diff --git a/CVE-2019/CVE-2019-251xx/CVE-2019-25136.json b/CVE-2019/CVE-2019-251xx/CVE-2019-25136.json index 2aa4a33230e..e6304e975e9 100644 --- a/CVE-2019/CVE-2019-251xx/CVE-2019-25136.json +++ b/CVE-2019/CVE-2019-251xx/CVE-2019-25136.json @@ -2,23 +2,82 @@ "id": "CVE-2019-25136", "sourceIdentifier": "security@mozilla.org", "published": "2023-06-19T11:15:09.430", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T08:24:44.760", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox < 70." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "70.0", + "matchCriteriaId": "F4EA7BDA-DA95-46FB-8568-E857D3479994" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1530709", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2019-34/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-484xx/CVE-2022-48486.json b/CVE-2022/CVE-2022-484xx/CVE-2022-48486.json index 869ecf7dbb3..da1fb91e5fd 100644 --- a/CVE-2022/CVE-2022-484xx/CVE-2022-48486.json +++ b/CVE-2022/CVE-2022-484xx/CVE-2022-48486.json @@ -2,19 +2,74 @@ "id": "CVE-2022-48486", "sourceIdentifier": "psirt@huawei.com", "published": "2023-06-19T17:15:11.333", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:22:57.603", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/6/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-484xx/CVE-2022-48487.json b/CVE-2022/CVE-2022-484xx/CVE-2022-48487.json index 441a0fd333e..67152d66bac 100644 --- a/CVE-2022/CVE-2022-484xx/CVE-2022-48487.json +++ b/CVE-2022/CVE-2022-484xx/CVE-2022-48487.json @@ -2,19 +2,74 @@ "id": "CVE-2022-48487", "sourceIdentifier": "psirt@huawei.com", "published": "2023-06-19T17:15:11.383", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:22:43.867", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/6/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-484xx/CVE-2022-48488.json b/CVE-2022/CVE-2022-484xx/CVE-2022-48488.json index 29099354da4..e8ba45d54f8 100644 --- a/CVE-2022/CVE-2022-484xx/CVE-2022-48488.json +++ b/CVE-2022/CVE-2022-484xx/CVE-2022-48488.json @@ -2,19 +2,89 @@ "id": "CVE-2022-48488", "sourceIdentifier": "psirt@huawei.com", "published": "2023-06-19T17:15:11.427", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:22:34.537", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Vulnerability of bypassing the default desktop security controls.Successful exploitation of this vulnerability may cause unauthorized modifications to the desktop." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:11.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "511F8CE2-C2B6-4A08-B992-49D9B75B8655" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "2DF07E7F-3A18-4B74-B73D-DF3647C2A48F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/6/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-484xx/CVE-2022-48489.json b/CVE-2022/CVE-2022-484xx/CVE-2022-48489.json index 83ed42ddc3a..06ed7bd2ca7 100644 --- a/CVE-2022/CVE-2022-484xx/CVE-2022-48489.json +++ b/CVE-2022/CVE-2022-484xx/CVE-2022-48489.json @@ -2,19 +2,74 @@ "id": "CVE-2022-48489", "sourceIdentifier": "psirt@huawei.com", "published": "2023-06-19T17:15:11.467", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:22:11.070", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/6/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-484xx/CVE-2022-48490.json b/CVE-2022/CVE-2022-484xx/CVE-2022-48490.json index e594be616cc..446c2f4e1b1 100644 --- a/CVE-2022/CVE-2022-484xx/CVE-2022-48490.json +++ b/CVE-2022/CVE-2022-484xx/CVE-2022-48490.json @@ -2,19 +2,74 @@ "id": "CVE-2022-48490", "sourceIdentifier": "psirt@huawei.com", "published": "2023-06-19T17:15:11.507", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:21:52.790", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/6/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-484xx/CVE-2022-48491.json b/CVE-2022/CVE-2022-484xx/CVE-2022-48491.json index 03788c39c2f..711be0fc059 100644 --- a/CVE-2022/CVE-2022-484xx/CVE-2022-48491.json +++ b/CVE-2022/CVE-2022-484xx/CVE-2022-48491.json @@ -2,19 +2,89 @@ "id": "CVE-2022-48491", "sourceIdentifier": "psirt@huawei.com", "published": "2023-06-19T17:15:11.547", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:14:42.187", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Vulnerability of missing authentication on certain HUAWEI phones.Successful exploitation of this vulnerability can lead to ads and other windows to display at any time." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:11.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "511F8CE2-C2B6-4A08-B992-49D9B75B8655" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "2DF07E7F-3A18-4B74-B73D-DF3647C2A48F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/6/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-484xx/CVE-2022-48492.json b/CVE-2022/CVE-2022-484xx/CVE-2022-48492.json index 34216790e57..d9b323b5e4c 100644 --- a/CVE-2022/CVE-2022-484xx/CVE-2022-48492.json +++ b/CVE-2022/CVE-2022-484xx/CVE-2022-48492.json @@ -2,19 +2,74 @@ "id": "CVE-2022-48492", "sourceIdentifier": "psirt@huawei.com", "published": "2023-06-19T17:15:11.590", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:21:08.040", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/6/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-484xx/CVE-2022-48493.json b/CVE-2022/CVE-2022-484xx/CVE-2022-48493.json index 3b9a25afcba..6550745248d 100644 --- a/CVE-2022/CVE-2022-484xx/CVE-2022-48493.json +++ b/CVE-2022/CVE-2022-484xx/CVE-2022-48493.json @@ -2,19 +2,74 @@ "id": "CVE-2022-48493", "sourceIdentifier": "psirt@huawei.com", "published": "2023-06-19T17:15:11.633", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:20:58.523", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/6/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-484xx/CVE-2022-48494.json b/CVE-2022/CVE-2022-484xx/CVE-2022-48494.json index 458f0494975..948cb3bcc94 100644 --- a/CVE-2022/CVE-2022-484xx/CVE-2022-48494.json +++ b/CVE-2022/CVE-2022-484xx/CVE-2022-48494.json @@ -2,19 +2,89 @@ "id": "CVE-2022-48494", "sourceIdentifier": "psirt@huawei.com", "published": "2023-06-19T17:15:11.673", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:20:46.213", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:11.