diff --git a/CVE-2022/CVE-2022-239xx/CVE-2022-23994.json b/CVE-2022/CVE-2022-239xx/CVE-2022-23994.json index 0a279c58c88..ba3f2d6b678 100644 --- a/CVE-2022/CVE-2022-239xx/CVE-2022-23994.json +++ b/CVE-2022/CVE-2022-239xx/CVE-2022-23994.json @@ -2,7 +2,7 @@ "id": "CVE-2022-23994", "sourceIdentifier": "mobile.security@samsung.com", "published": "2022-02-11T18:15:11.890", - "lastModified": "2022-02-22T14:15:21.270", + "lastModified": "2023-06-23T20:25:30.300", "vulnStatus": "Analyzed", "descriptions": [ { @@ -90,7 +90,7 @@ "description": [ { "lang": "en", - "value": "CWE-863" + "value": "NVD-CWE-Other" } ] }, diff --git a/CVE-2022/CVE-2022-240xx/CVE-2022-24002.json b/CVE-2022/CVE-2022-240xx/CVE-2022-24002.json index dc0cd1e2884..e7765d8ea51 100644 --- a/CVE-2022/CVE-2022-240xx/CVE-2022-24002.json +++ b/CVE-2022/CVE-2022-240xx/CVE-2022-24002.json @@ -2,7 +2,7 @@ "id": "CVE-2022-24002", "sourceIdentifier": "mobile.security@samsung.com", "published": "2022-02-11T18:15:12.307", - "lastModified": "2022-02-18T20:54:51.203", + "lastModified": "2023-06-23T20:29:06.967", "vulnStatus": "Analyzed", "descriptions": [ { @@ -90,7 +90,7 @@ "description": [ { "lang": "en", - "value": "CWE-863" + "value": "NVD-CWE-Other" } ] }, diff --git a/CVE-2022/CVE-2022-240xx/CVE-2022-24063.json b/CVE-2022/CVE-2022-240xx/CVE-2022-24063.json index a39d1059679..af2a2ce47f8 100644 --- a/CVE-2022/CVE-2022-240xx/CVE-2022-24063.json +++ b/CVE-2022/CVE-2022-240xx/CVE-2022-24063.json @@ -2,7 +2,7 @@ "id": "CVE-2022-24063", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2022-02-18T20:15:18.487", - "lastModified": "2022-02-28T17:43:00.817", + "lastModified": "2023-06-23T20:24:12.420", "vulnStatus": "Analyzed", "descriptions": [ { @@ -87,8 +87,18 @@ }, "weaknesses": [ { - "source": "zdi-disclosures@trendmicro.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-249xx/CVE-2022-24915.json b/CVE-2022/CVE-2022-249xx/CVE-2022-24915.json index 8820246f03b..cc1a639043d 100644 --- a/CVE-2022/CVE-2022-249xx/CVE-2022-24915.json +++ b/CVE-2022/CVE-2022-249xx/CVE-2022-24915.json @@ -2,7 +2,7 @@ "id": "CVE-2022-24915", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2022-03-10T17:46:38.743", - "lastModified": "2022-03-17T18:18:09.263", + "lastModified": "2023-06-23T20:25:06.257", "vulnStatus": "Analyzed", "descriptions": [ { @@ -90,7 +90,7 @@ "description": [ { "lang": "en", - "value": "CWE-94" + "value": "NVD-CWE-Other" } ] }, diff --git a/CVE-2022/CVE-2022-249xx/CVE-2022-24923.json b/CVE-2022/CVE-2022-249xx/CVE-2022-24923.json index 1bc73f67d5c..7219f4aaab1 100644 --- a/CVE-2022/CVE-2022-249xx/CVE-2022-24923.json +++ b/CVE-2022/CVE-2022-249xx/CVE-2022-24923.json @@ -2,7 +2,7 @@ "id": "CVE-2022-24923", "sourceIdentifier": "mobile.security@samsung.com", "published": "2022-02-11T18:15:12.483", - "lastModified": "2022-02-22T20:05:20.493", + "lastModified": "2023-06-23T20:29:11.290", "vulnStatus": "Analyzed", "descriptions": [ { @@ -90,7 +90,7 @@ "description": [ { "lang": "en", - "value": "CWE-863" + "value": "NVD-CWE-Other" } ] }, diff --git a/CVE-2022/CVE-2022-249xx/CVE-2022-24924.json b/CVE-2022/CVE-2022-249xx/CVE-2022-24924.json index 58524f8f83c..baf4c6d4ee9 100644 --- a/CVE-2022/CVE-2022-249xx/CVE-2022-24924.json +++ b/CVE-2022/CVE-2022-249xx/CVE-2022-24924.json @@ -2,7 +2,7 @@ "id": "CVE-2022-24924", "sourceIdentifier": "mobile.security@samsung.com", "published": "2022-02-11T18:15:12.543", - "lastModified": "2022-02-22T20:27:33.930", + "lastModified": "2023-06-23T20:29:15.917", "vulnStatus": "Analyzed", "descriptions": [ { @@ -90,7 +90,7 @@ "description": [ { "lang": "en", - "value": "CWE-863" + "value": "NVD-CWE-Other" } ] }, diff --git a/CVE-2022/CVE-2022-285xx/CVE-2022-28550.json b/CVE-2022/CVE-2022-285xx/CVE-2022-28550.json index 20f3ff7922d..eb1cbd0a9a7 100644 --- a/CVE-2022/CVE-2022-285xx/CVE-2022-28550.json +++ b/CVE-2022/CVE-2022-285xx/CVE-2022-28550.json @@ -2,23 +2,84 @@ "id": "CVE-2022-28550", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-13T20:15:08.907", - "lastModified": "2023-06-13T21:27:45.680", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T20:10:56.137", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead. jhead copies strings to a stack buffer when it detects a &i or &o. However, jhead does not check the boundary of the stack buffer. As a result, there will be a stack buffer overflow problem when multiple `&i` or `&o` are given." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jhead_project:jhead:3.06:*:*:*:*:*:*:*", + "matchCriteriaId": "D05C20ED-B09A-43EE-8D82-0524C33E0E60" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Matthias-Wandel/jhead/commit/64894dbc7d8e1e232e85f1cab25c64290b2fc167", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/Matthias-Wandel/jhead/issues/51", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-259xx/CVE-2023-25974.json b/CVE-2023/CVE-2023-259xx/CVE-2023-25974.json index 8449b0b5303..7c39f46ae18 100644 --- a/CVE-2023/CVE-2023-259xx/CVE-2023-25974.json +++ b/CVE-2023/CVE-2023-259xx/CVE-2023-25974.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25974", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-16T12:15:09.190", - "lastModified": "2023-06-16T12:47:13.233", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T21:27:01.080", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wp2syslog_project:wp2syslog:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.5", + "matchCriteriaId": "9A18FEED-9C33-4334-8683-823AEACD2D96" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp2syslog/wordpress-wp2syslog-plugin-1-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-274xx/CVE-2023-27420.json b/CVE-2023/CVE-2023-274xx/CVE-2023-27420.json index 817b2e93161..d5521c5bd58 100644 --- a/CVE-2023/CVE-2023-274xx/CVE-2023-27420.json +++ b/CVE-2023/CVE-2023-274xx/CVE-2023-27420.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27420", "sourceIdentifier": "audit@patchstack.com", "published": "2023-06-16T11:15:08.923", - "lastModified": "2023-06-16T12:47:13.233", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T21:27:11.370", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:everestthemes:arya_multipurpose:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.5", + "matchCriteriaId": "D3901EE4-0052-4706-932D-4A237BD4E2D2" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/arya-multipurpose/wordpress-arya-multipurpose-theme-1-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-279xx/CVE-2023-27908.json b/CVE-2023/CVE-2023-279xx/CVE-2023-27908.json new file mode 100644 index 00000000000..cda6f3ef561 --- /dev/null +++ b/CVE-2023/CVE-2023-279xx/CVE-2023-27908.