From b94f87f9aed74ba6c483c8bab68d42c0c8baa281 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Thu, 3 Aug 2023 18:31:40 +0000 Subject: [PATCH] Advisory Database Sync --- .../GHSA-7x52-93m7-pr95.json | 2 +- .../GHSA-9hm7-qmgf-q88w.json | 2 +- .../GHSA-q4r9-w6v3-92hp.json | 2 +- .../GHSA-r8j5-mmxc-rxw9.json | 2 +- .../GHSA-2p9x-6v53-f7f4.json | 4 ++ .../GHSA-9hmg-8h4x-rcj2.json | 3 +- .../GHSA-22r3-hxrp-33gc.json | 7 +++- .../GHSA-2qmh-92qv-gm58.json | 9 ++-- .../GHSA-2r6w-gvxp-cp37.json | 9 ++-- .../GHSA-38rm-v4v3-vhx2.json | 7 +++- .../GHSA-3f3w-7mj3-hjf9.json | 9 ++-- .../GHSA-3q6h-2x33-95wm.json | 9 ++-- .../GHSA-525v-q85g-v6p4.json | 7 +++- .../GHSA-59r2-w2xq-gp88.json | 3 +- .../GHSA-5ccx-gp5g-mqgh.json | 7 +++- .../GHSA-65j3-wcf2-3433.json | 9 ++-- .../GHSA-67q3-2pr7-fh4j.json | 9 ++-- .../GHSA-6jxx-g5pf-9mhg.json | 7 +++- .../GHSA-6w9m-7xm8-jc6c.json | 9 ++-- .../GHSA-6wvj-w838-qhq9.json | 7 +++- .../GHSA-93mj-7pq8-ph3c.json | 9 ++-- .../GHSA-959x-mqwc-q2fp.json | 7 +++- .../GHSA-9c59-hw33-w5gf.json | 7 +++- .../GHSA-9jc9-7p44-pm6c.json | 9 ++-- .../GHSA-9qvh-8mch-5ph3.json | 9 ++-- .../GHSA-9wgf-h5v2-x9x7.json | 9 ++-- .../GHSA-c6f7-f5rw-4jq8.json | 7 +++- .../GHSA-c9g8-3cc3-422m.json | 7 +++- .../GHSA-chhg-fvc6-qv3x.json | 9 ++-- .../GHSA-cjjr-h37f-5xw7.json | 3 +- .../GHSA-cqmf-248p-x3mh.json | 9 ++-- .../GHSA-cr9r-85xx-9x6f.json | 7 +++- .../GHSA-h7v3-h3m7-xv23.json | 7 +++- .../GHSA-jc37-wf52-x7m4.json | 9 ++-- .../GHSA-m5f4-wpc8-674q.json | 9 ++-- .../GHSA-mc6p-cr25-crfc.json | 9 ++-- .../GHSA-mg4h-hrr4-6xm8.json | 7 +++- .../GHSA-mgc4-cc92-x8pw.json | 7 +++- .../GHSA-mq7w-mj9p-33fc.json | 7 +++- .../GHSA-mqjx-pwr7-f46c.json | 9 ++-- .../GHSA-pph7-f2fw-25v3.json | 7 +++- .../GHSA-q3x8-58xf-j8xj.json | 7 +++- .../GHSA-q92j-8jhc-9pm7.json | 9 ++-- .../GHSA-qp52-c658-5vrc.json | 7 +++- .../GHSA-r7mr-872q-fr2m.json | 7 +++- .../GHSA-r87r-qf4p-wg4x.json | 9 ++-- .../GHSA-rg97-m354-39g3.json | 7 +++- .../GHSA-rr22-prvr-c5gh.json | 7 +++- .../GHSA-rvvf-xmvw-3ggp.json | 9 ++-- .../GHSA-v9j5-hh43-rw3p.json | 9 ++-- .../GHSA-vg57-hwh2-c85p.json | 9 ++-- .../GHSA-vvx4-72qg-p3h5.json | 9 ++-- .../GHSA-w5w9-4cmf-97jp.json | 7 +++- .../GHSA-xc42-985m-4jpv.json | 7 +++- .../GHSA-2644-f36h-q8x8.json | 39 +++++++++++++++++ .../GHSA-37fx-2m8v-2x4j.json | 38 +++++++++++++++++ .../GHSA-3xwr-xcmc-7vq6.json | 39 +++++++++++++++++ .../GHSA-4cgx-34q8-6h3x.json | 8 ++++ .../GHSA-4gqm-qq9r-mrp5.json | 4 ++ .../GHSA-564w-j7mv-2v7q.json | 39 +++++++++++++++++ .../GHSA-6384-2m2x-45v7.json | 4 ++ .../GHSA-7rvx-6854-8rw7.json | 39 +++++++++++++++++ .../GHSA-82gq-6m2f-8392.json | 4 ++ .../GHSA-856f-5pr4-jx6q.json | 39 +++++++++++++++++ .../GHSA-88gh-7pcg-pc2x.json | 4 ++ .../GHSA-897q-36v3-jwhm.json | 42 +++++++++++++++++++ .../GHSA-8cjr-8gr7-ccg3.json | 38 +++++++++++++++++ .../GHSA-8ggh-rx5r-h3jx.json | 39 +++++++++++++++++ .../GHSA-945m-rw7v-2h8v.json | 35 ++++++++++++++++ .../GHSA-9566-3gww-45ch.json | 35 ++++++++++++++++ .../GHSA-9ppx-xr68-cm59.json | 4 ++ .../GHSA-9rfr-rprq-pv78.json | 4 ++ .../GHSA-9wg5-4w44-rm5v.json | 39 +++++++++++++++++ .../GHSA-c2rq-xcq6-frfg.json | 4 ++ .../GHSA-ccm5-74vf-c7hj.json | 4 ++ .../GHSA-cjc3-8pfw-2m59.json | 4 ++ .../GHSA-fm74-cpjj-78g2.json | 35 ++++++++++++++++ .../GHSA-h33q-26v7-q343.json | 4 ++ .../GHSA-h3gc-qm52-jx4g.json | 39 +++++++++++++++++ .../GHSA-hpjf-rjwg-v743.json | 4 ++ .../GHSA-jfm4-3vv3-fm4v.json | 38 +++++++++++++++++ .../GHSA-jwm5-g9ww-6h8j.json | 35 ++++++++++++++++ .../GHSA-m4v4-wv9r-pmwf.json | 4 ++ .../GHSA-m5mq-q5j2-f82m.json | 4 ++ .../GHSA-mrh9-m2j7-5cqv.json | 35 ++++++++++++++++ .../GHSA-p36c-2mv6-8m8q.json | 42 +++++++++++++++++++ .../GHSA-p39h-6928-4fq5.json | 35 ++++++++++++++++ .../GHSA-q62x-pq6x-fhvw.json | 39 +++++++++++++++++ .../GHSA-r758-p8pr-8jvg.json | 35 ++++++++++++++++ .../GHSA-rq8q-w9hr-c2fr.json | 8 ++++ .../GHSA-rwp5-x9r4-2qm2.json | 39 +++++++++++++++++ .../GHSA-vvf9-x2f5-h29c.json | 4 ++ .../GHSA-w3j7-w57f-mrwq.json | 42 +++++++++++++++++++ .../GHSA-w8fx-ccjx-3crw.json | 4 ++ .../GHSA-wc5r-96vx-4jj6.json | 39 +++++++++++++++++ .../GHSA-wwrg-2w5j-grvx.json | 42 +++++++++++++++++++ .../GHSA-xq7r-2vx2-8jgj.json | 4 ++ 97 files changed, 1303 insertions(+), 122 deletions(-) create mode 100644 advisories/unreviewed/2023/08/GHSA-2644-f36h-q8x8/GHSA-2644-f36h-q8x8.json create mode 100644 advisories/unreviewed/2023/08/GHSA-37fx-2m8v-2x4j/GHSA-37fx-2m8v-2x4j.json create mode 100644 advisories/unreviewed/2023/08/GHSA-3xwr-xcmc-7vq6/GHSA-3xwr-xcmc-7vq6.json create mode 100644 advisories/unreviewed/2023/08/GHSA-564w-j7mv-2v7q/GHSA-564w-j7mv-2v7q.json create mode 100644 advisories/unreviewed/2023/08/GHSA-7rvx-6854-8rw7/GHSA-7rvx-6854-8rw7.json create mode 100644 advisories/unreviewed/2023/08/GHSA-856f-5pr4-jx6q/GHSA-856f-5pr4-jx6q.json create mode 100644 advisories/unreviewed/2023/08/GHSA-897q-36v3-jwhm/GHSA-897q-36v3-jwhm.json create mode 100644 advisories/unreviewed/2023/08/GHSA-8cjr-8gr7-ccg3/GHSA-8cjr-8gr7-ccg3.json create mode 100644 advisories/unreviewed/2023/08/GHSA-8ggh-rx5r-h3jx/GHSA-8ggh-rx5r-h3jx.json create mode 100644 advisories/unreviewed/2023/08/GHSA-945m-rw7v-2h8v/GHSA-945m-rw7v-2h8v.json create mode 100644 advisories/unreviewed/2023/08/GHSA-9566-3gww-45ch/GHSA-9566-3gww-45ch.json create mode 100644 advisories/unreviewed/2023/08/GHSA-9wg5-4w44-rm5v/GHSA-9wg5-4w44-rm5v.json create mode 100644 advisories/unreviewed/2023/08/GHSA-fm74-cpjj-78g2/GHSA-fm74-cpjj-78g2.json create mode 100644 advisories/unreviewed/2023/08/GHSA-h3gc-qm52-jx4g/GHSA-h3gc-qm52-jx4g.json create mode 100644 advisories/unreviewed/2023/08/GHSA-jfm4-3vv3-fm4v/GHSA-jfm4-3vv3-fm4v.json create mode 100644 advisories/unreviewed/2023/08/GHSA-jwm5-g9ww-6h8j/GHSA-jwm5-g9ww-6h8j.json create mode 100644 advisories/unreviewed/2023/08/GHSA-mrh9-m2j7-5cqv/GHSA-mrh9-m2j7-5cqv.json create mode 100644 advisories/unreviewed/2023/08/GHSA-p36c-2mv6-8m8q/GHSA-p36c-2mv6-8m8q.json create mode 100644 advisories/unreviewed/2023/08/GHSA-p39h-6928-4fq5/GHSA-p39h-6928-4fq5.json create mode 100644 advisories/unreviewed/2023/08/GHSA-q62x-pq6x-fhvw/GHSA-q62x-pq6x-fhvw.json create mode 100644 advisories/unreviewed/2023/08/GHSA-r758-p8pr-8jvg/GHSA-r758-p8pr-8jvg.json create mode 100644 advisories/unreviewed/2023/08/GHSA-rwp5-x9r4-2qm2/GHSA-rwp5-x9r4-2qm2.json create mode 100644 advisories/unreviewed/2023/08/GHSA-w3j7-w57f-mrwq/GHSA-w3j7-w57f-mrwq.json create mode 100644 advisories/unreviewed/2023/08/GHSA-wc5r-96vx-4jj6/GHSA-wc5r-96vx-4jj6.json create mode 100644 advisories/unreviewed/2023/08/GHSA-wwrg-2w5j-grvx/GHSA-wwrg-2w5j-grvx.json diff --git a/advisories/unreviewed/2022/05/GHSA-7x52-93m7-pr95/GHSA-7x52-93m7-pr95.json b/advisories/unreviewed/2022/05/GHSA-7x52-93m7-pr95/GHSA-7x52-93m7-pr95.json index e8f74a4f8a0c8..6cf59dcfcd7f6 100644 --- a/advisories/unreviewed/2022/05/GHSA-7x52-93m7-pr95/GHSA-7x52-93m7-pr95.json +++ b/advisories/unreviewed/2022/05/GHSA-7x52-93m7-pr95/GHSA-7x52-93m7-pr95.json @@ -45,7 +45,7 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-426" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2022/05/GHSA-9hm7-qmgf-q88w/GHSA-9hm7-qmgf-q88w.json b/advisories/unreviewed/2022/05/GHSA-9hm7-qmgf-q88w/GHSA-9hm7-qmgf-q88w.json index 52babf502f082..c3fdd442a8482 100644 --- a/advisories/unreviewed/2022/05/GHSA-9hm7-qmgf-q88w/GHSA-9hm7-qmgf-q88w.json +++ b/advisories/unreviewed/2022/05/GHSA-9hm7-qmgf-q88w/GHSA-9hm7-qmgf-q88w.json @@ -113,7 +113,7 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-190" ], "severity": "HIGH", "github_reviewed": false, diff --git a/advisories/unreviewed/2022/05/GHSA-q4r9-w6v3-92hp/GHSA-q4r9-w6v3-92hp.json b/advisories/unreviewed/2022/05/GHSA-q4r9-w6v3-92hp/GHSA-q4r9-w6v3-92hp.json index 63c17470df2e1..039654927effa 100644 --- a/advisories/unreviewed/2022/05/GHSA-q4r9-w6v3-92hp/GHSA-q4r9-w6v3-92hp.json +++ b/advisories/unreviewed/2022/05/GHSA-q4r9-w6v3-92hp/GHSA-q4r9-w6v3-92hp.json @@ -61,7 +61,7 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-22" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2022/05/GHSA-r8j5-mmxc-rxw9/GHSA-r8j5-mmxc-rxw9.json b/advisories/unreviewed/2022/05/GHSA-r8j5-mmxc-rxw9/GHSA-r8j5-mmxc-rxw9.json index dbdaf26be87f6..55e0d29f9ca1b 100644 --- a/advisories/unreviewed/2022/05/GHSA-r8j5-mmxc-rxw9/GHSA-r8j5-mmxc-rxw9.json +++ b/advisories/unreviewed/2022/05/GHSA-r8j5-mmxc-rxw9/GHSA-r8j5-mmxc-rxw9.json @@ -33,7 +33,7 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-426" ], "severity": "HIGH", "github_reviewed": false, diff --git a/advisories/unreviewed/2022/10/GHSA-2p9x-6v53-f7f4/GHSA-2p9x-6v53-f7f4.json b/advisories/unreviewed/2022/10/GHSA-2p9x-6v53-f7f4/GHSA-2p9x-6v53-f7f4.json index 5873e4e91372e..909aca22c3696 100644 --- a/advisories/unreviewed/2022/10/GHSA-2p9x-6v53-f7f4/GHSA-2p9x-6v53-f7f4.json +++ b/advisories/unreviewed/2022/10/GHSA-2p9x-6v53-f7f4/GHSA-2p9x-6v53-f7f4.json @@ -21,6 +21,10 @@ "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36965" }, + { + "type": "WEB", + "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm#:~:text=Release%20date%3A%20May%2024%2C%202022%20These%20release%20notes%2Cissues.