From fe22943ef92aec16db8805a55f5b68c41fc74ac6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Helmke?= Date: Thu, 4 May 2023 23:55:27 +0200 Subject: [PATCH] Auto-Update: 2023-05-04T21:55:23.937706+00:00 --- CVE-2022/CVE-2022-474xx/CVE-2022-47434.json | 55 ++++++ CVE-2022/CVE-2022-474xx/CVE-2022-47449.json | 55 ++++++ CVE-2022/CVE-2022-476xx/CVE-2022-47648.json | 28 ++- CVE-2023/CVE-2023-06xx/CVE-2023-0698.json | 8 +- CVE-2023/CVE-2023-201xx/CVE-2023-20126.json | 55 ++++++ CVE-2023/CVE-2023-208xx/CVE-2023-20869.json | 84 +++++++++ CVE-2023/CVE-2023-208xx/CVE-2023-20871.json | 89 ++++++++++ CVE-2023/CVE-2023-208xx/CVE-2023-20872.json | 103 +++++++++++ CVE-2023/CVE-2023-214xx/CVE-2023-21484.json | 55 ++++++ CVE-2023/CVE-2023-214xx/CVE-2023-21485.json | 55 ++++++ CVE-2023/CVE-2023-214xx/CVE-2023-21486.json | 55 ++++++ CVE-2023/CVE-2023-214xx/CVE-2023-21487.json | 55 ++++++ CVE-2023/CVE-2023-214xx/CVE-2023-21488.json | 55 ++++++ CVE-2023/CVE-2023-214xx/CVE-2023-21489.json | 55 ++++++ CVE-2023/CVE-2023-214xx/CVE-2023-21490.json | 55 ++++++ CVE-2023/CVE-2023-214xx/CVE-2023-21491.json | 55 ++++++ CVE-2023/CVE-2023-214xx/CVE-2023-21492.json | 55 ++++++ CVE-2023/CVE-2023-214xx/CVE-2023-21493.json | 55 ++++++ CVE-2023/CVE-2023-214xx/CVE-2023-21494.json | 55 ++++++ CVE-2023/CVE-2023-214xx/CVE-2023-21495.json | 55 ++++++ CVE-2023/CVE-2023-214xx/CVE-2023-21496.json | 55 ++++++ CVE-2023/CVE-2023-214xx/CVE-2023-21497.json | 55 ++++++ CVE-2023/CVE-2023-214xx/CVE-2023-21498.json | 55 ++++++ CVE-2023/CVE-2023-214xx/CVE-2023-21499.json | 55 ++++++ CVE-2023/CVE-2023-215xx/CVE-2023-21500.json | 55 ++++++ CVE-2023/CVE-2023-215xx/CVE-2023-21501.json | 55 ++++++ CVE-2023/CVE-2023-215xx/CVE-2023-21502.json | 55 ++++++ CVE-2023/CVE-2023-215xx/CVE-2023-21503.json | 55 ++++++ CVE-2023/CVE-2023-215xx/CVE-2023-21504.json | 55 ++++++ CVE-2023/CVE-2023-215xx/CVE-2023-21505.json | 55 ++++++ CVE-2023/CVE-2023-215xx/CVE-2023-21506.json | 55 ++++++ CVE-2023/CVE-2023-215xx/CVE-2023-21507.json | 55 ++++++ CVE-2023/CVE-2023-215xx/CVE-2023-21508.json | 55 ++++++ CVE-2023/CVE-2023-215xx/CVE-2023-21509.json | 55 ++++++ CVE-2023/CVE-2023-215xx/CVE-2023-21510.json | 55 ++++++ CVE-2023/CVE-2023-215xx/CVE-2023-21511.json | 55 ++++++ CVE-2023/CVE-2023-227xx/CVE-2023-22729.json | 103 +++++++++++ CVE-2023/CVE-2023-22xx/CVE-2023-2293.json | 138 +++++++++++++++ CVE-2023/CVE-2023-230xx/CVE-2023-23059.json | 28 +++ CVE-2023/CVE-2023-238xx/CVE-2023-23839.json | 113 ++++++++++++ CVE-2023/CVE-2023-23xx/CVE-2023-2336.json | 55 +++++- CVE-2023/CVE-2023-23xx/CVE-2023-2338.json | 55 +++++- CVE-2023/CVE-2023-23xx/CVE-2023-2339.json | 55 +++++- CVE-2023/CVE-2023-23xx/CVE-2023-2340.json | 55 +++++- CVE-2023/CVE-2023-23xx/CVE-2023-2341.json | 55 +++++- CVE-2023/CVE-2023-23xx/CVE-2023-2342.json | 67 ++++++- CVE-2023/CVE-2023-23xx/CVE-2023-2343.json | 55 +++++- CVE-2023/CVE-2023-23xx/CVE-2023-2344.json | 61 ++++++- CVE-2023/CVE-2023-249xx/CVE-2023-24966.json | 62 ++++++- CVE-2023/CVE-2023-252xx/CVE-2023-25289.json | 20 +++ CVE-2023/CVE-2023-254xx/CVE-2023-25458.json | 55 ++++++ CVE-2023/CVE-2023-256xx/CVE-2023-25652.json | 175 +++++++++++++++++- CVE-2023/CVE-2023-258xx/CVE-2023-25815.json | 118 +++++++++++-- CVE-2023/CVE-2023-259xx/CVE-2023-25961.json | 55 ++++++ CVE-2023/CVE-2023-259xx/CVE-2023-25977.json | 55 ++++++ CVE-2023/CVE-2023-259xx/CVE-2023-25982.json | 55 ++++++ CVE-2023/CVE-2023-278xx/CVE-2023-27860.json | 58 +++++- CVE-2023/CVE-2023-280xx/CVE-2023-28084.json | 106 +++++++++++ CVE-2023/CVE-2023-283xx/CVE-2023-28384.json | 63 ++++++- CVE-2023/CVE-2023-284xx/CVE-2023-28400.json | 63 ++++++- CVE-2023/CVE-2023-284xx/CVE-2023-28471.json | 69 +++++++- CVE-2023/CVE-2023-287xx/CVE-2023-28716.json | 63 ++++++- CVE-2023/CVE-2023-290xx/CVE-2023-29007.json | 157 ++++++++++++++++- CVE-2023/CVE-2023-290xx/CVE-2023-29011.json | 103 +++++++++++ CVE-2023/CVE-2023-290xx/CVE-2023-29012.json | 103 +++++++++++ CVE-2023/CVE-2023-291xx/CVE-2023-29150.json | 63 ++++++- CVE-2023/CVE-2023-291xx/CVE-2023-29169.json | 63 ++++++- CVE-2023/CVE-2023-292xx/CVE-2023-29255.json | 186 +++++++++++++++++++- CVE-2023/CVE-2023-300xx/CVE-2023-30094.json | 28 +++ CVE-2023/CVE-2023-300xx/CVE-2023-30095.json | 28 +++ CVE-2023/CVE-2023-300xx/CVE-2023-30096.json | 28 +++ CVE-2023/CVE-2023-300xx/CVE-2023-30097.json | 28 +++ CVE-2023/CVE-2023-302xx/CVE-2023-30216.json | 20 +++ CVE-2023/CVE-2023-302xx/CVE-2023-30264.json | 24 +++ CVE-2023/CVE-2023-302xx/CVE-2023-30265.json | 8 +- CVE-2023/CVE-2023-302xx/CVE-2023-30266.json | 8 +- CVE-2023/CVE-2023-302xx/CVE-2023-30268.json | 24 +++ CVE-2023/CVE-2023-302xx/CVE-2023-30269.json | 8 +- CVE-2023/CVE-2023-303xx/CVE-2023-30328.json | 24 +++ CVE-2023/CVE-2023-303xx/CVE-2023-30399.json | 28 +++ CVE-2023/CVE-2023-304xx/CVE-2023-30444.json | 52 +++++- CVE-2023/CVE-2023-312xx/CVE-2023-31284.json | 24 +++ CVE-2023/CVE-2023-314xx/CVE-2023-31413.json | 36 ++++ CVE-2023/CVE-2023-314xx/CVE-2023-31414.json | 36 ++++ CVE-2023/CVE-2023-314xx/CVE-2023-31415.json | 36 ++++ README.md | 169 +++++++++--------- 86 files changed, 4967 insertions(+), 191 deletions(-) create mode 100644 CVE-2022/CVE-2022-474xx/CVE-2022-47434.json create mode 100644 CVE-2022/CVE-2022-474xx/CVE-2022-47449.json create mode 100644 CVE-2023/CVE-2023-201xx/CVE-2023-20126.json create mode 100644 CVE-2023/CVE-2023-208xx/CVE-2023-20869.json create mode 100644 CVE-2023/CVE-2023-208xx/CVE-2023-20871.json create mode 100644 CVE-2023/CVE-2023-208xx/CVE-2023-20872.json create mode 100644 CVE-2023/CVE-2023-214xx/CVE-2023-21484.json create mode 100644 CVE-2023/CVE-2023-214xx/CVE-2023-21485.json create mode 100644 CVE-2023/CVE-2023-214xx/CVE-2023-21486.json create mode 100644 CVE-2023/CVE-2023-214xx/CVE-2023-21487.json create mode 100644 CVE-2023/CVE-2023-214xx/CVE-2023-21488.json create mode 100644 CVE-2023/CVE-2023-214xx/CVE-2023-21489.json create mode 100644 CVE-2023/CVE-2023-214xx/CVE-2023-21490.json create mode 100644 CVE-2023/CVE-2023-214xx/CVE-2023-21491.json create mode 100644 CVE-2023/CVE-2023-214xx/CVE-2023-21492.json create mode 100644 CVE-2023/CVE-2023-214xx/CVE-2023-21493.json create mode 100644 CVE-2023/CVE-2023-214xx/CVE-2023-21494.json create mode 100644 CVE-2023/CVE-2023-214xx/CVE-2023-21495.json create mode 100644 CVE-2023/CVE-2023-214xx/CVE-2023-21496.json create mode 100644 CVE-2023/CVE-2023-214xx/CVE-2023-21497.json create mode 100644 CVE-2023/CVE-2023-214xx/CVE-2023-21498.json create mode 100644 CVE-2023/CVE-2023-214xx/CVE-2023-21499.json create mode 100644 CVE-2023/CVE-2023-215xx/CVE-2023-21500.json create mode 100644 CVE-2023/CVE-2023-215xx/CVE-2023-21501.json create mode 100644 CVE-2023/CVE-2023-215xx/CVE-2023-21502.json create mode 100644 CVE-2023/CVE-2023-215xx/CVE-2023-21503.json create mode 100644 CVE-2023/CVE-2023-215xx/CVE-2023-21504.json create mode 100644 CVE-2023/CVE-2023-215xx/CVE-2023-21505.json create mode 100644 CVE-2023/CVE-2023-215xx/CVE-2023-21506.json create mode 100644 CVE-2023/CVE-2023-215xx/CVE-2023-21507.json create mode 100644 CVE-2023/CVE-2023-215xx/CVE-2023-21508.json create mode 100644 CVE-2023/CVE-2023-215xx/CVE-2023-21509.json create mode 100644 CVE-2023/CVE-2023-215xx/CVE-2023-21510.json create mode 100644 CVE-2023/CVE-2023-215xx/CVE-2023-21511.json create mode 100644 CVE-2023/CVE-2023-227xx/CVE-2023-22729.json create mode 100644 CVE-2023/CVE-2023-22xx/CVE-2023-2293.json create mode 100644 CVE-2023/CVE-2023-230xx/CVE-2023-23059.json create mode 100644 CVE-2023/CVE-2023-238xx/CVE-2023-23839.json create mode 100644 CVE-2023/CVE-2023-252xx/CVE-2023-25289.json create mode 100644 CVE-2023/CVE-2023-254xx/CVE-2023-25458.json create mode 100644 CVE-2023/CVE-2023-259xx/CVE-2023-25961.json create mode 100644 CVE-2023/CVE-2023-259xx/CVE-2023-25977.json create mode 100644 CVE-2023/CVE-2023-259xx/CVE-2023-25982.json create mode 100644 CVE-2023/CVE-2023-280xx/CVE-2023-28084.json create mode 100644 CVE-2023/CVE-2023-290xx/CVE-2023-29011.json create mode 100644 CVE-2023/CVE-2023-290xx/CVE-2023-29012.json create mode 100644 CVE-2023/CVE-2023-300xx/CVE-2023-30094.json create mode 100644 CVE-2023/CVE-2023-300xx/CVE-2023-30095.json create mode 100644 CVE-2023/CVE-2023-300xx/CVE-2023-30096.json create mode 100644 CVE-2023/CVE-2023-300xx/CVE-2023-30097.json create mode 100644 CVE-2023/CVE-2023-302xx/CVE-2023-30216.json create mode 100644 CVE-2023/CVE-2023-302xx/CVE-2023-30264.json create mode 100644 CVE-2023/CVE-2023-302xx/CVE-2023-30268.json create mode 100644 CVE-2023/CVE-2023-303xx/CVE-2023-30328.json create mode 100644 CVE-2023/CVE-2023-303xx/CVE-2023-30399.json create mode 100644 CVE-2023/CVE-2023-312xx/CVE-2023-31284.json create mode 100644 CVE-2023/CVE-2023-314xx/CVE-2023-31413.json create mode 100644 CVE-2023/CVE-2023-314xx/CVE-2023-31414.json create mode 100644 CVE-2023/CVE-2023-314xx/CVE-2023-31415.json diff --git a/CVE-2022/CVE-2022-474xx/CVE-2022-47434.json b/CVE-2022/CVE-2022-474xx/CVE-2022-47434.json new file mode 100644 index 00000000000..dfafbb6664b --- /dev/null +++ b/CVE-2022/CVE-2022-474xx/CVE-2022-47434.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-47434", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-04T21:15:09.313", + "lastModified": "2023-05-04T21:15:09.313", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PB SEO Friendly Images plugin <=\u00a04.0.5 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/pb-seo-friendly-images/wordpress-pb-seo-friendly-images-plugin-4-0-5-cross-site-scripting-xss?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-474xx/CVE-2022-47449.json b/CVE-2022/CVE-2022-474xx/CVE-2022-47449.json new file mode 100644 index 00000000000..3a5715fdcd2 --- /dev/null +++ b/CVE-2022/CVE-2022-474xx/CVE-2022-47449.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-47449", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-04T21:15:09.387", + "lastModified": "2023-05-04T21:15:09.387", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RexTheme Cart Lift \u2013 Abandoned Cart Recovery for WooCommerce and EDD plugin <=\u00a03.1.5 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/cart-lift/wordpress-cart-lift-abandoned-cart-recovery-for-woocommerce-and-edd-plugin-3-1-5-cross-site-scripting-xss?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-476xx/CVE-2022-47648.json b/CVE-2022/CVE-2022-476xx/CVE-2022-47648.json index 4574b447cbb..8dc99e4e79d 100644 --- a/CVE-2022/CVE-2022-476xx/CVE-2022-47648.json +++ b/CVE-2022/CVE-2022-476xx/CVE-2022-47648.json @@ -2,12 +2,12 @@ "id": "CVE-2022-47648", "sourceIdentifier": "cve@mitre.org", "published": "2023-02-08T21:15:10.707", - "lastModified": "2023-03-07T20:15:08.917", + "lastModified": "2023-05-04T21:15:09.457", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "** UNSUPPORTED WHEN ASSIGNED ** Bosch Security Systems B420 firmware 02.02.0001 employs IP based authorization in its authentication mechanism, allowing attackers to access the device as long as they are on the same network as a legitimate user." + "value": "An Improper Access Control vulnerability allows an attacker to access the control panel of the B420 without requiring any sort of authorization or authentication due to the IP based authorization. If an authorized user has accessed a publicly available B420 product using valid credentials, an insider attacker can gain access to the same panel without requiring any sort of authorization. The B420 module was already obsolete at the time this vulnerability was found (The End of Life announcement was made in 2013)." } ], "metrics": { @@ -31,6 +31,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 7.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.7 } ] }, @@ -89,6 +109,10 @@ "tags": [ "Third Party Advisory" ] + }, + { + "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-341298-BT.html", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0698.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0698.json index c86c64bcf8d..eba49801a3e 100644 --- a/CVE-2023/CVE-2023-06xx/CVE-2023-0698.json +++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0698.