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-27908", + "sourceIdentifier": "psirt@autodesk.com", + "published": "2023-06-23T20:15:08.997", + "lastModified": "2023-06-23T20:15:08.997", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A maliciously crafted DLL file can be forced to write beyond allocated boundaries in the Autodesk installer when parsing the DLL files and could lead to a Privilege Escalation vulnerability." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0010", + "source": "psirt@autodesk.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-295xx/CVE-2023-29562.json b/CVE-2023/CVE-2023-295xx/CVE-2023-29562.json index 71e06760e8d..6336c2a5857 100644 --- a/CVE-2023/CVE-2023-295xx/CVE-2023-29562.json +++ b/CVE-2023/CVE-2023-295xx/CVE-2023-29562.json @@ -2,19 +2,87 @@ "id": "CVE-2023-29562", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-13T20:15:09.027", - "lastModified": "2023-06-13T21:27:45.680", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T20:04:20.847", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "TP-Link TL-WPA7510 (EU)_V2_190125 was discovered to contain a stack overflow via the operation parameter at /admin/locale." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:tl-wpa7510_firmware:190125:*:*:*:*:*:*:*", + "matchCriteriaId": "3008E9A7-1E0F-4B67-8F71-FE926C216620" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:tl-wpa7510:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "866F9BBC-7CF2-4B9E-98B6-F4DFD9E1ACE4" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/lzd521/IOT/tree/main/TP-Link%20WPA7510", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32369.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32369.json index a5167d20eaa..a6554804228 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32369.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32369.json @@ -2,27 +2,107 @@ "id": "CVE-2023-32369", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:11.870", - "lastModified": "2023-06-23T19:24:43.457", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-06-23T20:21:15.293", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.5, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.0", + "versionEndExcluding": "11.7.7", + "matchCriteriaId": "B59D22F2-6EBD-4943-A009-F740265938AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0", + "versionEndExcluding": "12.6.6", + "matchCriteriaId": "250A8AAA-1213-4237-921D-71B0B0B0ED3C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.4", + "matchCriteriaId": "DA07361B-D827-471F-9443-4BE4265D6A3B" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/HT213758", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213759", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213760", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3212.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3212.json new file mode 100644 index 00000000000..4028736201d --- /dev/null +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3212.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-3212", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-06-23T20:15:09.563", + "lastModified": "2023-06-23T20:15:09.563", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2214348", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/torvalds/linux/commit/504a10d9e46bc37b23d0a1ae2f28973c8516e636", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3294.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3294.json index 87ff443e858..d36aafb52a8 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3294.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3294.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3294", "sourceIdentifier": "security@huntr.dev", "published": "2023-06-16T12:15:09.393", - "lastModified": "2023-06-16T12:47:13.233", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T21:26:49.927", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:saleor:react-storefront:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023-06-16", + "matchCriteriaId": "27BF056E-56C0-494A-8932-1AC1BF4FDA23" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/saleor/react-storefront/commit/c29aab226f07ca980cc19787dcef101e11b83ef7", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/9d308ebb-4289-411f-ac22-990383d98932", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33306.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33306.json index 10db2b0a25e..abcd3951961 100644 --- a/CVE-2023/CVE-2023-333xx/CVE-2023-33306.json +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33306.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33306", "sourceIdentifier": "psirt@fortinet.com", "published": "2023-06-16T10:15:09.467", - "lastModified": "2023-06-16T12:47:13.233", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T21:27:39.787", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "psirt@fortinet.com", "type": "Secondary", @@ -34,10 +54,72 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndExcluding": "7.0.10", + "matchCriteriaId": "5E6D4C77-6D88-4DD2-8A5C-610DE901EBBB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.2.0", + "versionEndExcluding": "7.2.4", + "matchCriteriaId": "9A0AB0B8-819F-46EE-A921-119B76A138B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.4.0", + "versionEndExcluding": "6.4.13", + "matchCriteriaId": "B153B056-24AE-41C4-B644-65E080C18360" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndExcluding": "7.0.11", + "matchCriteriaId": "8870AB06-C50F-452A-952C-30DE7860264E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.2.0", + "versionEndExcluding": "7.2.5", + "matchCriteriaId": "4562BDF7-D894-4CD8-95AC-9409FDEBE73F" + } + ] + } + ] + } + ], "references": [ { "url": "https://fortiguard.com/psirt/FG-IR-23-015", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33307.