From eb2dc639aa3871b1470831f79980879850cb9562 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 27 Jun 2023 02:00:29 +0000 Subject: [PATCH] Auto-Update: 2023-06-27T02:00:25.836564+00:00 --- CVE-2023/CVE-2023-228xx/CVE-2023-22834.json | 43 +++ CVE-2023/CVE-2023-240xx/CVE-2023-24030.json | 357 +++++++++++++++++++- CVE-2023/CVE-2023-240xx/CVE-2023-24031.json | 182 +++++++++- CVE-2023/CVE-2023-242xx/CVE-2023-24243.json | 79 ++++- CVE-2023/CVE-2023-309xx/CVE-2023-30945.json | 4 +- CVE-2023/CVE-2023-347xx/CVE-2023-34795.json | 78 ++++- CVE-2023/CVE-2023-348xx/CVE-2023-34800.json | 85 ++++- README.md | 69 +--- 8 files changed, 811 insertions(+), 86 deletions(-) create mode 100644 CVE-2023/CVE-2023-228xx/CVE-2023-22834.json diff --git a/CVE-2023/CVE-2023-228xx/CVE-2023-22834.json b/CVE-2023/CVE-2023-228xx/CVE-2023-22834.json new file mode 100644 index 00000000000..b94cbc7f745 --- /dev/null +++ b/CVE-2023/CVE-2023-228xx/CVE-2023-22834.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-22834", + "sourceIdentifier": "cve-coordination@palantir.com", + "published": "2023-06-27T00:15:09.437", + "lastModified": "2023-06-27T01:40:40.277", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@palantir.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 2.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://palantir.safebase.us/?tcuUid=14874400-e9c9-4ac4-a8a6-9f4c48a56ff8", + "source": "cve-coordination@palantir.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-240xx/CVE-2023-24030.json b/CVE-2023/CVE-2023-240xx/CVE-2023-24030.json index 2fdb4383410..b175505c922 100644 --- a/CVE-2023/CVE-2023-240xx/CVE-2023-24030.json +++ b/CVE-2023/CVE-2023-240xx/CVE-2023-24030.json @@ -2,23 +2,370 @@ "id": "CVE-2023-24030", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-15T21:15:09.510", - "lastModified": "2023-06-16T03:19:08.410", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T01:28:16.913", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any URL if url sanitisation is bypassed in incoming requests. NOTE: this is similar, but not identical, to CVE-2021-34807." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de redirecci\u00f3n abierta en el Servlet \"/preauth\" en Zimbra Collaboration Suite a trav\u00e9s de las versiones 9.0 y 8.8.15. Para explotar la vulnerabilidad, un atacante necesitar\u00eda haber obtenido un token \"auth\" v\u00e1lido de Zimbra o un token \"preauth\" v\u00e1lido. Una vez obtenido el token, un atacante podr\u00eda redirigir a un usuario a cualquier URL si se salta la limpieza de urls en las peticiones entrantes. NOTA: esto es similar, pero no id\u00e9ntico, a CVE-2021-34807. " + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*", + "matchCriteriaId": "1B17C1A7-0F0A-4E7C-8C0C-0BBB0BF66C82" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p1:*:*:*:*:*:*", + "matchCriteriaId": "BA48C450-201C-4398-AB65-EF6F95FB0380" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p10:*:*:*:*:*:*", + "matchCriteriaId": "5F759114-CF2D-48BF-8D09-EBE8D1ED1949" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*", + "matchCriteriaId": "AE8BD950-24A2-4AFF-B7EE-6EE115BD75D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p12:*:*:*:*:*:*", + "matchCriteriaId": "C43634F5-2946-44D2-8A50-B717374A8126" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p13:*:*:*:*:*:*", + "matchCriteriaId": "20315895-5410-4B88-B2D9-E9C5D79A64DF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p