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0698", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-02-07T21:15:09.417", - "lastModified": "2023-02-15T20:27:59.607", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-04T20:15:09.503", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -78,6 +78,10 @@ "tags": [ "Permissions Required" ] + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1693", + "source": "chrome-cve-admin@google.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-201xx/CVE-2023-20126.json b/CVE-2023/CVE-2023-201xx/CVE-2023-20126.json new file mode 100644 index 00000000000..913e06dad2a --- /dev/null +++ b/CVE-2023/CVE-2023-201xx/CVE-2023-20126.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-20126", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2023-05-04T20:15:09.633", + "lastModified": "2023-05-04T20:15:09.633", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to a missing authentication process within the firmware upgrade function. An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware. A successful exploit could allow the attacker to execute arbitrary code on the affected device with full privileges. Cisco has not released firmware updates to address this vulnerability." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-unauth-upgrade-UqhyTWW", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20869.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20869.json new file mode 100644 index 00000000000..bac999620ee --- /dev/null +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20869.json @@ -0,0 +1,84 @@ +{ + "id": "CVE-2023-20869", + "sourceIdentifier": "security@vmware.com", + "published": "2023-04-25T22:15:09.420", + "lastModified": "2023-05-04T20:19:48.860", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.5, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0.0", + "versionEndExcluding": "13.0.2", + "matchCriteriaId": "B628132D-043A-4989-9524-9FA53B1DEADC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.0.0", + "versionEndExcluding": "17.0.2", + "matchCriteriaId": "53930936-892B-421E-B75C-BD2DEC4A09AA" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://www.vmware.com/security/advisories/VMSA-2023-0008.html", + "source": "security@vmware.com", + "tags": [ + "Vendor Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20871.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20871.json new file mode 100644 index 00000000000..e7f977fa6b4 --- /dev/null +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20871.json @@ -0,0 +1,89 @@ +{ + "id": "CVE-2023-20871", + "sourceIdentifier": "security@vmware.com", + "published": "2023-04-25T21:15:10.023", + "lastModified": "2023-05-04T21:24:33.350", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0.0", + "versionEndExcluding": "13.0.2", + "matchCriteriaId": "B628132D-043A-4989-9524-9FA53B1DEADC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://www.vmware.com/security/advisories/VMSA-2023-0008.html", + "source": "security@vmware.com", + "tags": [ + "Vendor Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20872.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20872.json new file mode 100644 index 00000000000..cd2d99337f9 --- /dev/null +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20872.json @@ -0,0 +1,103 @@ +{ + "id": "CVE-2023-20872", + "sourceIdentifier": "security@vmware.com", + "published": "2023-04-25T21:15:10.073", + "lastModified": "2023-05-04T21:24:15.877", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.0, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:fusion:13.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FFED80D5-91E2-4F5E-B373-988FE6B423AC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:workstation:17.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B52B9830-14D3-4CB5-9CE9-7A805820276A" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://www.vmware.com/security/advisories/VMSA-2023-0008.html", + "source": "security@vmware.com", + "tags": [ + "Vendor Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-214xx/CVE-2023-21484.json b/CVE-2023/CVE-2023-214xx/CVE-2023-21484.json new file mode 100644 index 00000000000..15852632f3e --- /dev/null +++ b/CVE-2023/CVE-2023-214xx/CVE-2023-21484.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-21484", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-05-04T21:15:09.547", + "lastModified": "2023-05-04T21:15:09.547", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper access control vulnerability in AppLock prior to SMR May-2023 Release 1 allows local attackers without proper permission to execute a privileged operation." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-214xx/CVE-2023-21485.json b/CVE-2023/CVE-2023-214xx/CVE-2023-21485.json new file mode 100644 index 00000000000..7febaca2fe0 --- /dev/null +++ b/CVE-2023/CVE-2023-214xx/CVE-2023-21485.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-21485", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-05-04T21:15:09.627", + "lastModified": "2023-05-04T21:15:09.627", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-926" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-214xx/CVE-2023-21486.json b/CVE-2023/CVE-2023-214xx/CVE-2023-21486.json new file mode 100644 index 00000000000..e80cffe7c1f --- /dev/null +++ b/CVE-2023/CVE-2023-214xx/CVE-2023-21486.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-21486", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-05-04T21:15:09.697", + "lastModified": "2023-05-04T21:15:09.697", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-926" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-214xx/CVE-2023-21487.json b/CVE-2023/CVE-2023-214xx/CVE-2023-21487.json new file mode 100644 index 00000000000..38f23874f04 --- /dev/null +++ b/CVE-2023/CVE-2023-214xx/CVE-2023-21487.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-21487", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-05-04T21:15:09.760", + "lastModified": "2023-05-04T21:15:09.760", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1 allows local attackers to change a call setting." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-214xx/CVE-2023-21488.json b/CVE-2023/CVE-2023-214xx/CVE-2023-21488.json new file mode 100644 index 00000000000..01ef3ce6e2d --- /dev/null +++ b/CVE-2023/CVE-2023-214xx/CVE-2023-21488.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-21488", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-05-04T21:15:09.817", + "lastModified": "2023-05-04T21:15:09.817", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attackers to launch arbitrary activity in Tips." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-214xx/CVE-2023-21489.json b/CVE-2023/CVE-2023-214xx/CVE-2023-21489.json new file mode 100644 index 00000000000..5eaf6bf28cf --- /dev/null +++ b/CVE-2023/CVE-2023-214xx/CVE-2023-21489.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-21489", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-05-04T21:15:09.883", + "lastModified": "2023-05-04T21:15:09.883", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 0.5, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-214xx/CVE-2023-21490.json b/CVE-2023/CVE-2023-214xx/CVE-2023-21490.json new file mode 100644 index 00000000000..ccd217d28c1 --- /dev/null +++ b/CVE-2023/CVE-2023-214xx/CVE-2023-21490.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-21490", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-05-04T21:15:09.943", + "lastModified": "2023-05-04T21:15:09.943", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchmanager." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.0, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-214xx/CVE-2023-21491.json b/CVE-2023/CVE-2023-214xx/CVE-2023-21491.json new file mode 100644 index 00000000000..367ac0618b7 --- /dev/null +++ b/CVE-2023/CVE-2023-214xx/CVE-2023-21491.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-21491", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-05-04T21:15:10.007", + "lastModified": "2023-05-04T21:15:10.007", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 8.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 5.3 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-214xx/CVE-2023-21492.json b/CVE-2023/CVE-2023-214xx/CVE-2023-21492.json new file mode 100644 index 00000000000..9bbb126f168 --- /dev/null +++ b/CVE-2023/CVE-2023-214xx/CVE-2023-21492.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-21492", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-05-04T21:15:10.070", + "lastModified": "2023-05-04T21:15:10.070", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-214xx/CVE-2023-21493.json b/CVE-2023/CVE-2023-214xx/CVE-2023-21493.json new file mode 100644 index 00000000000..42c0e394b0e --- /dev/null +++ b/CVE-2023/CVE-2023-214xx/CVE-2023-21493.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-21493", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-05-04T21:15:10.137", + "lastModified": "2023-05-04T21:15:10.137", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-214xx/CVE-2023-21494.json b/CVE-2023/CVE-2023-214xx/CVE-2023-21494.json new file mode 100644 index 00000000000..12003f21e7c --- /dev/null +++ b/CVE-2023/CVE-2023-214xx/CVE-2023-21494.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-21494", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-05-04T21:15:10.200", + "lastModified": "2023-05-04T21:15:10.200", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-214xx/CVE-2023-21495.json b/CVE-2023/CVE-2023-214xx/CVE-2023-21495.json new file mode 100644 index 00000000000..8296cc3ce48 --- /dev/null +++ b/CVE-2023/CVE-2023-214xx/CVE-2023-21495.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-21495", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-05-04T21:15:10.267", + "lastModified": "2023-05-04T21:15:10.267", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-214xx/CVE-2023-21496.json b/CVE-2023/CVE-2023-214xx/CVE-2023-21496.json new file mode 100644 index 00000000000..963adc0a885 --- /dev/null +++ b/CVE-2023/CVE-2023-214xx/CVE-2023-21496.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-21496", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-05-04T21:15:10.333", + "lastModified": "2023-05-04T21:15:10.333", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-489" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-214xx/CVE-2023-21497.json b/CVE-2023/CVE-2023-214xx/CVE-2023-21497.json new file mode 100644 index 00000000000..561ecca153b --- /dev/null +++ b/CVE-2023/CVE-2023-214xx/CVE-2023-21497.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-21497", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-05-04T21:15:10.403", + "lastModified": "2023-05-04T21:15:10.403", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the memory address." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-134" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-214xx/CVE-2023-21498.json b/CVE-2023/CVE-2023-214xx/CVE-2023-21498.json new file mode 100644 index 00000000000..95e4c542ab4 --- /dev/null +++ b/CVE-2023/CVE-2023-214xx/CVE-2023-21498.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-21498", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-05-04T21:15:10.477", + "lastModified": "2023-05-04T21:15:10.477", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to overwrite the trustlet memory." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-214xx/CVE-2023-21499.json b/CVE-2023/CVE-2023-214xx/CVE-2023-21499.json new file mode 100644 index 00000000000..282706333b0 --- /dev/null +++ b/CVE-2023/CVE-2023-214xx/CVE-2023-21499.