%20New%20features%20and%20improvements%20in%20SolarWinds%20Platform" + }, { "type": "WEB", "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm#:~:text=Release%20date%3A%20May%2024%2C%202022%20These%20release%20notes,issues.%20New%20features%20and%20improvements%20in%20SolarWinds%20Platform" diff --git a/advisories/unreviewed/2022/10/GHSA-9hmg-8h4x-rcj2/GHSA-9hmg-8h4x-rcj2.json b/advisories/unreviewed/2022/10/GHSA-9hmg-8h4x-rcj2/GHSA-9hmg-8h4x-rcj2.json index 200d7fdf499f9..85ecac67f00df 100644 --- a/advisories/unreviewed/2022/10/GHSA-9hmg-8h4x-rcj2/GHSA-9hmg-8h4x-rcj2.json +++ b/advisories/unreviewed/2022/10/GHSA-9hmg-8h4x-rcj2/GHSA-9hmg-8h4x-rcj2.json @@ -28,7 +28,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-326" + "CWE-326", + "CWE-89" ], "severity": "MODERATE", "github_reviewed": false, diff --git a/advisories/unreviewed/2023/07/GHSA-22r3-hxrp-33gc/GHSA-22r3-hxrp-33gc.json b/advisories/unreviewed/2023/07/GHSA-22r3-hxrp-33gc/GHSA-22r3-hxrp-33gc.json index 9d14cf5e793f8..d84fef3f82ccb 100644 --- a/advisories/unreviewed/2023/07/GHSA-22r3-hxrp-33gc/GHSA-22r3-hxrp-33gc.json +++ b/advisories/unreviewed/2023/07/GHSA-22r3-hxrp-33gc/GHSA-22r3-hxrp-33gc.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-22r3-hxrp-33gc", - "modified": "2023-07-29T00:30:48Z", + "modified": "2023-08-03T18:30:32Z", "published": "2023-07-29T00:30:48Z", "aliases": [ "CVE-2022-4926" ], "details": "Insufficient policy enforcement in Intents in Google Chrome on Android prior to 109.0.5414.119 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" + } ], "affected": [ diff --git a/advisories/unreviewed/2023/07/GHSA-2qmh-92qv-gm58/GHSA-2qmh-92qv-gm58.json b/advisories/unreviewed/2023/07/GHSA-2qmh-92qv-gm58/GHSA-2qmh-92qv-gm58.json index c897319847e95..e131f45db8e06 100644 --- a/advisories/unreviewed/2023/07/GHSA-2qmh-92qv-gm58/GHSA-2qmh-92qv-gm58.json +++ b/advisories/unreviewed/2023/07/GHSA-2qmh-92qv-gm58/GHSA-2qmh-92qv-gm58.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-2qmh-92qv-gm58", - "modified": "2023-07-28T06:30:39Z", + "modified": "2023-08-03T18:30:29Z", "published": "2023-07-28T06:30:39Z", "aliases": [ "CVE-2023-36495" ], "details": "An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -69,7 +72,7 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-190" ], "severity": null, "github_reviewed": false, diff --git a/advisories/unreviewed/2023/07/GHSA-2r6w-gvxp-cp37/GHSA-2r6w-gvxp-cp37.json b/advisories/unreviewed/2023/07/GHSA-2r6w-gvxp-cp37/GHSA-2r6w-gvxp-cp37.json index af95b042df33c..3ecb086ca744f 100644 --- a/advisories/unreviewed/2023/07/GHSA-2r6w-gvxp-cp37/GHSA-2r6w-gvxp-cp37.json +++ b/advisories/unreviewed/2023/07/GHSA-2r6w-gvxp-cp37/GHSA-2r6w-gvxp-cp37.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-2r6w-gvxp-cp37", - "modified": "2023-07-29T00:30:48Z", + "modified": "2023-08-03T18:30:32Z", "published": "2023-07-29T00:30:48Z", "aliases": [ "CVE-2023-2314" ], "details": "Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" + } ], "affected": [ @@ -29,7 +32,7 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-345" ], "severity": null, "github_reviewed": false, diff --git a/advisories/unreviewed/2023/07/GHSA-38rm-v4v3-vhx2/GHSA-38rm-v4v3-vhx2.json b/advisories/unreviewed/2023/07/GHSA-38rm-v4v3-vhx2/GHSA-38rm-v4v3-vhx2.json index 28f7f943cdd69..d0c2a5d60615f 100644 --- a/advisories/unreviewed/2023/07/GHSA-38rm-v4v3-vhx2/GHSA-38rm-v4v3-vhx2.json +++ b/advisories/unreviewed/2023/07/GHSA-38rm-v4v3-vhx2/GHSA-38rm-v4v3-vhx2.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-38rm-v4v3-vhx2", - "modified": "2023-07-27T03:30:28Z", + "modified": "2023-08-03T18:30:29Z", "published": "2023-07-27T03:30:28Z", "aliases": [ "CVE-2023-38259" ], "details": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8, macOS Big Sur 11.7.9. Processing a file may lead to a denial-of-service or potentially disclose memory contents.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" + } ], "affected": [ diff --git a/advisories/unreviewed/2023/07/GHSA-3f3w-7mj3-hjf9/GHSA-3f3w-7mj3-hjf9.json b/advisories/unreviewed/2023/07/GHSA-3f3w-7mj3-hjf9/GHSA-3f3w-7mj3-hjf9.json index dab7d31e7dfb3..7f4938565104e 100644 --- a/advisories/unreviewed/2023/07/GHSA-3f3w-7mj3-hjf9/GHSA-3f3w-7mj3-hjf9.json +++ b/advisories/unreviewed/2023/07/GHSA-3f3w-7mj3-hjf9/GHSA-3f3w-7mj3-hjf9.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-3f3w-7mj3-hjf9", - "modified": "2023-07-29T00:30:48Z", + "modified": "2023-08-03T18:30:32Z", "published": "2023-07-29T00:30:48Z", "aliases": [ "CVE-2022-4918" ], "details": "Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -29,7 +32,7 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-416" ], "severity": null, "github_reviewed": false, diff --git a/advisories/unreviewed/2023/07/GHSA-3q6h-2x33-95wm/GHSA-3q6h-2x33-95wm.json b/advisories/unreviewed/2023/07/GHSA-3q6h-2x33-95wm/GHSA-3q6h-2x33-95wm.json index aebb9a78d52ea..df2d0ccea838e 100644 --- a/advisories/unreviewed/2023/07/GHSA-3q6h-2x33-95wm/GHSA-3q6h-2x33-95wm.json +++ b/advisories/unreviewed/2023/07/GHSA-3q6h-2x33-95wm/GHSA-3q6h-2x33-95wm.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-3q6h-2x33-95wm", - "modified": "2023-07-28T06:30:39Z", + "modified": "2023-08-03T18:30:29Z", "published": "2023-07-28T06:30:39Z", "aliases": [ "CVE-2023-32445" ], "details": "This issue was addressed with improved checks. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. Processing a document may lead to a cross site scripting attack.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } ], "affected": [ @@ -45,7 +48,7 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-79" ], "severity": null, "github_reviewed": false, diff --git a/advisories/unreviewed/2023/07/GHSA-525v-q85g-v6p4/GHSA-525v-q85g-v6p4.json b/advisories/unreviewed/2023/07/GHSA-525v-q85g-v6p4/GHSA-525v-q85g-v6p4.json index 70d228f931be9..087b7685e5764 100644 --- a/advisories/unreviewed/2023/07/GHSA-525v-q85g-v6p4/GHSA-525v-q85g-v6p4.json +++ b/advisories/unreviewed/2023/07/GHSA-525v-q85g-v6p4/GHSA-525v-q85g-v6p4.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-525v-q85g-v6p4", - "modified": "2023-07-28T06:30:39Z", + "modified": "2023-08-03T18:30:29Z", "published": "2023-07-28T06:30:39Z", "aliases": [ "CVE-2023-34425" ], "details": "The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ diff --git a/advisories/unreviewed/2023/07/GHSA-59r2-w2xq-gp88/GHSA-59r2-w2xq-gp88.json b/advisories/unreviewed/2023/07/GHSA-59r2-w2xq-gp88/GHSA-59r2-w2xq-gp88.json index cb272d5e067b7..831eb6d95970d 100644 --- a/advisories/unreviewed/2023/07/GHSA-59r2-w2xq-gp88/GHSA-59r2-w2xq-gp88.json +++ b/advisories/unreviewed/2023/07/GHSA-59r2-w2xq-gp88/GHSA-59r2-w2xq-gp88.json @@ -32,7 +32,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-284" + "CWE-284", + "CWE-287" ], "severity": null, "github_reviewed": false, diff --git a/advisories/unreviewed/2023/07/GHSA-5ccx-gp5g-mqgh/GHSA-5ccx-gp5g-mqgh.json b/advisories/unreviewed/2023/07/GHSA-5ccx-gp5g-mqgh/GHSA-5ccx-gp5g-mqgh.json index 0cb2046f8ee3e..8f804e41041e7 100644 --- a/advisories/unreviewed/2023/07/GHSA-5ccx-gp5g-mqgh/GHSA-5ccx-gp5g-mqgh.json +++ b/advisories/unreviewed/2023/07/GHSA-5ccx-gp5g-mqgh/GHSA-5ccx-gp5g-mqgh.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-5ccx-gp5g-mqgh", - "modified": "2023-07-29T00:30:47Z", + "modified": "2023-08-03T18:30:31Z", "published": "2023-07-29T00:30:47Z", "aliases": [ "CVE-2022-4913" ], "details": "Inappropriate implementation in Extensions in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to spoof extension storage via a crafted HTML page. (Chromium security severity: High)", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" + } ], "affected": [ diff --git a/advisories/unreviewed/2023/07/GHSA-65j3-wcf2-3433/GHSA-65j3-wcf2-3433.json b/advisories/unreviewed/2023/07/GHSA-65j3-wcf2-3433/GHSA-65j3-wcf2-3433.json index ea5b5e4785132..6c35e772671bd 100644 --- a/advisories/unreviewed/2023/07/GHSA-65j3-wcf2-3433/GHSA-65j3-wcf2-3433.json +++ b/advisories/unreviewed/2023/07/GHSA-65j3-wcf2-3433/GHSA-65j3-wcf2-3433.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-65j3-wcf2-3433", - "modified": "2023-07-28T06:30:39Z", + "modified": "2023-08-03T18:30:29Z", "published": "2023-07-28T06:30:39Z", "aliases": [ "CVE-2023-38590" ], "details": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -77,7 +80,7 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-120" ], "severity": null, "github_reviewed": false, diff --git a/advisories/unreviewed/2023/07/GHSA-67q3-2pr7-fh4j/GHSA-67q3-2pr7-fh4j.json b/advisories/unreviewed/2023/07/GHSA-67q3-2pr7-fh4j/GHSA-67q3-2pr7-fh4j.json index 04b1f70718d30..4eb3d830fd7c2 100644 --- a/advisories/unreviewed/2023/07/GHSA-67q3-2pr7-fh4j/GHSA-67q3-2pr7-fh4j.json +++ b/advisories/unreviewed/2023/07/GHSA-67q3-2pr7-fh4j/GHSA-67q3-2pr7-fh4j.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-67q3-2pr7-fh4j", - "modified": "2023-07-29T00:30:48Z", + "modified": "2023-08-03T18:30:32Z", "published": "2023-07-29T00:30:48Z", "aliases": [ "CVE-2022-4919" ], "details": "Use after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -29,7 +32,7 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-416" ], "severity": null, "github_reviewed": false, diff --git a/advisories/unreviewed/2023/07/GHSA-6jxx-g5pf-9mhg/GHSA-6jxx-g5pf-9mhg.json b/advisories/unreviewed/2023/07/GHSA-6jxx-g5pf-9mhg/GHSA-6jxx-g5pf-9mhg.json index c82a8735ad615..0496f91894488 100644 --- a/advisories/unreviewed/2023/07/GHSA-6jxx-g5pf-9mhg/GHSA-6jxx-g5pf-9mhg.json +++ b/advisories/unreviewed/2023/07/GHSA-6jxx-g5pf-9mhg/GHSA-6jxx-g5pf-9mhg.