14:*:*:*:*:*:*", + "matchCriteriaId": "BF405091-A832-4945-87EC-AA525F37DF91" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p15:*:*:*:*:*:*", + "matchCriteriaId": "C9B6FFA8-CFD2-47C6-9475-79210CB9AA84" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p16:*:*:*:*:*:*", + "matchCriteriaId": "964CA714-937C-4FC0-A1E9-07F846C786BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p17:*:*:*:*:*:*", + "matchCriteriaId": "DAF8F155-1406-46ED-A81F-BCC4CE525F43" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p18:*:*:*:*:*:*", + "matchCriteriaId": "56A8F56B-3457-4C19-B213-3B04FEE8D7A5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p19:*:*:*:*:*:*", + "matchCriteriaId": "B4F8D255-3F91-45FF-9133-4023BA688F9E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p2:*:*:*:*:*:*", + "matchCriteriaId": "37BC4DF5-D111-4295-94FC-AA8929CDF2A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p20:*:*:*:*:*:*", + "matchCriteriaId": "A9D50108-0404-4791-8057-DB1786D311C8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p21:*:*:*:*:*:*", + "matchCriteriaId": "F2A7E53F-8EAC-4DA9-8EAE-117759EFABEF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p22:*:*:*:*:*:*", + "matchCriteriaId": "858727DB-AE6F-435D-B8FD-6C94C3400E40" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p23:*:*:*:*:*:*", + "matchCriteriaId": "3FA6AC95-288C-4ABA-B2A7-47E4134EDC31" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p24:*:*:*:*:*:*", + "matchCriteriaId": "4AA82728-5901-482A-83CF-F883D4B6A8E5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p25:*:*:*:*:*:*", + "matchCriteriaId": "7E762792-542E-43D0-A95A-E7F48F328A28" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p26:*:*:*:*:*:*", + "matchCriteriaId": "6DD4641A-EC23-4B1A-8729-9AECD70390AF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p27:*:*:*:*:*:*", + "matchCriteriaId": "E0E3E825-1D1E-4ECD-B306-DD8BDCDD0547" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p28:*:*:*:*:*:*", + "matchCriteriaId": "840F98DC-57F1-4054-A6C1-6E7F0340AC2C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p29:*:*:*:*:*:*", + "matchCriteriaId": "EE2A1305-68B7-4CB7-837F-4EDE2EBED507" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*", + "matchCriteriaId": "21768A61-7578-4EEC-A23B-FEC10CAA9EDF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p30:*:*:*:*:*:*", + "matchCriteriaId": "CA758408-4302-43BC-BDC9-1B70EC5D2FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p31:*:*:*:*:*:*", + "matchCriteriaId": "822CDEBC-0650-4970-B46F-06F505993086" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p32:*:*:*:*:*:*", + "matchCriteriaId": "971B5005-4676-4D93-A7DD-6AFDC8D0BEEB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p33:*:*:*:*:*:*", + "matchCriteriaId": "81BC6A7F-D014-44B3-9361-20DB256D3C8D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p34:*:*:*:*:*:*", + "matchCriteriaId": "6A3DC694-4CCC-4E9F-B6E9-891B1DF115C8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p4:*:*:*:*:*:*", + "matchCriteriaId": "661403E7-1D65-4710-8413-47D74FF65BE4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*", + "matchCriteriaId": "0695D2E0-45B3-493C-BA6D-471B90C0ACC5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p6:*:*:*:*:*:*", + "matchCriteriaId": "714FAFE6-68AE-4304-B040-48BC46F85A2D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p7:*:*:*:*:*:*", + "matchCriteriaId": "73FC2D2D-8BBD-4259-8B35-0D9BFA40567B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