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-21499", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-05-04T21:15:10.540", + "lastModified": "2023-05-04T21:15:10.540", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.5, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-215xx/CVE-2023-21500.json b/CVE-2023/CVE-2023-215xx/CVE-2023-21500.json new file mode 100644 index 00000000000..7e71714449a --- /dev/null +++ b/CVE-2023/CVE-2023-215xx/CVE-2023-21500.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-21500", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-05-04T21:15:10.600", + "lastModified": "2023-05-04T21:15:10.600", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Double free validation vulnerability in setPinPadImages in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the trustlet memory." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.5, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-415" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-215xx/CVE-2023-21501.json b/CVE-2023/CVE-2023-215xx/CVE-2023-21501.json new file mode 100644 index 00000000000..115956cec3a --- /dev/null +++ b/CVE-2023/CVE-2023-215xx/CVE-2023-21501.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-21501", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-05-04T21:15:10.663", + "lastModified": "2023-05-04T21:15:10.663", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.5, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-215xx/CVE-2023-21502.json b/CVE-2023/CVE-2023-215xx/CVE-2023-21502.json new file mode 100644 index 00000000000..937001dd6c0 --- /dev/null +++ b/CVE-2023/CVE-2023-215xx/CVE-2023-21502.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-21502", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-05-04T21:15:10.727", + "lastModified": "2023-05-04T21:15:10.727", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1 allows local attackers to get privilege escalation via debugging commands." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-215xx/CVE-2023-21503.json b/CVE-2023/CVE-2023-215xx/CVE-2023-21503.json new file mode 100644 index 00000000000..dec8f2727fe --- /dev/null +++ b/CVE-2023/CVE-2023-215xx/CVE-2023-21503.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-21503", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-05-04T21:15:10.790", + "lastModified": "2023-05-04T21:15:10.790", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-215xx/CVE-2023-21504.json b/CVE-2023/CVE-2023-215xx/CVE-2023-21504.json new file mode 100644 index 00000000000..f582805aa98 --- /dev/null +++ b/CVE-2023/CVE-2023-215xx/CVE-2023-21504.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-21504", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-05-04T21:15:10.853", + "lastModified": "2023-05-04T21:15:10.853", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-215xx/CVE-2023-21505.json b/CVE-2023/CVE-2023-215xx/CVE-2023-21505.json new file mode 100644 index 00000000000..de79ddcee6c --- /dev/null +++ b/CVE-2023/CVE-2023-215xx/CVE-2023-21505.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-21505", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-05-04T21:15:10.917", + "lastModified": "2023-05-04T21:15:10.917", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-285" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=05", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-215xx/CVE-2023-21506.json b/CVE-2023/CVE-2023-215xx/CVE-2023-21506.json new file mode 100644 index 00000000000..f5492866a44 --- /dev/null +++ b/CVE-2023/CVE-2023-215xx/CVE-2023-21506.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-21506", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-05-04T21:15:11.080", + "lastModified": "2023-05-04T21:15:11.080", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=05", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-215xx/CVE-2023-21507.json b/CVE-2023/CVE-2023-215xx/CVE-2023-21507.json new file mode 100644 index 00000000000..ff652c7dc74 --- /dev/null +++ b/CVE-2023/CVE-2023-215xx/CVE-2023-21507.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-21507", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-05-04T21:15:11.150", + "lastModified": "2023-05-04T21:15:11.150", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Out-of-bounds Read vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=05", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-215xx/CVE-2023-21508.json b/CVE-2023/CVE-2023-215xx/CVE-2023-21508.json new file mode 100644 index 00000000000..7bae62453b1 --- /dev/null +++ b/CVE-2023/CVE-2023-215xx/CVE-2023-21508.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-21508", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-05-04T21:15:11.207", + "lastModified": "2023-05-04T21:15:11.207", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=05", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-215xx/CVE-2023-21509.json b/CVE-2023/CVE-2023-215xx/CVE-2023-21509.json new file mode 100644 index 00000000000..d78b1f4eb0d --- /dev/null +++ b/CVE-2023/CVE-2023-215xx/CVE-2023-21509.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-21509", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-05-04T21:15:11.270", + "lastModified": "2023-05-04T21:15:11.270", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Out-of-bounds Write vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=05", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-215xx/CVE-2023-21510.json b/CVE-2023/CVE-2023-215xx/CVE-2023-21510.json new file mode 100644 index 00000000000..c79569ad163 --- /dev/null +++ b/CVE-2023/CVE-2023-215xx/CVE-2023-21510.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-21510", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-05-04T21:15:11.327", + "lastModified": "2023-05-04T21:15:11.327", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Out-of-bounds Read vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=05", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-215xx/CVE-2023-21511.json b/CVE-2023/CVE-2023-215xx/CVE-2023-21511.json new file mode 100644 index 00000000000..baea01cb705 --- /dev/null +++ b/CVE-2023/CVE-2023-215xx/CVE-2023-21511.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-21511", + "sourceIdentifier": "mobile.security@samsung.com", + "published": "2023-05-04T21:15:11.387", + "lastModified": "2023-05-04T21:15:11.387", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Out-of-bounds Read vulnerability while processing CMD_COLDWALLET_BTC_SET_PRV_UTXO in bc_core trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "mobile.security@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=05", + "source": "mobile.security@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-227xx/CVE-2023-22729.json b/CVE-2023/CVE-2023-227xx/CVE-2023-22729.json new file mode 100644 index 00000000000..e04b708d496 --- /dev/null +++ b/CVE-2023/CVE-2023-227xx/CVE-2023-22729.json @@ -0,0 +1,103 @@ +{ + "id": "CVE-2023-22729", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-04-26T15:15:08.887", + "lastModified": "2023-05-04T20:13:00.437", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:silverstripe:framework:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.12.5", + "matchCriteriaId": "12AC8517-3E73-4583-BD9E-E9D129DEDAF8" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://github.com/silverstripe/silverstripe-framework/commit/1a5bb4cbece1721203977910b8ecd8b79c18dc77", + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] + }, + { + "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv", + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2293.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2293.json new file mode 100644 index 00000000000..f3793c9ad18 --- /dev/null +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2293.json @@ -0,0 +1,138 @@ +{ + "id": "CVE-2023-2293", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-04-25T21:15:10.693", + "lastModified": "2023-05-04T20:08:07.957", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Purchase Order Management System 1.0. It has been classified as problematic. This affects an unknown part of the file classes/Master.php?f=save_item. The manipulation of the argument description with the input leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227463." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ], + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 2.4, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 3.3 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:purchase_order_management_system_project:purchase_order_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "03DF14E7-752B-4DDC-9AE9-DFDE24815075" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://github.com/biantaibao/bug_report/blob/main/XSS-1.md", + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] + }, + { + "url": "https://vuldb.com/?ctiid.227463", + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] + }, + { + "url": "https://vuldb.com/?id.227463", + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-230xx/CVE-2023-23059.json b/CVE-2023/CVE-2023-230xx/CVE-2023-23059.json new file mode 100644 index 00000000000..f6289fcf9ce --- /dev/null +++ b/CVE-2023/CVE-2023-230xx/CVE-2023-23059.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-23059", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-04T20:15:09.737", + "lastModified": "2023-05-04T20:15:09.737", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://geovision.com", + "source": "cve@mitre.org" + }, + { + "url": "http://gv-edge.com", + "source": "cve@mitre.org" + }, + { + "url": "https://packetstormsecurity.com/files/172141/GV-Edge-Recording-Manager-2.2.3.0-Privilege-Escalation.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-238xx/CVE-2023-23839.json b/CVE-2023/CVE-2023-238xx/CVE-2023-23839.json new file mode 100644 index 00000000000..ead20f699ef --- /dev/null +++ b/CVE-2023/CVE-2023-238xx/CVE-2023-23839.json @@ -0,0 +1,113 @@ +{ + "id": "CVE-2023-23839", + "sourceIdentifier": "psirt@solarwinds.com", + "published": "2023-04-25T21:15:10.117", + "lastModified": "2023-05-04T21:19:44.067", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, + { + "source": "psirt@solarwinds.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "psirt@solarwinds.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.2.0", + "matchCriteriaId": "326F2E48-92E4-4BB6-9B05-2232E45B100F" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm", + "source": "psirt@solarwinds.com", + "tags": [ + "Release Notes" + ] + }, + { + "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23839", + "source": "psirt@solarwinds.com", + "tags": [ + "Vendor Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2336.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2336.json index 6fe84e895c4..3899ca9d4fd 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2336.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2336.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2336", "sourceIdentifier": "security@huntr.dev", "published": "2023-04-27T12:15:09.173", - "lastModified": "2023-04-27T12:15:09.173", - "vulnStatus": "Received", + "lastModified": "2023-05-04T20:03:07.463", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.5.21", + "matchCriteriaId": "72C537D6-67BA-4562-B853-F99E6C14315C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/pimcore/pimcore/commit/498cadec2292f7842fb10612068ac78496e884b4", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/af764624-7746-4f53-8480-85348dbb4f14", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2338.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2338.json index 913db54f383..df090fed31d 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2338.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2338.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2338", "sourceIdentifier": "security@huntr.dev", "published": "2023-04-27T12:15:09.237", - "lastModified": "2023-04-27T12:15:09.237", - "vulnStatus": "Received", + "lastModified": "2023-05-04T20:02:34.583", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.5.21", + "matchCriteriaId": "72C537D6-67BA-4562-B853-F99E6C14315C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/pimcore/pimcore/commit/21e35af721c375ef4676ed50835e30d828e76520", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/bbf59fa7-cf5b-4945-81b0-328adc710462", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2339.