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-6jxx-g5pf-9mhg", - "modified": "2023-07-27T03:30:28Z", + "modified": "2023-08-03T18:30:29Z", "published": "2023-07-27T03:30:28Z", "aliases": [ "CVE-2023-38136" ], "details": "The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6. Processing web content may disclose sensitive information.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } ], "affected": [ diff --git a/advisories/unreviewed/2023/07/GHSA-6w9m-7xm8-jc6c/GHSA-6w9m-7xm8-jc6c.json b/advisories/unreviewed/2023/07/GHSA-6w9m-7xm8-jc6c/GHSA-6w9m-7xm8-jc6c.json index 06bae179d60ab..cb8c01fa53fc4 100644 --- a/advisories/unreviewed/2023/07/GHSA-6w9m-7xm8-jc6c/GHSA-6w9m-7xm8-jc6c.json +++ b/advisories/unreviewed/2023/07/GHSA-6w9m-7xm8-jc6c/GHSA-6w9m-7xm8-jc6c.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-6w9m-7xm8-jc6c", - "modified": "2023-07-29T00:30:47Z", + "modified": "2023-08-03T18:30:31Z", "published": "2023-07-29T00:30:47Z", "aliases": [ "CVE-2022-4912" ], "details": "Type Confusion in MathML in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -29,7 +32,7 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-843" ], "severity": null, "github_reviewed": false, diff --git a/advisories/unreviewed/2023/07/GHSA-6wvj-w838-qhq9/GHSA-6wvj-w838-qhq9.json b/advisories/unreviewed/2023/07/GHSA-6wvj-w838-qhq9/GHSA-6wvj-w838-qhq9.json index 7a7b1a0cfb716..201672cd5fe91 100644 --- a/advisories/unreviewed/2023/07/GHSA-6wvj-w838-qhq9/GHSA-6wvj-w838-qhq9.json +++ b/advisories/unreviewed/2023/07/GHSA-6wvj-w838-qhq9/GHSA-6wvj-w838-qhq9.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-6wvj-w838-qhq9", - "modified": "2023-07-29T00:30:48Z", + "modified": "2023-08-03T18:30:32Z", "published": "2023-07-29T00:30:48Z", "aliases": [ "CVE-2022-4915" ], "details": "Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" + } ], "affected": [ diff --git a/advisories/unreviewed/2023/07/GHSA-93mj-7pq8-ph3c/GHSA-93mj-7pq8-ph3c.json b/advisories/unreviewed/2023/07/GHSA-93mj-7pq8-ph3c/GHSA-93mj-7pq8-ph3c.json index f21fa35f54ee2..a53b41e15d1b2 100644 --- a/advisories/unreviewed/2023/07/GHSA-93mj-7pq8-ph3c/GHSA-93mj-7pq8-ph3c.json +++ b/advisories/unreviewed/2023/07/GHSA-93mj-7pq8-ph3c/GHSA-93mj-7pq8-ph3c.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-93mj-7pq8-ph3c", - "modified": "2023-07-29T00:30:48Z", + "modified": "2023-08-03T18:30:32Z", "published": "2023-07-29T00:30:48Z", "aliases": [ "CVE-2022-4921" ], "details": "Use after free in Accessibility in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low)", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -29,7 +32,7 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-416" ], "severity": null, "github_reviewed": false, diff --git a/advisories/unreviewed/2023/07/GHSA-959x-mqwc-q2fp/GHSA-959x-mqwc-q2fp.json b/advisories/unreviewed/2023/07/GHSA-959x-mqwc-q2fp/GHSA-959x-mqwc-q2fp.json index 781f05143b331..47917b5fa7027 100644 --- a/advisories/unreviewed/2023/07/GHSA-959x-mqwc-q2fp/GHSA-959x-mqwc-q2fp.json +++ b/advisories/unreviewed/2023/07/GHSA-959x-mqwc-q2fp/GHSA-959x-mqwc-q2fp.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-959x-mqwc-q2fp", - "modified": "2023-07-28T06:30:39Z", + "modified": "2023-08-03T18:30:29Z", "published": "2023-07-28T06:30:39Z", "aliases": [ "CVE-2023-38592" ], "details": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead to arbitrary code execution.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } ], "affected": [ diff --git a/advisories/unreviewed/2023/07/GHSA-9c59-hw33-w5gf/GHSA-9c59-hw33-w5gf.json b/advisories/unreviewed/2023/07/GHSA-9c59-hw33-w5gf/GHSA-9c59-hw33-w5gf.json index e3bad6bed1988..ca2d98fbca568 100644 --- a/advisories/unreviewed/2023/07/GHSA-9c59-hw33-w5gf/GHSA-9c59-hw33-w5gf.json +++ b/advisories/unreviewed/2023/07/GHSA-9c59-hw33-w5gf/GHSA-9c59-hw33-w5gf.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-9c59-hw33-w5gf", - "modified": "2023-07-29T00:30:48Z", + "modified": "2023-08-03T18:30:32Z", "published": "2023-07-29T00:30:48Z", "aliases": [ "CVE-2023-2311" ], "details": "Insufficient policy enforcement in File System API in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" + } ], "affected": [ diff --git a/advisories/unreviewed/2023/07/GHSA-9jc9-7p44-pm6c/GHSA-9jc9-7p44-pm6c.json b/advisories/unreviewed/2023/07/GHSA-9jc9-7p44-pm6c/GHSA-9jc9-7p44-pm6c.json index 369acee1666c4..d15cecd8fd9c2 100644 --- a/advisories/unreviewed/2023/07/GHSA-9jc9-7p44-pm6c/GHSA-9jc9-7p44-pm6c.json +++ b/advisories/unreviewed/2023/07/GHSA-9jc9-7p44-pm6c/GHSA-9jc9-7p44-pm6c.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-9jc9-7p44-pm6c", - "modified": "2023-07-28T15:30:23Z", + "modified": "2023-08-03T18:30:30Z", "published": "2023-07-28T15:30:23Z", "aliases": [ "CVE-2023-39017" ], "details": "quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -25,7 +28,7 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-94" ], "severity": null, "github_reviewed": false, diff --git a/advisories/unreviewed/2023/07/GHSA-9qvh-8mch-5ph3/GHSA-9qvh-8mch-5ph3.json b/advisories/unreviewed/2023/07/GHSA-9qvh-8mch-5ph3/GHSA-9qvh-8mch-5ph3.json index 17321f628ae2b..13b9f0dd5438b 100644 --- a/advisories/unreviewed/2023/07/GHSA-9qvh-8mch-5ph3/GHSA-9qvh-8mch-5ph3.json +++ b/advisories/unreviewed/2023/07/GHSA-9qvh-8mch-5ph3/GHSA-9qvh-8mch-5ph3.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-9qvh-8mch-5ph3", - "modified": "2023-07-29T00:30:47Z", + "modified": "2023-08-03T18:30:31Z", "published": "2023-07-29T00:30:47Z", "aliases": [ "CVE-2022-4911" ], "details": "Insufficient data validation in DevTools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" + } ], "affected": [ @@ -29,7 +32,7 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-20" ], "severity": null, "github_reviewed": false, diff --git a/advisories/unreviewed/2023/07/GHSA-9wgf-h5v2-x9x7/GHSA-9wgf-h5v2-x9x7.json b/advisories/unreviewed/2023/07/GHSA-9wgf-h5v2-x9x7/GHSA-9wgf-h5v2-x9x7.json index fa1b64ee23be1..5d9e970663aaf 100644 --- a/advisories/unreviewed/2023/07/GHSA-9wgf-h5v2-x9x7/GHSA-9wgf-h5v2-x9x7.json +++ b/advisories/unreviewed/2023/07/GHSA-9wgf-h5v2-x9x7/GHSA-9wgf-h5v2-x9x7.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-9wgf-h5v2-x9x7", - "modified": "2023-07-28T15:30:23Z", + "modified": "2023-08-03T18:30:30Z", "published": "2023-07-28T15:30:23Z", "aliases": [ "CVE-2023-39016" ], "details": "bboss-persistent v6.0.9 and below was discovered to contain a code injection vulnerability in the component com.frameworkset.common.poolman.util.SQLManager.createPool. This vulnerability is exploited via passing an unchecked argument.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -25,7 +28,7 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-94" ], "severity": null, "github_reviewed": false, diff --git a/advisories/unreviewed/2023/07/GHSA-c6f7-f5rw-4jq8/GHSA-c6f7-f5rw-4jq8.json b/advisories/unreviewed/2023/07/GHSA-c6f7-f5rw-4jq8/GHSA-c6f7-f5rw-4jq8.json index 61c662d22f219..309f7bd657fa6 100644 --- a/advisories/unreviewed/2023/07/GHSA-c6f7-f5rw-4jq8/GHSA-c6f7-f5rw-4jq8.json +++ b/advisories/unreviewed/2023/07/GHSA-c6f7-f5rw-4jq8/GHSA-c6f7-f5rw-4jq8.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-c6f7-f5rw-4jq8", - "modified": "2023-07-29T00:30:48Z", + "modified": "2023-08-03T18:30:32Z", "published": "2023-07-29T00:30:48Z", "aliases": [ "CVE-2022-4922" ], "details": "Inappropriate implementation in Blink in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" + } ], "affected": [ diff --git a/advisories/unreviewed/2023/07/GHSA-c9g8-3cc3-422m/GHSA-c9g8-3cc3-422m.json b/advisories/unreviewed/2023/07/GHSA-c9g8-3cc3-422m/GHSA-c9g8-3cc3-422m.json index 559ae7c481fcb..d35bdada33510 100644 --- a/advisories/unreviewed/2023/07/GHSA-c9g8-3cc3-422m/GHSA-c9g8-3cc3-422m.json +++ b/advisories/unreviewed/2023/07/GHSA-c9g8-3cc3-422m/GHSA-c9g8-3cc3-422m.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-c9g8-3cc3-422m", - "modified": "2023-07-28T06:30:39Z", + "modified": "2023-08-03T18:30:29Z", "published": "2023-07-28T06:30:39Z", "aliases": [ "CVE-2023-38599" ], "details": "A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" + } ], "affected": [ diff --git a/advisories/unreviewed/2023/07/GHSA-chhg-fvc6-qv3x/GHSA-chhg-fvc6-qv3x.json b/advisories/unreviewed/2023/07/GHSA-chhg-fvc6-qv3x/GHSA-chhg-fvc6-qv3x.json index 4876b927805e0..058f15cd6e66e 100644 --- a/advisories/unreviewed/2023/07/GHSA-chhg-fvc6-qv3x/GHSA-chhg-fvc6-qv3x.json +++ b/advisories/unreviewed/2023/07/GHSA-chhg-fvc6-qv3x/GHSA-chhg-fvc6-qv3x.