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33307.json index 50c81730776..05341ae0417 100644 --- a/CVE-2023/CVE-2023-333xx/CVE-2023-33307.json +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33307.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33307", "sourceIdentifier": "psirt@fortinet.com", "published": "2023-06-16T10:15:09.523", - "lastModified": "2023-06-16T12:47:13.233", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T21:27:26.713", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "psirt@fortinet.com", "type": "Secondary", @@ -34,10 +54,72 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndIncluding": "7.0.9", + "matchCriteriaId": "DAC18F7E-5242-4F36-BB42-FEC33B3AC075" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.2.0", + "versionEndIncluding": "7.2.3", + "matchCriteriaId": "3A99FF48-370E-4D2A-B5CC-889EA21AB213" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndExcluding": "7.0.11", + "matchCriteriaId": "8870AB06-C50F-452A-952C-30DE7860264E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.2.0", + "versionEndExcluding": "7.2.5", + "matchCriteriaId": "4562BDF7-D894-4CD8-95AC-9409FDEBE73F" + } + ] + } + ] + } + ], "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/258201", + "source": "nvd@nist.gov", + "tags": [ + "Third Party Advisory" + ] + }, { "url": "https://fortiguard.com/psirt/FG-IR-23-015", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-334xx/CVE-2023-33438.json b/CVE-2023/CVE-2023-334xx/CVE-2023-33438.json index 03c6c1df99b..015b84a1960 100644 --- a/CVE-2023/CVE-2023-334xx/CVE-2023-33438.json +++ b/CVE-2023/CVE-2023-334xx/CVE-2023-33438.json @@ -2,23 +2,81 @@ "id": "CVE-2023-33438", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-16T21:15:09.247", - "lastModified": "2023-06-17T02:32:29.473", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T21:19:32.180", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A stored Cross-site scripting (XSS) vulnerability in Wolters Kluwer TeamMate+ 35.0.11.0 allows remote attackers to inject arbitrary web script or HTML." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wolterskluwer:teammate\\+:35.0.11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3431B790-83FD-4B6F-8CB1-B8BCCC31174E" + } + ] + } + ] + } + ], "references": [ { "url": "http://wolters.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] }, { "url": "https://github.com/justas-dee/CVEs/blob/main/CVE-2023-33438/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34188.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34188.json new file mode 100644 index 00000000000..1efb259e56e --- /dev/null +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34188.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-34188", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-23T20:15:09.053", + "lastModified": "2023-06-23T20:15:09.053", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/cesanta/mongoose/commit/4663090a8fb036146dfe77718cff612b0101cb0f", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/cesanta/mongoose/compare/7.9...7.10", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/cesanta/mongoose/pull/2197", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34203.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34203.json new file mode 100644 index 00000000000..ab9f817480e --- /dev/null +++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34203.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-34203", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-23T20:15:09.103", + "lastModified": "2023-06-23T20:15:09.103", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and 12.3.x through 12.6.x before 12.7." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.progress.com/openedge", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34254.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34254.json new file mode 100644 index 00000000000..b18560bbabf --- /dev/null +++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34254.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-34254", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-06-23T21:15:09.320", + "lastModified": "2023-06-23T21:15:09.320", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. In the case, the agent is running with administration privileges, a malicious user could gain high privileges on the computer glpi-agent is running on. A malicious user could also disclose all remote accesses the agent is configured with for remoteinventory task. This vulnerability has been patched in glpi-agent 1.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/glpi-project/glpi-agent/blob/dd313ee0914becf74c0e48cb512765210043b478/Changes#L98", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/glpi-project/glpi-agent/security/advisories/GHSA-39vc-hxgm-j465", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-344xx/CVE-2023-34460.json b/CVE-2023/CVE-2023-344xx/CVE-2023-34460.json new file mode 100644 index 00000000000..55ec2307a72 --- /dev/null +++ b/CVE-2023/CVE-2023-344xx/CVE-2023-34460.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-34460", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-06-23T20:15:09.147", + "lastModified": "2023-06-23T20:15:09.147", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Tauri is a framework for building binaries for all major desktop platforms. The 1.4.0 release includes a regression on the Filesystem scope check for dotfiles on Unix. Previously dotfiles were not implicitly allowed by the glob wildcard scopes (eg. `$HOME/*`), but a regression was introduced when a configuration option for this behavior was implemented. Only Tauri applications using wildcard scopes in the `fs` endpoint are affected. The regression has been patched on version 1.4.1.