From f38ab1667bb06c1db4bc5b747c3ffbad0356d3af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Helmke?= Date: Thu, 11 May 2023 22:00:27 +0200 Subject: [PATCH] Auto-Update: 2023-05-11T20:00:24.538776+00:00 --- CVE-2022/CVE-2022-223xx/CVE-2022-22313.json | 55 ++++++- CVE-2022/CVE-2022-346xx/CVE-2022-34670.json | 8 +- CVE-2022/CVE-2022-346xx/CVE-2022-34674.json | 8 +- CVE-2022/CVE-2022-346xx/CVE-2022-34675.json | 8 +- CVE-2022/CVE-2022-346xx/CVE-2022-34677.json | 8 +- CVE-2022/CVE-2022-346xx/CVE-2022-34680.json | 8 +- CVE-2022/CVE-2022-41xx/CVE-2022-4118.json | 53 ++++++- CVE-2022/CVE-2022-422xx/CVE-2022-42257.json | 8 +- CVE-2022/CVE-2022-422xx/CVE-2022-42258.json | 8 +- CVE-2022/CVE-2022-422xx/CVE-2022-42259.json | 8 +- CVE-2022/CVE-2022-437xx/CVE-2022-43769.json | 10 +- CVE-2022/CVE-2022-438xx/CVE-2022-43877.json | 95 ++++++++++++- CVE-2022/CVE-2022-439xx/CVE-2022-43939.json | 10 +- CVE-2022/CVE-2022-450xx/CVE-2022-45065.json | 47 +++++- CVE-2022/CVE-2022-460xx/CVE-2022-46081.json | 6 +- CVE-2022/CVE-2022-474xx/CVE-2022-47437.json | 47 +++++- CVE-2022/CVE-2022-474xx/CVE-2022-47439.json | 47 +++++- CVE-2022/CVE-2022-482xx/CVE-2022-48237.json | 150 +++++++++++++++++++- CVE-2023/CVE-2023-00xx/CVE-2023-0008.json | 4 +- CVE-2023/CVE-2023-02xx/CVE-2023-0267.json | 53 ++++++- CVE-2023/CVE-2023-02xx/CVE-2023-0268.json | 53 ++++++- CVE-2023/CVE-2023-16xx/CVE-2023-1649.json | 52 ++++++- CVE-2023/CVE-2023-16xx/CVE-2023-1651.json | 52 ++++++- CVE-2023/CVE-2023-16xx/CVE-2023-1660.json | 52 ++++++- CVE-2023/CVE-2023-18xx/CVE-2023-1806.json | 52 ++++++- CVE-2023/CVE-2023-18xx/CVE-2023-1834.json | 55 +++++++ CVE-2023/CVE-2023-217xx/CVE-2023-21776.json | 6 +- CVE-2023/CVE-2023-227xx/CVE-2023-22710.json | 59 +++++++- CVE-2023/CVE-2023-238xx/CVE-2023-23894.json | 47 +++++- CVE-2023/CVE-2023-243xx/CVE-2023-24376.json | 47 +++++- CVE-2023/CVE-2023-244xx/CVE-2023-24408.json | 47 +++++- CVE-2023/CVE-2023-24xx/CVE-2023-2443.json | 43 ++++++ CVE-2023/CVE-2023-24xx/CVE-2023-2444.json | 43 ++++++ CVE-2023/CVE-2023-253xx/CVE-2023-25309.json | 28 ++++ CVE-2023/CVE-2023-25xx/CVE-2023-2560.json | 59 +++++++- CVE-2023/CVE-2023-282xx/CVE-2023-28248.json | 8 +- CVE-2023/CVE-2023-282xx/CVE-2023-28271.json | 8 +- CVE-2023/CVE-2023-282xx/CVE-2023-28293.json | 8 +- CVE-2023/CVE-2023-284xx/CVE-2023-28493.json | 47 +++++- CVE-2023/CVE-2023-290xx/CVE-2023-29022.json | 55 +++++++ CVE-2023/CVE-2023-290xx/CVE-2023-29023.json | 55 +++++++ CVE-2023/CVE-2023-290xx/CVE-2023-29024.json | 55 +++++++ CVE-2023/CVE-2023-290xx/CVE-2023-29025.json | 55 +++++++ CVE-2023/CVE-2023-290xx/CVE-2023-29026.json | 55 +++++++ CVE-2023/CVE-2023-290xx/CVE-2023-29027.json | 55 +++++++ CVE-2023/CVE-2023-290xx/CVE-2023-29028.json | 55 +++++++ CVE-2023/CVE-2023-290xx/CVE-2023-29029.json | 55 +++++++ CVE-2023/CVE-2023-290xx/CVE-2023-29030.json | 55 +++++++ CVE-2023/CVE-2023-290xx/CVE-2023-29031.json | 55 +++++++ CVE-2023/CVE-2023-290xx/CVE-2023-29085.json | 8 +- CVE-2023/CVE-2023-290xx/CVE-2023-29086.json | 8 +- CVE-2023/CVE-2023-290xx/CVE-2023-29087.json | 8 +- CVE-2023/CVE-2023-290xx/CVE-2023-29088.json | 8 +- CVE-2023/CVE-2023-290xx/CVE-2023-29089.json | 8 +- CVE-2023/CVE-2023-290xx/CVE-2023-29090.json | 8 +- CVE-2023/CVE-2023-290xx/CVE-2023-29091.json | 8 +- CVE-2023/CVE-2023-299xx/CVE-2023-29932.json | 64 ++++++++- CVE-2023/CVE-2023-299xx/CVE-2023-29933.json | 64 ++++++++- CVE-2023/CVE-2023-299xx/CVE-2023-29934.json | 64 ++++++++- CVE-2023/CVE-2023-299xx/CVE-2023-29935.json | 64 ++++++++- CVE-2023/CVE-2023-299xx/CVE-2023-29939.json | 64 ++++++++- CVE-2023/CVE-2023-299xx/CVE-2023-29941.json | 64 ++++++++- CVE-2023/CVE-2023-299xx/CVE-2023-29942.json | 64 ++++++++- CVE-2023/CVE-2023-300xx/CVE-2023-30053.json | 76 +++++++++- CVE-2023/CVE-2023-300xx/CVE-2023-30054.json | 76 +++++++++- CVE-2023/CVE-2023-303xx/CVE-2023-30394.json | 36 +++++ CVE-2023/CVE-2023-304xx/CVE-2023-30434.json | 82 ++++++++++- CVE-2023/CVE-2023-311xx/CVE-2023-31183.json | 57 +++++++- README.md | 110 +++++++++----- 69 files changed, 2699 insertions(+), 199 deletions(-) create mode 100644 CVE-2023/CVE-2023-18xx/CVE-2023-1834.json create mode 100644 CVE-2023/CVE-2023-24xx/CVE-2023-2443.json create mode 100644 CVE-2023/CVE-2023-24xx/CVE-2023-2444.json create mode 100644 CVE-2023/CVE-2023-253xx/CVE-2023-25309.json create mode 100644 CVE-2023/CVE-2023-290xx/CVE-2023-29022.json create mode 100644 CVE-2023/CVE-2023-290xx/CVE-2023-29023.json create mode 100644 CVE-2023/CVE-2023-290xx/CVE-2023-29024.json create mode 100644 CVE-2023/CVE-2023-290xx/CVE-2023-29025.json create mode 100644 CVE-2023/CVE-2023-290xx/CVE-2023-29026.json create mode 100644 CVE-2023/CVE-2023-290xx/CVE-2023-29027.json create mode 100644 CVE-2023/CVE-2023-290xx/CVE-2023-29028.json create mode 100644 CVE-2023/CVE-2023-290xx/CVE-2023-29029.json create mode 100644 CVE-2023/CVE-2023-290xx/CVE-2023-29030.json create mode 100644 CVE-2023/CVE-2023-290xx/CVE-2023-29031.json create mode 100644 CVE-2023/CVE-2023-303xx/CVE-2023-30394.json diff --git a/CVE-2022/CVE-2022-223xx/CVE-2022-22313.json b/CVE-2022/CVE-2022-223xx/CVE-2022-22313.json index 2d56b5a9fda..1025577f439 100644 --- a/CVE-2022/CVE-2022-223xx/CVE-2022-22313.json +++ b/CVE-2022/CVE-2022-223xx/CVE-2022-22313.json @@ -2,8 +2,8 @@ "id": "CVE-2022-22313", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-05-06T02:15:12.490", - "lastModified": "2023-05-08T02:37:45.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-11T18:24:20.833", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -46,14 +66,41 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:qradar_data_synchronization:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.0", + "versionEndExcluding": "3.1.0", + "matchCriteriaId": "B69B16DF-3430-48D2-84AE-DD14CBD77F3D" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/217370", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/6980797", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-346xx/CVE-2022-34670.json b/CVE-2022/CVE-2022-346xx/CVE-2022-34670.json index fad1794a54f..d1810a12697 100644 --- a/CVE-2022/CVE-2022-346xx/CVE-2022-34670.json +++ b/CVE-2022/CVE-2022-346xx/CVE-2022-34670.json @@ -2,8 +2,8 @@ "id": "CVE-2022-34670", "sourceIdentifier": "psirt@nvidia.com", "published": "2022-12-30T23:15:09.337", - "lastModified": "2023-01-11T20:14:51.713", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-11T18:15:09.800", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -326,6 +326,10 @@ } ], "references": [ + { + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html", + "source": "psirt@nvidia.com" + }, { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415", "source": "psirt@nvidia.com", diff --git a/CVE-2022/CVE-2022-346xx/CVE-2022-34674.json b/CVE-2022/CVE-2022-346xx/CVE-2022-34674.json index 56a6e879d5c..952d988e100 100644 --- a/CVE-2022/CVE-2022-346xx/CVE-2022-34674.json +++ b/CVE-2022/CVE-2022-346xx/CVE-2022-34674.json @@ -2,8 +2,8 @@ "id": "CVE-2022-34674", "sourceIdentifier": "psirt@nvidia.com", "published": "2022-12-30T23:15:09.710", - "lastModified": "2023-01-05T22:32:42.947", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-11T18:15:09.957", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -326,6 +326,10 @@ } ], "references": [ + { + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html", + "source": "psirt@nvidia.com" + }, { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415", "source": "psirt@nvidia.com", diff --git a/CVE-2022/CVE-2022-346xx/CVE-2022-34675.json b/CVE-2022/CVE-2022-346xx/CVE-2022-34675.json index 062e34bf963..a940756ecc5 100644 --- a/CVE-2022/CVE-2022-346xx/CVE-2022-34675.json +++ b/CVE-2022/CVE-2022-346xx/CVE-2022-34675.json @@ -2,8 +2,8 @@ "id": "CVE-2022-34675", "sourceIdentifier": "psirt@nvidia.com", "published": "2022-12-30T23:15:09.807", - "lastModified": "2023-01-05T22:31:29.063", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-11T18:15:10.070", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -241,6 +241,10 @@ } ], "references": [ + { + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html", + "source": "psirt@nvidia.com" + }, { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415", "source": "psirt@nvidia.com", diff --git a/CVE-2022/CVE-2022-346xx/CVE-2022-34677.json b/CVE-2022/CVE-2022-346xx/CVE-2022-34677.json index 8e4f1f18384..90e03d9e09a 100644 --- a/CVE-2022/CVE-2022-346xx/CVE-2022-34677.json +++ b/CVE-2022/CVE-2022-346xx/CVE-2022-34677.json @@ -2,8 +2,8 @@ "id": "CVE-2022-34677", "sourceIdentifier": "psirt@nvidia.com", "published": "2022-12-30T23:15:09.983", - "lastModified": "2023-01-05T22:30:40.483", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-11T18:15:10.167", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -326,6 +326,10 @@ } ], "references": [ + { + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html", + "source": "psirt@nvidia.com" + }, { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415", "source": "psirt@nvidia.com", diff --git a/CVE-2022/CVE-2022-346xx/CVE-2022-34680.json b/CVE-2022/CVE-2022-346xx/CVE-2022-34680.json index 59ae000daad..3caabf8cd04 100644 --- a/CVE-2022/CVE-2022-346xx/CVE-2022-34680.json +++ b/CVE-2022/CVE-2022-346xx/CVE-2022-34680.json @@ -2,8 +2,8 @@ "id": "CVE-2022-34680", "sourceIdentifier": "psirt@nvidia.com", "published": "2022-12-30T23:15:10.247", - "lastModified": "2023-01-05T22:25:58.753", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-11T18:15:10.287", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -326,6 +326,10 @@ } ], "references": [ + { + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html", + "source": "psirt@nvidia.com" + }, { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415", "source": "psirt@nvidia.com", diff --git a/CVE-2022/CVE-2022-41xx/CVE-2022-4118.json b/CVE-2022/CVE-2022-41xx/CVE-2022-4118.json index 1eaf19f4ad4..cd513a009cb 100644 --- a/CVE-2022/CVE-2022-41xx/CVE-2022-4118.json +++ b/CVE-2022/CVE-2022-41xx/CVE-2022-4118.json @@ -2,15 +2,38 @@ "id": "CVE-2022-4118", "sourceIdentifier": "contact@wpscan.com", "published": "2023-05-08T14:15:10.883", - "lastModified": "2023-05-08T14:17:28.107", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-11T18:20:40.990", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop WordPress plugin through 1.7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated users" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:coinmarketstats:bitcoin_\\/_altcoin_payment_gateway_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.7.1", + "matchCriteriaId": "961244C9-EADC-4577-8096-14B2E4714CAF" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/2839ff82-7d37-4392-8fa3-d490680d42c4", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-422xx/CVE-2022-42257.json b/CVE-2022/CVE-2022-422xx/CVE-2022-42257.json index f6dbe05e5d0..c1c56c4195e 100644 --- a/CVE-2022/CVE-2022-422xx/CVE-2022-42257.json +++ b/CVE-2022/CVE-2022-422xx/CVE-2022-42257.json @@ -2,8 +2,8 @@ "id": "CVE-2022-42257", "sourceIdentifier": "psirt@nvidia.com", "published": "2022-12-30T23:15:10.897", - "lastModified": "2023-01-05T22:37:30.250", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-11T18:15:10.413", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -326,6 +326,10 @@ } ], "references": [ + { + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html", + "source": "psirt@nvidia.com" + }, { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415", "source": "psirt@nvidia.com", diff --git a/CVE-2022/CVE-2022-422xx/CVE-2022-42258.json b/CVE-2022/CVE-2022-422xx/CVE-2022-42258.json index fccb000d5e5..8022066cfbb 100644 --- a/CVE-2022/CVE-2022-422xx/CVE-2022-42258.json +++ b/CVE-2022/CVE-2022-422xx/CVE-2022-42258.json @@ -2,8 +2,8 @@ "id": "CVE-2022-42258", "sourceIdentifier": "psirt@nvidia.com", "published": "2022-12-30T23:15:10.963", - "lastModified": "2023-01-05T22:36:57.440", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-11T18:15:10.540", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -326,6 +326,10 @@ } ], "references": [ + { + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html", + "source": "psirt@nvidia.com" + }, { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415", "source": "psirt@nvidia.com", diff --git a/CVE-2022/CVE-2022-422xx/CVE-2022-42259.json b/CVE-2022/CVE-2022-422xx/CVE-2022-42259.json index 025c40f2cc4..7250775aa99 100644 --- a/CVE-2022/CVE-2022-422xx/CVE-2022-42259.json +++ b/CVE-2022/CVE-2022-422xx/CVE-2022-42259.json @@ -2,8 +2,8 @@ "id": "CVE-2022-42259", "sourceIdentifier": "psirt@nvidia.com", "published": "2022-12-30T23:15:11.030", - "lastModified": "2023-01-05T22:35:45.173", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-11T18:15:10.693", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -326,6 +326,10 @@ } ], "references": [ + { + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html", + "source": "psirt@nvidia.com" + }, { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415", "source": "psirt@nvidia.com", diff --git a/CVE-2022/CVE-2022-437xx/CVE-2022-43769.json b/CVE-2022/CVE-2022-437xx/CVE-2022-43769.json index 46374df9243..e7d30bf499a 100644 --- a/CVE-2022/CVE-2022-437xx/CVE-2022-43769.json +++ b/CVE-2022/CVE-2022-437xx/CVE-2022-43769.json @@ -2,12 +2,12 @@ "id": "CVE-2022-43769", "sourceIdentifier": "security.vulnerabilities@hitachivantara.com", "published": "2023-04-03T18:15:07.703", - "lastModified": "2023-04-12T18:51:51.000", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-11T18:15:10.847", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream." + "value": "\nHitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream.\u00a0\n\n" } ], "metrics": { @@ -101,6 +101,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/172296/Pentaho-Business-Server-Authentication-Bypass-SSTI-Code-Execution.html", + "source": "security.vulnerabilities@hitachivantara.com" + }, { "url": "https://support.pentaho.com/hc/en-us/articles/14455561548301--Resolved-Pentaho-BA-Server-Failure-to-Sanitize-Special-Elements-into-a-Different-Plane-Special-Element-Injection-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43769-", "source": "security.vulnerabilities@hitachivantara.com", diff --git a/CVE-2022/CVE-2022-438xx/CVE-2022-43877.json b/CVE-2022/CVE-2022-438xx/CVE-2022-43877.json index 36904d8285d..fe5fe28c3da 100644 --- a/CVE-2022/CVE-2022-438xx/CVE-2022-43877.json +++ b/CVE-2022/CVE-2022-438xx/CVE-2022-43877.json @@ -2,8 +2,8 @@ "id": "CVE-2022-43877", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-05-06T03:15:08.950", - "lastModified": "2023-05-08T02:37:45.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-11T18:22:32.347", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -34,14 +54,81 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-922" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2.0.0", + "versionEndExcluding": "6.2.7.20", + "matchCriteriaId": "6AECF25C-0B07-44ED-A22A-C236A3162D3A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0.0", + "versionEndExcluding": "7.0.5.15", + "matchCriteriaId": "9C6A8986-EA96-4CC1-8996-492694ABB13B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.1.0.0", + "versionEndExcluding": "7.1.2.11", + "matchCriteriaId": "7400899E-E98C-4C32-BD86-2AF5422AE3C9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.2.0.0", + "versionEndExcluding": "7.2.3.4", + "matchCriteriaId": "DC269C51-7E17-44BF-A6DF-0BD283C54818" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.3.0.0", + "versionEndExcluding": "7.3.1.0", + "matchCriteriaId": "8635D735-B251-4DB6-AD25-1309EA0C4A74" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240148", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/6967351", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-439xx/CVE-2022-43939.json b/CVE-2022/CVE-2022-439xx/CVE-2022-43939.json index 06648f14af4..402243e0fd5 100644 --- a/CVE-2022/CVE-2022-439xx/CVE-2022-43939.json +++ b/CVE-2022/CVE-2022-439xx/CVE-2022-43939.json @@ -2,12 +2,12 @@ "id": "CVE-2022-43939", "sourceIdentifier": "security.vulnerabilities@hitachivantara.com", "published": "2023-04-03T19:15:07.047", - "lastModified": "2023-04-10T17:56:36.890", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-11T18:15:11.000", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented." + "value": "\nHitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented.\u00a0\n\n" } ], "metrics": { @@ -100,6 +100,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/172296/Pentaho-Business-Server-Authentication-Bypass-SSTI-Code-Execution.html", + "source": "security.vulnerabilities@hitachivantara.com" + }, { "url": "https://support.pentaho.com/hc/en-us/articles/14455394120333--Resolved-Pentaho-BA-Server-Use-of-Non-Canonical-URL-Paths-for-Authorization-Decisions-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43939-", "source": "security.vulnerabilities@hitachivantara.com", diff --git a/CVE-2022/CVE-2022-450xx/CVE-2022-45065.json b/CVE-2022/CVE-2022-450xx/CVE-2022-45065.json index 3b4b08e2a55..7b5ae7a5df5 100644 --- a/CVE-2022/CVE-2022-450xx/CVE-2022-45065.json +++ b/CVE-2022/CVE-2022-450xx/CVE-2022-45065.json @@ -2,8 +2,8 @@ "id": "CVE-2022-45065", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-08T15:15:09.580", - "lastModified": "2023-05-08T16:35:01.700", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-11T18:29:25.107", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:squirrly:seo_plugin:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "12.1.20", + "matchCriteriaId": "5A7AD543-276B-416C-B2F9-A8147196976E" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/squirrly-seo/wordpress-squirrly-seo-peaks-plugin-12-1-20-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-460xx/CVE-2022-46081.json b/CVE-2022/CVE-2022-460xx/CVE-2022-46081.json index e3459304846..be3fa4eaeea 100644 --- a/CVE-2022/CVE-2022-460xx/CVE-2022-46081.json +++ b/CVE-2022/CVE-2022-460xx/CVE-2022-46081.json @@ -2,12 +2,12 @@ "id": "CVE-2022-46081", "sourceIdentifier": "cve@mitre.org", "published": "2023-01-04T04:15:09.837", - "lastModified": "2023-01-11T14:19:44.487", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-11T19:15:09.200", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "In Garmin Connect 4.61, terminating a LiveTrack session wouldn't prevent the LiveTrack API from continued exposure of private personal information." + "value": "** DISPUTED ** In Garmin Connect 4.61, terminating a LiveTrack session wouldn't prevent the LiveTrack API from continued exposure of private personal information. NOTE: this is disputed by the vendor because the LiveTrack API service is not a customer-controlled product." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-474xx/CVE-2022-47437.json b/CVE-2022/CVE-2022-474xx/CVE-2022-47437.json index 8df0551ce3d..68b86f1c76c 100644 --- a/CVE-2022/CVE-2022-474xx/CVE-2022-47437.json +++ b/CVE-2022/CVE-2022-474xx/CVE-2022-47437.json @@ -2,8 +2,8 @@ "id": "CVE-2022-47437", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-08T15:15:09.650", - "lastModified": "2023-05-08T16:35:01.700", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-11T18:29:03.820", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wsb_brands_project:wsb_brands:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.1.8", + "matchCriteriaId": "E6D52E16-D6E4-423E-9FAB-59C2E6B6F2F6" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wsb-brands/wordpress-wsb-brands-plugin-1-1-8-cross-site-scripting-xss?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-474xx/CVE-2022-47439.json b/CVE-2022/CVE-2022-474xx/CVE-2022-47439.json index 4ddddefa98e..c76b6636565 100644 --- a/CVE-2022/CVE-2022-474xx/CVE-2022-47439.json +++ b/CVE-2022/CVE-2022-474xx/CVE-2022-47439.json @@ -2,8 +2,8 @@ "id": "CVE-2022-47439", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-08T15:15:09.723", - "lastModified": "2023-05-08T16:35:01.700", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-11T18:28:50.673", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rocketapps:open_graphite:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.6.0", + "matchCriteriaId": "6270C630-5607-4626-9925-0F27955889C1" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/open-graphite/wordpress-open-graphite-plugin-1-5-1-cross-site-scripting-xss?