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "511F8CE2-C2B6-4A08-B992-49D9B75B8655" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "2DF07E7F-3A18-4B74-B73D-DF3647C2A48F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/6/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-484xx/CVE-2022-48495.json b/CVE-2022/CVE-2022-484xx/CVE-2022-48495.json index 1731ac9377c..54d727e5fe5 100644 --- a/CVE-2022/CVE-2022-484xx/CVE-2022-48495.json +++ b/CVE-2022/CVE-2022-484xx/CVE-2022-48495.json @@ -2,19 +2,84 @@ "id": "CVE-2022-48495", "sourceIdentifier": "psirt@huawei.com", "published": "2023-06-19T17:15:11.710", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:20:20.187", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Vulnerability of unauthorized access to foreground app information.Successful exploitation of this vulnerability may cause foreground app information to be obtained." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "2DF07E7F-3A18-4B74-B73D-DF3647C2A48F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/6/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-484xx/CVE-2022-48496.json b/CVE-2022/CVE-2022-484xx/CVE-2022-48496.json index de71b0a0dca..ff9acdec677 100644 --- a/CVE-2022/CVE-2022-484xx/CVE-2022-48496.json +++ b/CVE-2022/CVE-2022-484xx/CVE-2022-48496.json @@ -2,19 +2,89 @@ "id": "CVE-2022-48496", "sourceIdentifier": "psirt@huawei.com", "published": "2023-06-19T17:15:11.753", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:19:58.250", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:11.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "511F8CE2-C2B6-4A08-B992-49D9B75B8655" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "2DF07E7F-3A18-4B74-B73D-DF3647C2A48F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/6/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-484xx/CVE-2022-48497.json b/CVE-2022/CVE-2022-484xx/CVE-2022-48497.json index e50e267ae58..1dfe1981bcf 100644 --- a/CVE-2022/CVE-2022-484xx/CVE-2022-48497.json +++ b/CVE-2022/CVE-2022-484xx/CVE-2022-48497.json @@ -2,19 +2,74 @@ "id": "CVE-2022-48497", "sourceIdentifier": "psirt@huawei.com", "published": "2023-06-19T17:15:11.793", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:19:04.713", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/6/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-484xx/CVE-2022-48498.json b/CVE-2022/CVE-2022-484xx/CVE-2022-48498.json index 50d37fd6d0a..5de7bbf13df 100644 --- a/CVE-2022/CVE-2022-484xx/CVE-2022-48498.json +++ b/CVE-2022/CVE-2022-484xx/CVE-2022-48498.json @@ -2,19 +2,74 @@ "id": "CVE-2022-48498", "sourceIdentifier": "psirt@huawei.com", "published": "2023-06-19T17:15:11.833", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:25:39.587", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/6/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-484xx/CVE-2022-48499.json b/CVE-2022/CVE-2022-484xx/CVE-2022-48499.json index 0d241cb47a5..ee8b8a13529 100644 --- a/CVE-2022/CVE-2022-484xx/CVE-2022-48499.json +++ b/CVE-2022/CVE-2022-484xx/CVE-2022-48499.json @@ -2,19 +2,74 @@ "id": "CVE-2022-48499", "sourceIdentifier": "psirt@huawei.com", "published": "2023-06-19T17:15:11.880", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:25:33.157", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/6/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48500.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48500.json index 7de4f240045..f2f35bfce39 100644 --- a/CVE-2022/CVE-2022-485xx/CVE-2022-48500.json +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48500.json @@ -2,19 +2,74 @@ "id": "CVE-2022-48500", "sourceIdentifier": "psirt@huawei.com", "published": "2023-06-19T17:15:11.920", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:25:24.280", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/6/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48501.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48501.json index b32ebbf80c0..50c2a0adbdf 100644 --- a/CVE-2022/CVE-2022-485xx/CVE-2022-48501.json +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48501.json @@ -2,19 +2,74 @@ "id": "CVE-2022-48501", "sourceIdentifier": "psirt@huawei.com", "published": "2023-06-19T17:15:11.960", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:25:05.427", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/6/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-03xx/CVE-2023-0368.json b/CVE-2023/CVE-2023-03xx/CVE-2023-0368.json index 344d54d94f2..17939b313fc 100644 --- a/CVE-2023/CVE-2023-03xx/CVE-2023-0368.json +++ b/CVE-2023/CVE-2023-03xx/CVE-2023-0368.json @@ -2,18 +2,41 @@ "id": "CVE-2023-0368", "sourceIdentifier": "contact@wpscan.com", "published": "2023-06-19T11:15:09.537", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T08:24:02.290", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Responsive Tabs For WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -21,12 +44,44 @@ "value": "CWE-79" } ] + }, + { + "source": "contact@wpscan.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:responsive_tabs_for_wpbakery_page_builder_project:responsive_tabs_for_wpbakery_page_builder:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.1", + "matchCriteriaId": "502EE688-CA1B-4746-85EB-64B6CC6312DE" + } + ] + } + ] } ], "references": [ { "url": "https://wpscan.com/vulnerability/b41e5c09-1034-48a7-ac0f-d4db6e7a3b3e", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-04xx/CVE-2023-0489.json b/CVE-2023/CVE-2023-04xx/CVE-2023-0489.json index 6088bacb274..a181f5b60d5 100644 --- a/CVE-2023/CVE-2023-04xx/CVE-2023-0489.json +++ b/CVE-2023/CVE-2023-04xx/CVE-2023-0489.json @@ -2,15 +2,38 @@ "id": "CVE-2023-0489", "sourceIdentifier": "contact@wpscan.com", "published": "2023-06-19T11:15:09.607", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:02:52.517", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The SlideOnline WordPress plugin through 1.