diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32225.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32225.json new file mode 100644 index 00000000000..101feb98309 --- /dev/null +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32225.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-32225", + "sourceIdentifier": "cna@cyber.gov.il", + "published": "2023-07-30T08:15:46.760", + "lastModified": "2023-07-30T08:15:46.760", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": " Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type -\u00a0\n\nA malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@cyber.gov.il", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cna@cyber.gov.il", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://www.gov.il/en/Departments/faq/cve_advisories", + "source": "cna@cyber.gov.il" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32226.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32226.json new file mode 100644 index 00000000000..91b0bdf8665 --- /dev/null +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32226.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-32226", + "sourceIdentifier": "cna@cyber.gov.il", + "published": "2023-07-30T08:15:47.160", + "lastModified": "2023-07-30T08:15:47.160", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": " Sysaid - CWE-552: Files or Directories Accessible to External Parties -\u00a0\n\nAuthenticated users may exfiltrate files from the server via an unspecified method.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@cyber.gov.il", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "cna@cyber.gov.il", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-552" + } + ] + } + ], + "references": [ + { + "url": "https://www.gov.il/en/Departments/faq/cve_advisories", + "source": "cna@cyber.gov.il" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32227.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32227.json new file mode 100644 index 00000000000..7c3f9b51e87 --- /dev/null +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32227.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-32227", + "sourceIdentifier": "cna@cyber.gov.il", + "published": "2023-07-30T09:15:09.570", + "lastModified": "2023-07-30T09:15:09.570", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": " Synel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Credentials" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@cyber.gov.il", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cna@cyber.gov.il", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "references": [ + { + "url": "https://www.gov.il/en/Departments/faq/cve_advisories", + "source": "cna@cyber.gov.il" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36542.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36542.json index 1464693f9e8..4dcd13f47d2 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36542.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36542.json @@ -2,7 +2,7 @@ "id": "CVE-2023-36542", "sourceIdentifier": "security@apache.org", "published": "2023-07-29T08:15:48.833", - "lastModified": "2023-07-29T12:15:09.677", + "lastModified": "2023-07-30T09:15:09.980", "vulnStatus": "Received", "descriptions": [ { @@ -24,6 +24,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/Jul/43", + "source": "security@apache.org" + }, { "url": "http://www.openwall.com/lists/oss-security/2023/07/29/1", "source": "security@apache.org" diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37213.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37213.json new file mode 100644 index 00000000000..fd3ea759e8d --- /dev/null +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37213.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-37213", + "sourceIdentifier": "cna@cyber.gov.il", + "published": "2023-07-30T09:15:10.133", + "lastModified": "2023-07-30T09:15:10.133", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": " Synel SYnergy Fingerprint Terminals - CWE-78: 'OS Command Injection'" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@cyber.gov.il", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cna@cyber.gov.il", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.gov.il/en/Departments/faq/cve_advisories", + "source": "cna@cyber.gov.il" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37214.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37214.json new file mode 100644 index 00000000000..cf937862fef --- /dev/null +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37214.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-37214", + "sourceIdentifier": "cna@cyber.gov.il", + "published": "2023-07-30T09:15:10.220", + "lastModified": "2023-07-30T09:15:10.220", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nHeights Telecom ERO1xS-Pro Dual-Band FW version BZ_ERO1XP.025.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@cyber.gov.il", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://www.gov.il/en/Departments/faq/cve_advisories", + "source": "cna@cyber.gov.il" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37215.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37215.json new file mode 100644 index 00000000000..a9f7b76fde3 --- /dev/null +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37215.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-37215", + "sourceIdentifier": "cna@cyber.gov.il", + "published": "2023-07-30T09:15:10.300", + "lastModified": "2023-07-30T09:15:10.300", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": " JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentials" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@cyber.gov.il", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cna@cyber.gov.il", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "references": [ + { + "url": "https://www.gov.il/en/Departments/faq/cve_advisories", + "source": "cna@cyber.gov.il" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 0feb4c3e840..15d63f0a1f3 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-07-29T14:00:25.046663+00:00 +2023-07-30T10:00:25.187223+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-07-29T12:15:09.677000+00:00 +2023-07-30T09:15:10.300000+00:00 ``` ### Last Data Feed Release @@ -23,26 +23,32 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-07-29T00:00:13.550868+00:00 +2023-07-30T00:00:13.565276+00:00 ``` ### Total Number of included CVEs ```plain -221272 +221278 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `6` +* [CVE-2023-32225](CVE-2023/CVE-2023-322xx/CVE-2023-32225.json) (`2023-07-30T08:15:46.760`) +* [CVE-2023-32226](CVE-2023/CVE-2023-322xx/CVE-2023-32226.json) (`2023-07-30T08:15:47.160`) +* [CVE-2023-32227](CVE-2023/CVE-2023-322xx/CVE-2023-32227.json) (`2023-07-30T09:15:09.570`) +* [CVE-2023-37213](CVE-2023/CVE-2023-372xx/CVE-2023-37213.json) (`2023-07-30T09:15:10.133`) +* [CVE-2023-37214](CVE-2023/CVE-2023-372xx/CVE-2023-37214.json) (`2023-07-30T09:15:10.220`) +* [CVE-2023-37215](CVE-2023/CVE-2023-372xx/CVE-2023-37215.json) (`2023-07-30T09:15:10.300`) ### CVEs modified in the last Commit Recently modified CVEs: `1` -* [CVE-2023-36542](CVE-2023/CVE-2023-365xx/CVE-2023-36542.json) (`2023-07-29T12:15:09.677`) +* [CVE-2023-36542](CVE-2023/CVE-2023-365xx/CVE-2023-36542.json) (`2023-07-30T09:15:09.980`) ## Download and Usage