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-chhg-fvc6-qv3x", - "modified": "2023-07-29T00:30:48Z", + "modified": "2023-08-03T18:30:32Z", "published": "2023-07-29T00:30:48Z", "aliases": [ "CVE-2022-4916" ], "details": "Use after free in Media in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -29,7 +32,7 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-416" ], "severity": null, "github_reviewed": false, diff --git a/advisories/unreviewed/2023/07/GHSA-cjjr-h37f-5xw7/GHSA-cjjr-h37f-5xw7.json b/advisories/unreviewed/2023/07/GHSA-cjjr-h37f-5xw7/GHSA-cjjr-h37f-5xw7.json index 6081579fba4df..45a5ce67ee7ce 100644 --- a/advisories/unreviewed/2023/07/GHSA-cjjr-h37f-5xw7/GHSA-cjjr-h37f-5xw7.json +++ b/advisories/unreviewed/2023/07/GHSA-cjjr-h37f-5xw7/GHSA-cjjr-h37f-5xw7.json @@ -32,7 +32,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-200" + "CWE-200", + "CWE-668" ], "severity": null, "github_reviewed": false, diff --git a/advisories/unreviewed/2023/07/GHSA-cqmf-248p-x3mh/GHSA-cqmf-248p-x3mh.json b/advisories/unreviewed/2023/07/GHSA-cqmf-248p-x3mh/GHSA-cqmf-248p-x3mh.json index cbf679b508ce5..855704143db07 100644 --- a/advisories/unreviewed/2023/07/GHSA-cqmf-248p-x3mh/GHSA-cqmf-248p-x3mh.json +++ b/advisories/unreviewed/2023/07/GHSA-cqmf-248p-x3mh/GHSA-cqmf-248p-x3mh.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-cqmf-248p-x3mh", - "modified": "2023-07-28T06:30:40Z", + "modified": "2023-08-03T18:30:29Z", "published": "2023-07-28T06:30:40Z", "aliases": [ "CVE-2023-38604" ], "details": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -77,7 +80,7 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-787" ], "severity": null, "github_reviewed": false, diff --git a/advisories/unreviewed/2023/07/GHSA-cr9r-85xx-9x6f/GHSA-cr9r-85xx-9x6f.json b/advisories/unreviewed/2023/07/GHSA-cr9r-85xx-9x6f/GHSA-cr9r-85xx-9x6f.json index 0cd16baf9fffa..22da36c00ede3 100644 --- a/advisories/unreviewed/2023/07/GHSA-cr9r-85xx-9x6f/GHSA-cr9r-85xx-9x6f.json +++ b/advisories/unreviewed/2023/07/GHSA-cr9r-85xx-9x6f/GHSA-cr9r-85xx-9x6f.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-cr9r-85xx-9x6f", - "modified": "2023-07-28T06:30:40Z", + "modified": "2023-08-03T18:30:29Z", "published": "2023-07-28T06:30:40Z", "aliases": [ "CVE-2023-38601" ], "details": "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to modify protected parts of the file system.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" + } ], "affected": [ diff --git a/advisories/unreviewed/2023/07/GHSA-h7v3-h3m7-xv23/GHSA-h7v3-h3m7-xv23.json b/advisories/unreviewed/2023/07/GHSA-h7v3-h3m7-xv23/GHSA-h7v3-h3m7-xv23.json index aed983a30679f..d81552b5df4ce 100644 --- a/advisories/unreviewed/2023/07/GHSA-h7v3-h3m7-xv23/GHSA-h7v3-h3m7-xv23.json +++ b/advisories/unreviewed/2023/07/GHSA-h7v3-h3m7-xv23/GHSA-h7v3-h3m7-xv23.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-h7v3-h3m7-xv23", - "modified": "2023-07-27T03:30:29Z", + "modified": "2023-08-03T18:30:29Z", "published": "2023-07-27T03:30:29Z", "aliases": [ "CVE-2023-38564" ], "details": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. An app may be able to modify protected parts of the file system.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" + } ], "affected": [ diff --git a/advisories/unreviewed/2023/07/GHSA-jc37-wf52-x7m4/GHSA-jc37-wf52-x7m4.json b/advisories/unreviewed/2023/07/GHSA-jc37-wf52-x7m4/GHSA-jc37-wf52-x7m4.json index 261c66a2a834a..6d8a79a0c5af4 100644 --- a/advisories/unreviewed/2023/07/GHSA-jc37-wf52-x7m4/GHSA-jc37-wf52-x7m4.json +++ b/advisories/unreviewed/2023/07/GHSA-jc37-wf52-x7m4/GHSA-jc37-wf52-x7m4.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-jc37-wf52-x7m4", - "modified": "2023-07-27T03:30:28Z", + "modified": "2023-08-03T18:30:29Z", "published": "2023-07-27T03:30:28Z", "aliases": [ "CVE-2023-35993" ], "details": "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, tvOS 16.6, watchOS 9.6, macOS Ventura 13.5, iOS 15.7.8 and iPadOS 15.7.8. An app may be able to execute arbitrary code with kernel privileges.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -49,7 +52,7 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-416" ], "severity": null, "github_reviewed": false, diff --git a/advisories/unreviewed/2023/07/GHSA-m5f4-wpc8-674q/GHSA-m5f4-wpc8-674q.json b/advisories/unreviewed/2023/07/GHSA-m5f4-wpc8-674q/GHSA-m5f4-wpc8-674q.json index 5ee04ab46217f..de315fb71d933 100644 --- a/advisories/unreviewed/2023/07/GHSA-m5f4-wpc8-674q/GHSA-m5f4-wpc8-674q.json +++ b/advisories/unreviewed/2023/07/GHSA-m5f4-wpc8-674q/GHSA-m5f4-wpc8-674q.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-m5f4-wpc8-674q", - "modified": "2023-07-27T03:30:28Z", + "modified": "2023-08-03T18:30:29Z", "published": "2023-07-27T03:30:28Z", "aliases": [ "CVE-2023-32443" ], "details": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8, macOS Big Sur 11.7.9. Processing a file may lead to a denial-of-service or potentially disclose memory contents.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" + } ], "affected": [ @@ -33,7 +36,7 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-125" ], "severity": null, "github_reviewed": false, diff --git a/advisories/unreviewed/2023/07/GHSA-mc6p-cr25-crfc/GHSA-mc6p-cr25-crfc.json b/advisories/unreviewed/2023/07/GHSA-mc6p-cr25-crfc/GHSA-mc6p-cr25-crfc.json index 6e3b0342e5147..cb47d35f3f498 100644 --- a/advisories/unreviewed/2023/07/GHSA-mc6p-cr25-crfc/GHSA-mc6p-cr25-crfc.json +++ b/advisories/unreviewed/2023/07/GHSA-mc6p-cr25-crfc/GHSA-mc6p-cr25-crfc.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-mc6p-cr25-crfc", - "modified": "2023-07-29T00:30:48Z", + "modified": "2023-08-03T18:30:32Z", "published": "2023-07-29T00:30:48Z", "aliases": [ "CVE-2022-4925" ], "details": "Insufficient validation of untrusted input in QUIC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform header splitting via malicious network traffic. (Chromium security severity: Low)", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" + } ], "affected": [ @@ -29,7 +32,7 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-20" ], "severity": null, "github_reviewed": false, diff --git a/advisories/unreviewed/2023/07/GHSA-mg4h-hrr4-6xm8/GHSA-mg4h-hrr4-6xm8.json b/advisories/unreviewed/2023/07/GHSA-mg4h-hrr4-6xm8/GHSA-mg4h-hrr4-6xm8.json index 05e6ae8583ece..3f861efd24a13 100644 --- a/advisories/unreviewed/2023/07/GHSA-mg4h-hrr4-6xm8/GHSA-mg4h-hrr4-6xm8.json +++ b/advisories/unreviewed/2023/07/GHSA-mg4h-hrr4-6xm8/GHSA-mg4h-hrr4-6xm8.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-mg4h-hrr4-6xm8", - "modified": "2023-07-27T03:30:28Z", + "modified": "2023-08-03T18:30:29Z", "published": "2023-07-27T03:30:28Z", "aliases": [ "CVE-2023-38421" ], "details": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. Processing a file may lead to a denial-of-service or potentially disclose memory contents.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" + } ], "affected": [ diff --git a/advisories/unreviewed/2023/07/GHSA-mgc4-cc92-x8pw/GHSA-mgc4-cc92-x8pw.json b/advisories/unreviewed/2023/07/GHSA-mgc4-cc92-x8pw/GHSA-mgc4-cc92-x8pw.json index f091d9fc148a0..dc612f2305b44 100644 --- a/advisories/unreviewed/2023/07/GHSA-mgc4-cc92-x8pw/GHSA-mgc4-cc92-x8pw.json +++ b/advisories/unreviewed/2023/07/GHSA-mgc4-cc92-x8pw/GHSA-mgc4-cc92-x8pw.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-mgc4-cc92-x8pw", - "modified": "2023-07-28T06:30:39Z", + "modified": "2023-08-03T18:30:29Z", "published": "2023-07-28T06:30:39Z", "aliases": [ "CVE-2023-38571" ], "details": "This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to bypass Privacy preferences.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" + } ], "affected": [ diff --git a/advisories/unreviewed/2023/07/GHSA-mq7w-mj9p-33fc/GHSA-mq7w-mj9p-33fc.json b/advisories/unreviewed/2023/07/GHSA-mq7w-mj9p-33fc/GHSA-mq7w-mj9p-33fc.json index 1434b604e33d5..98c051ec29e08 100644 --- a/advisories/unreviewed/2023/07/GHSA-mq7w-mj9p-33fc/GHSA-mq7w-mj9p-33fc.json +++ b/advisories/unreviewed/2023/07/GHSA-mq7w-mj9p-33fc/GHSA-mq7w-mj9p-33fc.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-mq7w-mj9p-33fc", - "modified": "2023-07-29T00:30:48Z", + "modified": "2023-08-03T18:30:32Z", "published": "2023-07-29T00:30:48Z", "aliases": [ "CVE-2023-2313" ], "details": "Inappropriate implementation in Sandbox in Google Chrome on Windows prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a malicious file. (Chromium security severity: High)", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } ], "affected": [ diff --git a/advisories/unreviewed/2023/07/GHSA-mqjx-pwr7-f46c/GHSA-mqjx-pwr7-f46c.json b/advisories/unreviewed/2023/07/GHSA-mqjx-pwr7-f46c/GHSA-mqjx-pwr7-f46c.json index 8296ffbc3be1a..5c5ae635c5627 100644 --- a/advisories/unreviewed/2023/07/GHSA-mqjx-pwr7-f46c/GHSA-mqjx-pwr7-f46c.json +++ b/advisories/unreviewed/2023/07/GHSA-mqjx-pwr7-f46c/GHSA-mqjx-pwr7-f46c.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-mqjx-pwr7-f46c", - "modified": "2023-07-29T00:30:47Z", + "modified": "2023-08-03T18:30:31Z", "published": "2023-07-29T00:30:47Z", "aliases": [ "CVE-2022-4914" ], "details": "Heap buffer overflow in PrintPreview in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -29,7 +32,7 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-787" ], "severity": null, "github_reviewed": false, diff --git a/advisories/unreviewed/2023/07/GHSA-pph7-f2fw-25v3/GHSA-pph7-f2fw-25v3.json b/advisories/unreviewed/2023/07/GHSA-pph7-f2fw-25v3/GHSA-pph7-f2fw-25v3.json index aeffb740e7dc6..9076c5a476c12 100644 --- a/advisories/unreviewed/2023/07/GHSA-pph7-f2fw-25v3/GHSA-pph7-f2fw-25v3.json +++ b/advisories/unreviewed/2023/07/GHSA-pph7-f2fw-25v3/GHSA-pph7-f2fw-25v3.