Auto-Update: 2023-07-30T10:00:25.187223+00:00

2025-05-08 11:37:26 +00:00 · 2023-07-30 10:00:28 +00:00 · 2023-07-30 10:00:28 +00:00 · ecfc379451
commit ecfc379451
parent ecd9ac9a02
8 changed files with 335 additions and 7 deletions
--- a/CVE-2023/CVE-2023-322xx/CVE-2023-32225.json
+++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32225.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-32225",
+  "sourceIdentifier": "cna@cyber.gov.il",
+  "published": "2023-07-30T08:15:46.760",
+  "lastModified": "2023-07-30T08:15:46.760",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": " Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type -\u00a0\n\nA malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cna@cyber.gov.il",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@cyber.gov.il",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-434"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.gov.il/en/Departments/faq/cve_advisories",
+      "source": "cna@cyber.gov.il"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-322xx/CVE-2023-32226.json
+++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32226.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-32226",
+  "sourceIdentifier": "cna@cyber.gov.il",
+  "published": "2023-07-30T08:15:47.160",
+  "lastModified": "2023-07-30T08:15:47.160",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": " Sysaid -  CWE-552: Files or Directories Accessible to External Parties -\u00a0\n\nAuthenticated users may exfiltrate files from the server via an unspecified method.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cna@cyber.gov.il",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.3,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@cyber.gov.il",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-552"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.gov.il/en/Departments/faq/cve_advisories",
+      "source": "cna@cyber.gov.il"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-322xx/CVE-2023-32227.json
+++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32227.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-32227",
+  "sourceIdentifier": "cna@cyber.gov.il",
+  "published": "2023-07-30T09:15:09.570",
+  "lastModified": "2023-07-30T09:15:09.570",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": " Synel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Credentials"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cna@cyber.gov.il",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@cyber.gov.il",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-798"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.gov.il/en/Departments/faq/cve_advisories",
+      "source": "cna@cyber.gov.il"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-365xx/CVE-2023-36542.json
+++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36542.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-36542",
  "sourceIdentifier": "security@apache.org",
  "published": "2023-07-29T08:15:48.833",
-  "lastModified": "2023-07-29T12:15:09.677",
+  "lastModified": "2023-07-30T09:15:09.980",
  "vulnStatus": "Received",
  "descriptions": [
    {
@ -24,6 +24,10 @@
    }
  ],
  "references": [
+    {
+      "url": "http://seclists.org/fulldisclosure/2023/Jul/43",
+      "source": "security@apache.org"
+    },
    {
      "url": "http://www.openwall.com/lists/oss-security/2023/07/29/1",
      "source": "security@apache.org"
--- a/CVE-2023/CVE-2023-372xx/CVE-2023-37213.json
+++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37213.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-37213",
+  "sourceIdentifier": "cna@cyber.gov.il",
+  "published": "2023-07-30T09:15:10.133",
+  "lastModified": "2023-07-30T09:15:10.133",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": " Synel SYnergy Fingerprint Terminals - CWE-78: 'OS Command Injection'"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cna@cyber.gov.il",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@cyber.gov.il",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-78"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.gov.il/en/Departments/faq/cve_advisories",
+      "source": "cna@cyber.gov.il"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-372xx/CVE-2023-37214.json
+++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37214.json
@ -0,0 +1,43 @@
+{
+  "id": "CVE-2023-37214",
+  "sourceIdentifier": "cna@cyber.gov.il",
+  "published": "2023-07-30T09:15:10.220",
+  "lastModified": "2023-07-30T09:15:10.220",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "\nHeights Telecom ERO1xS-Pro Dual-Band FW version BZ_ERO1XP.025.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cna@cyber.gov.il",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://www.gov.il/en/Departments/faq/cve_advisories",
+      "source": "cna@cyber.gov.il"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-372xx/CVE-2023-37215.json
+++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37215.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-37215",
+  "sourceIdentifier": "cna@cyber.gov.il",
+  "published": "2023-07-30T09:15:10.300",
+  "lastModified": "2023-07-30T09:15:10.300",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": " JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentials"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cna@cyber.gov.il",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 6.2,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.5,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@cyber.gov.il",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-798"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.gov.il/en/Departments/faq/cve_advisories",
+      "source": "cna@cyber.gov.il"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-07-29T14:00:25.046663+00:00
+2023-07-30T10:00:25.187223+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-07-29T12:15:09.677000+00:00
+2023-07-30T09:15:10.300000+00:00
 ```

 ### Last Data Feed Release
@ -23,26 +23,32 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)

 ```plain
-2023-07-29T00:00:13.550868+00:00
+2023-07-30T00:00:13.565276+00:00
 ```

 ### Total Number of included CVEs

 ```plain
-221272
+221278
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `0`
+Recently added CVEs: `6`

+* [CVE-2023-32225](CVE-2023/CVE-2023-322xx/CVE-2023-32225.json) (`2023-07-30T08:15:46.760`)
+* [CVE-2023-32226](CVE-2023/CVE-2023-322xx/CVE-2023-32226.json) (`2023-07-30T08:15:47.160`)
+* [CVE-2023-32227](CVE-2023/CVE-2023-322xx/CVE-2023-32227.json) (`2023-07-30T09:15:09.570`)
+* [CVE-2023-37213](CVE-2023/CVE-2023-372xx/CVE-2023-37213.json) (`2023-07-30T09:15:10.133`)
+* [CVE-2023-37214](CVE-2023/CVE-2023-372xx/CVE-2023-37214.json) (`2023-07-30T09:15:10.220`)
+* [CVE-2023-37215](CVE-2023/CVE-2023-372xx/CVE-2023-37215.json) (`2023-07-30T09:15:10.300`)


 ### CVEs modified in the last Commit

 Recently modified CVEs: `1`

-* [CVE-2023-36542](CVE-2023/CVE-2023-365xx/CVE-2023-36542.json) (`2023-07-29T12:15:09.677`)
+* [CVE-2023-36542](CVE-2023/CVE-2023-365xx/CVE-2023-36542.json) (`2023-07-30T09:15:09.980`)


 ## Download and Usage