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:slideonline_project:sideonline:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2.1", + "matchCriteriaId": "5239049D-4DBA-4FE3-BB03-E24E410F9644" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/238842ee-6392-4eb2-96cb-08e4ece6fca1", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2221.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2221.json index 5771330cd10..9f9b65101da 100644 --- a/CVE-2023/CVE-2023-22xx/CVE-2023-2221.json +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2221.json @@ -2,15 +2,38 @@ "id": "CVE-2023-2221", "sourceIdentifier": "contact@wpscan.com", "published": "2023-06-19T11:15:09.987", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:04:13.750", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wp_custom_cursors_project:wp_custom_cursors:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.2", + "matchCriteriaId": "DE7A1D10-5F04-4569-9CE4-70F35D85DE41" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/6666688e-7239-4d40-a348-307cf8f3b657", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2359.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2359.json index e236e7a69d9..dd822208030 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2359.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2359.json @@ -2,18 +2,41 @@ "id": "CVE-2023-2359", "sourceIdentifier": "contact@wpscan.com", "published": "2023-06-19T11:15:10.043", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:05:21.227", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -21,12 +44,44 @@ "value": "CWE-94" } ] + }, + { + "source": "contact@wpscan.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:themepunch:slider_revolution:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "6.6.12", + "matchCriteriaId": "607B75DE-E868-4B5B-8075-A17AF8B3C2C2" + } + ] + } + ] } ], "references": [ { "url": "https://wpscan.com/vulnerability/a8350890-e6d4-4b04-a158-2b0ee3748e65", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2399.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2399.json index 744d5bdf3b7..8d20c3b8751 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2399.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2399.json @@ -2,15 +2,38 @@ "id": "CVE-2023-2399", "sourceIdentifier": "contact@wpscan.com", "published": "2023-06-19T11:15:10.100", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:05:54.310", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The QuBot WordPress plugin before 1.1.6 doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qudata:qubot:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.1.6", + "matchCriteriaId": "036915D4-E8E0-47EA-BD76-A0D9A8204743" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/deca3cd3-f7cf-469f-9f7e-3612f7ae514d", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2401.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2401.json index 050f44c1e46..37512640202 100644 --- a/CVE-2023/CVE-2023-24xx/CVE-2023-2401.json +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2401.json @@ -2,15 +2,38 @@ "id": "CVE-2023-2401", "sourceIdentifier": "contact@wpscan.com", "published": "2023-06-19T11:15:10.153", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:06:09.077", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qudata:qubot:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.1.6", + "matchCriteriaId": "036915D4-E8E0-47EA-BD76-A0D9A8204743" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/0746ea56-dd88-4fc3-86a3-54408eef1f94", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2492.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2492.json index 41dab6b6a10..636730cf96f 100644 --- a/CVE-2023/CVE-2023-24xx/CVE-2023-2492.json +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2492.json @@ -2,15 +2,38 @@ "id": "CVE-2023-2492", "sourceIdentifier": "contact@wpscan.com", "published": "2023-06-19T11:15:10.213", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:06:43.527", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The QueryWall: Plug'n Play Firewall WordPress plugin through 1.1.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:querywall_plug\\'n_play_firewall_project:querywall_plug\\'n_play_firewall:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.1.1", + "matchCriteriaId": "EC9DEBF0-A830-4D1D-8B13-937ED68991F6" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/fa7c54c2-5653-4d3d-8163-f3d63272c050", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25733.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25733.json index 98c0137fb46..374dfa79ffd 100644 --- a/CVE-2023/CVE-2023-257xx/CVE-2023-25733.json +++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25733.json @@ -2,23 +2,82 @@ "id": "CVE-2023-25733", "sourceIdentifier": "security@mozilla.org", "published": "2023-06-19T11:15:09.670", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T08:29:15.320", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potentially lead to a null pointer dereference. This vulnerability affects Firefox < 110." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-252" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "110.0", + "matchCriteriaId": "811EBB2F-0FAA-49DB-8B16-99341814C3D1" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1808632", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25736.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25736.json index bf5e0d44c89..c404c9bfa7d 100644 --- a/CVE-2023/CVE-2023-257xx/CVE-2023-25736.json +++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25736.json @@ -2,23 +2,82 @@ "id": "CVE-2023-25736", "sourceIdentifier": "security@mozilla.org", "published": "2023-06-19T11:15:09.713", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T08:29:24.847", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior. This vulnerability affects Firefox < 110." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "110.0", + "matchCriteriaId": "811EBB2F-0FAA-49DB-8B16-99341814C3D1" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1811331", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25747.