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-pph7-f2fw-25v3", - "modified": "2023-07-29T00:30:48Z", + "modified": "2023-08-03T18:30:32Z", "published": "2023-07-29T00:30:48Z", "aliases": [ "CVE-2022-4923" ], "details": "Inappropriate implementation in Omnibox in Google Chrome prior to 99.0.4844.51 allowed an attacker in a privileged network position to perform a man-in-the-middle attack via malicious network traffic. (Chromium security severity: Low)", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N" + } ], "affected": [ diff --git a/advisories/unreviewed/2023/07/GHSA-q3x8-58xf-j8xj/GHSA-q3x8-58xf-j8xj.json b/advisories/unreviewed/2023/07/GHSA-q3x8-58xf-j8xj/GHSA-q3x8-58xf-j8xj.json index f2e9c3e4e6f28..c176a642d5eab 100644 --- a/advisories/unreviewed/2023/07/GHSA-q3x8-58xf-j8xj/GHSA-q3x8-58xf-j8xj.json +++ b/advisories/unreviewed/2023/07/GHSA-q3x8-58xf-j8xj/GHSA-q3x8-58xf-j8xj.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-q3x8-58xf-j8xj", - "modified": "2023-07-28T06:30:39Z", + "modified": "2023-08-03T18:30:29Z", "published": "2023-07-28T06:30:39Z", "aliases": [ "CVE-2023-32654" ], "details": "A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.5. A user may be able to read information belonging to another user.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" + } ], "affected": [ diff --git a/advisories/unreviewed/2023/07/GHSA-q92j-8jhc-9pm7/GHSA-q92j-8jhc-9pm7.json b/advisories/unreviewed/2023/07/GHSA-q92j-8jhc-9pm7/GHSA-q92j-8jhc-9pm7.json index 9aee0d6f1fd7a..e9c2d3305f9f1 100644 --- a/advisories/unreviewed/2023/07/GHSA-q92j-8jhc-9pm7/GHSA-q92j-8jhc-9pm7.json +++ b/advisories/unreviewed/2023/07/GHSA-q92j-8jhc-9pm7/GHSA-q92j-8jhc-9pm7.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-q92j-8jhc-9pm7", - "modified": "2023-07-28T15:30:23Z", + "modified": "2023-08-03T18:30:30Z", "published": "2023-07-28T15:30:23Z", "aliases": [ "CVE-2023-39023" ], "details": "university compass v2.2.0 and below was discovered to contain a code injection vulnerability in the component org.compass.core.executor.DefaultExecutorManager.configure. This vulnerability is exploited via passing an unchecked argument.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -25,7 +28,7 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-94" ], "severity": null, "github_reviewed": false, diff --git a/advisories/unreviewed/2023/07/GHSA-qp52-c658-5vrc/GHSA-qp52-c658-5vrc.json b/advisories/unreviewed/2023/07/GHSA-qp52-c658-5vrc/GHSA-qp52-c658-5vrc.json index cdf4aeeded998..7c2d44cf42d59 100644 --- a/advisories/unreviewed/2023/07/GHSA-qp52-c658-5vrc/GHSA-qp52-c658-5vrc.json +++ b/advisories/unreviewed/2023/07/GHSA-qp52-c658-5vrc/GHSA-qp52-c658-5vrc.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-qp52-c658-5vrc", - "modified": "2023-07-28T06:30:39Z", + "modified": "2023-08-03T18:30:29Z", "published": "2023-07-28T06:30:39Z", "aliases": [ "CVE-2023-32444" ], "details": "A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. A sandboxed process may be able to circumvent sandbox restrictions.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" + } ], "affected": [ diff --git a/advisories/unreviewed/2023/07/GHSA-r7mr-872q-fr2m/GHSA-r7mr-872q-fr2m.json b/advisories/unreviewed/2023/07/GHSA-r7mr-872q-fr2m/GHSA-r7mr-872q-fr2m.json index 2d2402c97c3be..989df73bc2fee 100644 --- a/advisories/unreviewed/2023/07/GHSA-r7mr-872q-fr2m/GHSA-r7mr-872q-fr2m.json +++ b/advisories/unreviewed/2023/07/GHSA-r7mr-872q-fr2m/GHSA-r7mr-872q-fr2m.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-r7mr-872q-fr2m", - "modified": "2023-07-27T03:30:29Z", + "modified": "2023-08-03T18:30:29Z", "published": "2023-07-27T03:30:29Z", "aliases": [ "CVE-2023-38565" ], "details": "The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Monterey 12.6.8, watchOS 9.6, macOS Big Sur 11.7.9, macOS Ventura 13.5. Processing web content may disclose sensitive information.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } ], "affected": [ diff --git a/advisories/unreviewed/2023/07/GHSA-r87r-qf4p-wg4x/GHSA-r87r-qf4p-wg4x.json b/advisories/unreviewed/2023/07/GHSA-r87r-qf4p-wg4x/GHSA-r87r-qf4p-wg4x.json index 9be91207df7d8..a6a11e49cb3e9 100644 --- a/advisories/unreviewed/2023/07/GHSA-r87r-qf4p-wg4x/GHSA-r87r-qf4p-wg4x.json +++ b/advisories/unreviewed/2023/07/GHSA-r87r-qf4p-wg4x/GHSA-r87r-qf4p-wg4x.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-r87r-qf4p-wg4x", - "modified": "2023-07-28T06:30:39Z", + "modified": "2023-08-03T18:30:29Z", "published": "2023-07-28T06:30:39Z", "aliases": [ "CVE-2023-37285" ], "details": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -53,7 +56,7 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-125" ], "severity": null, "github_reviewed": false, diff --git a/advisories/unreviewed/2023/07/GHSA-rg97-m354-39g3/GHSA-rg97-m354-39g3.json b/advisories/unreviewed/2023/07/GHSA-rg97-m354-39g3/GHSA-rg97-m354-39g3.json index f722d3a1a9f8c..8a5c150d3d869 100644 --- a/advisories/unreviewed/2023/07/GHSA-rg97-m354-39g3/GHSA-rg97-m354-39g3.json +++ b/advisories/unreviewed/2023/07/GHSA-rg97-m354-39g3/GHSA-rg97-m354-39g3.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-rg97-m354-39g3", - "modified": "2023-07-28T06:30:39Z", + "modified": "2023-08-03T18:30:29Z", "published": "2023-07-28T06:30:39Z", "aliases": [ "CVE-2023-32427" ], "details": "This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 4.2.0 for Android. An attacker in a privileged network position may be able to intercept network traffic.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" + } ], "affected": [ diff --git a/advisories/unreviewed/2023/07/GHSA-rr22-prvr-c5gh/GHSA-rr22-prvr-c5gh.json b/advisories/unreviewed/2023/07/GHSA-rr22-prvr-c5gh/GHSA-rr22-prvr-c5gh.json index bad02eeb5aad3..1003765d34089 100644 --- a/advisories/unreviewed/2023/07/GHSA-rr22-prvr-c5gh/GHSA-rr22-prvr-c5gh.json +++ b/advisories/unreviewed/2023/07/GHSA-rr22-prvr-c5gh/GHSA-rr22-prvr-c5gh.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-rr22-prvr-c5gh", - "modified": "2023-07-27T03:30:28Z", + "modified": "2023-08-03T18:30:29Z", "published": "2023-07-27T03:30:28Z", "aliases": [ "CVE-2023-38258" ], "details": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. Processing a file may lead to a denial-of-service or potentially disclose memory contents.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" + } ], "affected": [ diff --git a/advisories/unreviewed/2023/07/GHSA-rvvf-xmvw-3ggp/GHSA-rvvf-xmvw-3ggp.json b/advisories/unreviewed/2023/07/GHSA-rvvf-xmvw-3ggp/GHSA-rvvf-xmvw-3ggp.json index b5746329262e9..68adfed4e8357 100644 --- a/advisories/unreviewed/2023/07/GHSA-rvvf-xmvw-3ggp/GHSA-rvvf-xmvw-3ggp.json +++ b/advisories/unreviewed/2023/07/GHSA-rvvf-xmvw-3ggp/GHSA-rvvf-xmvw-3ggp.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-rvvf-xmvw-3ggp", - "modified": "2023-07-28T06:30:40Z", + "modified": "2023-08-03T18:30:29Z", "published": "2023-07-28T06:30:40Z", "aliases": [ "CVE-2023-38609" ], "details": "An injection issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.5. An app may be able to bypass certain Privacy preferences.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" + } ], "affected": [ @@ -29,7 +32,7 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-74" ], "severity": null, "github_reviewed": false, diff --git a/advisories/unreviewed/2023/07/GHSA-v9j5-hh43-rw3p/GHSA-v9j5-hh43-rw3p.json b/advisories/unreviewed/2023/07/GHSA-v9j5-hh43-rw3p/GHSA-v9j5-hh43-rw3p.json index 003934d0136e9..0bdcb3d088f08 100644 --- a/advisories/unreviewed/2023/07/GHSA-v9j5-hh43-rw3p/GHSA-v9j5-hh43-rw3p.json +++ b/advisories/unreviewed/2023/07/GHSA-v9j5-hh43-rw3p/GHSA-v9j5-hh43-rw3p.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-v9j5-hh43-rw3p", - "modified": "2023-07-28T06:30:39Z", + "modified": "2023-08-03T18:30:29Z", "published": "2023-07-28T06:30:39Z", "aliases": [ "CVE-2023-38598" ], "details": "A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } ], "affected": [ @@ -77,7 +80,7 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-416" ], "severity": null, "github_reviewed": false, diff --git a/advisories/unreviewed/2023/07/GHSA-vg57-hwh2-c85p/GHSA-vg57-hwh2-c85p.json b/advisories/unreviewed/2023/07/GHSA-vg57-hwh2-c85p/GHSA-vg57-hwh2-c85p.json index 33302812a048a..58de61c208b36 100644 --- a/advisories/unreviewed/2023/07/GHSA-vg57-hwh2-c85p/GHSA-vg57-hwh2-c85p.json +++ b/advisories/unreviewed/2023/07/GHSA-vg57-hwh2-c85p/GHSA-vg57-hwh2-c85p.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-vg57-hwh2-c85p", - "modified": "2023-07-29T00:30:48Z", + "modified": "2023-08-03T18:30:32Z", "published": "2023-07-29T00:30:48Z", "aliases": [ "CVE-2022-4920" ], "details": "Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" + } ], "affected": [ @@ -29,7 +32,7 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-787" ], "severity": null, "github_reviewed": false, diff --git a/advisories/unreviewed/2023/07/GHSA-vvx4-72qg-p3h5/GHSA-vvx4-72qg-p3h5.json b/advisories/unreviewed/2023/07/GHSA-vvx4-72qg-p3h5/GHSA-vvx4-72qg-p3h5.json index 519c5236dbfc3..c158f6a99820d 100644 --- a/advisories/unreviewed/2023/07/GHSA-vvx4-72qg-p3h5/GHSA-vvx4-72qg-p3h5.json +++ b/advisories/unreviewed/2023/07/GHSA-vvx4-72qg-p3h5/GHSA-vvx4-72qg-p3h5.