p8:*:*:*:*:*:*", + "matchCriteriaId": "AB97E9E6-CC4A-458D-B731-6D51130B942C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p9:*:*:*:*:*:*", + "matchCriteriaId": "BA688C43-846A-4C4A-AEDB-113D967D3D73" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*", + "matchCriteriaId": "685D9652-2934-4C13-8B36-40582C79BFC1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*", + "matchCriteriaId": "5E4DF01A-1AA9-47E8-82FD-65A02ECA1376" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p1:*:*:*:*:*:*", + "matchCriteriaId": "BDE59185-B917-4A81-8DE4-C65A079F52FE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p10:*:*:*:*:*:*", + "matchCriteriaId": "BA3ED95F-95F2-4676-8EAF-B4B9EB64B260" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p11:*:*:*:*:*:*", + "matchCriteriaId": "4BB93336-CC3C-4B7F-B194-7DED036ABBAF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p12:*:*:*:*:*:*", + "matchCriteriaId": "876F1675-F65C-4E86-ADBD-36EB8D8A997D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p13:*:*:*:*:*:*", + "matchCriteriaId": "2306F526-9C56-4A57-AA9B-02F2D6058C97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p14:*:*:*:*:*:*", + "matchCriteriaId": "F9EA2A61-67AA-4B7E-BC6E-80EB1363EF85" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p15:*:*:*:*:*:*", + "matchCriteriaId": "C77A35B7-96F6-43A7-A747-C6AEEDE961E1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:*", + "matchCriteriaId": "B7A47276-F241-4A68-9458-E1481EBDC5E6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p2:*:*:*:*:*:*", + "matchCriteriaId": "12D0D469-6C9B-4B66-9581-DC319773238A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:*", + "matchCriteriaId": "B4CE2D12-AD31-4FED-AD0F-ADF64E92E1B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:*", + "matchCriteriaId": "BC19F11D-23D9-429D-A957-D67F23A40A01" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:*", + "matchCriteriaId": "AAFA2EE7-C965-4F27-8CAE-E607A9F202AD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:*", + "matchCriteriaId": "1D09DCF6-1C8F-4CA1-B7D4-AFDD4EB35771" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p3:*:*:*:*:*:*", + "matchCriteriaId": "C52705E6-2C6B-47BC-A0CD-F6AAE0BFC302" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*", + "matchCriteriaId": "33F50D8C-7027-4A8D-8E95-98C224283772" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p5:*:*:*:*:*:*", + "matchCriteriaId": "82000BA4-1781-4312-A7BD-92EC94D137AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p6:*:*:*:*:*:*", + "matchCriteriaId": "4B52D301-2559-457A-8FFB-F0915299355A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*", + "matchCriteriaId": "7215AE2C-8A33-4AB9-88D5-7C8CD11E806C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:*", + "matchCriteriaId": "8D859F77-8E39-4D46-BC90-C5C1D805A666" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p8:*:*:*:*:*:*", + "matchCriteriaId": "CDC810C7-45DA-4BDF-9138-2D3B2750243E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p9:*:*:*:*:*:*", + "matchCriteriaId": "E09D95A4-764D-4E0B-8605-1D94FD548AB2" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wiki.zimbra.com/wiki/Security_Center", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-240xx/CVE-2023-24031.json b/CVE-2023/CVE-2023-240xx/CVE-2023-24031.json index 175629cf76f..876134e3e95 100644 --- a/CVE-2023/CVE-2023-240xx/CVE-2023-24031.json +++ b/CVE-2023/CVE-2023-240xx/CVE-2023-24031.json @@ -2,23 +2,195 @@ "id": "CVE-2023-24031", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-15T21:15:09.550", - "lastModified": "2023-06-16T03:19:08.410", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T01:23:52.320", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 8.8.15. XSS can occur, via one of attributes of the webmail /h/ endpoint, to execute arbitrary JavaScript code, leading to information disclosure." + }, + { + "lang": "es", + "value": "Se ha descubierto un problema en Zimbra Collaboration (ZCS) v9.0 y v8.8.15. Cross-Site Scripting (XSS) puede ocurrir, a trav\u00e9s de uno de los atributos del endpoint /h/ del webmail, para ejecutar c\u00f3digo JavaScript arbitrario, lo que lleva a la divulgaci\u00f3n de informaci\u00f3n. " + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*", + "matchCriteriaId": "685D9652-2934-4C13-8B36-40582C79BFC1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*", + "matchCriteriaId": "5E4DF01A-1AA9-47E8-82FD-65A02ECA1376" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p1:*:*:*:*:*:*", + "matchCriteriaId": "BDE59185-B917-4A81-8DE4-C65A079F52FE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p10:*:*:*:*:*:*", + "matchCriteriaId": "BA3ED95F-95F2-4676-8EAF-B4B9EB64B260" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p11:*:*:*:*:*:*", + "matchCriteriaId": "4BB93336-CC3C-4B7F-B194-7DED036ABBAF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p12:*:*:*:*:*:*", + "matchCriteriaId": "876F1675-F65C-4E86-ADBD-36EB8D8A997D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p13:*:*:*:*:*:*", + "matchCriteriaId": "2306F526-9C56-4A57-AA9B-02F2D6058C97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p14:*:*:*:*:*:*", + "matchCriteriaId": "F9EA2A61-67AA-4B7E-BC6E-80EB1363EF85" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p15:*:*:*:*:*:*", + "matchCriteriaId": "C77A35B7-96F6-43A7-A747-C6AEEDE961E1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:*", + "matchCriteriaId": "B7A47276-F241-4A68-9458-E1481EBDC5E6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p2:*:*:*:*:*:*", + "matchCriteriaId": "12D0D469-6C9B-4B66-9581-DC319773238A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:*", + "matchCriteriaId": "B4CE2D12-AD31-4FED-AD0F-ADF64E92E1B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:*", + "matchCriteriaId": "BC19F11D-23D9-429D-A957-D67F23A40A01" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:*", + "matchCriteriaId": "AAFA2EE7-C965-4F27-8CAE-E607A9F202AD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:*", + "matchCriteriaId": "1D09DCF6-1C8F-4CA1-B7D4-AFDD4EB35771" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p3:*:*:*:*:*:*", + "matchCriteriaId": "C52705E6-2C6B-47BC-A0CD-F6AAE0BFC302" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*", + "matchCriteriaId": "33F50D8C-7027-4A8D-8E95-98C224283772" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p5:*:*:*:*:*:*", + "matchCriteriaId": "82000BA4-1781-4312-A7BD-92EC94D137AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p6:*:*:*:*:*:*", + "matchCriteriaId": "4B52D301-2559-457A-8FFB-F0915299355A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*", + "matchCriteriaId": "7215AE2C-8A33-4AB9-88D5-7C8CD11E806C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:*", + "matchCriteriaId": "8D859F77-8E39-4D46-BC90-C5C1D805A666" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p8:*:*:*:*:*:*", + "matchCriteriaId": "CDC810C7-45DA-4BDF-9138-2D3B2750243E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p9:*:*:*:*:*:*", + "matchCriteriaId": "E09D95A4-764D-4E0B-8605-1D94FD548AB2" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wiki.zimbra.com/wiki/Security_Center", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-242xx/CVE-2023-24243.json