Advisory Database Sync

advisories/unreviewed/2022/05/GHSA-7x52-93m7-pr95/GHSA-7x52-93m7-pr95.json

@@ -45,7 +45,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-426"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2022/05/GHSA-9hm7-qmgf-q88w/GHSA-9hm7-qmgf-q88w.json

@@ -113,7 +113,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-190"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2022/05/GHSA-q4r9-w6v3-92hp/GHSA-q4r9-w6v3-92hp.json

@@ -61,7 +61,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-22"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2022/05/GHSA-r8j5-mmxc-rxw9/GHSA-r8j5-mmxc-rxw9.json

@@ -33,7 +33,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-426"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2022/10/GHSA-2p9x-6v53-f7f4/GHSA-2p9x-6v53-f7f4.json

@@ -21,6 +21,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36965"
     },
+    {
+      "type": "WEB",
+      "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm#:~:text=Release%20date%3A%20May%2024%2C%202022%20These%20release%20notes%2Cissues.%20New%20features%20and%20improvements%20in%20SolarWinds%20Platform"
+    },
     {
       "type": "WEB",
       "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm#:~:text=Release%20date%3A%20May%2024%2C%202022%20These%20release%20notes,issues.%20New%20features%20and%20improvements%20in%20SolarWinds%20Platform"

advisories/unreviewed/2022/10/GHSA-9hmg-8h4x-rcj2/GHSA-9hmg-8h4x-rcj2.json

@@ -28,7 +28,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-326"
+      "CWE-326",
+      "CWE-89"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2023/07/GHSA-22r3-hxrp-33gc/GHSA-22r3-hxrp-33gc.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-22r3-hxrp-33gc",
-  "modified": "2023-07-29T00:30:48Z",
+  "modified": "2023-08-03T18:30:32Z",
   "published": "2023-07-29T00:30:48Z",
   "aliases": [
     "CVE-2022-4926"
   ],
   "details": "Insufficient policy enforcement in Intents in Google Chrome on Android prior to 109.0.5414.119 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"
+    }
   ],
   "affected": [
 

advisories/unreviewed/2023/07/GHSA-2qmh-92qv-gm58/GHSA-2qmh-92qv-gm58.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2qmh-92qv-gm58",
-  "modified": "2023-07-28T06:30:39Z",
+  "modified": "2023-08-03T18:30:29Z",
   "published": "2023-07-28T06:30:39Z",
   "aliases": [
     "CVE-2023-36495"
   ],
   "details": "An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -69,7 +72,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-190"
     ],
     "severity": null,
     "github_reviewed": false,

advisories/unreviewed/2023/07/GHSA-2r6w-gvxp-cp37/GHSA-2r6w-gvxp-cp37.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2r6w-gvxp-cp37",
-  "modified": "2023-07-29T00:30:48Z",
+  "modified": "2023-08-03T18:30:32Z",
   "published": "2023-07-29T00:30:48Z",
   "aliases": [
     "CVE-2023-2314"
   ],
   "details": "Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"
+    }
   ],
   "affected": [
 
@@ -29,7 +32,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-345"
     ],
     "severity": null,
     "github_reviewed": false,

advisories/unreviewed/2023/07/GHSA-38rm-v4v3-vhx2/GHSA-38rm-v4v3-vhx2.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-38rm-v4v3-vhx2",
-  "modified": "2023-07-27T03:30:28Z",
+  "modified": "2023-08-03T18:30:29Z",
   "published": "2023-07-27T03:30:28Z",
   "aliases": [
     "CVE-2023-38259"
   ],
   "details": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8, macOS Big Sur 11.7.9. Processing a file may lead to a denial-of-service or potentially disclose memory contents.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
+    }
   ],
   "affected": [
 

advisories/unreviewed/2023/07/GHSA-3f3w-7mj3-hjf9/GHSA-3f3w-7mj3-hjf9.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3f3w-7mj3-hjf9",
-  "modified": "2023-07-29T00:30:48Z",
+  "modified": "2023-08-03T18:30:32Z",
   "published": "2023-07-29T00:30:48Z",
   "aliases": [
     "CVE-2022-4918"
   ],
   "details": "Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -29,7 +32,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-416"
     ],
     "severity": null,
     "github_reviewed": false,

advisories/unreviewed/2023/07/GHSA-3q6h-2x33-95wm/GHSA-3q6h-2x33-95wm.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3q6h-2x33-95wm",
-  "modified": "2023-07-28T06:30:39Z",
+  "modified": "2023-08-03T18:30:29Z",
   "published": "2023-07-28T06:30:39Z",
   "aliases": [
     "CVE-2023-32445"
   ],
   "details": "This issue was addressed with improved checks. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. Processing a document may lead to a cross site scripting attack.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    }
   ],
   "affected": [
 