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-482xx/CVE-2022-48237.json b/CVE-2022/CVE-2022-482xx/CVE-2022-48237.json index ebce09dae92..10a21984bdd 100644 --- a/CVE-2022/CVE-2022-482xx/CVE-2022-48237.json +++ b/CVE-2022/CVE-2022-482xx/CVE-2022-48237.json @@ -2,19 +2,161 @@ "id": "CVE-2022-48237", "sourceIdentifier": "security@unisoc.com", "published": "2023-05-09T02:15:10.403", - "lastModified": "2023-05-09T12:46:35.530", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-11T19:20:28.837", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Image filter, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*", + "matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*", + "matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*", + "matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*", + "matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*", + "matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761", - "source": "security@unisoc.com" + "source": "security@unisoc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-00xx/CVE-2023-0008.json b/CVE-2023/CVE-2023-00xx/CVE-2023-0008.json index 662a507a35a..72fd0b4cce4 100644 --- a/CVE-2023/CVE-2023-00xx/CVE-2023-0008.json +++ b/CVE-2023/CVE-2023-00xx/CVE-2023-0008.json @@ -2,12 +2,12 @@ "id": "CVE-2023-0008", "sourceIdentifier": "psirt@paloaltonetworks.com", "published": "2023-05-10T17:15:09.040", - "lastModified": "2023-05-11T13:36:34.880", + "lastModified": "2023-05-11T18:15:11.093", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with access to the web interface to export local files from the firewall through a race condition.\n\n" + "value": "A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition.\n\n" } ], "metrics": { diff --git a/CVE-2023/CVE-2023-02xx/CVE-2023-0267.json b/CVE-2023/CVE-2023-02xx/CVE-2023-0267.json index f68e02c538c..f1f98f32a41 100644 --- a/CVE-2023/CVE-2023-02xx/CVE-2023-0267.json +++ b/CVE-2023/CVE-2023-02xx/CVE-2023-0267.json @@ -2,15 +2,38 @@ "id": "CVE-2023-0267", "sourceIdentifier": "contact@wpscan.com", "published": "2023-05-08T14:15:10.967", - "lastModified": "2023-05-08T14:17:28.107", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-11T18:15:16.573", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Ultimate Carousel For WPBakery Page Builder WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:topdigitaltrends:ultimate_carousel_for_wpbakery_page_builder:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.6", + "matchCriteriaId": "4F0CB2D9-A579-4BEC-B8C7-0EE8B932715F" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/7ba7849d-e07b-465a-bfb7-10c8186be140", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-02xx/CVE-2023-0268.json b/CVE-2023/CVE-2023-02xx/CVE-2023-0268.json index 57876dc7216..e26365197df 100644 --- a/CVE-2023/CVE-2023-02xx/CVE-2023-0268.json +++ b/CVE-2023/CVE-2023-02xx/CVE-2023-0268.json @@ -2,15 +2,38 @@ "id": "CVE-2023-0268", "sourceIdentifier": "contact@wpscan.com", "published": "2023-05-08T14:15:11.057", - "lastModified": "2023-05-08T14:17:28.107", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-11T18:12:06.047", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Mega Addons For WPBakery Page Builder WordPress plugin before 4.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:topdigitaltrends:mega_addons_for_wpbakery_page_builder:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "4.3.0", + "matchCriteriaId": "6A568F16-1F34-40F8-B153-F62DAEEAB1C9" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/99389641-ad1e-45c1-a42f-2a010ee22d76", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-16xx/CVE-2023-1649.json b/CVE-2023/CVE-2023-16xx/CVE-2023-1649.json index 1066c20c448..cee10341d58 100644 --- a/CVE-2023/CVE-2023-16xx/CVE-2023-1649.json +++ b/CVE-2023/CVE-2023-16xx/CVE-2023-1649.json @@ -2,15 +2,38 @@ "id": "CVE-2023-1649", "sourceIdentifier": "contact@wpscan.com", "published": "2023-05-08T14:15:12.670", - "lastModified": "2023-05-08T14:17:23.197", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-11T18:53:04.560", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The AI ChatBot WordPress plugin before 4.5.1 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:quantumcloud:ai_chatbot:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "4.5.1", + "matchCriteriaId": "A9D4263D-6763-40F1-BD02-5BAEE0C8C015" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/ea806115-14ab-4bc4-a272-2141cb14454a", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-16xx/CVE-2023-1651.json b/CVE-2023/CVE-2023-16xx/CVE-2023-1651.json index fbc1260d609..8d3736a448f 100644 --- a/CVE-2023/CVE-2023-16xx/CVE-2023-1651.json +++ b/CVE-2023/CVE-2023-16xx/CVE-2023-1651.json @@ -2,15 +2,38 @@ "id": "CVE-2023-1651", "sourceIdentifier": "contact@wpscan.com", "published": "2023-05-08T14:15:12.867", - "lastModified": "2023-05-08T14:17:23.197", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-11T18:52:54.370", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this could also lead to Stored XSS" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -27,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:quantumcloud:ai_chatbot:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "4.4.9", + "matchCriteriaId": "F05D79C5-42D1-4A5E-A56A-13083B32C35D" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/c88b22ba-4fc2-49ad-a457-224157521bad", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-16xx/CVE-2023-1660.json b/CVE-2023/CVE-2023-16xx/CVE-2023-1660.json index b3548839150..6b9fb7e1df2 100644 --- a/CVE-2023/CVE-2023-16xx/CVE-2023-1660.json +++ b/CVE-2023/CVE-2023-16xx/CVE-2023-1660.json @@ -2,15 +2,38 @@ "id": "CVE-2023-1660", "sourceIdentifier": "contact@wpscan.com", "published": "2023-05-08T14:15:13.173", - "lastModified": "2023-05-08T14:17:23.197", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-11T18:50:04.077", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -27,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:quantumcloud:ai_chatbot:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "4.4.9", + "matchCriteriaId": "F05D79C5-42D1-4A5E-A56A-13083B32C35D" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/1a5cbcfc-fa55-433a-a76b-3881b6c4bea2", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1806.