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2339.json index 073ef8a3fcb..8f2065ac48d 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2339.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2339.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2339", "sourceIdentifier": "security@huntr.dev", "published": "2023-04-27T12:15:09.300", - "lastModified": "2023-04-27T12:15:09.300", - "vulnStatus": "Received", + "lastModified": "2023-05-04T20:07:25.237", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.5.21", + "matchCriteriaId": "72C537D6-67BA-4562-B853-F99E6C14315C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/pimcore/pimcore/commit/6946f8a5a0a93b516c49f17a5b45044eebd73480", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/bb1537a5-fe7b-4c77-a582-10a82435fbc2", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2340.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2340.json index aade290ed12..38180f98cdd 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2340.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2340.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2340", "sourceIdentifier": "security@huntr.dev", "published": "2023-04-27T13:15:09.213", - "lastModified": "2023-04-27T14:36:08.643", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T20:07:12.930", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.5.21", + "matchCriteriaId": "72C537D6-67BA-4562-B853-F99E6C14315C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/pimcore/pimcore/commit/aa38319e353cc3cdfac12e03e21ed7a8f3628d3e", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/964762b0-b4fe-441c-81e1-0ebdbbf80f3b", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2341.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2341.json index 87f3cbf2edc..cb037a43b5a 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2341.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2341.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2341", "sourceIdentifier": "security@huntr.dev", "published": "2023-04-27T14:15:09.083", - "lastModified": "2023-04-27T14:36:08.643", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T20:08:13.433", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.5.21", + "matchCriteriaId": "72C537D6-67BA-4562-B853-F99E6C14315C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/pimcore/pimcore/commit/66f1089fb1b9bcd575bfce9b1d4abb0f0499df11", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/cf3901ac-a649-478f-ab08-094ef759c11d", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2342.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2342.json index 943ac1d5cfb..7c4eb8585c6 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2342.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2342.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2342", "sourceIdentifier": "security@huntr.dev", "published": "2023-04-27T14:15:09.137", - "lastModified": "2023-04-27T14:36:08.643", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T20:07:48.483", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -36,7 +58,7 @@ }, "weaknesses": [ { - "source": "security@huntr.dev", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,16 +66,51 @@ "value": "CWE-79" } ] + }, + { + "source": "security@huntr.dev", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.5.21", + "matchCriteriaId": "72C537D6-67BA-4562-B853-F99E6C14315C" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/pimcore/pimcore/commit/42a5bbe5f16b97371fdbfdcf2bb3ee759dea8564", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/01cd3ed5-dce8-4021-9de0-81cb14bf1829", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2343.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2343.json index 122dab21068..604d0294db4 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2343.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2343.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2343", "sourceIdentifier": "security@huntr.dev", "published": "2023-04-27T14:15:09.187", - "lastModified": "2023-04-27T14:36:08.643", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T20:08:35.407", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.5.21", + "matchCriteriaId": "72C537D6-67BA-4562-B853-F99E6C14315C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/pimcore/pimcore/commit/f1d904094700b513c4756904fa2b1e19d08d890e", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/2fa17227-a717-4b66-ab5a-16bffbb4edb2", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2344.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2344.json index 2cf52c81fee..2a7dc2c0f63 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2344.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2344.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2344", "sourceIdentifier": "cna@vuldb.com", "published": "2023-04-27T14:15:09.240", - "lastModified": "2023-04-27T14:36:08.643", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T20:00:56.577", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:service_provider_management_system_project:service_provider_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "72A53E3F-CC8B-4570-9F4F-BA25E7F4F642" + } + ] + } + ] + } + ], "references": [ { "url": "http://cdn.polowong.top/image-20230427193041378.png", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.227587", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.227587", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-249xx/CVE-2023-24966.json b/CVE-2023/CVE-2023-249xx/CVE-2023-24966.json index 3d1a0e07cb2..77870b34853 100644 --- a/CVE-2023/CVE-2023-249xx/CVE-2023-24966.json +++ b/CVE-2023/CVE-2023-249xx/CVE-2023-24966.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24966", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-04-27T14:15:09.013", - "lastModified": "2023-04-27T14:36:08.643", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T20:04:20.473", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -46,14 +66,48 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.5.0.0", + "versionEndExcluding": "8.5.5.24", + "matchCriteriaId": "0B08841C-A10A-4006-B4BD-C27E171A4D22" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.0.0.0", + "versionEndExcluding": "9.0.5.16", + "matchCriteriaId": "B56C8C37-DDE0-4E15-A9A4-9AB2A59CF679" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/246904", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/6986333", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-252xx/CVE-2023-25289.json b/CVE-2023/CVE-2023-252xx/CVE-2023-25289.json new file mode 100644 index 00000000000..0e66c8ecbb9 --- /dev/null +++ b/CVE-2023/CVE-2023-252xx/CVE-2023-25289.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-25289", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-04T21:15:11.447", + "lastModified": "2023-05-04T21:15:11.447", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Directory Traversal vulnerability in virtualreception Digital Receptie version win7sp1_rtm.101119-1850 6.1.7601.1.0.65792 in embedded web server, allows attacker to gain sensitive information via a crafted GET request." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.exploit-db.com/exploits/51142", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-254xx/CVE-2023-25458.json b/CVE-2023/CVE-2023-254xx/CVE-2023-25458.json new file mode 100644 index 00000000000..a52e26268e1 --- /dev/null +++ b/CVE-2023/CVE-2023-254xx/CVE-2023-25458.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25458", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-04T20:15:09.797", + "lastModified": "2023-05-04T20:15:09.797", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GMO Internet Group, Inc. TypeSquare Webfonts for ConoHa plugin <=\u00a02.0.3 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/ts-webfonts-for-conoha/wordpress-typesquare-webfonts-for-conoha-plugin-2-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-256xx/CVE-2023-25652.json b/CVE-2023/CVE-2023-256xx/CVE-2023-25652.json index ad35b4cfd9f..f899e55a646 100644 --- a/CVE-2023/CVE-2023-256xx/CVE-2023-25652.json +++ b/CVE-2023/CVE-2023-256xx/CVE-2023-25652.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25652", "sourceIdentifier": "security-advisories@github.com", "published": "2023-04-25T20:15:09.933", - "lastModified": "2023-05-01T06:15:14.517", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T21:26:02.407", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,30 +76,157 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.30.9", + "matchCriteriaId": "A2E4BF99-17B8-4424-B97E-DDB8A4793DAF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.31.0", + "versionEndExcluding": "2.31.8", + "matchCriteriaId": "2A1D7F29-E06F-4277-8713-1C19DE714300" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.32.0", + "versionEndExcluding": "2.32.7", + "matchCriteriaId": "0B69F022-B29E-4D9A-B4FC-78430AFF0C9C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.33.0", + "versionEndExcluding": "2.33.8", + "matchCriteriaId": "8A2B603F-B8E2-4123-80A4-64E983FF1F86" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.34.0", + "versionEndExcluding": "2.34.8", + "matchCriteriaId": "26D3ED4E-246E-4D4D-9E2D-7890E93ECED8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.35.0", + "versionEndExcluding": "2.35.8", + "matchCriteriaId": "D3988013-1332-49F8-85E7-7EB59BE36A63" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.36.0", + "versionEndExcluding": "2.36.6", + "matchCriteriaId": "CB966EF2-F4F8-4462-AA73-5B452538E756" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.37.0", + "versionEndExcluding": "2.37.7", + "matchCriteriaId": "030542CA-76BF-4252-9E03-D7E44D3DEE19" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.38.0", + "versionEndExcluding": "2.38.5", + "matchCriteriaId": "6EAEE109-8AD8-4383-AAC3-E9D2A4794F8B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.39.0", + "versionEndExcluding": "2.39.3", + "matchCriteriaId": "BE329F8E-076F-4895-A2A2-A1C0330C1F6F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:git-scm:git:2.40.0:*:*:*:*:*:*:*", + "matchCriteriaId": "89633B46-319A-499C-9848-2EA60AC030EB" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", + "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/04/25/2", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://github.com/git/git/commit/18e2b1cfc80990719275d7b08e6e50f3e8cbc902", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/git/git/commit/668f2d53613ac8fd373926ebe219f2c29112d93e", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PI7FZ4NNR5S5J5K6AMVQBH2JFP6NE4L7/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFZWGQKB6MM5MNF2DLFTD7KS2KWPICKL/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-258xx/CVE-2023-25815.json b/CVE-2023/CVE-2023-258xx/CVE-2023-25815.json index 2795f619535..16291207c75 100644 --- a/CVE-2023/CVE-2023-258xx/CVE-2023-25815.json +++ b/CVE-2023/CVE-2023-258xx/CVE-2023-25815.