b/CVE-2023/CVE-2023-242xx/CVE-2023-24243.json index 8f7f61e3ae6..a426c3e0374 100644 --- a/CVE-2023/CVE-2023-242xx/CVE-2023-24243.json +++ b/CVE-2023/CVE-2023-242xx/CVE-2023-24243.json @@ -2,31 +2,96 @@ "id": "CVE-2023-24243", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-16T17:15:11.763", - "lastModified": "2023-06-16T18:24:22.883", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T01:41:08.693", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cdata:arc:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.0.8473", + "matchCriteriaId": "2D265371-BE14-4D36-AC35-0F1788883436" + } + ] + } + ] + } + ], "references": [ { "url": "https://arc.cdata.com/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://arc.cdata.com/trial/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://gist.github.com/d3vc0r3/6460a5f006e32a2ebffe739e411ab1b8", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://www.cdata.com/kb/entries/netembeddedserver-notice.rst", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30945.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30945.json index 05e2d6a9a03..3ebb710dc94 100644 --- a/CVE-2023/CVE-2023-309xx/CVE-2023-30945.json +++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30945.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30945", "sourceIdentifier": "cve-coordination@palantir.com", "published": "2023-06-26T23:15:09.193", - "lastModified": "2023-06-26T23:15:09.193", - "vulnStatus": "Received", + "lastModified": "2023-06-27T01:40:40.277", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-347xx/CVE-2023-34795.json b/CVE-2023/CVE-2023-347xx/CVE-2023-34795.json index caa9f20dd74..28d97dfbbaa 100644 --- a/CVE-2023/CVE-2023-347xx/CVE-2023-34795.json +++ b/CVE-2023/CVE-2023-347xx/CVE-2023-34795.json @@ -2,27 +2,93 @@ "id": "CVE-2023-34795", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-16T16:15:09.357", - "lastModified": "2023-06-16T16:41:02.630", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T01:54:04.317", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "xlsxio v0.1.2 to v0.2.34 was discovered to contain a free of uninitialized pointer in the xlsxioread_sheetlist_close() function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted XLSX file." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xlsxio_project:xlsxio:*:*:*:*:*:*:*:*", + "versionStartIncluding": "0.1.2", + "versionEndIncluding": "0.2.34", + "matchCriteriaId": "50C87490-7803-4A95-BAC2-918336FB88C6" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/brechtsanders/xlsxio/commit/d653f1604b54532f11b45dca1fa164b4a1f15e2d", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/brechtsanders/xlsxio/issues/121", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://github.com/xf1les/cve-advisories/blob/main/2023/CVE-2023-34795.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-348xx/CVE-2023-34800.json b/CVE-2023/CVE-2023-348xx/CVE-2023-34800.json index 1b7413df66e..1a03db6f890 100644 --- a/CVE-2023/CVE-2023-348xx/CVE-2023-34800.json +++ b/CVE-2023/CVE-2023-348xx/CVE-2023-34800.json @@ -2,23 +2,98 @@ "id": "CVE-2023-34800", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-15T21:15:09.677", - "lastModified": "2023-06-16T03:19:08.410", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-27T01:33:57.503", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at genacgi_main." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que D-Link Go-RT-AC750 revA_v101b03 contiene una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s del par\u00e1metro service en genacgi_main." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:go-rt-ac750_firmware:reva_1.01b03:*:*:*:*:*:*:*", + "matchCriteriaId": "1B975BD2-5567-4B7A-BC8D-633B5D446556" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:go-rt-ac750:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EE067003-B0B5-4419-8BB3-A31C015276D0" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/Tyaoo/IoT-Vuls/blob/main/dlink/Go-RT-AC750/vul.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.dlink.com/en/security-bulletin/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index bf21425c9d4..a4786ed35da 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-06-26T23:55:25.310449+00:00 +2023-06-27T02:00:25.836564+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-06-26T23:15:09.193000+00:00 +2023-06-27T01:54:04.317000+00:00 ``` ### Last Data Feed Release @@ -23,75 +23,32 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-06-26T00:00:13.579454+00:00 +2023-06-27T00:00:13.554507+00:00 ``` ### Total Number of included CVEs ```plain -218617 +218618 ``` ### CVEs added in the last Commit -Recently added CVEs: `35` +Recently added CVEs: `1` -* [CVE-2023-32557](CVE-2023/CVE-2023-325xx/CVE-2023-32557.json) (`2023-06-26T22:15:10.977`) -* [CVE-2023-32604](CVE-2023/CVE-2023-326xx/CVE-2023-32604.json) (`2023-06-26T22:15:11.020`) -* [CVE-2023-32605](CVE-2023/CVE-2023-326xx/CVE-2023-32605.json) (`2023-06-26T22:15:11.063`) -* [CVE-2023-34144](CVE-2023/CVE-2023-341xx/CVE-2023-34144.json) (`2023-06-26T22:15:11.107`) -* [CVE-2023-34145](CVE-2023/CVE-2023-341xx/CVE-2023-34145.json) (`2023-06-26T22:15:11.147`) -* [CVE-2023-34146](CVE-2023/CVE-2023-341xx/CVE-2023-34146.json) (`2023-06-26T22:15:11.187`) -* [CVE-2023-34147](CVE-2023/CVE-2023-341xx/CVE-2023-34147.json) (`2023-06-26T22:15:11.230`) -* [CVE-2023-34148](CVE-2023/CVE-2023-341xx/CVE-2023-34148.json) (`2023-06-26T22:15:11.270`) -* [CVE-2023-35164](CVE-2023/CVE-2023-351xx/CVE-2023-35164.json) (`2023-06-26T22:15:11.317`) -* [CVE-2023-35695](CVE-2023/CVE-2023-356xx/CVE-2023-35695.json) (`2023-06-26T22:15:11.387`) -* [CVE-2023-28929](CVE-2023/CVE-2023-289xx/CVE-2023-28929.json) (`2023-06-26T22:15:09.733`) -* [CVE-2023-30902](CVE-2023/CVE-2023-309xx/CVE-2023-30902.json) (`2023-06-26T22:15:09.793`) -* [CVE-2023-32521](CVE-2023/CVE-2023-325xx/CVE-2023-32521.json) (`2023-06-26T22:15:10.017`) -* [CVE-2023-32522](CVE-2023/CVE-2023-325xx/CVE-2023-32522.json) (`2023-06-26T22:15:10.057`) -* [CVE-2023-32523](CVE-2023/CVE-2023-325xx/CVE-2023-32523.json) (`2023-06-26T22:15:10.097`) -* [CVE-2023-32524](CVE-2023/CVE-2023-325xx/CVE-2023-32524.json) (`2023-06-26T22:15:10.140`) -* [CVE-2023-32525](CVE-2023/CVE-2023-325xx/CVE-2023-32525.json) (`2023-06-26T22:15:10.183`) -* [CVE-2023-32526](CVE-2023/CVE-2023-325xx/CVE-2023-32526.json) (`2023-06-26T22:15:10.227`) -* [CVE-2023-32527](CVE-2023/CVE-2023-325xx/CVE-2023-32527.json) (`2023-06-26T22:15:10.273`) -* [CVE-2023-32528](CVE-2023/CVE-2023-325xx/CVE-2023-32528.json) (`2023-06-26T22:15:10.317`) -* [CVE-2023-32529](CVE-2023/CVE-2023-325xx/CVE-2023-32529.json) (`2023-06-26T22:15:10.360`) -* [CVE-2023-32530](CVE-2023/CVE-2023-325xx/CVE-2023-32530.json) (`2023-06-26T22:15:10.407`) -* [CVE-2023-32531](CVE-2023/CVE-2023-325xx/CVE-2023-32531.json) (`2023-06-26T22:15:10.450`) -* [CVE-2023-32532](CVE-2023/CVE-2023-325xx/CVE-2023-32532.json) (`2023-06-26T22:15:10.497`) -* [CVE-2023-30945](CVE-2023/CVE-2023-309xx/CVE-2023-30945.json) (`2023-06-26T23:15:09.193`) +* [CVE-2023-22834](CVE-2023/CVE-2023-228xx/CVE-2023-22834.json) (`2023-06-27T00:15:09.437`) ### CVEs