@@ -45,7 +48,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-79"
     ],
     "severity": null,
     "github_reviewed": false,

advisories/unreviewed/2023/07/GHSA-525v-q85g-v6p4/GHSA-525v-q85g-v6p4.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-525v-q85g-v6p4",
-  "modified": "2023-07-28T06:30:39Z",
+  "modified": "2023-08-03T18:30:29Z",
   "published": "2023-07-28T06:30:39Z",
   "aliases": [
     "CVE-2023-34425"
   ],
   "details": "The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 

advisories/unreviewed/2023/07/GHSA-59r2-w2xq-gp88/GHSA-59r2-w2xq-gp88.json

@@ -32,7 +32,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-284"
+      "CWE-284",
+      "CWE-287"
     ],
     "severity": null,
     "github_reviewed": false,

advisories/unreviewed/2023/07/GHSA-5ccx-gp5g-mqgh/GHSA-5ccx-gp5g-mqgh.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5ccx-gp5g-mqgh",
-  "modified": "2023-07-29T00:30:47Z",
+  "modified": "2023-08-03T18:30:31Z",
   "published": "2023-07-29T00:30:47Z",
   "aliases": [
     "CVE-2022-4913"
   ],
   "details": "Inappropriate implementation in Extensions in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to spoof extension storage via a crafted HTML page. (Chromium security severity: High)",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"
+    }
   ],
   "affected": [
 

advisories/unreviewed/2023/07/GHSA-65j3-wcf2-3433/GHSA-65j3-wcf2-3433.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-65j3-wcf2-3433",
-  "modified": "2023-07-28T06:30:39Z",
+  "modified": "2023-08-03T18:30:29Z",
   "published": "2023-07-28T06:30:39Z",
   "aliases": [
     "CVE-2023-38590"
   ],
   "details": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -77,7 +80,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-120"
     ],
     "severity": null,
     "github_reviewed": false,

advisories/unreviewed/2023/07/GHSA-67q3-2pr7-fh4j/GHSA-67q3-2pr7-fh4j.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-67q3-2pr7-fh4j",
-  "modified": "2023-07-29T00:30:48Z",
+  "modified": "2023-08-03T18:30:32Z",
   "published": "2023-07-29T00:30:48Z",
   "aliases": [
     "CVE-2022-4919"
   ],
   "details": "Use after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -29,7 +32,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-416"
     ],
     "severity": null,
     "github_reviewed": false,

advisories/unreviewed/2023/07/GHSA-6jxx-g5pf-9mhg/GHSA-6jxx-g5pf-9mhg.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6jxx-g5pf-9mhg",
-  "modified": "2023-07-27T03:30:28Z",
+  "modified": "2023-08-03T18:30:29Z",
   "published": "2023-07-27T03:30:28Z",
   "aliases": [
     "CVE-2023-38136"
   ],
   "details": "The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6. Processing web content may disclose sensitive information.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 

advisories/unreviewed/2023/07/GHSA-6w9m-7xm8-jc6c/GHSA-6w9m-7xm8-jc6c.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6w9m-7xm8-jc6c",
-  "modified": "2023-07-29T00:30:47Z",
+  "modified": "2023-08-03T18:30:31Z",
   "published": "2023-07-29T00:30:47Z",
   "aliases": [
     "CVE-2022-4912"
   ],
   "details": "Type Confusion in MathML in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -29,7 +32,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-843"
     ],
     "severity": null,
     "github_reviewed": false,

advisories/unreviewed/2023/07/GHSA-6wvj-w838-qhq9/GHSA-6wvj-w838-qhq9.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6wvj-w838-qhq9",
-  "modified": "2023-07-29T00:30:48Z",
+  "modified": "2023-08-03T18:30:32Z",
   "published": "2023-07-29T00:30:48Z",
   "aliases": [
     "CVE-2022-4915"
   ],
   "details": "Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"
+    }
   ],
   "affected": [