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25747.json index e9b7a39044d..5b867a4ad9b 100644 --- a/CVE-2023/CVE-2023-257xx/CVE-2023-25747.json +++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25747.json @@ -2,23 +2,82 @@ "id": "CVE-2023-25747", "sourceIdentifier": "security@mozilla.org", "published": "2023-06-19T11:15:09.753", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T08:29:53.053", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30.\n*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 110.1.0." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*", + "versionEndExcluding": "110.1", + "matchCriteriaId": "644DDE1A-D08C-4F8A-94C9-F1B2CC1F4462" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1815801", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-08/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2527.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2527.json index 889a149162a..59af3eef2e7 100644 --- a/CVE-2023/CVE-2023-25xx/CVE-2023-2527.json +++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2527.json @@ -2,19 +2,52 @@ "id": "CVE-2023-2527", "sourceIdentifier": "contact@wpscan.com", "published": "2023-06-19T11:15:10.270", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:07:45.317", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, + { + "source": "contact@wpscan.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -23,10 +56,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:crmperks:integration_for_contact_form_7_and_zoho_crm\\,_bigin:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.2.4", + "matchCriteriaId": "C97C04B3-F19A-4145-ADEE-68A7A906B0C2" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/8051142a-4e55-4dc2-9cb1-1b724c67574f", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-26xx/CVE-2023-2600.json b/CVE-2023/CVE-2023-26xx/CVE-2023-2600.json index 0a8357ec9e6..c8a8f5dd116 100644 --- a/CVE-2023/CVE-2023-26xx/CVE-2023-2600.json +++ b/CVE-2023/CVE-2023-26xx/CVE-2023-2600.json @@ -2,15 +2,38 @@ "id": "CVE-2023-2600", "sourceIdentifier": "contact@wpscan.com", "published": "2023-06-19T11:15:10.327", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:09:12.117", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Custom Base Terms WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:artprojectgroup:custom_base_terms:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.0.3", + "matchCriteriaId": "3C6A45F3-2363-4263-A8B4-9E43B8FC59EC" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/8e1d65c3-14e4-482f-ae9e-323e847a8613", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-26xx/CVE-2023-2654.json b/CVE-2023/CVE-2023-26xx/CVE-2023-2654.json index d75c88c79ad..855d96ed918 100644 --- a/CVE-2023/CVE-2023-26xx/CVE-2023-2654.json +++ b/CVE-2023/CVE-2023-26xx/CVE-2023-2654.json @@ -2,15 +2,38 @@ "id": "CVE-2023-2654", "sourceIdentifier": "contact@wpscan.com", "published": "2023-06-19T11:15:10.380", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:09:42.810", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:themify:conditional_menus:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.2.1", + "matchCriteriaId": "3E4A41C0-5970-4EBE-9F57-38AEEAD50150" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/506ecee9-8e42-46de-9c5c-fc252ab2646e", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-26xx/CVE-2023-2684.json b/CVE-2023/CVE-2023-26xx/CVE-2023-2684.json index e73af87bcf6..66120c2eeee 100644 --- a/CVE-2023/CVE-2023-26xx/CVE-2023-2684.json +++ b/CVE-2023/CVE-2023-26xx/CVE-2023-2684.json @@ -2,15 +2,38 @@ "id": "CVE-2023-2684", "sourceIdentifier": "contact@wpscan.com", "published": "2023-06-19T11:15:10.433", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:10:18.867", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpfactory:file_renaming_on_upload:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.5.2", + "matchCriteriaId": "62F45B59-2681-4CE3-8D68-87C610C0997A" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/42b1f017-c497-4825-b12a-8dce3e108a55", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2719.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2719.json index 55c2923bcb7..9fb62315631 100644 --- a/CVE-2023/CVE-2023-27xx/CVE-2023-2719.json +++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2719.json @@ -2,15 +2,38 @@ "id": "CVE-2023-2719", "sourceIdentifier": "contact@wpscan.com", "published": "2023-06-19T11:15:10.487", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:10:43.483", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the `id` parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:supportcandy:supportcandy:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.1.7", + "matchCriteriaId": "7AA91086-CCE7-4F66-8DBB-4D95EEC36BC2" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/d9f6f4e7-a237-49c0-aba0-2934ab019e35", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2742.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2742.json index b75cbe1657c..335231f4b5e 100644 --- a/CVE-2023/CVE-2023-27xx/CVE-2023-2742.json +++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2742.json @@ -2,15 +2,38 @@ "id": "CVE-2023-2742", "sourceIdentifier": "contact@wpscan.com", "published": "2023-06-19T11:15:10.543", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:11:15.447", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:quantumcloud:ai_chatbot:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "4.5.5", + "matchCriteriaId": "B3FF6963-6CC2-4789-A1AD-F8A38F6B5029" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/f689442a-a851-4140-a10c-ac579f9da142", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2751.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2751.json index 03f11cb8002..ac0f6708d2d 100644 --- a/CVE-2023/CVE-2023-27xx/CVE-2023-2751.json +++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2751.json @@ -2,15 +2,38 @@ "id": "CVE-2023-2751", "sourceIdentifier": "contact@wpscan.com", "published": "2023-06-19T11:15:10.600", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:12:48.077", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resume_upload_form shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:upload_resume_project:upload_resume:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2.0", + "matchCriteriaId": "BFC61969-3811-43DA-A010-5DDC488C7063" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/1b0fe0ac-d0d1-473d-af5b-dad6217933d4", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29531.