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1806.json index 895506a23e4..36b35fa5f8a 100644 --- a/CVE-2023/CVE-2023-18xx/CVE-2023-1806.json +++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1806.json @@ -2,15 +2,38 @@ "id": "CVE-2023-1806", "sourceIdentifier": "contact@wpscan.com", "published": "2023-05-08T14:15:13.310", - "lastModified": "2023-05-08T14:17:23.197", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-11T18:56:50.760", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WP Inventory Manager WordPress plugin before 2.1.0.12 does not sanitise and escape the message parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpinventory:wp_inventory_manager:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.1.0.12", + "matchCriteriaId": "7B645308-BEDC-4A8B-8D97-52903B3077F5" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/38d99c7d-2d10-4910-b95a-1cb545b813c4", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1834.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1834.json new file mode 100644 index 00000000000..2dbc4495324 --- /dev/null +++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1834.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-1834", + "sourceIdentifier": "PSIRT@rockwellautomation.com", + "published": "2023-05-11T19:15:09.283", + "lastModified": "2023-05-11T19:15:09.283", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nRockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running v7.13 may have the telnet and FTP ports open by default.\u00a0 This could potentially allow attackers unauthorized\u00a0access to the device through the open ports." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.4, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139441", + "source": "PSIRT@rockwellautomation.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-217xx/CVE-2023-21776.json b/CVE-2023/CVE-2023-217xx/CVE-2023-21776.json index 9ea179ecfec..35373d5f90f 100644 --- a/CVE-2023/CVE-2023-217xx/CVE-2023-21776.json +++ b/CVE-2023/CVE-2023-217xx/CVE-2023-21776.json @@ -2,7 +2,7 @@ "id": "CVE-2023-21776", "sourceIdentifier": "secure@microsoft.com", "published": "2023-01-10T22:15:19.677", - "lastModified": "2023-04-27T19:15:16.797", + "lastModified": "2023-05-11T18:15:12.250", "vulnStatus": "Modified", "descriptions": [ { @@ -159,6 +159,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/172300/Windows-Kernel-CmpDoReDoCreateKey-CmpDoReOpenTransKey-Out-Of-Bounds-Read.html", + "source": "secure@microsoft.com" + }, { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21776", "source": "secure@microsoft.com" diff --git a/CVE-2023/CVE-2023-227xx/CVE-2023-22710.json b/CVE-2023/CVE-2023-227xx/CVE-2023-22710.json index 326b4de5282..a71d6753cbd 100644 --- a/CVE-2023/CVE-2023-227xx/CVE-2023-22710.json +++ b/CVE-2023/CVE-2023-227xx/CVE-2023-22710.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22710", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-08T23:15:09.820", - "lastModified": "2023-05-09T12:46:35.530", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-11T19:06:29.917", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +64,43 @@ "value": "CWE-79" } ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:return_and_warranty_management_system_for_woocommerce_project:return_and_warranty_management_system_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2.3", + "matchCriteriaId": "94C18F6D-EB77-4D3B-89F0-5A0717BF6007" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wc-return-warrranty/wordpress-return-and-warranty-management-system-for-woocommerce-plugin-1-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-238xx/CVE-2023-23894.json b/CVE-2023/CVE-2023-238xx/CVE-2023-23894.json index 01d9b48c28e..73e94e3b11b 100644 --- a/CVE-2023/CVE-2023-238xx/CVE-2023-23894.json +++ b/CVE-2023/CVE-2023-238xx/CVE-2023-23894.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23894", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-08T22:15:09.163", - "lastModified": "2023-05-09T12:47:05.663", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-11T19:08:44.543", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:surbma:gdpr_proof_cookie_consent_\\&_notice_bar:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "17.6.0", + "matchCriteriaId": "4CD614EE-3663-4B91-9377-AF2D1371B298" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/surbma-gdpr-proof-google-analytics/wordpress-surbma-gdpr-proof-cookie-consent-notice-bar-plugin-17-5-3-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-243xx/CVE-2023-24376.json b/CVE-2023/CVE-2023-243xx/CVE-2023-24376.json index e6698562e55..b1f47cbfa16 100644 --- a/CVE-2023/CVE-2023-243xx/CVE-2023-24376.json +++ b/CVE-2023/CVE-2023-243xx/CVE-2023-24376.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24376", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-08T22:15:09.240", - "lastModified": "2023-05-09T12:47:05.663", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-11T19:08:28.000", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wp_simple_events_project:wp_simple_events:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0", + "matchCriteriaId": "6DD6D660-9B59-4FB3-956F-B5E116C7AB0B" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-simple-events/wordpress-wp-simple-events-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-244xx/CVE-2023-24408.json b/CVE-2023/CVE-2023-244xx/CVE-2023-24408.json index 622cb569e1b..63d39b90fa8 100644 --- a/CVE-2023/CVE-2023-244xx/CVE-2023-24408.json +++ b/CVE-2023/CVE-2023-244xx/CVE-2023-24408.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24408", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-08T15:15:10.730", - "lastModified": "2023-05-08T16:35:01.700", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-11T19:01:08.147", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lightspeedhq:ecwid_ecommerce_shopping_cart:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "6.11.5", + "matchCriteriaId": "BFBF7414-EE79-4C64-9ACA-B1D3820D5D80" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/ecwid-shopping-cart/wordpress-ecwid-ecommerce-shopping-cart-plugin-6-11-5-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2443.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2443.json new file mode 100644 index 00000000000..b81c2adf103 --- /dev/null +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2443.