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25815", "sourceIdentifier": "security-advisories@github.com", "published": "2023-04-25T20:15:09.997", - "lastModified": "2023-05-01T06:15:15.037", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T21:25:27.333", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 2.2, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.8, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-134" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -50,38 +80,104 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:git_for_windows_project:git_for_windows:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.40.1", + "matchCriteriaId": "E740B447-D96A-40C3-AFA9-9B058379E04D" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", + "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/04/25/2", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://axcheron.github.io/exploit-101-format-strings/#writing-to-the-stack", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/git-for-windows/git/releases/tag/v2.40.1.windows.1", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/git-for-windows/git/security/advisories/GHSA-9w66-8mq8-5vm8", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/msys2/MINGW-packages/pull/10461", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PI7FZ4NNR5S5J5K6AMVQBH2JFP6NE4L7/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFZWGQKB6MM5MNF2DLFTD7KS2KWPICKL/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://pubs.opengroup.org/onlinepubs/9699919799/functions/printf.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-259xx/CVE-2023-25961.json b/CVE-2023/CVE-2023-259xx/CVE-2023-25961.json new file mode 100644 index 00000000000..ee183926cd7 --- /dev/null +++ b/CVE-2023/CVE-2023-259xx/CVE-2023-25961.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25961", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-04T20:15:09.897", + "lastModified": "2023-05-04T20:15:09.897", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Catch Themes Darcie theme <=\u00a01.1.5 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/darcie/wordpress-darcie-theme-1-1-5-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-259xx/CVE-2023-25977.json b/CVE-2023/CVE-2023-259xx/CVE-2023-25977.json new file mode 100644 index 00000000000..9def593a328 --- /dev/null +++ b/CVE-2023/CVE-2023-259xx/CVE-2023-25977.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25977", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-04T20:15:09.977", + "lastModified": "2023-05-04T20:15:09.977", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 9seeds.Com CPT \u2013 Speakers plugin <=\u00a01.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/cpt-speakers/wordpress-cpt-speakers-plugin-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-259xx/CVE-2023-25982.json b/CVE-2023/CVE-2023-259xx/CVE-2023-25982.json new file mode 100644 index 00000000000..8b44c4f54d5 --- /dev/null +++ b/CVE-2023/CVE-2023-259xx/CVE-2023-25982.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25982", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-04T20:15:10.060", + "lastModified": "2023-05-04T20:15:10.060", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Eirudo Simple YouTube Responsive plugin <=\u00a02.5 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/simple-youtube-responsive/wordpress-simple-youtube-responsive-plugin-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-278xx/CVE-2023-27860.json b/CVE-2023/CVE-2023-278xx/CVE-2023-27860.json index 93dfc9afda4..9121a64f68f 100644 --- a/CVE-2023/CVE-2023-278xx/CVE-2023-27860.json +++ b/CVE-2023/CVE-2023-278xx/CVE-2023-27860.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27860", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-04-27T19:15:20.253", - "lastModified": "2023-04-28T12:58:13.110", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T20:44:00.350", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -46,14 +66,44 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "0F9DA22B-5DD7-4551-AC7A-61949D246F5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*", + "matchCriteriaId": "B0279056-1BD2-4CD6-86BA-DDAA6AB53C6F" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249207", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/6985679", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-280xx/CVE-2023-28084.json b/CVE-2023/CVE-2023-280xx/CVE-2023-28084.json new file mode 100644 index 00000000000..a87ec6f6357 --- /dev/null +++ b/CVE-2023/CVE-2023-280xx/CVE-2023-28084.json @@ -0,0 +1,106 @@ +{ + "id": "CVE-2023-28084", + "sourceIdentifier": "security-alert@hpe.com", + "published": "2023-04-25T20:15:10.067", + "lastModified": "2023-05-04T21:24:46.610", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + }, + { + "source": "security-alert@hpe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.60.04", + "matchCriteriaId": "FBAAD7B8-CB8C-4F50-8A30-0B2CF5199B8F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0", + "versionEndExcluding": "8.2", + "matchCriteriaId": "CCD692B5-5224-4D65-B5F6-9B1B4EF5B227" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hpe:oneview_global_dashboard:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.72", + "matchCriteriaId": "458F8B2A-D560-4497-9DD0-1C654B28B991" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04468en_us", + "source": "security-alert@hpe.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04469en_us", + "source": "security-alert@hpe.com", + "tags": [ + "Vendor Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28384.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28384.json index fb70fcf0986..7fddea44b87 100644 --- a/CVE-2023/CVE-2023-283xx/CVE-2023-28384.json +++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28384.json @@ -2,16 +2,49 @@ "id": "CVE-2023-28384", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-04-27T23:15:14.867", - "lastModified": "2023-04-28T12:58:13.110", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T20:59:02.907", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -23,10 +56,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.26.0", + "matchCriteriaId": "3460F2AB-1B4F-42B8-BEF4-98E7EBEC16E8" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-284xx/CVE-2023-28400.json b/CVE-2023/CVE-2023-284xx/CVE-2023-28400.json index 27b94fafe02..212748392d3 100644 --- a/CVE-2023/CVE-2023-284xx/CVE-2023-28400.json +++ b/CVE-2023/CVE-2023-284xx/CVE-2023-28400.json @@ -2,16 +2,49 @@ "id": "CVE-2023-28400", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-04-27T23:15:14.917", - "lastModified": "2023-04-28T12:58:08.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T20:58:34.487", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. " } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -23,10 +56,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.26.0", + "matchCriteriaId": "3460F2AB-1B4F-42B8-BEF4-98E7EBEC16E8" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-284xx/CVE-2023-28471.json b/CVE-2023/CVE-2023-284xx/CVE-2023-28471.json index bbd85a416c8..1eb4aa142fa 100644 --- a/CVE-2023/CVE-2023-284xx/CVE-2023-28471.json +++ b/CVE-2023/CVE-2023-284xx/CVE-2023-28471.json @@ -2,23 +2,82 @@ "id": "CVE-2023-28471", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-28T14:15:10.307", - "lastModified": "2023-04-28T17:06:28.060", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T20:59:56.717", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS via a container name." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.2.0", + "matchCriteriaId": "00F33859-EA9B-4E6D-9B8C-62945094ED9F" + } + ] + } + ] + } + ], "references": [ { "url": "https://concretecms.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28716.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28716.json index 23b9134f1c3..79704cd9e1f 100644 --- a/CVE-2023/CVE-2023-287xx/CVE-2023-28716.json +++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28716.json @@ -2,16 +2,49 @@ "id": "CVE-2023-28716", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-04-27T23:15:14.963", - "lastModified": "2023-04-28T12:58:08.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T20:56:00.797", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. " } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -23,10 +56,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.26.0", + "matchCriteriaId": "3460F2AB-1B4F-42B8-BEF4-98E7EBEC16E8" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29007.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29007.json index 56fc83b00a4..1441dd8a63f 100644 --- a/CVE-2023/CVE-2023-290xx/CVE-2023-29007.json +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29007.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29007", "sourceIdentifier": "security-advisories@github.com", "published": "2023-04-25T21:15:10.403", - "lastModified": "2023-05-01T06:15:16.007", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T21:19:21.177", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,26 +66,149 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.30.9", + "matchCriteriaId": "A2E4BF99-17B8-4424-B97E-DDB8A4793DAF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.31.0", + "versionEndExcluding": "2.31.8", + "matchCriteriaId": "2A1D7F29-E06F-4277-8713-1C19DE714300" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.32.0", + "versionEndExcluding": "2.32.7", + "matchCriteriaId": "0B69F022-B29E-4D9A-B4FC-78430AFF0C9C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.33.0", + "versionEndExcluding": "2.33.8", + "matchCriteriaId": "8A2B603F-B8E2-4123-80A4-64E983FF1F86" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.34.0", + "versionEndExcluding": "2.34.8", + "matchCriteriaId": "26D3ED4E-246E-4D4D-9E2D-7890E93ECED8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.35.0", + "versionEndExcluding": "2.35.8", + "matchCriteriaId": "D3988013-1332-49F8-85E7-7EB59BE36A63" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.36.0", + "versionEndExcluding": "2.36.5", + "matchCriteriaId": "0588D372-41D2-442E-976E-6B24DB1A1EC6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.37.0", + "versionEndExcluding": "2.37.7", + "matchCriteriaId": "030542CA-76BF-4252-9E03-D7E44D3DEE19" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.38.0", + "versionEndExcluding": "2.38.5", + "matchCriteriaId": "6EAEE109-8AD8-4383-AAC3-E9D2A4794F8B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.39.0", + "versionEndExcluding": "2.39.3", + "matchCriteriaId": "BE329F8E-076F-4895-A2A2-A1C0330C1F6F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:git-scm:git:2.40.0:*:*:*:*:*:*:*", + "matchCriteriaId": "89633B46-319A-499C-9848-2EA60AC030EB" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", + "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/git/git/blob/9ce9dea4e1c2419cca126d29fa7730baa078a11b/Documentation/RelNotes/2.30.9.txt", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/git/git/commit/528290f8c61222433a8cf02fb7cfffa8438432b4", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PI7FZ4NNR5S5J5K6AMVQBH2JFP6NE4L7/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFZWGQKB6MM5MNF2DLFTD7KS2KWPICKL/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29011.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29011.json new file mode 100644 index 00000000000..a902a740c15 --- /dev/null +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29011.json @@ -0,0 +1,103 @@ +{ + "id": "CVE-2023-29011", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-04-25T21:15:10.480", + "lastModified": "2023-05-04T21:18:43.457", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "Git for Windows, the Windows port of Git, ships with an executable called `connect.exe`, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of `connect.exe`'s config file is hard-coded as `/etc/connectrc` which will typically be interpreted as `C:\\etc\\connectrc`. Since `C:\\etc` can be created by any authenticated user, this makes `connect.exe` susceptible to malicious files being placed there by other users on the same multi-user machine. The problem has been patched in Git for Windows v2.40.1. As a workaround, create the folder `etc` on all drives where Git commands are run, and remove read/write access from those folders. Alternatively, watch out for malicious `:\\etc\\connectrc` files on multi-user machines." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:git_for_windows_project:git_for_windows:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.40.1", + "matchCriteriaId": "E740B447-D96A-40C3-AFA9-9B058379E04D" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://github.com/git-for-windows/git/releases/tag/v2.40.1.windows.1", + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] + }, + { + "url": "https://github.com/git-for-windows/git/security/advisories/GHSA-g4fv-xjqw-q7jm", + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29012.