modified in the last Commit -Recently modified CVEs: `38` +Recently modified CVEs: `6` -* [CVE-2023-2993](CVE-2023/CVE-2023-29xx/CVE-2023-2993.json) (`2023-06-26T22:13:24.933`) -* [CVE-2023-33176](CVE-2023/CVE-2023-331xx/CVE-2023-33176.json) (`2023-06-26T22:13:24.933`) -* [CVE-2023-33404](CVE-2023/CVE-2023-334xx/CVE-2023-33404.json) (`2023-06-26T22:13:24.933`) -* [CVE-2023-34418](CVE-2023/CVE-2023-344xx/CVE-2023-34418.json) (`2023-06-26T22:13:24.933`) -* [CVE-2023-34420](CVE-2023/CVE-2023-344xx/CVE-2023-34420.json) (`2023-06-26T22:13:24.933`) -* [CVE-2023-34421](CVE-2023/CVE-2023-344xx/CVE-2023-34421.json) (`2023-06-26T22:13:24.933`) -* [CVE-2023-34422](CVE-2023/CVE-2023-344xx/CVE-2023-34422.json) (`2023-06-26T22:13:24.933`) -* [CVE-2023-35170](CVE-2023/CVE-2023-351xx/CVE-2023-35170.json) (`2023-06-26T22:13:24.933`) -* [CVE-2023-35930](CVE-2023/CVE-2023-359xx/CVE-2023-35930.json) (`2023-06-26T22:13:24.933`) -* [CVE-2023-35933](CVE-2023/CVE-2023-359xx/CVE-2023-35933.json) (`2023-06-26T22:13:24.933`) -* [CVE-2023-3113](CVE-2023/CVE-2023-31xx/CVE-2023-3113.json) (`2023-06-26T22:13:24.933`) -* [CVE-2023-34463](CVE-2023/CVE-2023-344xx/CVE-2023-34463.json) (`2023-06-26T22:13:24.933`) -* [CVE-2023-34924](CVE-2023/CVE-2023-349xx/CVE-2023-34924.json) (`2023-06-26T22:13:24.933`) -* [CVE-2023-35168](CVE-2023/CVE-2023-351xx/CVE-2023-35168.json) (`2023-06-26T22:13:24.933`) -* [CVE-2023-3420](CVE-2023/CVE-2023-34xx/CVE-2023-3420.json) (`2023-06-26T22:13:24.933`) -* [CVE-2023-3421](CVE-2023/CVE-2023-34xx/CVE-2023-3421.json) (`2023-06-26T22:13:24.933`) -* [CVE-2023-3422](CVE-2023/CVE-2023-34xx/CVE-2023-3422.json) (`2023-06-26T22:13:24.933`) -* [CVE-2023-2005](CVE-2023/CVE-2023-20xx/CVE-2023-2005.json) (`2023-06-26T22:13:28.460`) -* [CVE-2023-36252](CVE-2023/CVE-2023-362xx/CVE-2023-36252.json) (`2023-06-26T22:13:28.460`) -* [CVE-2023-35789](CVE-2023/CVE-2023-357xx/CVE-2023-35789.json) (`2023-06-26T22:14:37.633`) -* [CVE-2023-31130](CVE-2023/CVE-2023-311xx/CVE-2023-31130.json) (`2023-06-26T22:15:09.840`) -* [CVE-2023-32067](CVE-2023/CVE-2023-320xx/CVE-2023-32067.json) (`2023-06-26T22:15:09.937`) -* [CVE-2023-35784](CVE-2023/CVE-2023-357xx/CVE-2023-35784.json) (`2023-06-26T22:16:35.380`) -* [CVE-2023-25645](CVE-2023/CVE-2023-256xx/CVE-2023-25645.json) (`2023-06-26T22:19:11.390`) -* [CVE-2023-34733](CVE-2023/CVE-2023-347xx/CVE-2023-34733.json) (`2023-06-26T22:21:25.547`) +* [CVE-2023-24031](CVE-2023/CVE-2023-240xx/CVE-2023-24031.json) (`2023-06-27T01:23:52.320`) +* [CVE-2023-24030](CVE-2023/CVE-2023-240xx/CVE-2023-24030.json) (`2023-06-27T01:28:16.913`) +* [CVE-2023-34800](CVE-2023/CVE-2023-348xx/CVE-2023-34800.json) (`2023-06-27T01:33:57.503`) +* [CVE-2023-30945](CVE-2023/CVE-2023-309xx/CVE-2023-30945.json) (`2023-06-27T01:40:40.277`) +* [CVE-2023-24243](CVE-2023/CVE-2023-242xx/CVE-2023-24243.json) (`2023-06-27T01:41:08.693`) +* [CVE-2023-34795](CVE-2023/CVE-2023-347xx/CVE-2023-34795.json) (`2023-06-27T01:54:04.317`) ## Download and Usage