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-285" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/tauri-apps/tauri/commit/066c09a6ea06f42f550d090715e06beb65cd5564", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/tauri-apps/tauri/pull/6969#discussion_r1232018347", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/tauri-apps/tauri/pull/7227", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-wmff-grcw-jcfm", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-346xx/CVE-2023-34659.json b/CVE-2023/CVE-2023-346xx/CVE-2023-34659.json index 630837783b9..36139f48e16 100644 --- a/CVE-2023/CVE-2023-346xx/CVE-2023-34659.json +++ b/CVE-2023/CVE-2023-346xx/CVE-2023-34659.json @@ -2,19 +2,80 @@ "id": "CVE-2023-34659", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-16T18:15:09.437", - "lastModified": "2023-06-16T18:24:22.883", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T21:25:28.887", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jeecg:jeecg_boot:3.5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FEDFF952-7B1F-44EB-98BA-265CB22D6FB3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jeecg:jeecg_boot:3.5.1:*:*:*:*:*:*:*", + "matchCriteriaId": "52891D2B-E0C4-4263-9804-45F1551B5142" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/jeecgboot/jeecg-boot/issues/4976", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-346xx/CVE-2023-34660.json b/CVE-2023/CVE-2023-346xx/CVE-2023-34660.json index 4cf116358d1..766dfec12b3 100644 --- a/CVE-2023/CVE-2023-346xx/CVE-2023-34660.json +++ b/CVE-2023/CVE-2023-346xx/CVE-2023-34660.json @@ -2,19 +2,79 @@ "id": "CVE-2023-34660", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-16T18:15:09.483", - "lastModified": "2023-06-16T18:24:22.883", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T21:24:20.913", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jeecg:jeecg_boot:3.5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FEDFF952-7B1F-44EB-98BA-265CB22D6FB3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jeecg:jeecg_boot:3.5.1:*:*:*:*:*:*:*", + "matchCriteriaId": "52891D2B-E0C4-4263-9804-45F1551B5142" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/jeecgboot/jeecg-boot/issues/4990", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-348xx/CVE-2023-34832.json b/CVE-2023/CVE-2023-348xx/CVE-2023-34832.json index 3a3b5f52659..7091c8e6a1c 100644 --- a/CVE-2023/CVE-2023-348xx/CVE-2023-34832.json +++ b/CVE-2023/CVE-2023-348xx/CVE-2023-34832.json @@ -2,31 +2,103 @@ "id": "CVE-2023-34832", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-16T18:15:09.523", - "lastModified": "2023-06-16T19:15:14.657", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T21:19:44.893", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer overflow via the function FUN_131e8 - 0x132B4." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:archer_ax10_firmware:230220:*:*:*:*:*:*:*", + "matchCriteriaId": "6E17A5B6-49DB-439E-8688-975E70553FCD" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:archer_ax10:1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "9D7B35C7-62F8-4B0F-B038-DE128C058279" + } + ] + } + ] + } + ], "references": [ - { - "url": "http://archer.com", - "source": "cve@mitre.org" - }, { "url": "http://packetstormsecurity.com/files/172989/TP-Link-Archer-AX10-EU-_V1.2_230220-Buffer-Overflow.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://tp-link.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://gist.github.com/jhacker91/2026e080a42514255e758d64b465d1d5", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35154.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35154.json new file mode 100644 index 00000000000..b13d5c0201b --- /dev/null +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35154.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-35154", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-06-23T21:15:09.400", + "lastModified": "2023-06-23T21:15:09.400", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Knowage is an open source analytics and business intelligence suite. Starting in version 6.0.0 and prior to version 8.1.8, an attacker can register and activate their account without having to click on the link included in the email, allowing them access to the application as a normal user. This issue has been patched in version 8.1.8." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-48hp-jvv8-cf62", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35163.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35163.json new file mode 100644 index 00000000000..1f8b9c27b6d --- /dev/null +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35163.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-35163", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-06-23T21:15:09.473", + "lastModified": "2023-06-23T21:15:09.473", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vega is a decentralized trading platform that allows pseudo-anonymous trading of derivatives on a blockchain. Prior to version 0.71.6, a vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega\u2019s Ethereum bridge. For example, a deposit to the collateral bridge for 100USDT that credits a party\u2019s general account on Vega, can be re-processed 50 times resulting in 5000USDT in that party\u2019s general account. This is without depositing any more than the original 100USDT on the bridge. Despite this exploit requiring access to a validator's Vega key, a validator key can be obtained at the small cost of 3000VEGA, the amount needed to announce a new node onto the network.\n\nA patch is available in version 0.71.6. No known workarounds are available, however there are mitigations in place should this vulnerability be exploited. There are monitoring alerts for `mainnet1` in place to identify any issues of this nature including this vulnerability being exploited. The validators have the ability to stop the bridge thus stopping any withdrawals should this vulnerability be exploited." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:L", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.2, + "impactScore": 5.3 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/vegaprotocol/vega/commit/56b09bf57af8cd9eca5996252d86f469a3e34c68", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/vegaprotocol/vega/releases/tag/v0.71.6", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/vegaprotocol/vega/security/advisories/GHSA-8rc9-vxjh-qjf2", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35165.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35165.json new file mode 100644 index 00000000000..3782901d59a --- /dev/null +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35165.