CVE-2023-26432](CVE-2023/CVE-2023-264xx/CVE-2023-26432.json) (`2023-06-22T00:15:47.337`) +* [CVE-2023-26433](CVE-2023/CVE-2023-264xx/CVE-2023-26433.json) (`2023-06-22T00:15:47.413`) +* [CVE-2023-26434](CVE-2023/CVE-2023-264xx/CVE-2023-26434.json) (`2023-06-22T00:15:47.480`) +* [CVE-2023-26435](CVE-2023/CVE-2023-264xx/CVE-2023-26435.json) (`2023-06-22T00:15:47.550`) +* [CVE-2023-26436](CVE-2023/CVE-2023-264xx/CVE-2023-26436.json) (`2023-06-22T00:15:47.627`) +* [CVE-2023-31975](CVE-2023/CVE-2023-319xx/CVE-2023-31975.json) (`2023-06-22T00:15:47.717`) +* [CVE-2023-33476](CVE-2023/CVE-2023-334xx/CVE-2023-33476.json) (`2023-06-22T00:15:47.853`) +* [CVE-2023-3161](CVE-2023/CVE-2023-31xx/CVE-2023-3161.json) (`2023-06-22T00:17:17.553`) +* [CVE-2023-34940](CVE-2023/CVE-2023-349xx/CVE-2023-34940.json) (`2023-06-22T00:25:59.467`) +* [CVE-2023-31196](CVE-2023/CVE-2023-311xx/CVE-2023-31196.json) (`2023-06-22T00:39:39.483`) +* [CVE-2023-31198](CVE-2023/CVE-2023-311xx/CVE-2023-31198.json) (`2023-06-22T00:46:57.240`) +* [CVE-2023-1049](CVE-2023/CVE-2023-10xx/CVE-2023-1049.json) (`2023-06-22T00:57:14.267`) ## Download and Usage