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-vvx4-72qg-p3h5", - "modified": "2023-07-29T00:30:48Z", + "modified": "2023-08-03T18:30:32Z", "published": "2023-07-29T00:30:48Z", "aliases": [ "CVE-2022-4924" ], "details": "Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" + } ], "affected": [ @@ -29,7 +32,7 @@ ], "database_specific": { "cwe_ids": [ - + "CWE-416" ], "severity": null, "github_reviewed": false, diff --git a/advisories/unreviewed/2023/07/GHSA-w5w9-4cmf-97jp/GHSA-w5w9-4cmf-97jp.json b/advisories/unreviewed/2023/07/GHSA-w5w9-4cmf-97jp/GHSA-w5w9-4cmf-97jp.json index 9dbc1a36b14a0..1c0722450d2a4 100644 --- a/advisories/unreviewed/2023/07/GHSA-w5w9-4cmf-97jp/GHSA-w5w9-4cmf-97jp.json +++ b/advisories/unreviewed/2023/07/GHSA-w5w9-4cmf-97jp/GHSA-w5w9-4cmf-97jp.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-w5w9-4cmf-97jp", - "modified": "2023-07-27T03:30:28Z", + "modified": "2023-08-03T18:30:29Z", "published": "2023-07-27T03:30:28Z", "aliases": [ "CVE-2023-32734" ], "details": "The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } ], "affected": [ diff --git a/advisories/unreviewed/2023/07/GHSA-xc42-985m-4jpv/GHSA-xc42-985m-4jpv.json b/advisories/unreviewed/2023/07/GHSA-xc42-985m-4jpv/GHSA-xc42-985m-4jpv.json index 67a78ad638fe4..3d521ee5cf0fb 100644 --- a/advisories/unreviewed/2023/07/GHSA-xc42-985m-4jpv/GHSA-xc42-985m-4jpv.json +++ b/advisories/unreviewed/2023/07/GHSA-xc42-985m-4jpv/GHSA-xc42-985m-4jpv.json @@ -1,14 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-xc42-985m-4jpv", - "modified": "2023-07-29T00:30:48Z", + "modified": "2023-08-03T18:30:32Z", "published": "2023-07-29T00:30:48Z", "aliases": [ "CVE-2022-4917" ], "details": "Incorrect security UI in Notifications in Google Chrome on Android prior to 103.0.5060.53 allowed a remote attacker to obscure the full screen notification via a crafted HTML page. (Chromium security severity: Low)", "severity": [ - + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" + } ], "affected": [ diff --git a/advisories/unreviewed/2023/08/GHSA-2644-f36h-q8x8/GHSA-2644-f36h-q8x8.json b/advisories/unreviewed/2023/08/GHSA-2644-f36h-q8x8/GHSA-2644-f36h-q8x8.json new file mode 100644 index 0000000000000..742b87467d609 --- /dev/null +++ b/advisories/unreviewed/2023/08/GHSA-2644-f36h-q8x8/GHSA-2644-f36h-q8x8.json @@ -0,0 +1,39 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-2644-f36h-q8x8", + "modified": "2023-08-03T18:30:35Z", + "published": "2023-08-03T18:30:35Z", + "aliases": [ + "CVE-2023-36217" + ], + "details": "Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36217" + }, + { + "type": "WEB", + "url": "https://github.com/XOOPS/XoopsCore25/releases/tag/v2.5.10" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/51520" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/08/GHSA-37fx-2m8v-2x4j/GHSA-37fx-2m8v-2x4j.json b/advisories/unreviewed/2023/08/GHSA-37fx-2m8v-2x4j/GHSA-37fx-2m8v-2x4j.json new file mode 100644 index 0000000000000..ca2b607a49acc --- /dev/null +++ b/advisories/unreviewed/2023/08/GHSA-37fx-2m8v-2x4j/GHSA-37fx-2m8v-2x4j.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-37fx-2m8v-2x4j", + "modified": "2023-08-03T18:30:35Z", + "published": "2023-08-03T18:30:35Z", + "aliases": [ + "CVE-2023-25524" + ], + "details": "\nNVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user’s access token is displayed in the browser user's address bar. An attacker could use this token to impersonate the user to access launcher resources. A successful exploit of this vulnerability may lead to information disclosure.\n\n", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25524" + }, + { + "type": "WEB", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5472" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-598" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/08/GHSA-3xwr-xcmc-7vq6/GHSA-3xwr-xcmc-7vq6.json b/advisories/unreviewed/2023/08/GHSA-3xwr-xcmc-7vq6/GHSA-3xwr-xcmc-7vq6.json new file mode 100644 index 0000000000000..9d37e0bb971d7 --- /dev/null +++ b/advisories/unreviewed/2023/08/GHSA-3xwr-xcmc-7vq6/GHSA-3xwr-xcmc-7vq6.json @@ -0,0 +1,39 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3xwr-xcmc-7vq6", + "modified": "2023-08-03T18:30:35Z", + "published": "2023-08-03T18:30:35Z", + "aliases": [ + "CVE-2023-33365" + ], + "details": "A path traversal vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated attackers to fetch arbitrary files from the server's web server.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33365" + }, + { + "type": "WEB", + "url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33365" + }, + { + "type": "WEB", + "url": "https://kb.supremainc.com/knowledge/doku.php?id=en:release_note_291" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/08/GHSA-4cgx-34q8-6h3x/GHSA-4cgx-34q8-6h3x.json b/advisories/unreviewed/2023/08/GHSA-4cgx-34q8-6h3x/GHSA-4cgx-34q8-6h3x.json index 83a0a724e01de..5b593a47db798 100644 --- a/advisories/unreviewed/2023/08/GHSA-4cgx-34q8-6h3x/GHSA-4cgx-34q8-6h3x.json +++ b/advisories/unreviewed/2023/08/GHSA-4cgx-34q8-6h3x/GHSA-4cgx-34q8-6h3x.json @@ -28,6 +28,14 @@ { "type": "WEB", "url": "https://vuldb.com/?id.235958" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/173927/PHPJabbers-Bus-Reservation-System-1.1-Cross-Site-Scripting.html" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/173945/PHPJabbers-Bus-Reservation-System-1.1-SQL-Injection.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2023/08/GHSA-4gqm-qq9r-mrp5/GHSA-4gqm-qq9r-mrp5.json b/advisories/unreviewed/2023/08/GHSA-4gqm-qq9r-mrp5/GHSA-4gqm-qq9r-mrp5.json index b1800d4c0935b..c05f4620e2160 100644 --- a/advisories/unreviewed/2023/08/GHSA-4gqm-qq9r-mrp5/GHSA-4gqm-qq9r-mrp5.json +++ b/advisories/unreviewed/2023/08/GHSA-4gqm-qq9r-mrp5/GHSA-4gqm-qq9r-mrp5.json @@ -28,6 +28,10 @@ { "type": "WEB", "url": "https://vuldb.com/?id.235961" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/173932/PHPJabbers-Night-Club-Booking-1.0-Cross-Site-Scripting.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2023/08/GHSA-564w-j7mv-2v7q/GHSA-564w-j7mv-2v7q.json b/advisories/unreviewed/2023/08/GHSA-564w-j7mv-2v7q/GHSA-564w-j7mv-2v7q.json new file mode 100644 index 0000000000000..753440eb0cc31 --- /dev/null +++ b/advisories/unreviewed/2023/08/GHSA-564w-j7mv-2v7q/GHSA-564w-j7mv-2v7q.json @@ -0,0 +1,39 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-564w-j7mv-2v7q", + "modified": "2023-08-03T18:30:34Z", + "published": "2023-08-03T18:30:34Z", + "aliases": [ + "CVE-2023-28468" + ], + "details": "An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28468" + }, + { + "type": "WEB", + "url": "https://www.insyde.com/security-pledge" + }, + { + "type": "WEB", + "url": "https://www.insyde.com/security-pledge/SA-2023039" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/08/GHSA-6384-2m2x-45v7/GHSA-6384-2m2x-45v7.json b/advisories/unreviewed/2023/08/GHSA-6384-2m2x-45v7/GHSA-6384-2m2x-45v7.json index 4683e40120be9..e87d5d2e5c272 100644 --- a/advisories/unreviewed/2023/08/GHSA-6384-2m2x-45v7/GHSA-6384-2m2x-45v7.json +++ b/advisories/unreviewed/2023/08/GHSA-6384-2m2x-45v7/GHSA-6384-2m2x-45v7.json @@ -28,6 +28,10 @@ { "type": "WEB", "url": "https://vuldb.com/?id.235957" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/173926/PHPJabbers-Availability-Booking-Calendar-5.0-Cross-Site-Scripting.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2023/08/GHSA-7rvx-6854-8rw7/GHSA-7rvx-6854-8rw7.json b/advisories/unreviewed/2023/08/GHSA-7rvx-6854-8rw7/GHSA-7rvx-6854-8rw7.json new file mode 100644 index 0000000000000..b74c487ae10ad --- /dev/null +++ b/advisories/unreviewed/2023/08/GHSA-7rvx-6854-8rw7/GHSA-7rvx-6854-8rw7.json @@ -0,0 +1,39 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7rvx-6854-8rw7", + "modified": "2023-08-03T18:30:34Z", + "published": "2023-08-03T18:30:34Z", + "aliases": [ + "CVE-2023-36299" + ], + "details": "A File Upload vulnerability in typecho v.1.2.1 allows a remote attacker to execute arbitrary code via the upload and options-general parameters in index.php.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36299" + }, + { + "type": "WEB", + "url": "https://github.com/MentalityXt/typecho-v1.2.1-RCE" + }, + { + "type": "WEB", + "url": "https://github.com/typecho/typecho/releases/tag/v1.2.1" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/08/GHSA-82gq-6m2f-8392/GHSA-82gq-6m2f-8392.json b/advisories/unreviewed/2023/08/GHSA-82gq-6m2f-8392/GHSA-82gq-6m2f-8392.json index d04bc4d6dc73f..a16f2d5965cec 100644 --- a/advisories/unreviewed/2023/08/GHSA-82gq-6m2f-8392/GHSA-82gq-6m2f-8392.json +++ b/advisories/unreviewed/2023/08/GHSA-82gq-6m2f-8392/GHSA-82gq-6m2f-8392.json @@ -28,6 +28,10 @@ { "type": "WEB", "url": "https://vuldb.com/?id.235964" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/173939/PHPJabbers-Rental-Property-Booking-2.0-Cross-Site-Scripting.