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-35165", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-06-23T21:15:09.553", + "lastModified": "2023-06-23T21:15:09.553", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. In the packages `aws-cdk-lib` 2.0.0 until 2.80.0 and `@aws-cdk/aws-eks` 1.57.0 until 1.202.0, `eks.Cluster` and `eks.FargateCluster` constructs create two roles, `CreationRole` and `default MastersRole`, that have an overly permissive trust policy. \n \nThe first, referred to as the `CreationRole`, is used by lambda handlers to create the cluster and deploy Kubernetes resources (e.g `KubernetesManifest`, `HelmChart`, ...) onto it. Users with CDK version higher or equal to 1.62.0 (including v2 users) may be affected.\n \nThe second, referred to as the `default MastersRole`, is provisioned only if the `mastersRole` property isn't provided and has permissions to execute `kubectl` commands on the cluster. Users with CDK version higher or equal to 1.57.0 (including v2 users) may be affected.\n\nThe issue has been fixed in `@aws-cdk/aws-eks` v1.202.0 and `aws-cdk-lib` v2.80.0. These versions no longer use the account root principal. Instead, they restrict the trust policy to the specific roles of lambda handlers that need it. There is no workaround available for CreationRole. To avoid creating the `default MastersRole`, use the `mastersRole` property to explicitly provide a role." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.7, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/aws/aws-cdk/issues/25674", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/aws/aws-cdk/security/advisories/GHSA-rx28-r23p-2qc3", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35167.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35167.json new file mode 100644 index 00000000000..7b7c5095ec4 --- /dev/null +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35167.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-35167", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-06-23T20:15:09.227", + "lastModified": "2023-06-23T20:15:09.227", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the `@Entity` decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the `id` of an entity instance is not authorized to access, can gain read, update and delete access to it. The issue is fixed in version 0.20.6. As a workaround, set the `apiPrefilter` option to a filter object instead of a function." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/remult/remult/commit/6892ae97134126d8710ef7302bb2fc37730994c5", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/remult/remult/releases/tag/v0.20.6", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/remult/remult/security/advisories/GHSA-7hh3-3x64-v2g9", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35169.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35169.json new file mode 100644 index 00000000000..c22e606f5ca --- /dev/null +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35169.json @@ -0,0 +1,71 @@ +{ + "id": "CVE-2023-35169", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-06-23T21:15:09.627", + "lastModified": "2023-06-23T21:15:09.627", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a remote code execution vulnerability. Every application that stores attachments with `Attachment::save()` without providing a `$filename` or passing unsanitized user input is affected by this attack.\n\nAn attacker can send an email with a malicious attachment to the inbox, which gets crawled with `webklex/php-imap` or `webklex/laravel-imap`. Prerequisite for the vulnerability is that the script stores the attachments without providing a `$filename`, or providing an unsanitized `$filename`, in `src/Attachment::save(string $path, string $filename = null)`. In this case, where no `$filename` gets passed into the `Attachment::save()` method, the package would use a series of unsanitized and insecure input values from the mail as fallback. Even if a developer passes a `$filename` into the `Attachment::save()` method, e.g. by passing the name or filename of the mail attachment itself (from email headers), the input values never get sanitized by the package. There is also no restriction about the file extension (e.g. \".php\") or the contents of a file. This allows an attacker to upload malicious code of any type and content at any location where the underlying user has write permissions. The attacker can also overwrite existing files and inject malicious code into files that, e.g. get executed by the system via cron or requests.\n\nVersion 5.3.0 contains a patch for this issue." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.2, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Webklex/php-imap/blob/5.2.0/src/Attachment.php#L251-L255", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/Webklex/php-imap/blob/5.2.0/src/Attachment.php#L252", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/Webklex/php-imap/pull/414", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/Webklex/php-imap/releases/tag/5.3.0", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/Webklex/php-imap/security/advisories/GHSA-47p7-xfcc-4pv9", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35171.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35171.json new file mode 100644 index 00000000000..ee40c420065 --- /dev/null +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35171.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-35171", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-06-23T21:15:09.703", + "lastModified": "2023-06-23T21:15:09.703", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. Starting in version 26.0.0 and prior to version 26.0.2, an attacker could supply a URL that redirects an unsuspecting victim from a legitimate domain to an attacker's site. Nextcloud Server and Nextcloud Enterprise Server 26.0.2 contain a patch for this issue. No known workarounds are available." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h353-vvwv-j2r4", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/nextcloud/server/pull/38194", + "source": "security-advisories@github.com" + }, + { + "url": "https://hackerone.com/reports/1977222", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35172.