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29531.json index 92614cfb1b3..2edbbf254c0 100644 --- a/CVE-2023/CVE-2023-295xx/CVE-2023-29531.json +++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29531.json @@ -2,31 +2,120 @@ "id": "CVE-2023-29531", "sourceIdentifier": "security@mozilla.org", "published": "2023-06-19T10:15:09.373", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T08:28:43.307", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash.\n\n*This bug only affects Firefox and\u00a0Thunderbird for macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "112.0", + "matchCriteriaId": "8C6578F4-B46C-473F-8A17-CA6026C32FBE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "102.10", + "matchCriteriaId": "03736567-251A-4F75-992E-AB7C957FB587" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", + "versionEndExcluding": "102.10", + "matchCriteriaId": "7C8C9D9E-9BDA-475D-B7D6-10D1C6E9DD72" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1794292", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-13/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-14/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-15/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29532.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29532.json index 81754e6c079..c880e0c6936 100644 --- a/CVE-2023/CVE-2023-295xx/CVE-2023-29532.json +++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29532.json @@ -2,31 +2,120 @@ "id": "CVE-2023-29532", "sourceIdentifier": "security@mozilla.org", "published": "2023-06-19T10:15:09.430", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T08:27:48.237", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server.\n\n*Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "112.0", + "matchCriteriaId": "8C6578F4-B46C-473F-8A17-CA6026C32FBE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "102.10", + "matchCriteriaId": "03736567-251A-4F75-992E-AB7C957FB587" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", + "versionEndExcluding": "102.10", + "matchCriteriaId": "7C8C9D9E-9BDA-475D-B7D6-10D1C6E9DD72" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1806394", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-13/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-14/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-15/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29534.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29534.json index 5506e417063..74c2281679e 100644 --- a/CVE-2023/CVE-2023-295xx/CVE-2023-29534.json +++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29534.json @@ -2,47 +2,130 @@ "id": "CVE-2023-29534", "sourceIdentifier": "security@mozilla.org", "published": "2023-06-19T11:15:09.797", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T08:30:13.163", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks.\n\n*This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*", + "versionEndExcluding": "112.0", + "matchCriteriaId": "216F0EFA-865A-45F5-B50F-B734312ED45D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:android:*:*", + "versionEndExcluding": "112.0", + "matchCriteriaId": "D34FE946-8097-46DD-B902-6E93F45D4E2E" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1816007", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Permissions Required" + ] }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1816059", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Permissions Required" + ] }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1821155", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Permissions Required" + ] }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1821576", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Permissions Required" + ] }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1821906", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Permissions Required" + ] }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1822298", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Permissions Required" + ] }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1822305", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-13/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29542.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29542.json index 389e4d23264..323e3b1d563 100644 --- a/CVE-2023/CVE-2023-295xx/CVE-2023-29542.json +++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29542.json @@ -2,35 +2,127 @@ "id": "CVE-2023-29542", "sourceIdentifier": "security@mozilla.org", "published": "2023-06-19T11:15:09.847", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T08:51:31.017", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code.\n\n*This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox\u00a0and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "112.0", + "matchCriteriaId": "8C6578F4-B46C-473F-8A17-CA6026C32FBE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "102.10", + "matchCriteriaId": "03736567-251A-4F75-992E-AB7C957FB587" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", + "versionEndExcluding": "102.10", + "matchCriteriaId": "7C8C9D9E-9BDA-475D-B7D6-10D1C6E9DD72" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1810793", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Permissions Required" + ] }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1815062", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-13/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-14/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-15/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29545.