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2023/08/GHSA-856f-5pr4-jx6q/GHSA-856f-5pr4-jx6q.json b/advisories/unreviewed/2023/08/GHSA-856f-5pr4-jx6q/GHSA-856f-5pr4-jx6q.json new file mode 100644 index 0000000000000..74032ef89762d --- /dev/null +++ b/advisories/unreviewed/2023/08/GHSA-856f-5pr4-jx6q/GHSA-856f-5pr4-jx6q.json @@ -0,0 +1,39 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-856f-5pr4-jx6q", + "modified": "2023-08-03T18:30:34Z", + "published": "2023-08-03T18:30:34Z", + "aliases": [ + "CVE-2023-25600" + ], + "details": "An issue was discovered in InsydeH2O. A malicious operating system can tamper with a runtime-writable EFI variable, leading to out-of-bounds memory reads and a denial of service. This is fixed in version 01.01.04.0016.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25600" + }, + { + "type": "WEB", + "url": "https://www.insyde.com/security-pledge" + }, + { + "type": "WEB", + "url": "https://www.insyde.com/security-pledge/SA-2023028" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/08/GHSA-88gh-7pcg-pc2x/GHSA-88gh-7pcg-pc2x.json b/advisories/unreviewed/2023/08/GHSA-88gh-7pcg-pc2x/GHSA-88gh-7pcg-pc2x.json index aa1083077e098..9f7b14b9a43f1 100644 --- a/advisories/unreviewed/2023/08/GHSA-88gh-7pcg-pc2x/GHSA-88gh-7pcg-pc2x.json +++ b/advisories/unreviewed/2023/08/GHSA-88gh-7pcg-pc2x/GHSA-88gh-7pcg-pc2x.json @@ -28,6 +28,10 @@ { "type": "WEB", "url": "https://vuldb.com/?id.235959" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/173930/PHPJabbers-Shuttle-Booking-Software-1.0-Cross-Site-Scripting.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2023/08/GHSA-897q-36v3-jwhm/GHSA-897q-36v3-jwhm.json b/advisories/unreviewed/2023/08/GHSA-897q-36v3-jwhm/GHSA-897q-36v3-jwhm.json new file mode 100644 index 0000000000000..5d79b6a020fbb --- /dev/null +++ b/advisories/unreviewed/2023/08/GHSA-897q-36v3-jwhm/GHSA-897q-36v3-jwhm.json @@ -0,0 +1,42 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-897q-36v3-jwhm", + "modified": "2023-08-03T18:30:35Z", + "published": "2023-08-03T18:30:35Z", + "aliases": [ + "CVE-2023-4132" + ], + "details": "A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4132" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2023-4132" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221707" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/08/GHSA-8cjr-8gr7-ccg3/GHSA-8cjr-8gr7-ccg3.json b/advisories/unreviewed/2023/08/GHSA-8cjr-8gr7-ccg3/GHSA-8cjr-8gr7-ccg3.json new file mode 100644 index 0000000000000..0585f2da466a2 --- /dev/null +++ b/advisories/unreviewed/2023/08/GHSA-8cjr-8gr7-ccg3/GHSA-8cjr-8gr7-ccg3.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-8cjr-8gr7-ccg3", + "modified": "2023-08-03T18:30:35Z", + "published": "2023-08-03T18:30:35Z", + "aliases": [ + "CVE-2023-35081" + ], + "details": "A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35081" + }, + { + "type": "WEB", + "url": "https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/08/GHSA-8ggh-rx5r-h3jx/GHSA-8ggh-rx5r-h3jx.json b/advisories/unreviewed/2023/08/GHSA-8ggh-rx5r-h3jx/GHSA-8ggh-rx5r-h3jx.json new file mode 100644 index 0000000000000..c090cd0098d75 --- /dev/null +++ b/advisories/unreviewed/2023/08/GHSA-8ggh-rx5r-h3jx/GHSA-8ggh-rx5r-h3jx.json @@ -0,0 +1,39 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-8ggh-rx5r-h3jx", + "modified": "2023-08-03T18:30:35Z", + "published": "2023-08-03T18:30:35Z", + "aliases": [ + "CVE-2023-33363" + ], + "details": "An authentication bypass vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated users to access some functionality on BioStar 2 servers.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33363" + }, + { + "type": "WEB", + "url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33363" + }, + { + "type": "WEB", + "url": "https://kb.supremainc.com/knowledge/doku.php?id=en:release_note_291" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/08/GHSA-945m-rw7v-2h8v/GHSA-945m-rw7v-2h8v.json b/advisories/unreviewed/2023/08/GHSA-945m-rw7v-2h8v/GHSA-945m-rw7v-2h8v.json new file mode 100644 index 0000000000000..3b2d818fdec4f --- /dev/null +++ b/advisories/unreviewed/2023/08/GHSA-945m-rw7v-2h8v/GHSA-945m-rw7v-2h8v.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-945m-rw7v-2h8v", + "modified": "2023-08-03T18:30:35Z", + "published": "2023-08-03T18:30:35Z", + "aliases": [ + "CVE-2023-38947" + ], + "details": "An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38947" + }, + { + "type": "WEB", + "url": "https://gitee.com/CTF-hacker/pwn/issues/I7LH2N" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/08/GHSA-9566-3gww-45ch/GHSA-9566-3gww-45ch.json b/advisories/unreviewed/2023/08/GHSA-9566-3gww-45ch/GHSA-9566-3gww-45ch.json new file mode 100644 index 0000000000000..8cee48ddfd346 --- /dev/null +++ b/advisories/unreviewed/2023/08/GHSA-9566-3gww-45ch/GHSA-9566-3gww-45ch.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9566-3gww-45ch", + "modified": "2023-08-03T18:30:34Z", + "published": "2023-08-03T18:30:34Z", + "aliases": [ + "CVE-2023-36298" + ], + "details": "DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote code execution (RCE).", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36298" + }, + { + "type": "WEB", + "url": "https://github.com/MentalityXt/Dedecms-v5.7.109-RCE" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/08/GHSA-9ppx-xr68-cm59/GHSA-9ppx-xr68-cm59.json b/advisories/unreviewed/2023/08/GHSA-9ppx-xr68-cm59/GHSA-9ppx-xr68-cm59.json index 5c994954d460f..00d6a0ae84fdf 100644 --- a/advisories/unreviewed/2023/08/GHSA-9ppx-xr68-cm59/GHSA-9ppx-xr68-cm59.json +++ b/advisories/unreviewed/2023/08/GHSA-9ppx-xr68-cm59/GHSA-9ppx-xr68-cm59.json @@ -29,6 +29,10 @@ "type": "WEB", "url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf" }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/173943/OX-App-Suite-SSRF-SQL-Injection-Cross-Site-Scripting.html" + }, { "type": "WEB", "url": "http://seclists.org/fulldisclosure/2023/Aug/8" diff --git a/advisories/unreviewed/2023/08/GHSA-9rfr-rprq-pv78/GHSA-9rfr-rprq-pv78.json b/advisories/unreviewed/2023/08/GHSA-9rfr-rprq-pv78/GHSA-9rfr-rprq-pv78.json index a88a0776c2409..179b131eeee87 100644 --- a/advisories/unreviewed/2023/08/GHSA-9rfr-rprq-pv78/GHSA-9rfr-rprq-pv78.json +++ b/advisories/unreviewed/2023/08/GHSA-9rfr-rprq-pv78/GHSA-9rfr-rprq-pv78.json @@ -29,6 +29,10 @@ "type": "WEB", "url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf" }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/173943/OX-App-Suite-SSRF-SQL-Injection-Cross-Site-Scripting.html" + }, { "type": "WEB", "url": "http://seclists.org/fulldisclosure/2023/Aug/8" diff --git a/advisories/unreviewed/2023/08/GHSA-9wg5-4w44-rm5v/GHSA-9wg5-4w44-rm5v.json b/advisories/unreviewed/2023/08/GHSA-9wg5-4w44-rm5v/GHSA-9wg5-4w44-rm5v.json new file mode 100644 index 0000000000000..1bebff9af690b --- /dev/null +++ b/advisories/unreviewed/2023/08/GHSA-9wg5-4w44-rm5v/GHSA-9wg5-4w44-rm5v.json @@ -0,0 +1,39 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9wg5-4w44-rm5v", + "modified": "2023-08-03T18:30:35Z", + "published": "2023-08-03T18:30:35Z", + "aliases": [ + "CVE-2023-32764" + ], + "details": "Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to escalate their privileges to local administrator.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32764" + }, + { + "type": "WEB", + "url": "https://help.supportservices.fabasoft.com/index.php?topic=doc/Vulnerabilities-Fabasoft-Folio/vulnerabilities-2023.htm#client-autoupdate-harmful-code-installation-vulnerability-pdo06614-" + }, + { + "type": "WEB", + "url": "https://www.compass-security.com/fileadmin/Research/Advisories/2023_01_CSNC-2023-002_LPE_Cloud_Client.txt" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/08/GHSA-c2rq-xcq6-frfg/GHSA-c2rq-xcq6-frfg.json b/advisories/unreviewed/2023/08/GHSA-c2rq-xcq6-frfg/GHSA-c2rq-xcq6-frfg.json index 89a0b16e9a98b..b7daad9857ecf 100644 --- a/advisories/unreviewed/2023/08/GHSA-c2rq-xcq6-frfg/GHSA-c2rq-xcq6-frfg.json +++ b/advisories/unreviewed/2023/08/GHSA-c2rq-xcq6-frfg/GHSA-c2rq-xcq6-frfg.json @@ -29,6 +29,10 @@ "type": "WEB", "url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf" }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/173943/OX-App-Suite-SSRF-SQL-Injection-Cross-Site-Scripting.html" + }, { "type": "WEB", "url": "http://seclists.org/fulldisclosure/2023/Aug/8" diff --git a/advisories/unreviewed/2023/08/GHSA-ccm5-74vf-c7hj/GHSA-ccm5-74vf-c7hj.json b/advisories/unreviewed/2023/08/GHSA-ccm5-74vf-c7hj/GHSA-ccm5-74vf-c7hj.json index 6c2dd8199abce..cd5f68e448061 100644 --- a/advisories/unreviewed/2023/08/GHSA-ccm5-74vf-c7hj/GHSA-ccm5-74vf-c7hj.json +++ b/advisories/unreviewed/2023/08/GHSA-ccm5-74vf-c7hj/GHSA-ccm5-74vf-c7hj.json @@ -29,6 +29,10 @@ "type": "WEB", "url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf" }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/173943/OX-App-Suite-SSRF-SQL-Injection-Cross-Site-Scripting.html" + }, { "type": "WEB", "url": "http://seclists.org/fulldisclosure/2023/Aug/8" diff --git a/advisories/unreviewed/2023/08/GHSA-cjc3-8pfw-2m59/GHSA-cjc3-8pfw-2m59.json b/advisories/unreviewed/2023/08/GHSA-cjc3-8pfw-2m59/GHSA-cjc3-8pfw-2m59.json index 2f31b1fd51cd1..0c03a5c1fb820 100644 --- a/advisories/unreviewed/2023/08/GHSA-cjc3-8pfw-2m59/GHSA-cjc3-8pfw-2m59.json +++ b/advisories/unreviewed/2023/08/GHSA-cjc3-8pfw-2m59/GHSA-cjc3-8pfw-2m59.json @@ -28,6 +28,10 @@ { "type": "WEB", "url": "https://vuldb.com/?id.235960" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/173931/PHPJabbers-Service-Booking-Script-1.0-Cross-Site-Scripting.