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29012.json new file mode 100644 index 00000000000..c7fd2b23ee3 --- /dev/null +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29012.json @@ -0,0 +1,103 @@ +{ + "id": "CVE-2023-29012", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-04-25T21:15:10.557", + "lastModified": "2023-05-04T21:18:15.470", + "vulnStatus": "Analyzed", + "descriptions": [ + { + "lang": "en", + "value": "Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerability. Maliciously-placed `doskey.exe` would be executed silently upon running Git CMD. The problem has been patched in Git for Windows v2.40.1. As a workaround, avoid using Git CMD or, if using Git CMD, avoid starting it in an untrusted directory." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 0.6, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:git_for_windows_project:git_for_windows:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.40.1", + "matchCriteriaId": "E740B447-D96A-40C3-AFA9-9B058379E04D" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://github.com/git-for-windows/git/releases/tag/v2.40.1.windows.1", + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] + }, + { + "url": "https://github.com/git-for-windows/git/security/advisories/GHSA-gq5x-v87v-8f7g", + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-291xx/CVE-2023-29150.json b/CVE-2023/CVE-2023-291xx/CVE-2023-29150.json index a703b2a70d9..0936abd0378 100644 --- a/CVE-2023/CVE-2023-291xx/CVE-2023-29150.json +++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29150.json @@ -2,16 +2,49 @@ "id": "CVE-2023-29150", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-04-27T23:15:15.007", - "lastModified": "2023-04-28T12:58:08.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T20:53:54.113", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. " } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -23,10 +56,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.26.0", + "matchCriteriaId": "3460F2AB-1B4F-42B8-BEF4-98E7EBEC16E8" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-291xx/CVE-2023-29169.json b/CVE-2023/CVE-2023-291xx/CVE-2023-29169.json index b0d8cdb9880..aedf0faf70b 100644 --- a/CVE-2023/CVE-2023-291xx/CVE-2023-29169.json +++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29169.json @@ -2,16 +2,49 @@ "id": "CVE-2023-29169", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-04-27T23:15:15.050", - "lastModified": "2023-04-28T12:58:08.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T20:40:25.643", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. " } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -23,10 +56,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.26.0", + "matchCriteriaId": "3460F2AB-1B4F-42B8-BEF4-98E7EBEC16E8" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-292xx/CVE-2023-29255.json b/CVE-2023/CVE-2023-292xx/CVE-2023-29255.json index 3d94856852e..21e006ca7d8 100644 --- a/CVE-2023/CVE-2023-292xx/CVE-2023-29255.json +++ b/CVE-2023/CVE-2023-292xx/CVE-2023-29255.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29255", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-04-27T13:15:09.053", - "lastModified": "2023-04-27T14:36:08.643", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T20:06:43.167", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "psirt@us.ibm.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "psirt@us.ibm.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,14 +76,160 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.1", + "versionEndExcluding": "11.1.4", + "matchCriteriaId": "421BBE95-3D5B-421A-9DC1-8B08D019B2A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.5", + "versionEndExcluding": "11.5.8", + "matchCriteriaId": "65161064-A4A3-48E5-AC0A-388429FF2F53" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:10.5:-:*:*:*:*:*:*", + "matchCriteriaId": "190AE881-F7BF-486E-BDAE-197337D70CDB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:10.5:fp1:*:*:*:*:*:*", + "matchCriteriaId": "8D1BAA43-4C77-4AC7-8561-93EDE0AED000" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:10.5:fp10:*:*:*:*:*:*", + "matchCriteriaId": "F6FDF4D8-1822-43E6-AE65-3E4F8743D3A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:10.5:fp2:*:*:*:*:*:*", + "matchCriteriaId": "87C39880-D0E9-4487-9A80-B4D1A999032F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3:*:*:*:*:*:*", + "matchCriteriaId": "8842A8B6-E470-4536-AB5D-DA1C62A05F58" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3a:*:*:*:*:*:*", + "matchCriteriaId": "92BF0482-E4FE-454E-84DD-27074097F3F3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:10.5:fp4:*:*:*:*:*:*", + "matchCriteriaId": "3705A79B-7903-4055-9CDC-55D60D2AC2E4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:10.5:fp5:*:*:*:*:*:*", + "matchCriteriaId": "CBDFCE61-EE04-4901-844D-61B8966C1B81" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:10.5:fp6:*:*:*:*:*:*", + "matchCriteriaId": "53A23363-413D-4785-B8C1-9AC2F96000EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:10.5:fp7:*:*:*:*:*:*", + "matchCriteriaId": "6E22D884-A33F-41D7-84CB-B6360A39863F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:10.5:fp8:*:*:*:*:*:*", + "matchCriteriaId": "4DA56D35-93E9-4659-B180-2FD636A39BAB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:10.5:fp9:*:*:*:*:*:*", + "matchCriteriaId": "6E7F0B02-EA0B-4BD1-AA0C-2A4735221963" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:11.1.4:-:*:*:*:*:*:*", + "matchCriteriaId": "7F91EC14-CD9A-42EB-9D81-6025A1D74749" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp1:*:*:*:*:*:*", + "matchCriteriaId": "5D098641-0833-4718-BB6A-273E1CA0F887" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp2:*:*:*:*:*:*", + "matchCriteriaId": "8B451F96-2A58-4758-86E6-F8A030805C51" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp3:*:*:*:*:*:*", + "matchCriteriaId": "69CBC98E-BECE-41A4-A0D9-9F3AC1602ABE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp4:*:*:*:*:*:*", + "matchCriteriaId": "20386F14-BC32-4174-9F3A-F7406486976A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp5:*:*:*:*:*:*", + "matchCriteriaId": "DD0DD54B-AB2E-4C56-B348-FF87C174270A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp6:*:*:*:*:*:*", + "matchCriteriaId": "CC14EF40-FE00-47F9-8A78-98713F903D9C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251991", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/6985687", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-300xx/CVE-2023-30094.json b/CVE-2023/CVE-2023-300xx/CVE-2023-30094.json new file mode 100644 index 00000000000..aea64398566 --- /dev/null +++ b/CVE-2023/CVE-2023-300xx/CVE-2023-30094.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-30094", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-04T20:15:10.153", + "lastModified": "2023-05-04T20:15:10.153", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/totaljs/flow/issues/100", + "source": "cve@mitre.org" + }, + { + "url": "https://www.edoardoottavianelli.it/CVE-2023-30094/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.youtube.com/watch?v=8VbTm2sIdBE", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-300xx/CVE-2023-30095.json b/CVE-2023/CVE-2023-300xx/CVE-2023-30095.json new file mode 100644 index 00000000000..194773149b6 --- /dev/null +++ b/CVE-2023/CVE-2023-300xx/CVE-2023-30095.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-30095", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-04T20:15:10.213", + "lastModified": "2023-05-04T20:15:10.213", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the channel description field." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/totaljs/messenger/issues/11", + "source": "cve@mitre.org" + }, + { + "url": "https://www.edoardoottavianelli.it/CVE-2023-30095/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.youtube.com/watch?v=nzhIKn999Mk", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-300xx/CVE-2023-30096.json b/CVE-2023/CVE-2023-300xx/CVE-2023-30096.json new file mode 100644 index 00000000000..6f040f7b606 --- /dev/null +++ b/CVE-2023/CVE-2023-300xx/CVE-2023-30096.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-30096", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-04T20:15:10.267", + "lastModified": "2023-05-04T20:15:10.267", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user information field." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/totaljs/messenger/issues/10", + "source": "cve@mitre.org" + }, + { + "url": "https://www.edoardoottavianelli.it/CVE-2023-30096/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.youtube.com/watch?v=1SMQKRiibHw", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-300xx/CVE-2023-30097.json b/CVE-2023/CVE-2023-300xx/CVE-2023-30097.json new file mode 100644 index 00000000000..9481c0bf994 --- /dev/null +++ b/CVE-2023/CVE-2023-300xx/CVE-2023-30097.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-30097", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-04T20:15:10.320", + "lastModified": "2023-05-04T20:15:10.320", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task field." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/totaljs/messenger/issues/9", + "source": "cve@mitre.org" + }, + { + "url": "https://www.edoardoottavianelli.it/CVE-2023-30097/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.youtube.com/watch?v=qX_wuVQsj1I", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-302xx/CVE-2023-30216.json b/CVE-2023/CVE-2023-302xx/CVE-2023-30216.json new file mode 100644 index 00000000000..2a23498d28e --- /dev/null +++ b/CVE-2023/CVE-2023-302xx/CVE-2023-30216.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-30216", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-04T21:15:11.493", + "lastModified": "2023-05-04T21:15:11.493", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account information." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/newbee-ltd/newbee-mall/issues/76", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-302xx/CVE-2023-30264.json b/CVE-2023/CVE-2023-302xx/CVE-2023-30264.json new file mode 100644 index 00000000000..726dcc8694a --- /dev/null +++ b/CVE-2023/CVE-2023-302xx/CVE-2023-30264.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-30264", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-04T20:15:10.377", + "lastModified": "2023-05-04T20:15:10.377", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via application/admin/controller/Template.php:update." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/HuBenLab/8498761dc3eaaed724a134197f092c47", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/HuBenLab/HuBenVulList/blob/main/CLTPHP6.0%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type%202.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-302xx/CVE-2023-30265.json b/CVE-2023/CVE-2023-302xx/CVE-2023-30265.json index d616a53975c..e4c645177ce 100644 --- a/CVE-2023/CVE-2023-302xx/CVE-2023-30265.json +++ b/CVE-2023/CVE-2023-302xx/CVE-2023-30265.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30265", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-26T14:15:09.697", - "lastModified": "2023-05-04T19:15:15.477", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-04T20:15:10.427", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -65,6 +65,10 @@ } ], "references": [ + { + "url": "https://gist.github.com/HuBenLab/1d1bc201d5df41426d719e56d4421b30", + "source": "cve@mitre.org" + }, { "url": "https://github.com/HuBenLab/HuBenVulList/blob/main/CLTPHP6.0%20Path%20Traversal.md", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-302xx/CVE-2023-30266.json b/CVE-2023/CVE-2023-302xx/CVE-2023-30266.json index 7aa2d6e088f..eaa2e9b27bd 100644 --- a/CVE-2023/CVE-2023-302xx/CVE-2023-30266.json +++ b/CVE-2023/CVE-2023-302xx/CVE-2023-30266.