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35172.json new file mode 100644 index 00000000000..14bc38eb499 --- /dev/null +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35172.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-35172", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-06-23T21:15:09.777", + "lastModified": "2023-06-23T21:15:09.777", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, an attacker can bruteforce the password reset links. Nextcloud Server n 25.0.7 and 26.0.2 and Nextcloud Enterprise Server 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2 contain a patch for this issue. No known workarounds are available." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-307" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mjf5-p765-qmr6", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/nextcloud/server/pull/38267", + "source": "security-advisories@github.com" + }, + { + "url": "https://hackerone.com/reports/1987062", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35173.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35173.json new file mode 100644 index 00000000000..ec2ed8e3071 --- /dev/null +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35173.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-35173", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-06-23T21:15:09.853", + "lastModified": "2023-06-23T21:15:09.853", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Nextcloud End-to-end encryption app provides all the necessary APIs to implement End-to-End encryption on the client side. By providing an invalid meta data file, an attacker can make previously dropped files inaccessible. It is recommended that the Nextcloud End-to-end encryption app is upgraded to version 1.12.4 that contains the fix.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/nextcloud/end_to_end_encryption/pull/435", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x7c7-v5r3-mg37", + "source": "security-advisories@github.com" + }, + { + "url": "https://hackerone.com/reports/1914115", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-357xx/CVE-2023-35759.json b/CVE-2023/CVE-2023-357xx/CVE-2023-35759.json new file mode 100644 index 00000000000..bbf3b2f47cb --- /dev/null +++ b/CVE-2023/CVE-2023-357xx/CVE-2023-35759.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-35759", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-23T20:15:09.307", + "lastModified": "2023-06-23T20:15:09.307", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Progress WhatsUp Gold before 23.0.0, an SNMP-related application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://community.progress.com/s/article/Product-Alert-Bulletin-June-2023", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-357xx/CVE-2023-35788.json b/CVE-2023/CVE-2023-357xx/CVE-2023-35788.json index 7d189a3e172..8a5d8b62a98 100644 --- a/CVE-2023/CVE-2023-357xx/CVE-2023-35788.json +++ b/CVE-2023/CVE-2023-357xx/CVE-2023-35788.json @@ -2,31 +2,99 @@ "id": "CVE-2023-35788", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-16T21:15:09.340", - "lastModified": "2023-06-17T09:15:34.950", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-23T21:19:19.510", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.3.7", + "matchCriteriaId": "458D0E92-34CE-4D5D-8C84-6A674079459F" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/06/17/1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Mailing List" + ] }, { "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.7", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Patch" + ] }, { "url": "https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://www.openwall.com/lists/oss-security/2023/06/07/1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-359xx/CVE-2023-35927.json b/CVE-2023/CVE-2023-359xx/CVE-2023-35927.json new file mode 100644 index 00000000000..dcb80b7f545 --- /dev/null +++ b/CVE-2023/CVE-2023-359xx/CVE-2023-35927.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-35927", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-06-23T21:15:09.927", + "lastModified": "2023-06-23T21:15:09.927", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, when two server are registered as trusted servers for each other and successfully exchanged the share secrets, the malicious server could modify or delete VCards in the system addressbook on the origin server. This would impact the available and shown information in certain places, such as the user search and avatar menu. If a manipulated user modifies their own data in the personal settings the entry is fixed again.\n\nNextcloud Server n 25.0.7 and 26.0.2 and Nextcloud Enterprise Server 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2 contain a patch for this issue. A workaround is available. Remove all trusted servers in the \"Administration\" > \"Sharing\" settings `\u2026/index.php/settings/admin/sharing`. Afterwards, trigger a recreation of the local system addressbook with the following `occ dav:sync-system-addressbook`." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 7.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h7f7-535f-7q87", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/nextcloud/server/pull/38247", + "source": "security-advisories@github.com" + }, + { + "url": "https://hackerone.com/reports/1976754", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-359xx/CVE-2023-35928.json b/CVE-2023/CVE-2023-359xx/CVE-2023-35928.json new file mode 100644 index 00000000000..b29cae49af3 --- /dev/null +++ b/CVE-2023/CVE-2023-359xx/CVE-2023-35928.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-35928", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-06-23T21:15:10.007", + "lastModified": "2023-06-23T21:15:10.007", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 19.0.0 until 19.0.13.9, 20.0.0 until 20.0.14.14, 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, a user could use this functionality to get access to the login credentials of another user and take over their account. This issue has been patched in Nextcloud Server versions 25.0.7 and 26.0.2 and NextCloud Enterprise Server versions 19.0.13.9, 20.0.14.14, 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2.