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-2443", + "sourceIdentifier": "PSIRT@rockwellautomation.com", + "published": "2023-05-11T19:15:09.377", + "lastModified": "2023-05-11T19:15:09.377", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nRockwell Automation ThinManager product allows the use of medium strength ciphers. \u00a0If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139442", + "source": "PSIRT@rockwellautomation.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2444.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2444.json new file mode 100644 index 00000000000..299145acf3b --- /dev/null +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2444.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-2444", + "sourceIdentifier": "PSIRT@rockwellautomation.com", + "published": "2023-05-11T19:15:09.437", + "lastModified": "2023-05-11T19:15:09.437", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nA cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. This vulnerability can be exploited in two ways. If an attacker sends a malicious link to a computer that is on the same domain as the FactoryTalk Vantagepoint server and a user clicks the link, the attacker could impersonate the legitimate user and send requests to the affected product.\u00a0\u00a0Additionally, if an attacker sends an untrusted link to a computer that is not on the same domain as the server and a user opens the FactoryTalk Vantagepoint website, enters credentials for the FactoryTalk Vantagepoint server, and clicks on the malicious link a cross site request forgery attack would be successful as well.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.5 + } + ] + }, + "references": [ + { + "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139443", + "source": "PSIRT@rockwellautomation.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-253xx/CVE-2023-25309.json b/CVE-2023/CVE-2023-253xx/CVE-2023-25309.json new file mode 100644 index 00000000000..376509ddd4d --- /dev/null +++ b/CVE-2023/CVE-2023-253xx/CVE-2023-25309.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-25309", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-11T18:15:12.360", + "lastModified": "2023-05-11T18:15:12.360", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://fetlife.com", + "source": "cve@mitre.org" + }, + { + "url": "http://rollout-ui.com", + "source": "cve@mitre.org" + }, + { + "url": "https://packetstormsecurity.com/files/172185/Rollout-UI-0.5-Cross-Site-Scripting.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2560.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2560.json index 1a5125407b5..09025480554 100644 --- a/CVE-2023/CVE-2023-25xx/CVE-2023-2560.json +++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2560.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2560", "sourceIdentifier": "cna@vuldb.com", "published": "2023-05-06T11:15:08.853", - "lastModified": "2023-05-08T02:37:45.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-11T18:27:40.423", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:newbinggogo_project:newbinggogo:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2023.5.5.2", + "matchCriteriaId": "304C9789-73F8-4AD6-BD94-9C3A9E626537" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitee.com/jja8/NewBingGoGo/issues/I6WH2E", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.228167", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.228167", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-282xx/CVE-2023-28248.json b/CVE-2023/CVE-2023-282xx/CVE-2023-28248.json index ce1ea7989b9..79bf43bfc45 100644 --- a/CVE-2023/CVE-2023-282xx/CVE-2023-28248.json +++ b/CVE-2023/CVE-2023-282xx/CVE-2023-28248.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28248", "sourceIdentifier": "secure@microsoft.com", "published": "2023-04-11T21:15:24.803", - "lastModified": "2023-04-19T13:37:31.250", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-11T18:15:12.443", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -116,6 +116,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/172283/Windows-Kernel-CmpCleanupLightWeightPrepare-Use-After-Free.html", + "source": "secure@microsoft.com" + }, { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28248", "source": "secure@microsoft.com", diff --git a/CVE-2023/CVE-2023-282xx/CVE-2023-28271.json b/CVE-2023/CVE-2023-282xx/CVE-2023-28271.json index c6ff89ca80b..bdf18294707 100644 --- a/CVE-2023/CVE-2023-282xx/CVE-2023-28271.json +++ b/CVE-2023/CVE-2023-282xx/CVE-2023-28271.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28271", "sourceIdentifier": "secure@microsoft.com", "published": "2023-04-11T21:15:26.120", - "lastModified": "2023-04-13T01:09:39.853", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-11T18:15:12.650", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -142,6 +142,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/172298/Windows-Kernel-Uninitialized-Memory-Pointer-Disclosure.html", + "source": "secure@microsoft.com" + }, { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28271", "source": "secure@microsoft.com", diff --git a/CVE-2023/CVE-2023-282xx/CVE-2023-28293.json b/CVE-2023/CVE-2023-282xx/CVE-2023-28293.json index 47a4c605f0a..c1659daf95f 100644 --- a/CVE-2023/CVE-2023-282xx/CVE-2023-28293.json +++ b/CVE-2023/CVE-2023-282xx/CVE-2023-28293.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28293", "sourceIdentifier": "secure@microsoft.com", "published": "2023-04-11T21:15:27.317", - "lastModified": "2023-04-19T20:53:46.347", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-11T18:15:12.817", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -136,6 +136,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/172300/Windows-Kernel-CmpDoReDoCreateKey-CmpDoReOpenTransKey-Out-Of-Bounds-Read.html", + "source": "secure@microsoft.com" + }, { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28293", "source": "secure@microsoft.com", diff --git a/CVE-2023/CVE-2023-284xx/CVE-2023-28493.json b/CVE-2023/CVE-2023-284xx/CVE-2023-28493.json index 7716b252f89..98e81f4fbdf 100644 --- a/CVE-2023/CVE-2023-284xx/CVE-2023-28493.json +++ b/CVE-2023/CVE-2023-284xx/CVE-2023-28493.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28493", "sourceIdentifier": "audit@patchstack.com", "published": "2023-05-08T15:15:10.910", - "lastModified": "2023-05-08T16:35:01.700", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-11T18:59:41.717", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:machothemes:newsmag:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.4.4", + "matchCriteriaId": "10AF610D-03B0-4F0D-8BAE-FB5C840922D0" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/newsmag/wordpress-newsmag-theme-2-4-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29022.