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30266", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-26T14:15:09.737", - "lastModified": "2023-05-04T19:14:22.830", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-04T20:15:10.493", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -65,6 +65,10 @@ } ], "references": [ + { + "url": "https://gist.github.com/HuBenLab/a6ef7e5efeae2635f54cb69327409a19", + "source": "cve@mitre.org" + }, { "url": "https://github.com/HuBenLab/HuBenVulList/blob/main/CLTPHP6.0%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type%201.md", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-302xx/CVE-2023-30268.json b/CVE-2023/CVE-2023-302xx/CVE-2023-30268.json new file mode 100644 index 00000000000..fa79554e7ec --- /dev/null +++ b/CVE-2023/CVE-2023-302xx/CVE-2023-30268.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-30268", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-04T20:15:10.567", + "lastModified": "2023-05-04T20:15:10.567", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "CLTPHP <=6.0 is vulnerable to Improper Input Validation." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/HuBenLab/16dc2f87f91a6f8c60eefce5abf18c08", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/HuBenLab/HuBenVulList/blob/main/CLTPHP6.0%20Improper%20Input%20Validation%202.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-302xx/CVE-2023-30269.json b/CVE-2023/CVE-2023-302xx/CVE-2023-30269.json index 31331a078ee..3f8242fc4fc 100644 --- a/CVE-2023/CVE-2023-302xx/CVE-2023-30269.json +++ b/CVE-2023/CVE-2023-302xx/CVE-2023-30269.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30269", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-26T14:15:09.813", - "lastModified": "2023-05-04T19:08:50.027", - "vulnStatus": "Analyzed", + "lastModified": "2023-05-04T20:15:10.617", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -65,6 +65,10 @@ } ], "references": [ + { + "url": "https://gist.github.com/HuBenLab/f5eb8ebbba20c835a3170d392c9e46a4", + "source": "cve@mitre.org" + }, { "url": "https://github.com/HuBenLab/HuBenVulList/blob/main/CLTPHP6.0%20Improper%20Input%20Validation%201.md", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-303xx/CVE-2023-30328.json b/CVE-2023/CVE-2023-303xx/CVE-2023-30328.json new file mode 100644 index 00000000000..a163dbc95cc --- /dev/null +++ b/CVE-2023/CVE-2023-303xx/CVE-2023-30328.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-30328", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-04T21:15:11.540", + "lastModified": "2023-05-04T21:15:11.540", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in the helper tool of Mailbutler GmbH Shimo VPN Client for macOS v5.0.4 allows attackers to bypass authentication via PID re-use." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/rand0mIdas/randomideas/blob/main/ShimoVPN.md", + "source": "cve@mitre.org" + }, + { + "url": "https://raw.githubusercontent.com/rand0mIdas/randomideas/main/ShimoVPN.md?token=GHSAT0AAAAAACA3WX4SPH2YYOCWGV6LLVSGZBIEKEQ", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-303xx/CVE-2023-30399.json b/CVE-2023/CVE-2023-303xx/CVE-2023-30399.json new file mode 100644 index 00000000000..0df869f6def --- /dev/null +++ b/CVE-2023/CVE-2023-303xx/CVE-2023-30399.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-30399", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-04T21:15:11.593", + "lastModified": "2023-05-04T21:15:11.593", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v189 allows attackers to redirect users to a crafted update package link via a man-in-the-middle attack." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://garocharging.com/glb-wallbox/", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Yof3ng/IoT/blob/master/Garo/CVE-2023-30399.md", + "source": "cve@mitre.org" + }, + { + "url": "https://www.garo.se/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-304xx/CVE-2023-30444.json b/CVE-2023/CVE-2023-304xx/CVE-2023-30444.json index 2b4b1a92c0c..da7be12be8a 100644 --- a/CVE-2023/CVE-2023-304xx/CVE-2023-30444.json +++ b/CVE-2023/CVE-2023-304xx/CVE-2023-30444.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30444", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-04-27T13:15:09.290", - "lastModified": "2023-04-27T14:36:08.643", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-05-04T20:05:05.557", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -46,10 +66,36 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:watson_machine_learning_on_cloud_pak_for_data:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "96F7FDA1-F5CC-4FF6-90BB-8D0C8D7F8F8C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:watson_machine_learning_on_cloud_pak_for_data:4.5:*:*:*:*:*:*:*", + "matchCriteriaId": "CFF74B76-6B49-4AA8-82FB-8D99E8FC70AD" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.ibm.com/support/pages/node/6985859", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31284.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31284.json new file mode 100644 index 00000000000..f0f01627434 --- /dev/null +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31284.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-31284", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-05-04T20:15:10.717", + "lastModified": "2023-05-04T20:15:10.717", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "illumos illumos-gate before 676abcb has a stack buffer overflow in /dev/net, leading to privilege escalation via a stat on a long file name in /dev/net." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/illumos/illumos-gate/tree/16b76d3cb933ff92018a2a75594449010192eacb", + "source": "cve@mitre.org" + }, + { + "url": "https://illumos.topicbox.com/groups/developer/T13ef186a53edeb5c-M821cc18b5884e04e16daa8fd/cve-2023-31284-buffer-overflow-in-dev-net", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31413.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31413.json new file mode 100644 index 00000000000..c5b91f5e488 --- /dev/null +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31413.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-31413", + "sourceIdentifier": "bressers@elastic.co", + "published": "2023-05-04T21:15:11.640", + "lastModified": "2023-05-04T21:15:11.640", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "bressers@elastic.co", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://discuss.elastic.co/t/elastic-stack-8-7-0-7-17-10-security-updates/332327", + "source": "bressers@elastic.co" + }, + { + "url": "https://www.elastic.co/community/security/", + "source": "bressers@elastic.co" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31414.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31414.json new file mode 100644 index 00000000000..1a89ca308c3 --- /dev/null +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31414.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-31414", + "sourceIdentifier": "bressers@elastic.co", + "published": "2023-05-04T21:15:11.703", + "lastModified": "2023-05-04T21:15:11.703", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "bressers@elastic.co", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://discuss.elastic.co/t/kibana-8-7-1-security-updates/332330", + "source": "bressers@elastic.co" + }, + { + "url": "https://www.elastic.co/community/security/", + "source": "bressers@elastic.co" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31415.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31415.json new file mode 100644 index 00000000000..8760d3211a5 --- /dev/null +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31415.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-31415", + "sourceIdentifier": "bressers@elastic.co", + "published": "2023-05-04T21:15:11.760", + "lastModified": "2023-05-04T21:15:11.760", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Kibana version 8.7.0 contains an arbitrary code execution flaw. An attacker with All privileges to the Uptime/Synthetics feature could send a request that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "bressers@elastic.co", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://discuss.elastic.co/t/kibana-8-7-1-security-updates/332330", + "source": "bressers@elastic.co" + }, + { + "url": "https://www.elastic.co/community/security/", + "source": "bressers@elastic.co" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index fbcde7c7ec8..1887cda448e 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-05-04T20:00:25.177435+00:00 +2023-05-04T21:55:23.937706+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-05-04T19:57:36.087000+00:00 +2023-05-04T21:26:02.407000+00:00 ``` ### Last Data Feed Release @@ -29,93 +29,104 @@ Download and Changelog: [Click](releases/latest) ### Total Number of included CVEs ```plain -214067 +214117 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `50` -* [CVE-2023-2522](CVE-2023/CVE-2023-25xx/CVE-2023-2522.json) (`2023-05-04T18:15:09.763`) -* [CVE-2023-2523](CVE-2023/CVE-2023-25xx/CVE-2023-2523.json) (`2023-05-04T18:15:10.063`) -* [CVE-2023-2524](CVE-2023/CVE-2023-25xx/CVE-2023-2524.json) (`2023-05-04T19:15:09.123`) -* [CVE-2023-30550](CVE-2023/CVE-2023-305xx/CVE-2023-30550.json) (`2023-05-04T18:15:10.150`) +* [CVE-2022-47434](CVE-2022/CVE-2022-474xx/CVE-2022-47434.json) (`2023-05-04T21:15:09.313`) +* [CVE-2022-47449](CVE-2022/CVE-2022-474xx/CVE-2022-47449.json) (`2023-05-04T21:15:09.387`) +* [CVE-2023-20126](CVE-2023/CVE-2023-201xx/CVE-2023-20126.json) (`2023-05-04T20:15:09.633`) +* [CVE-2023-21484](CVE-2023/CVE-2023-214xx/CVE-2023-21484.json) (`2023-05-04T21:15:09.547`) +* [CVE-2023-21485](CVE-2023/CVE-2023-214xx/CVE-2023-21485.json) (`2023-05-04T21:15:09.627`) +* [CVE-2023-21486](CVE-2023/CVE-2023-214xx/CVE-2023-21486.json) (`2023-05-04T21:15:09.697`) +* [CVE-2023-21487](CVE-2023/CVE-2023-214xx/CVE-2023-21487.json) (`2023-05-04T21:15:09.760`) +* [CVE-2023-21488](CVE-2023/CVE-2023-214xx/CVE-2023-21488.json) (`2023-05-04T21:15:09.817`) +* [CVE-2023-21489](CVE-2023/CVE-2023-214xx/CVE-2023-21489.json) (`2023-05-04T21:15:09.883`) +* [CVE-2023-21490](CVE-2023/CVE-2023-214xx/CVE-2023-21490.json) (`2023-05-04T21:15:09.943`) +* [CVE-2023-21491](CVE-2023/CVE-2023-214xx/CVE-2023-21491.json) (`2023-05-04T21:15:10.007`) +* [CVE-2023-21492](CVE-2023/CVE-2023-214xx/CVE-2023-21492.json) (`2023-05-04T21:15:10.070`) +* [CVE-2023-21493](CVE-2023/CVE-2023-214xx/CVE-2023-21493.json) (`2023-05-04T21:15:10.137`) +* [CVE-2023-21494](CVE-2023/CVE-2023-214xx/CVE-2023-21494.json) (`2023-05-04T21:15:10.200`) +* [CVE-2023-21495](CVE-2023/CVE-2023-214xx/CVE-2023-21495.json) (`2023-05-04T21:15:10.267`) +* [CVE-2023-21496](CVE-2023/CVE-2023-214xx/CVE-2023-21496.json) (`2023-05-04T21:15:10.333`) +* [CVE-2023-21497](CVE-2023/CVE-2023-214xx/CVE-2023-21497.json) (`2023-05-04T21:15:10.403`) +* [CVE-2023-21498](CVE-2023/CVE-2023-214xx/CVE-2023-21498.json) (`2023-05-04T21:15:10.477`) +* [CVE-2023-21499](CVE-2023/CVE-2023-214xx/CVE-2023-21499.json) (`2023-05-04T21:15:10.540`) +* [CVE-2023-21500](CVE-2023/CVE-2023-215xx/CVE-2023-21500.json) (`2023-05-04T21:15:10.600`) +* [CVE-2023-21501](CVE-2023/CVE-2023-215xx/CVE-2023-21501.json) (`2023-05-04T21:15:10.663`) +* [CVE-2023-21502](CVE-2023/CVE-2023-215xx/CVE-2023-21502.json) (`2023-05-04T21:15:10.727`) +* [CVE-2023-21503](CVE-2023/CVE-2023-215xx/CVE-2023-21503.json) (`2023-05-04T21:15:10.790`) +* [CVE-2023-21504](CVE-2023/CVE-2023-215xx/CVE-2023-21504.json) (`2023-05-04T21:15:10.853`) +* [CVE-2023-21505](CVE-2023/CVE-2023-215xx/CVE-2023-21505.json) (`2023-05-04T21:15:10.917`) +* [CVE-2023-21506](CVE-2023/CVE-2023-215xx/CVE-2023-21506.json) (`2023-05-04T21:15:11.080`) +* [CVE-2023-21507](CVE-2023/CVE-2023-215xx/CVE-2023-21507.json) (`2023-05-04T21:15:11.150`) +* [CVE-2023-21508](CVE-2023