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29545.json index a3b90fda1df..eed62c023be 100644 --- a/CVE-2023/CVE-2023-295xx/CVE-2023-29545.json +++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29545.json @@ -2,31 +2,108 @@ "id": "CVE-2023-29545", "sourceIdentifier": "security@mozilla.org", "published": "2023-06-19T11:15:09.890", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T08:51:49.257", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. \n\n*This bug only affects Firefox and\u00a0Thunderbird on Windows. Other versions of Firefox and\u00a0Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "112.0", + "matchCriteriaId": "8C6578F4-B46C-473F-8A17-CA6026C32FBE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "102.10", + "matchCriteriaId": "03736567-251A-4F75-992E-AB7C957FB587" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", + "versionEndExcluding": "102.10", + "matchCriteriaId": "7C8C9D9E-9BDA-475D-B7D6-10D1C6E9DD72" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1823077", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-13/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-14/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-15/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29546.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29546.json index 0975137774a..bee1b5435c9 100644 --- a/CVE-2023/CVE-2023-295xx/CVE-2023-29546.json +++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29546.json @@ -2,23 +2,88 @@ "id": "CVE-2023-29546", "sourceIdentifier": "security@mozilla.org", "published": "2023-06-19T11:15:09.943", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T08:52:01.453", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. \n\n*This bug only affects Firefox for Android. Other operating systems are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*", + "versionEndExcluding": "112.0", + "matchCriteriaId": "216F0EFA-865A-45F5-B50F-B734312ED45D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:android:*:*", + "versionEndExcluding": "112.0", + "matchCriteriaId": "D34FE946-8097-46DD-B902-6E93F45D4E2E" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1780842", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-13/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32208.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32208.json index 46db55c0f7b..ba2ee9a8c06 100644 --- a/CVE-2023/CVE-2023-322xx/CVE-2023-32208.json +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32208.json @@ -2,23 +2,82 @@ "id": "CVE-2023-32208", "sourceIdentifier": "security@mozilla.org", "published": "2023-06-19T10:15:09.480", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T08:27:23.427", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Service workers could reveal script base URL due to dynamic `import()`. This vulnerability affects Firefox < 113." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "113.0", + "matchCriteriaId": "D953B9B0-5231-4517-BCDC-2120FBE1B9F4" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1646034", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-16/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32209.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32209.json index a6f4003d5fa..d2bdf076154 100644 --- a/CVE-2023/CVE-2023-322xx/CVE-2023-32209.json +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32209.json @@ -2,23 +2,82 @@ "id": "CVE-2023-32209", "sourceIdentifier": "security@mozilla.org", "published": "2023-06-19T10:15:09.523", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T08:27:30.540", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A maliciously crafted favicon could have led to an out of memory crash. This vulnerability affects Firefox < 113." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "113.0", + "matchCriteriaId": "D953B9B0-5231-4517-BCDC-2120FBE1B9F4" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1767194", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-16/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32210.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32210.json index a3fa1455b38..1ad1ccc6fe5 100644 --- a/CVE-2023/CVE-2023-322xx/CVE-2023-32210.json +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32210.json @@ -2,23 +2,82 @@ "id": "CVE-2023-32210", "sourceIdentifier": "security@mozilla.org", "published": "2023-06-19T10:15:09.573", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T08:26:14.937", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended. This vulnerability affects Firefox < 113." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "113.0", + "matchCriteriaId": "D953B9B0-5231-4517-BCDC-2120FBE1B9F4" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1776755", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-16/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32214.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32214.json index 574628494bf..7f9dcb9f13e 100644 --- a/CVE-2023/CVE-2023-322xx/CVE-2023-32214.json +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32214.json @@ -2,31 +2,120 @@ "id": "CVE-2023-32214", "sourceIdentifier": "security@mozilla.org", "published": "2023-06-19T10:15:09.613", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T08:25:27.197", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service.\n*Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "113.0", + "matchCriteriaId": "D953B9B0-5231-4517-BCDC-2120FBE1B9F4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "102.11", + "matchCriteriaId": "6487CCA9-C946-4313-A93A-350828389D8F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", + "versionEndExcluding": "102.11", + "matchCriteriaId": "8AD4D2C8-87C4-4E70-8499-2C6E3892DFC0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1828716", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-16/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-17/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-18/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32216.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32216.json index 810aa725751..cffffbf557c 100644 --- a/CVE-2023/CVE-2023-322xx/CVE-2023-32216.json +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32216.json @@ -2,23 +2,75 @@ "id": "CVE-2023-32216", "sourceIdentifier": "security@mozilla.org", "published": "2023-06-19T10:15:09.660", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T08:25:02.820", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Memory safety bugs present in Firefox 112. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "113.0", + "matchCriteriaId": "D953B9B0-5231-4517-BCDC-2120FBE1B9F4" + } + ] + } + ] + } + ], "references": [ - { - "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1746479%2C1806852%2C1815987%2C1820359%2C1823568%2C1824803%2C1824834%2C1825170%2C1827020%2C1828130", - "source": "security@mozilla.org" - }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-16/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34155.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34155.json index d0cfbc29246..426b575c71a 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34155.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34155.json @@ -2,19 +2,74 @@ "id": "CVE-2023-34155", "sourceIdentifier": "psirt@huawei.com", "published": "2023-06-19T17:15:12.007", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:24:48.237", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Vulnerability of unauthorized calling on HUAWEI phones and tablets.Successful exploitation of this vulnerability may affect availability." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/6/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34156.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34156.json index 898a3b22339..488d31c3b7e 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34156.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34156.json @@ -2,19 +2,89 @@ "id": "CVE-2023-34156", "sourceIdentifier": "psirt@huawei.com", "published": "2023-06-19T17:15:12.050", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:24:17.830", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful exploitation of this vulnerability may cause services to be denied." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:11.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "511F8CE2-C2B6-4A08-B992-49D9B75B8655" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "2DF07E7F-3A18-4B74-B73D-DF3647C2A48F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/6/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-346xx/CVE-2023-34602.json b/CVE-2023/CVE-2023-346xx/CVE-2023-34602.json index 21cce9e37a8..dc684e8b9f1 100644 --- a/CVE-2023/CVE-2023-346xx/CVE-2023-34602.json +++ b/CVE-2023/CVE-2023-346xx/CVE-2023-34602.json @@ -2,19 +2,78 @@ "id": "CVE-2023-34602", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-19T06:15:09.047", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:00:22.307", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryTableDictItemsByCode at org.jeecg.modules.api.controller.SystemApiController." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jeecg:jeecgboot:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.5.1", + "matchCriteriaId": "10C93285-2128-4E13-8F27-3BA2A037D4E6" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/jeecgboot/jeecg-boot/issues/4983", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-346xx/CVE-2023-34603.json b/CVE-2023/CVE-2023-346xx/CVE-2023-34603.json index 57e4866ab23..e26ac5ef6fa 100644 --- a/CVE-2023/CVE-2023-346xx/CVE-2023-34603.json +++ b/CVE-2023/CVE-2023-346xx/CVE-2023-34603.json @@ -2,19 +2,77 @@ "id": "CVE-2023-34603", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-19T06:15:09.180", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:00:53.103", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.jeecg.modules.api.controller.SystemApiController." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jeecg:jeecgboot:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.5.1", + "matchCriteriaId": "10C93285-2128-4E13-8F27-3BA2A037D4E6" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/jeecgboot/jeecg-boot/issues/4984", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35005.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35005.json index 08c56c6c3a5..35ff3923cc6 100644 --- a/CVE-2023/CVE-2023-350xx/CVE-2023-35005.json +++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35005.json @@ -2,19 +2,52 @@ "id": "CVE-2023-35005", "sourceIdentifier": "security@apache.org", "published": "2023-06-19T09:15:09.380", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:02:07.793", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations.\n\nThis vulnerability is mitigated by the fact configuration is not shown in the UI by default (only if `[webserver] expose_config` is set to `non-sensitive-only`), and not all uncensored values are actually sentitive.\n\n\nThis issue affects Apache Airflow: from 2.5.0 before 2.6.2. Users are recommended to update to version 2.6.2 or later.\n\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ { - "source": "security@apache.org", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security@apache.org", + "type": "Secondary", "description": [ { "lang": "en", @@ -23,18 +56,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5.0", + "versionEndExcluding": "2.6.2", + "matchCriteriaId": "A5E73654-0236-4B7F-AEDF-94A8F5812E88" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/apache/airflow/pull/31788", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/apache/airflow/pull/31820", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://lists.apache.org/thread/o4f2cxh0054m9tlxpb81c1yhylor5gjd", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-357xx/CVE-2023-35772.json b/CVE-2023/CVE-2023-357xx/CVE-2023-35772.json index 3de40b3fab3..d838daff061 100644 --- a/CVE-2023/CVE-2023-357xx/CVE-2023-35772.json +++ b/CVE-2023/CVE-2023-357xx/CVE-2023-35772.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35772", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-19T14:15:09.620", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:16:29.973", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google_map_shortcode_project:google_map_shortcode:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.1.2", + "matchCriteriaId": "902A15F7-DA3D-4E62-AD27-AD0E0800CD5A" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/google-map-shortcode/wordpress-google-map-shortcode-plugin-3-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-357xx/CVE-2023-35775.json b/CVE-2023/CVE-2023-357xx/CVE-2023-35775.json index 52a016b845c..13ecb68acb7 100644 --- a/CVE-2023/CVE-2023-357xx/CVE-2023-35775.json +++ b/CVE-2023/CVE-2023-357xx/CVE-2023-35775.