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29022.json new file mode 100644 index 00000000000..eb04e39341d --- /dev/null +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29022.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-29022", + "sourceIdentifier": "PSIRT@rockwellautomation.com", + "published": "2023-05-11T18:15:13.023", + "lastModified": "2023-05-11T18:15:13.023", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nA cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product \n\nthat could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438", + "source": "PSIRT@rockwellautomation.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29023.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29023.json new file mode 100644 index 00000000000..57daf06b3cc --- /dev/null +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29023.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-29023", + "sourceIdentifier": "PSIRT@rockwellautomation.com", + "published": "2023-05-11T18:15:13.163", + "lastModified": "2023-05-11T18:15:13.163", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nA cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438", + "source": "PSIRT@rockwellautomation.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29024.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29024.json new file mode 100644 index 00000000000..314d3a95ec0 --- /dev/null +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29024.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-29024", + "sourceIdentifier": "PSIRT@rockwellautomation.com", + "published": "2023-05-11T18:15:13.240", + "lastModified": "2023-05-11T18:15:13.240", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nA cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product \n\nA cross site scripting vulnerability was discovered that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438", + "source": "PSIRT@rockwellautomation.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29025.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29025.json new file mode 100644 index 00000000000..b3e8865ebc9 --- /dev/null +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29025.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-29025", + "sourceIdentifier": "PSIRT@rockwellautomation.com", + "published": "2023-05-11T18:15:13.323", + "lastModified": "2023-05-11T18:15:13.323", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nA cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product \n\nthat could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438", + "source": "PSIRT@rockwellautomation.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29026.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29026.json new file mode 100644 index 00000000000..b7e354fcd38 --- /dev/null +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29026.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-29026", + "sourceIdentifier": "PSIRT@rockwellautomation.com", + "published": "2023-05-11T18:15:13.420", + "lastModified": "2023-05-11T18:15:13.420", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nA cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product \n\nthat could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438", + "source": "PSIRT@rockwellautomation.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29027.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29027.json new file mode 100644 index 00000000000..b916bcc13f1 --- /dev/null +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29027.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-29027", + "sourceIdentifier": "PSIRT@rockwellautomation.com", + "published": "2023-05-11T18:15:13.517", + "lastModified": "2023-05-11T18:15:13.517", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nA cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product \n\nthat could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438", + "source": "PSIRT@rockwellautomation.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29028.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29028.json new file mode 100644 index 00000000000..2da57e3a3f4 --- /dev/null +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29028.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-29028", + "sourceIdentifier": "PSIRT@rockwellautomation.com", + "published": "2023-05-11T18:15:13.610", + "lastModified": "2023-05-11T18:15:13.610", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nA cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product \n\nthat could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438", + "source": "PSIRT@rockwellautomation.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29029.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29029.json new file mode 100644 index 00000000000..241f0aed922 --- /dev/null +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29029.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-29029", + "sourceIdentifier": "PSIRT@rockwellautomation.com", + "published": "2023-05-11T18:15:13.677", + "lastModified": "2023-05-11T18:15:13.677", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nA cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product \n\nthat could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438", + "source": "PSIRT@rockwellautomation.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29030.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29030.json new file mode 100644 index 00000000000..98003ed9028 --- /dev/null +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29030.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-29030", + "sourceIdentifier": "PSIRT@rockwellautomation.com", + "published": "2023-05-11T18:15:13.770", + "lastModified": "2023-05-11T18:15:13.770", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nA cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438", + "source": "PSIRT@rockwellautomation.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29031.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29031.json new file mode 100644 index 00000000000..e3398b1cdfd --- /dev/null +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29031.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-29031", + "sourceIdentifier": "PSIRT@rockwellautomation.com", + "published": "2023-05-11T18:15:13.843", + "lastModified": "2023-05-11T18:15:13.843", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nA cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "PSIRT@rockwellautomation.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139438", + "source": "PSIRT@rockwellautomation.