/CVE-2023-215xx/CVE-2023-21508.json) (`2023-05-04T21:15:11.207`) +* [CVE-2023-21509](CVE-2023/CVE-2023-215xx/CVE-2023-21509.json) (`2023-05-04T21:15:11.270`) +* [CVE-2023-21510](CVE-2023/CVE-2023-215xx/CVE-2023-21510.json) (`2023-05-04T21:15:11.327`) +* [CVE-2023-21511](CVE-2023/CVE-2023-215xx/CVE-2023-21511.json) (`2023-05-04T21:15:11.387`) +* [CVE-2023-23059](CVE-2023/CVE-2023-230xx/CVE-2023-23059.json) (`2023-05-04T20:15:09.737`) +* [CVE-2023-25289](CVE-2023/CVE-2023-252xx/CVE-2023-25289.json) (`2023-05-04T21:15:11.447`) +* [CVE-2023-25458](CVE-2023/CVE-2023-254xx/CVE-2023-25458.json) (`2023-05-04T20:15:09.797`) +* [CVE-2023-25961](CVE-2023/CVE-2023-259xx/CVE-2023-25961.json) (`2023-05-04T20:15:09.897`) +* [CVE-2023-25977](CVE-2023/CVE-2023-259xx/CVE-2023-25977.json) (`2023-05-04T20:15:09.977`) +* [CVE-2023-25982](CVE-2023/CVE-2023-259xx/CVE-2023-25982.json) (`2023-05-04T20:15:10.060`) +* [CVE-2023-30094](CVE-2023/CVE-2023-300xx/CVE-2023-30094.json) (`2023-05-04T20:15:10.153`) +* [CVE-2023-30095](CVE-2023/CVE-2023-300xx/CVE-2023-30095.json) (`2023-05-04T20:15:10.213`) +* [CVE-2023-30096](CVE-2023/CVE-2023-300xx/CVE-2023-30096.json) (`2023-05-04T20:15:10.267`) +* [CVE-2023-30097](CVE-2023/CVE-2023-300xx/CVE-2023-30097.json) (`2023-05-04T20:15:10.320`) +* [CVE-2023-30216](CVE-2023/CVE-2023-302xx/CVE-2023-30216.json) (`2023-05-04T21:15:11.493`) +* [CVE-2023-30264](CVE-2023/CVE-2023-302xx/CVE-2023-30264.json) (`2023-05-04T20:15:10.377`) +* [CVE-2023-30268](CVE-2023/CVE-2023-302xx/CVE-2023-30268.json) (`2023-05-04T20:15:10.567`) +* [CVE-2023-30328](CVE-2023/CVE-2023-303xx/CVE-2023-30328.json) (`2023-05-04T21:15:11.540`) +* [CVE-2023-30399](CVE-2023/CVE-2023-303xx/CVE-2023-30399.json) (`2023-05-04T21:15:11.593`) +* [CVE-2023-31284](CVE-2023/CVE-2023-312xx/CVE-2023-31284.json) (`2023-05-04T20:15:10.717`) +* [CVE-2023-31413](CVE-2023/CVE-2023-314xx/CVE-2023-31413.json) (`2023-05-04T21:15:11.640`) +* [CVE-2023-31414](CVE-2023/CVE-2023-314xx/CVE-2023-31414.json) (`2023-05-04T21:15:11.703`) +* [CVE-2023-31415](CVE-2023/CVE-2023-314xx/CVE-2023-31415.json) (`2023-05-04T21:15:11.760`) ### CVEs modified in the last Commit -Recently modified CVEs: `70` +Recently modified CVEs: `35` -* [CVE-2021-38363](CVE-2021/CVE-2021-383xx/CVE-2021-38363.json) (`2023-05-04T18:29:57.960`) -* [CVE-2021-38364](CVE-2021/CVE-2021-383xx/CVE-2021-38364.json) (`2023-05-04T18:28:18.383`) -* [CVE-2022-23721](CVE-2022/CVE-2022-237xx/CVE-2022-23721.json) (`2023-05-04T19:39:23.267`) -* [CVE-2022-24035](CVE-2022/CVE-2022-240xx/CVE-2022-24035.json) (`2023-05-04T18:27:25.390`) -* [CVE-2022-27978](CVE-2022/CVE-2022-279xx/CVE-2022-27978.json) (`2023-05-04T18:47:32.747`) -* [CVE-2022-27979](CVE-2022/CVE-2022-279xx/CVE-2022-27979.json) (`2023-05-04T18:34:40.333`) -* [CVE-2022-31244](CVE-2022/CVE-2022-312xx/CVE-2022-31244.json) (`2023-05-04T19:02:43.130`) -* [CVE-2022-39989](CVE-2022/CVE-2022-399xx/CVE-2022-39989.json) (`2023-05-04T19:49:24.510`) -* [CVE-2022-40482](CVE-2022/CVE-2022-404xx/CVE-2022-40482.json) (`2023-05-04T19:40:31.363`) -* [CVE-2022-40722](CVE-2022/CVE-2022-407xx/CVE-2022-40722.json) (`2023-05-04T19:46:42.447`) -* [CVE-2022-40723](CVE-2022/CVE-2022-407xx/CVE-2022-40723.json) (`2023-05-04T19:48:57.540`) -* [CVE-2022-40724](CVE-2022/CVE-2022-407xx/CVE-2022-40724.json) (`2023-05-04T19:49:32.557`) -* [CVE-2022-40725](CVE-2022/CVE-2022-407xx/CVE-2022-40725.json) (`2023-05-04T19:52:10.610`) -* [CVE-2022-45291](CVE-2022/CVE-2022-452xx/CVE-2022-45291.json) (`2023-05-04T19:57:26.577`) -* [CVE-2022-45818](CVE-2022/CVE-2022-458xx/CVE-2022-45818.json) (`2023-05-04T18:45:32.047`) -* [CVE-2022-46302](CVE-2022/CVE-2022-463xx/CVE-2022-46302.json) (`2023-05-04T18:32:15.130`) -* [CVE-2023-2007](CVE-2023/CVE-2023-20xx/CVE-2023-2007.json) (`2023-05-04T18:24:30.803`) -* [CVE-2023-20870](CVE-2023/CVE-2023-208xx/CVE-2023-20870.json) (`2023-05-04T19:57:36.087`) -* [CVE-2023-22728](CVE-2023/CVE-2023-227xx/CVE-2023-22728.json) (`2023-05-04T19:52:51.293`) -* [CVE-2023-22916](CVE-2023/CVE-2023-229xx/CVE-2023-22916.json) (`2023-05-04T19:35:46.887`) -* [CVE-2023-2294](CVE-2023/CVE-2023-22xx/CVE-2023-2294.json) (`2023-05-04T18:00:41.803`) -* [CVE-2023-23470](CVE-2023/CVE-2023-234xx/CVE-2023-23470.json) (`2023-05-04T18:45:32.047`) -* [CVE-2023-2361](CVE-2023/CVE-2023-23xx/CVE-2023-2361.json) (`2023-05-04T18:53:57.203`) -* [CVE-2023-2363](CVE-2023/CVE-2023-23xx/CVE-2023-2363.json) (`2023-05-04T18:54:49.473`) -* [CVE-2023-2364](CVE-2023/CVE-2023-23xx/CVE-2023-2364.json) (`2023-05-04T18:55:06.683`) -* [CVE-2023-2365](CVE-2023/CVE-2023-23xx/CVE-2023-2365.json) (`2023-05-04T18:55:20.170`) -* [CVE-2023-2366](CVE-2023/CVE-2023-23xx/CVE-2023-2366.json) (`2023-05-04T18:55:31.070`) -* [CVE-2023-2367](CVE-2023/CVE-2023-23xx/CVE-2023-2367.json) (`2023-05-04T18:55:44.637`) -* [CVE-2023-2368](CVE-2023/CVE-2023-23xx/CVE-2023-2368.json) (`2023-05-04T18:55:55.883`) -* [CVE-2023-2369](CVE-2023/CVE-2023-23xx/CVE-2023-2369.json) (`2023-05-04T18:56:02.097`) -* [CVE-2023-23837](CVE-2023/CVE-2023-238xx/CVE-2023-23837.json) (`2023-05-04T19:30:04.907`) -* [CVE-2023-23838](CVE-2023/CVE-2023-238xx/CVE-2023-23838.json) (`2023-05-04T19:32:26.440`) -* [CVE-2023-24796](CVE-2023/CVE-2023-247xx/CVE-2023-24796.json) (`2023-05-04T19:42:22.003`) -* [CVE-2023-24958](CVE-2023/CVE-2023-249xx/CVE-2023-24958.json) (`2023-05-04T18:45:32.047`) -* [CVE-2023-2519](CVE-2023/CVE-2023-25xx/CVE-2023-2519.json) (`2023-05-04T18:45:32.047`) -* [CVE-2023-2520](CVE-2023/CVE-2023-25xx/CVE-2023-2520.json) (`2023-05-04T18:45:32.047`) -* [CVE-2023-2521](CVE-2023/CVE-2023-25xx/CVE-2023-2521.json) (`2023-05-04T18:45:32.047`) -* [CVE-2023-25313](CVE-2023/CVE-2023-253xx/CVE-2023-25313.json) (`2023-05-04T19:05:02.003`) -* [CVE-2023-25962](CVE-2023/CVE-2023-259xx/CVE-2023-25962.json) (`2023-05-04T18:45:32.047`) -* [CVE-2023-26010](CVE-2023/CVE-2023-260xx/CVE-2023-26010.json) (`2023-05-04T18:45:32.047`) -* [CVE-2023-26012](CVE-2023/CVE-2023-260xx/CVE-2023-26012.json) (`2023-05-04T18:45:32.047`) -* [CVE-2023-26016](CVE-2023/CVE-2023-260xx/CVE-2023-26016.json) (`2023-05-04T18:45:32.047`) -* [CVE-2023-26098](CVE-2023/CVE-2023-260xx/CVE-2023-26098.json) (`2023-05-04T18:47:35.130`) -* [CVE-2023-27105](CVE-2023/CVE-2023-271xx/CVE-2023-27105.json) (`2023-05-04T18:59:37.013`) -* [CVE-2023-27843](CVE-2023/CVE-2023-278xx/CVE-2023-27843.json) (`2023-05-04T19:27:59.923`) -* [CVE-2023-28771](CVE-2023/CVE-2023-287xx/CVE-2023-28771.json) (`2023-05-04T18:46:01.730`) -* [CVE-2023-28847](CVE-2023/CVE-2023-288xx/CVE-2023-28847.json) (`2023-05-04T19:19:34.863`) -* [CVE-2023-28882](CVE-2023/CVE-2023-288xx/CVE-2023-28882.json) (`2023-05-04T18:53:59.980`) -* [CVE-2023-29200](CVE-2023/CVE-2023-292xx/CVE-2023-29200.json) (`2023-05-04T19:35:45.310`) -* [CVE-2023-29257](CVE-2023/CVE-2023-292xx/CVE-2023-29257.json) (`2023-05-04T19:39:08.163`) -* [CVE-2023-29552](CVE-2023/CVE-2023-295xx/CVE-2023-29552.json) (`2023-05-04T19:07:23.597`) -* [CVE-2023-29827](CVE-2023/CVE-2023-298xx/CVE-2023-29827.json) (`2023-05-04T18:45:32.047`) -* [CVE-2023-29994](CVE-2023/CVE-2023-299xx/CVE-2023-29994.json) (`2023-05-04T18:45:32.047`) -* [CVE-2023-29995](CVE-2023/CVE-2023-299xx/CVE-2023-29995.json) (`2023-05-04T18:45:32.047`) -* [CVE-2023-29996](CVE-2023/CVE-2023-299xx/CVE-2023-29996.json) (`2023-05-04T18:45:32.047`) -* [CVE-2023-30106](CVE-2023/CVE-2023-301xx/CVE-2023-30106.json) (`2023-05-04T19:28:56.020`) -* [CVE-2023-30111](CVE-2023/CVE-2023-301xx/CVE-2023-30111.json) (`2023-05-04T18:02:09.460`) -* [CVE-2023-30112](CVE-2023/CVE-2023-301xx/CVE-2023-30112.json) (`2023-05-04T19:52:11.437`) -* [CVE-2023-30177](CVE-2023/CVE-2023-301xx/CVE-2023-30177.json) (`2023-05-04T19:36:10.787`) -* [CVE-2023-30184](CVE-2023/CVE-2023-301xx/CVE-2023-30184.json) (`2023-05-04T18:45:32.047`) -* [CVE-2023-30203](CVE-2023/CVE-2023-302xx/CVE-2023-30203.json) (`2023-05-04T18:45:32.047`) -* [CVE-2023-30265](CVE-2023/CVE-2023-302xx/CVE-2023-30265.json) (`2023-05-04T19:15:15.477`) -* [CVE-2023-30266](CVE-2023/CVE-2023-302xx/CVE-2023-30266.json) (`2023-05-04T19:14:22.830`) -* [CVE-2023-30267](CVE-2023/CVE-2023-302xx/CVE-2023-30267.json) (`2023-05-04T18:43:05.367`) -* [CVE-2023-30269](CVE-2023/CVE-2023-302xx/CVE-2023-30269.json) (`2023-05-04T19:08:50.027`) -* [CVE-2023-30402](CVE-2023/CVE-2023-304xx/CVE-2023-30402.json) (`2023-05-04T19:13:06.880`) -* [CVE-2023-30545](CVE-2023/CVE-2023-305xx/CVE-2023-30545.json) (`2023-05-04T19:38:07.270`) -* [CVE-2023-30619](CVE-2023/CVE-2023-306xx/CVE-2023-30619.json) (`2023-05-04T18:45:32.047`) -* [CVE-2023-30629](CVE-2023/CVE-2023-306xx/CVE-2023-30629.json) (`2023-05-04T18:22:10.567`) -* [CVE-2023-31223](CVE-2023/CVE-2023-312xx/CVE-2023-31223.json) (`2023-05-04T19:47:24.003`) +* [CVE-2022-47648](CVE-2022/CVE-2022-476xx/CVE-2022-47648.json) (`2023-05-04T21:15:09.457`) +* [CVE-2023-0698](CVE-2023/CVE-2023-06xx/CVE-2023-0698.json) (`2023-05-04T20:15:09.503`) +* [CVE-2023-20869](CVE-2023/CVE-2023-208xx/CVE-2023-20869.json) (`2023-05-04T20:19:48.860`) +* [CVE-2023-20871](CVE-2023/CVE-2023-208xx/CVE-2023-20871.json) (`2023-05-04T21:24:33.350`) +* [CVE-2023-20872](CVE-2023/CVE-2023-208xx/CVE-2023-20872.json) (`2023-05-04T21:24:15.877`) +* [CVE-2023-22729](CVE-2023/CVE-2023-227xx/CVE-2023-22729.json) (`2023-05-04T20:13:00.437`) +* [CVE-2023-2293](CVE-2023/CVE-2023-22xx/CVE-2023-2293.json) (`2023-05-04T20:08:07.957`) +* [CVE-2023-2336](CVE-2023/CVE-2023-23xx/CVE-2023-2336.json) (`2023-05-04T20:03:07.463`) +* [CVE-2023-2338](CVE-2023/CVE-2023-23xx/CVE-2023-2338.json) (`2023-05-04T20:02:34.583`) +* [CVE-2023-2339](CVE-2023/CVE-2023-23xx/CVE-2023-2339.json) (`2023-05-04T20:07:25.237`) +* [CVE-2023-2340](CVE-2023/CVE-2023-23xx/CVE-2023-2340.json) (`2023-05-04T20:07:12.930`) +* [CVE-2023-2341](CVE-2023/CVE-2023-23xx/CVE-2023-2341.json) (`2023-05-04T20:08:13.433`) +* [CVE-2023-2342](CVE-2023/CVE-2023-23xx/CVE-2023-2342.json) (`2023-05-04T20:07:48.483`) +* [CVE-2023-2343](CVE-2023/CVE-2023-23xx/CVE-2023-2343.json) (`2023-05-04T20:08:35.407`) +* [CVE-2023-2344](CVE-2023/CVE-2023-23xx/CVE-2023-2344.json) (`2023-05-04T20:00:56.577`) +* [CVE-2023-23839](CVE-2023/CVE-2023-238xx/CVE-2023-23839.json) (`2023-05-04T21:19:44.067`) +* [CVE-2023-24966](CVE-2023/CVE-2023-249xx/CVE-2023-24966.json) (`2023-05-04T20:04:20.473`) +* [CVE-2023-25652](CVE-2023/CVE-2023-256xx/CVE-2023-25652.json) (`2023-05-04T21:26:02.407`) +* [CVE-2023-25815](CVE-2023/CVE-2023-258xx/CVE-2023-25815.json) (`2023-05-04T21:25:27.333`) +* [CVE-2023-27860](CVE-2023/CVE-2023-278xx/CVE-2023-27860.json) (`2023-05-04T20:44:00.350`) +* [CVE-2023-28084](CVE-2023/CVE-2023-280xx/CVE-2023-28084.json) (`2023-05-04T21:24:46.610`) +* [CVE-2023-28384](CVE-2023/CVE-2023-283xx/CVE-2023-28384.json) (`2023-05-04T20:59:02.907`) +* [CVE-2023-28400](CVE-2023/CVE-2023-284xx/CVE-2023-28400.json) (`2023-05-04T20:58:34.487`) +* [CVE-2023-28471](CVE-2023/CVE-2023-284xx/CVE-2023-28471.json) (`2023-05-04T20:59:56.717`) +* [CVE-2023-28716](CVE-2023/CVE-2023-287xx/CVE-2023-28716.json) (`2023-05-04T20:56:00.797`) +* [CVE-2023-29007](CVE-2023/CVE-2023-290xx/CVE-2023-29007.json) (`2023-05-04T21:19:21.177`) +* [CVE-2023-29011](CVE-2023/CVE-2023-290xx/CVE-2023-29011.json) (`2023-05-04T21:18:43.457`) +* [CVE-2023-29012](CVE-2023/CVE-2023-290xx/CVE-2023-29012.json) (`2023-05-04T21:18:15.470`) +* [CVE-2023-29150](CVE-2023/CVE-2023-291xx/CVE-2023-29150.json) (`2023-05-04T20:53:54.113`) +* [CVE-2023-29169](CVE-2023/CVE-2023-291xx/CVE-2023-29169.json) (`2023-05-04T20:40:25.643`) +* [CVE-2023-29255](CVE-2023/CVE-2023-292xx/CVE-2023-29255.json) (`2023-05-04T20:06:43.167`) +* [CVE-2023-30265](CVE-2023/CVE-2023-302xx/CVE-2023-30265.json) (`2023-05-04T20:15:10.427`) +* [CVE-2023-30266](CVE-2023/CVE-2023-302xx/CVE-2023-30266.json) (`2023-05-04T20:15:10.493`) +* [CVE-2023-30269](CVE-2023/CVE-2023-302xx/CVE-2023-30269.json) (`2023-05-04T20:15:10.617`) +* [CVE-2023-30444](CVE-2023/CVE-2023-304xx/CVE-2023-30444.json) (`2023-05-04T20:05:05.557`) ## Download and Usage