\n\nThree workarounds are available. Disable app files_external. Change config setting \"Allow users to mount external storage\" to disabled in \"Administration\" > \"External storage\" settings `\u2026/index.php/settings/admin/externalstorages`. Change config setting to disallow users to create external storages in \"Administration\" > \"External storage\" settings `\u2026/index.php/settings/admin/externalstorages` with the types FTP, Nextcloud, SFTP, and/or WebDAV." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.7, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-274" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-637g-xp2c-qh5h", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/nextcloud/server/pull/38265", + "source": "security-advisories@github.com" + }, + { + "url": "https://hackerone.com/reports/1978882", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-359xx/CVE-2023-35931.json b/CVE-2023/CVE-2023-359xx/CVE-2023-35931.json new file mode 100644 index 00000000000..7f646be5a84 --- /dev/null +++ b/CVE-2023/CVE-2023-359xx/CVE-2023-35931.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-35931", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-06-23T20:15:09.357", + "lastModified": "2023-06-23T20:15:09.357", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1.\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.6, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-526" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/ericcornelissen/shescape/commit/d0fce70f987ac0d8331f93cb45d47e79436173ac", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/ericcornelissen/shescape/pull/982", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/ericcornelissen/shescape/releases/tag/v1.7.1", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-3g7p-8qhx-mc8r", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-363xx/CVE-2023-36345.json b/CVE-2023/CVE-2023-363xx/CVE-2023-36345.json new file mode 100644 index 00000000000..5032ee9259c --- /dev/null +++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36345.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-36345", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-23T20:15:09.427", + "lastModified": "2023-06-23T20:15:09.427", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A Cross-Site Request Forgery (CSRF) in POS Codekop v2.0 allows attackers to escalate privileges." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://youtu.be/KxjsEqNWU9E", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-363xx/CVE-2023-36346.json b/CVE-2023/CVE-2023-363xx/CVE-2023-36346.json new file mode 100644 index 00000000000..a5fd6749498 --- /dev/null +++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36346.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-36346", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-23T20:15:09.473", + "lastModified": "2023-06-23T20:15:09.473", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.youtube.com/watch?v=bbbA-q1syrA", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-363xx/CVE-2023-36348.json b/CVE-2023/CVE-2023-363xx/CVE-2023-36348.json new file mode 100644 index 00000000000..af0360a32f8 --- /dev/null +++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36348.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-36348", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-23T20:15:09.517", + "lastModified": "2023-06-23T20:15:09.517", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.youtube.com/watch?v=Ge0zqY0sGiQ", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index e338e15b4c0..a7272a34a89 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-06-23T20:00:27.060629+00:00 +2023-06-23T22:00:28.895218+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-06-23T19:49:50.537000+00:00 +2023-06-23T21:27:39.787000+00:00 ``` ### Last Data Feed Release @@ -29,69 +29,59 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -218481 +218502 ``` ### CVEs added in the last Commit -Recently added CVEs: `90` +Recently added CVEs: `21` -* [CVE-2023-32397](CVE-2023/CVE-2023-323xx/CVE-2023-32397.json) (`2023-06-23T18:15:12.743`) -* [CVE-2023-32398](CVE-2023/CVE-2023-323xx/CVE-2023-32398.json) (`2023-06-23T18:15:12.783`) -* [CVE-2023-25518](CVE-2023/CVE-2023-255xx/CVE-2023-25518.json) (`2023-06-23T18:15:10.970`) -* [CVE-2023-25520](CVE-2023/CVE-2023-255xx/CVE-2023-25520.json) (`2023-06-23T18:15:11.033`) -* [CVE-2023-27930](CVE-2023/CVE-2023-279xx/CVE-2023-27930.json) (`2023-06-23T18:15:11.097`) -* [CVE-2023-27940](CVE-2023/CVE-2023-279xx/CVE-2023-27940.json) (`2023-06-23T18:15:11.147`) -* [CVE-2023-27964](CVE-2023/CVE-2023-279xx/CVE-2023-27964.json) (`2023-06-23T18:15:11.197`) -* [CVE-2023-28191](CVE-2023/CVE-2023-281xx/CVE-2023-28191.json) (`2023-06-23T18:15:11.240`) -* [CVE-2023-28202](CVE-2023/CVE-2023-282xx/CVE-2023-28202.json) (`2023-06-23T18:15:11.290`) -* [CVE-2023-28204](CVE-2023/CVE-2023-282xx/CVE-2023-28204.json) (`2023-06-23T18:15:11.333`) -* [CVE-2023-32351](CVE-2023/CVE-2023-323xx/CVE-2023-32351.json) (`2023-06-23T18:15:11.383`) -* [CVE-2023-32352](CVE-2023/CVE-2023-323xx/CVE-2023-32352.json) (`2023-06-23T18:15:11.427`) -* [CVE-2023-32353](CVE-2023/CVE-2023-323xx/CVE-2023-32353.json) (`2023-06-23T18:15:11.470`) -* [CVE-2023-32354](CVE-2023/CVE-2023-323xx/CVE-2023-32354.json) (`2023-06-23T18:15:11.513`) -* [CVE-2023-32355](CVE-2023/CVE-2023-323xx/CVE-2023-32355.json) (`2023-06-23T18:15:11.553`) -* [CVE-2023-32357](CVE-2023/CVE-2023-323xx/CVE-2023-32357.json) (`2023-06-23T18:15:11.600`) -* [CVE-2023-32360](CVE-2023/CVE-2023-323xx/CVE-2023-32360.json) (`2023-06-23T18:15:11.647`) -* [CVE-2023-32363](CVE-2023/CVE-2023-323xx/CVE-2023-32363.json) (`2023-06-23T18:15:11.693`) -* [CVE-2023-32365](CVE-2023/CVE-2023-323xx/CVE-2023-32365.json) (`2023-06-23T18:15:11.733`) -* [CVE-2023-32367](CVE-2023/CVE-2023-323xx/CVE-2023-32367.json) (`2023-06-23T18:15:11.777`) -* [CVE-2023-32368](CVE-2023/CVE-2023-323xx/CVE-2023-32368.json) (`2023-06-23T18:15:11.823`) -* [CVE-2023-32369](CVE-2023/CVE-2023-323xx/CVE-2023-32369.json) (`2023-06-23T18:15:11.870`) -* [CVE-2023-23516](CVE-2023/CVE-2023-235xx/CVE-2023-23516.json) (`2023-06-23T18:15:10.797`) -* [CVE-2023-23539](CVE-2023/CVE-2023-235xx/CVE-2023-23539.json) (`2023-06-23T18:15:10.843`) -* [CVE-2023-25515](CVE-2023/CVE-2023-255xx/CVE-2023-25515.json) (`2023-06-23T18:15:10.887`) +* [CVE-2023-27908](CVE-2023/CVE-2023-279xx/CVE-2023-27908.json) (`2023-06-23T20:15:08.997`) +* [CVE-2023-34188](CVE-2023/CVE-2023-341xx/CVE-2023-34188.json) (`2023-06-23T20:15:09.053`) +* [CVE-2023-34203](CVE-2023/CVE-2023-342xx/CVE-2023-34203.json) (`2023-06-23T20:15:09.103`) +* [CVE-2023-34460](CVE-2023/CVE-2023-344xx/CVE-2023-34460.json) (`2023-06-23T20:15:09.147`) +* [CVE-2023-35167](CVE-2023/CVE-2023-351xx/CVE-2023-35167.json) (`2023-06-23T20:15:09.227`) +* [CVE-2023-35759](CVE-2023/CVE-2023-357xx/CVE-2023-35759.json) (`2023-06-23T20:15:09.307`) +* [CVE-2023-35931](CVE-2023/CVE-2023-359xx/CVE-2023-35931.json) (`2023-06-23T20:15:09.357`) +* [CVE-2023-36345](CVE-2023/CVE-2023-363xx/CVE-2023-36345.json) (`2023-06-23T20:15:09.427`) +* [CVE-2023-36346](CVE-2023/CVE-2023-363xx/CVE-2023-36346.json) (`2023-06-23T20:15:09.473`) +* [CVE-2023-36348](CVE-2023/CVE-2023-363xx/CVE-2023-36348.json) (`2023-06-23T20:15:09.517`) +* [CVE-2023-3212](CVE-2023/CVE-2023-32xx/CVE-2023-3212.json) (`2023-06-23T20:15:09.563`) +* [CVE-2023-34254](CVE-2023/CVE-2023-342xx/CVE-2023-34254.json) (`2023-06-23T21:15:09.320`) +* [CVE-2023-35154](CVE-2023/CVE-2023-351xx/CVE-2023-35154.json) (`2023-06-23T21:15:09.400`) +* [CVE-2023-35163](CVE-2023/CVE-2023-351xx/CVE-2023-35163.json) (`2023-06-23T21:15:09.473`) +* [CVE-2023-35165](CVE-2023/CVE-2023-351xx/CVE-2023-35165.json) (`2023-06-23T21:15:09.553`) +* [CVE-2023-35169](CVE-2023/CVE-2023-351xx/CVE-2023-35169.json) (`2023-06-23T21:15:09.627`) +* [CVE-2023-35171](CVE-2023/CVE-2023-351xx/CVE-2023-35171.json) (`2023-06-23T21:15:09.703`) +* [CVE-2023-35172](CVE-2023/CVE-2023-351xx/CVE-2023-35172.json) (`2023-06-23T21:15:09.777`) +* [CVE-2023-35173](CVE-2023/CVE-2023-351xx/CVE-2023-35173.json) (`2023-06-23T21:15:09.853`) +* [CVE-2023-35927](CVE-2023/CVE-2023-359xx/CVE-2023-35927.json) (`2023-06-23T21:15:09.927`) +* [CVE-2023-35928](CVE-2023/CVE-2023-359xx/CVE-2023-35928.json) (`2023-06-23T21:15:10.007`) ### CVEs modified in the last Commit -Recently modified CVEs: `58` +Recently modified CVEs: `19` -* [CVE-2023-34241](CVE-2023/CVE-2023-342xx/CVE-2023-34241.json) (`2023-06-23T18:15:13.860`) -* [CVE-2023-34101](CVE-2023/CVE-2023-341xx/CVE-2023-34101.json) (`2023-06-23T18:18:09.143`) -* [CVE-2023-34115](CVE-2023/CVE-2023-341xx/CVE-2023-34115.json) (`2023-06-23T18:18:54.580`) -* [CVE-2023-34868](CVE-2023/CVE-2023-348xx/CVE-2023-34868.json) (`2023-06-23T18:34:10.497`) -* [CVE-2023-34867](CVE-2023/CVE-2023-348xx/CVE-2023-34867.json) (`2023-06-23T18:46:59.963`) -* [CVE-2023-31975](CVE-2023/CVE-2023-319xx/CVE-2023-31975.json) (`2023-06-23T18:49:42.833`) -* [CVE-2023-34845](CVE-2023/CVE-2023-348xx/CVE-2023-34845.json) (`2023-06-23T18:54:20.387`) -* [CVE-2023-34249](CVE-2023/CVE-2023-342xx/CVE-2023-34249.json) (`2023-06-23T18:57:26.500`) -* [CVE-2023-26541](CVE-2023/CVE-2023-265xx/CVE-2023-26541.json) (`2023-06-23T19:00:12.567`) -* [CVE-2023-34247](CVE-2023/CVE-2023-342xx/CVE-2023-34247.json) (`2023-06-23T19:05:57.207`) -* [CVE-2023-31439](CVE-2023/CVE-2023-314xx/CVE-2023-31439.json) (`2023-06-23T19:15:39.693`) -* [CVE-2023-31438](CVE-2023/CVE-2023-314xx/CVE-2023-31438.json) (`2023-06-23T19:16:18.397`) -* [CVE-2023-31437](CVE-2023/CVE-2023-314xx/CVE-2023-31437.json) (`2023-06-23T19:16:38.727`) -* [CVE-2023-33621](CVE-2023/CVE-2023-336xx/CVE-2023-33621.json) (`2023-06-23T19:18:31.097`) -* [CVE-2023-35064](CVE-2023/CVE-2023-350xx/CVE-2023-35064.json) (`2023-06-23T19:21:19.787`) -* [CVE-2023-33568](CVE-2023/CVE-2023-335xx/CVE-2023-33568.json) (`2023-06-23T19:22:43.680`) -* [CVE-2023-24470](CVE-2023/CVE-2023-244xx/CVE-2023-24470.json) (`2023-06-23T19:23:32.700`) -* [CVE-2023-24469](CVE-2023/CVE-2023-244xx/CVE-2023-24469.json) (`2023-06-23T19:28:17.867`) -* [CVE-2023-33986](CVE-2023/CVE-2023-339xx/CVE-2023-33986.json) (`2023-06-23T19:33:00.763`) -* [CVE-2023-26515](CVE-2023/CVE-2023-265xx/CVE-2023-26515.json) (`2023-06-23T19:33:57.187`) -* [CVE-2023-29501](CVE-2023/CVE-2023-295xx/CVE-2023-29501.json) (`2023-06-23T19:34:28.727`) -* [CVE-2023-32546](CVE-2023/CVE-2023-325xx/CVE-2023-32546.json) (`2023-06-23T19:35:41.590`) -* [CVE-2023-35141](CVE-2023/CVE-2023-351xx/CVE-2023-35141.json) (`2023-06-23T19:36:43.300`) -* [CVE-2023-2784](CVE-2023/CVE-2023-27xx/CVE-2023-2784.json) (`2023-06-23T19:38:31.707`) -* [CVE-2023-2807](CVE-2023/CVE-2023-28xx/CVE-2023-2807.json) (`2023-06-23T19:49:50.537`) +* [CVE-2022-28550](CVE-2022/CVE-2022-285xx/CVE-2022-28550.json) (`2023-06-23T20:10:56.137`) +* [CVE-2022-24063](CVE-2022/CVE-2022-240xx/CVE-2022-24063.json) (`2023-06-23T20:24:12.420`) +* [CVE-2022-24915](CVE-2022/CVE-2022-249xx/CVE-2022-24915.json) (`2023-06-23T20:25:06.257`) +* [CVE-2022-23994](CVE-2022/CVE-2022-239xx/CVE-2022-23994.json) (`2023-06-23T20:25:30.300`) +* [CVE-2022-24002](CVE-2022/CVE-2022-240xx/CVE-2022-24002.json) (`2023-06-23T20:29:06.967`) +* [CVE-2022-24923](CVE-2022/CVE-2022-249xx/CVE-2022-24923.json) (`2023-06-23T20:29:11.290`) +* [CVE-2022-24924](CVE-2022/CVE-2022-249xx/CVE-2022-24924.json) (`2023-06-23T20:29:15.917`) +* [CVE-2023-29562](CVE-2023/CVE-2023-295xx/CVE-2023-29562.json) (`2023-06-23T20:04:20.847`) +* [CVE-2023-32369](CVE-2023/CVE-2023-323xx/CVE-2023-32369.json) (`2023-06-23T20:21:15.293`) +* [CVE-2023-35788](CVE-2023/CVE-2023-357xx/CVE-2023-35788.json) (`2023-06-23T21:19:19.510`) +* [CVE-2023-33438](CVE-2023/CVE-2023-334xx/CVE-2023-33438.json) (`2023-06-23T21:19:32.180`) +* [CVE-2023-34832](CVE-2023/CVE-2023-348xx/CVE-2023-34832.json) (`2023-06-23T21:19:44.893`) +* [CVE-2023-34660](CVE-2023/CVE-2023-346xx/CVE-2023-34660.json) (`2023-06-23T21:24:20.913`) +* [CVE-2023-34659](CVE-2023/CVE-2023-346xx/CVE-2023-34659.json) (`2023-06-23T21:25:28.887`) +* [CVE-2023-3294](CVE-2023/CVE-2023-32xx/CVE-2023-3294.json) (`2023-06-23T21:26:49.927`) +* [CVE-2023-25974](CVE-2023/CVE-2023-259xx/CVE-2023-25974.json) (`2023-06-23T21:27:01.080`) +* [CVE-2023-27420](CVE-2023/CVE-2023-274xx/CVE-2023-27420.json) (`2023-06-23T21:27:11.370`) +* [CVE-2023-33307](CVE-2023/CVE-2023-333xx/CVE-2023-33307.json) (`2023-06-23T21:27:26.713`) +* [CVE-2023-33306](CVE-2023/CVE-2023-333xx/CVE-2023-33306.json) (`2023-06-23T21:27:39.787`) ## Download and Usage