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29085.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29085.json index f36fe366730..6daa274e000 100644 --- a/CVE-2023/CVE-2023-290xx/CVE-2023-29085.json +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29085.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29085", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-14T21:15:08.193", - "lastModified": "2023-04-24T16:52:25.167", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-11T18:15:13.953", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -231,6 +231,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/172288/Shannon-Baseband-SIP-Status-Line-Stack-Buffer-Overflow.html", + "source": "cve@mitre.org" + }, { "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29086.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29086.json index e4bb243d33f..37f11a514c0 100644 --- a/CVE-2023/CVE-2023-290xx/CVE-2023-29086.json +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29086.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29086", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-14T21:15:08.243", - "lastModified": "2023-04-24T16:52:10.910", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-11T18:15:14.200", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -231,6 +231,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/172293/Shannon-Baseband-SIP-Min-SE-Header-Stack-Buffer-Overflow.html", + "source": "cve@mitre.org" + }, { "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29087.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29087.json index fc448f4278c..bdbeb6f48c0 100644 --- a/CVE-2023/CVE-2023-290xx/CVE-2023-29087.json +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29087.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29087", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-14T21:15:08.293", - "lastModified": "2023-04-24T16:51:38.263", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-11T18:15:14.300", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -231,6 +231,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/172295/Shannon-Baseband-SIP-Retry-After-Header-Heap-Buffer-Overflow.html", + "source": "cve@mitre.org" + }, { "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29088.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29088.json index 0cb9e50ada2..b7c11ad23b9 100644 --- a/CVE-2023/CVE-2023-290xx/CVE-2023-29088.json +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29088.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29088", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-14T21:15:08.337", - "lastModified": "2023-04-24T16:51:08.510", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-11T18:15:14.563", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -231,6 +231,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/172289/Shannon-Baseband-SIP-Session-Expires-Header-Stack-Buffer-Overflow.html", + "source": "cve@mitre.org" + }, { "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29089.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29089.json index d659f9fd6a2..4b0457feb1f 100644 --- a/CVE-2023/CVE-2023-290xx/CVE-2023-29089.json +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29089.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29089", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-14T21:15:08.400", - "lastModified": "2023-04-24T16:50:30.033", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-11T18:15:14.927", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -231,6 +231,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/172292/Shannon-Baseband-Negative-Size-Memcpy-Out-Of-Bounds-Read.html", + "source": "cve@mitre.org" + }, { "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29090.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29090.json index 13e6881e9a2..16e6f5f3f8d 100644 --- a/CVE-2023/CVE-2023-290xx/CVE-2023-29090.json +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29090.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29090", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-14T21:15:08.447", - "lastModified": "2023-04-24T16:49:52.767", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-11T18:15:15.277", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -231,6 +231,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/172287/Shannon-Baseband-Via-Header-Decoder-Stack-Buffer-Overflow.html", + "source": "cve@mitre.org" + }, { "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29091.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29091.json index 0e8c9939a6c..cee742d1ec7 100644 --- a/CVE-2023/CVE-2023-290xx/CVE-2023-29091.json +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29091.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29091", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-14T21:15:08.493", - "lastModified": "2023-04-24T16:49:36.503", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-11T18:15:15.443", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -231,6 +231,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/172282/Shannon-Baseband-SIP-URI-Decoder-Stack-Buffer-Overflow.html", + "source": "cve@mitre.org" + }, { "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-299xx/CVE-2023-29932.json b/CVE-2023/CVE-2023-299xx/CVE-2023-29932.json index 0529f221266..289f48644e6 100644 --- a/CVE-2023/CVE-2023-299xx/CVE-2023-29932.json +++ b/CVE-2023/CVE-2023-299xx/CVE-2023-29932.json @@ -2,19 +2,75 @@ "id": "CVE-2023-29932", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-05T15:15:09.633", - "lastModified": "2023-05-05T16:27:24.373", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-11T18:02:30.523", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component mlir::IROperand(mlir::sparse_tensor::SortOp." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:llvm:llvm:2023-01-12:*:*:*:*:*:*:*", + "matchCriteriaId": "3693A1CB-2899-4946-A444-0FB73D378422" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/llvm/llvm-project/issues/59988", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-299xx/CVE-2023-29942.json b/CVE-2023/CVE-2023-299xx/CVE-2023-29942.json index 0f9613c8de6..e4a58921e8e 100644 --- a/CVE-2023/CVE-2023-299xx/CVE-2023-29942.json +++ b/CVE-2023/CVE-2023-299xx/CVE-2023-29942.json @@ -2,19 +2,75 @@ "id": "CVE-2023-29942", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-05T15:15:09.970", - "lastModified": "2023-05-05T16:27:24.373", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-11T18:23:44.497", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::Type::isa