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35775", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-19T14:15:09.693", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:16:46.247", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wp_backup_solutions_project:wp_backup_solutions:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.13.1", + "matchCriteriaId": "80CFA4C3-D43F-45CE-911C-E4F6A8F7D25D" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-backup-manager/wordpress-wp-backup-manager-plugin-1-13-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-357xx/CVE-2023-35776.json b/CVE-2023/CVE-2023-357xx/CVE-2023-35776.json index ac66063dda8..aa02176c703 100644 --- a/CVE-2023/CVE-2023-357xx/CVE-2023-35776.json +++ b/CVE-2023/CVE-2023-357xx/CVE-2023-35776.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35776", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-19T14:15:09.763", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:18:01.660", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bearsthemes:sermons_online:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.0", + "matchCriteriaId": "8A3F336F-1E54-4DB3-9CF6-487518623F41" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/sermone-online-sermons-management/wordpress-sermon-e-sermons-online-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-357xx/CVE-2023-35779.json b/CVE-2023/CVE-2023-357xx/CVE-2023-35779.json index 2b869674633..0392f69011f 100644 --- a/CVE-2023/CVE-2023-357xx/CVE-2023-35779.json +++ b/CVE-2023/CVE-2023-357xx/CVE-2023-35779.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35779", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-19T14:15:09.827", - "lastModified": "2023-06-20T07:12:55.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T09:18:30.273", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:seedwebs:seed_fonts:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.3.1", + "matchCriteriaId": "CD95635A-B1E7-4DD0-A238-FA3E3C159E1F" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/seed-fonts/wordpress-seed-fonts-plugin-2-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36661.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36661.json index 6e331a81af4..33cc0d18535 100644 --- a/CVE-2023/CVE-2023-366xx/CVE-2023-36661.json +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36661.json @@ -2,7 +2,7 @@ "id": "CVE-2023-36661", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-25T22:15:21.403", - "lastModified": "2023-06-26T13:02:36.297", + "lastModified": "2023-06-27T08:15:11.477", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -15,6 +15,10 @@ { "url": "https://shibboleth.net/community/advisories/secadv_20230612.txt", "source": "cve@mitre.org" + }, + { + "url": "https://www.debian.org/security/2023/dsa-5432", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/README.md b/README.md index b4f23fa2610..cc55b4fccfe 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-06-27T08:00:26.510446+00:00 +2023-06-27T10:00:26.620084+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-06-27T06:15:43.867000+00:00 +2023-06-27T09:25:39.587000+00:00 ``` ### Last Data Feed Release @@ -40,11 +40,33 @@ Recently added CVEs: `0` ### CVEs modified in the last Commit -Recently modified CVEs: `3` +Recently modified CVEs: `55` -* [CVE-2022-0523](CVE-2022/CVE-2022-05xx/CVE-2022-0523.json) (`2023-06-27T06:15:42.043`) -* [CVE-2022-4686](CVE-2022/CVE-2022-46xx/CVE-2022-4686.json) (`2023-06-27T06:15:43.560`) -* [CVE-2023-2844](CVE-2023/CVE-2023-28xx/CVE-2023-2844.json) (`2023-06-27T06:15:43.867`) +* [CVE-2023-29542](CVE-2023/CVE-2023-295xx/CVE-2023-29542.json) (`2023-06-27T08:51:31.017`) +* [CVE-2023-29545](CVE-2023/CVE-2023-295xx/CVE-2023-29545.json) (`2023-06-27T08:51:49.257`) +* [CVE-2023-29546](CVE-2023/CVE-2023-295xx/CVE-2023-29546.json) (`2023-06-27T08:52:01.453`) +* [CVE-2023-34602](CVE-2023/CVE-2023-346xx/CVE-2023-34602.json) (`2023-06-27T09:00:22.307`) +* [CVE-2023-34603](CVE-2023/CVE-2023-346xx/CVE-2023-34603.json) (`2023-06-27T09:00:53.103`) +* [CVE-2023-35005](CVE-2023/CVE-2023-350xx/CVE-2023-35005.json) (`2023-06-27T09:02:07.793`) +* [CVE-2023-0489](CVE-2023/CVE-2023-04xx/CVE-2023-0489.json) (`2023-06-27T09:02:52.517`) +* [CVE-2023-2221](CVE-2023/CVE-2023-22xx/CVE-2023-2221.json) (`2023-06-27T09:04:13.750`) +* [CVE-2023-2359](CVE-2023/CVE-2023-23xx/CVE-2023-2359.json) (`2023-06-27T09:05:21.227`) +* [CVE-2023-2399](CVE-2023/CVE-2023-23xx/CVE-2023-2399.json) (`2023-06-27T09:05:54.310`) +* [CVE-2023-2401](CVE-2023/CVE-2023-24xx/CVE-2023-2401.json) (`2023-06-27T09:06:09.077`) +* [CVE-2023-2492](CVE-2023/CVE-2023-24xx/CVE-2023-2492.json) (`2023-06-27T09:06:43.527`) +* [CVE-2023-2527](CVE-2023/CVE-2023-25xx/CVE-2023-2527.json) (`2023-06-27T09:07:45.317`) +* [CVE-2023-2600](CVE-2023/CVE-2023-26xx/CVE-2023-2600.json) (`2023-06-27T09:09:12.117`) +* [CVE-2023-2654](CVE-2023/CVE-2023-26xx/CVE-2023-2654.json) (`2023-06-27T09:09:42.810`) +* [CVE-2023-2684](CVE-2023/CVE-2023-26xx/CVE-2023-2684.json) (`2023-06-27T09:10:18.867`) +* [CVE-2023-2719](CVE-2023/CVE-2023-27xx/CVE-2023-2719.json) (`2023-06-27T09:10:43.483`) +* [CVE-2023-2742](CVE-2023/CVE-2023-27xx/CVE-2023-2742.json) (`2023-06-27T09:11:15.447`) +* [CVE-2023-2751](CVE-2023/CVE-2023-27xx/CVE-2023-2751.json) (`2023-06-27T09:12:48.077`) +* [CVE-2023-35772](CVE-2023/CVE-2023-357xx/CVE-2023-35772.json) (`2023-06-27T09:16:29.973`) +* [CVE-2023-35775](CVE-2023/CVE-2023-357xx/CVE-2023-35775.json) (`2023-06-27T09:16:46.247`) +* [CVE-2023-35776](CVE-2023/CVE-2023-357xx/CVE-2023-35776.json) (`2023-06-27T09:18:01.660`) +* [CVE-2023-35779](CVE-2023/CVE-2023-357xx/CVE-2023-35779.json) (`2023-06-27T09:18:30.273`) +* [CVE-2023-34156](CVE-2023/CVE-2023-341xx/CVE-2023-34156.json) (`2023-06-27T09:24:17.830`) +* [CVE-2023-34155](CVE-2023/CVE-2023-341xx/CVE-2023-34155.json) (`2023-06-27T09:24:48.237`) ## Download and Usage