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2023/08/GHSA-fm74-cpjj-78g2/GHSA-fm74-cpjj-78g2.json b/advisories/unreviewed/2023/08/GHSA-fm74-cpjj-78g2/GHSA-fm74-cpjj-78g2.json new file mode 100644 index 0000000000000..6b01291a4d00d --- /dev/null +++ b/advisories/unreviewed/2023/08/GHSA-fm74-cpjj-78g2/GHSA-fm74-cpjj-78g2.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fm74-cpjj-78g2", + "modified": "2023-08-03T18:30:34Z", + "published": "2023-08-03T18:30:34Z", + "aliases": [ + "CVE-2023-22277" + ], + "details": "Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22277" + }, + { + "type": "WEB", + "url": "https://jvn.jp/en/vu/JVNVU92877622/" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/08/GHSA-h33q-26v7-q343/GHSA-h33q-26v7-q343.json b/advisories/unreviewed/2023/08/GHSA-h33q-26v7-q343/GHSA-h33q-26v7-q343.json index c87f366b40962..b4130d0c303cc 100644 --- a/advisories/unreviewed/2023/08/GHSA-h33q-26v7-q343/GHSA-h33q-26v7-q343.json +++ b/advisories/unreviewed/2023/08/GHSA-h33q-26v7-q343/GHSA-h33q-26v7-q343.json @@ -29,6 +29,10 @@ "type": "WEB", "url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf" }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/173943/OX-App-Suite-SSRF-SQL-Injection-Cross-Site-Scripting.html" + }, { "type": "WEB", "url": "http://seclists.org/fulldisclosure/2023/Aug/8" diff --git a/advisories/unreviewed/2023/08/GHSA-h3gc-qm52-jx4g/GHSA-h3gc-qm52-jx4g.json b/advisories/unreviewed/2023/08/GHSA-h3gc-qm52-jx4g/GHSA-h3gc-qm52-jx4g.json new file mode 100644 index 0000000000000..881a3cd24774b --- /dev/null +++ b/advisories/unreviewed/2023/08/GHSA-h3gc-qm52-jx4g/GHSA-h3gc-qm52-jx4g.json @@ -0,0 +1,39 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-h3gc-qm52-jx4g", + "modified": "2023-08-03T18:30:35Z", + "published": "2023-08-03T18:30:35Z", + "aliases": [ + "CVE-2023-36213" + ], + "details": "SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacker to gain privileges via the keyword parameter of the search function.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36213" + }, + { + "type": "WEB", + "url": "https://packetstormsecurity.com/files/172698/MotoCMS-3.4.3-SQL-Injection.html" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/51504" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/08/GHSA-hpjf-rjwg-v743/GHSA-hpjf-rjwg-v743.json b/advisories/unreviewed/2023/08/GHSA-hpjf-rjwg-v743/GHSA-hpjf-rjwg-v743.json index c6e18f3567d4d..f44d8c477e773 100644 --- a/advisories/unreviewed/2023/08/GHSA-hpjf-rjwg-v743/GHSA-hpjf-rjwg-v743.json +++ b/advisories/unreviewed/2023/08/GHSA-hpjf-rjwg-v743/GHSA-hpjf-rjwg-v743.json @@ -29,6 +29,10 @@ "type": "WEB", "url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf" }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/173943/OX-App-Suite-SSRF-SQL-Injection-Cross-Site-Scripting.html" + }, { "type": "WEB", "url": "http://seclists.org/fulldisclosure/2023/Aug/8" diff --git a/advisories/unreviewed/2023/08/GHSA-jfm4-3vv3-fm4v/GHSA-jfm4-3vv3-fm4v.json b/advisories/unreviewed/2023/08/GHSA-jfm4-3vv3-fm4v/GHSA-jfm4-3vv3-fm4v.json new file mode 100644 index 0000000000000..fe9c25e0a46d2 --- /dev/null +++ b/advisories/unreviewed/2023/08/GHSA-jfm4-3vv3-fm4v/GHSA-jfm4-3vv3-fm4v.json @@ -0,0 +1,38 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jfm4-3vv3-fm4v", + "modified": "2023-08-03T18:30:35Z", + "published": "2023-08-03T18:30:35Z", + "aliases": [ + "CVE-2023-4136" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27.\n\n", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4136" + }, + { + "type": "WEB", + "url": "https://docs.craftercms.org/en/4.0/security/advisory.html#cv-2023080301" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/08/GHSA-jwm5-g9ww-6h8j/GHSA-jwm5-g9ww-6h8j.json b/advisories/unreviewed/2023/08/GHSA-jwm5-g9ww-6h8j/GHSA-jwm5-g9ww-6h8j.json new file mode 100644 index 0000000000000..b1ae686c09a81 --- /dev/null +++ b/advisories/unreviewed/2023/08/GHSA-jwm5-g9ww-6h8j/GHSA-jwm5-g9ww-6h8j.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jwm5-g9ww-6h8j", + "modified": "2023-08-03T18:30:35Z", + "published": "2023-08-03T18:30:35Z", + "aliases": [ + "CVE-2023-39097" + ], + "details": "WebBoss.io CMS v3.7.0.1 contains a stored cross-site scripting (XSS) vulnerability.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39097" + }, + { + "type": "WEB", + "url": "https://realinfosec.net/advisories/WEBBOSS-P-XSS-2023-0xf8gi.html" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/08/GHSA-m4v4-wv9r-pmwf/GHSA-m4v4-wv9r-pmwf.json b/advisories/unreviewed/2023/08/GHSA-m4v4-wv9r-pmwf/GHSA-m4v4-wv9r-pmwf.json index f81e902621771..dcd8ad8e6acdf 100644 --- a/advisories/unreviewed/2023/08/GHSA-m4v4-wv9r-pmwf/GHSA-m4v4-wv9r-pmwf.json +++ b/advisories/unreviewed/2023/08/GHSA-m4v4-wv9r-pmwf/GHSA-m4v4-wv9r-pmwf.json @@ -28,6 +28,10 @@ { "type": "WEB", "url": "https://vuldb.com/?id.235963" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/173937/PHPJabbers-Taxi-Booking-2.0-Cross-Site-Scripting.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2023/08/GHSA-m5mq-q5j2-f82m/GHSA-m5mq-q5j2-f82m.json b/advisories/unreviewed/2023/08/GHSA-m5mq-q5j2-f82m/GHSA-m5mq-q5j2-f82m.json index c12e62298c0ec..da2fc43e27946 100644 --- a/advisories/unreviewed/2023/08/GHSA-m5mq-q5j2-f82m/GHSA-m5mq-q5j2-f82m.json +++ b/advisories/unreviewed/2023/08/GHSA-m5mq-q5j2-f82m/GHSA-m5mq-q5j2-f82m.json @@ -28,6 +28,10 @@ { "type": "WEB", "url": "https://vuldb.com/?id.235962" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/173936/PHPJabbers-Cleaning-Business-1.0-Cross-Site-Scripting.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2023/08/GHSA-mrh9-m2j7-5cqv/GHSA-mrh9-m2j7-5cqv.json b/advisories/unreviewed/2023/08/GHSA-mrh9-m2j7-5cqv/GHSA-mrh9-m2j7-5cqv.json new file mode 100644 index 0000000000000..8c328da65ec32 --- /dev/null +++ b/advisories/unreviewed/2023/08/GHSA-mrh9-m2j7-5cqv/GHSA-mrh9-m2j7-5cqv.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mrh9-m2j7-5cqv", + "modified": "2023-08-03T18:30:34Z", + "published": "2023-08-03T18:30:34Z", + "aliases": [ + "CVE-2023-39096" + ], + "details": "WebBoss.io CMS v3.7.0.1 contains a stored Cross-Site Scripting (XSS) vulnerability due to lack of input validation and output encoding.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39096" + }, + { + "type": "WEB", + "url": "https://www.realinfosec.net/advisories/WEBBOSS-P-XSS-2023-0xt2tt.html" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/08/GHSA-p36c-2mv6-8m8q/GHSA-p36c-2mv6-8m8q.json b/advisories/unreviewed/2023/08/GHSA-p36c-2mv6-8m8q/GHSA-p36c-2mv6-8m8q.json new file mode 100644 index 0000000000000..6ae771b21ed22 --- /dev/null +++ b/advisories/unreviewed/2023/08/GHSA-p36c-2mv6-8m8q/GHSA-p36c-2mv6-8m8q.json @@ -0,0 +1,42 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p36c-2mv6-8m8q", + "modified": "2023-08-03T18:30:35Z", + "published": "2023-08-03T18:30:35Z", + "aliases": [ + "CVE-2023-3180" + ], + "details": "A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3180" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2023-3180" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222424" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/08/GHSA-p39h-6928-4fq5/GHSA-p39h-6928-4fq5.json b/advisories/unreviewed/2023/08/GHSA-p39h-6928-4fq5/GHSA-p39h-6928-4fq5.json new file mode 100644 index 0000000000000..f7ed0c76fd4e5 --- /dev/null +++ b/advisories/unreviewed/2023/08/GHSA-p39h-6928-4fq5/GHSA-p39h-6928-4fq5.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p39h-6928-4fq5", + "modified": "2023-08-03T18:30:35Z", + "published": "2023-08-03T18:30:35Z", + "aliases": [ + "CVE-2023-38948" + ], + "details": "An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38948" + }, + { + "type": "WEB", + "url": "https://gitee.com/CTF-hacker/pwn/issues/I7LI4E" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/08/GHSA-q62x-pq6x-fhvw/GHSA-q62x-pq6x-fhvw.json b/advisories/unreviewed/2023/08/GHSA-q62x-pq6x-fhvw/GHSA-q62x-pq6x-fhvw.json new file mode 100644 index 0000000000000..6536ece38aba1 --- /dev/null +++ b/advisories/unreviewed/2023/08/GHSA-q62x-pq6x-fhvw/GHSA-q62x-pq6x-fhvw.json @@ -0,0 +1,39 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q62x-pq6x-fhvw", + "modified": "2023-08-03T18:30:35Z", + "published": "2023-08-03T18:30:35Z", + "aliases": [ + "CVE-2023-33366" + ], + "details": "A SQL injection vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows authenticated users to inject arbitrary SQL directives into an SQL statement and execute arbitrary SQL commands.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33366" + }, + { + "type": "WEB", + "url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33366" + }, + { + "type": "WEB", + "url": "https://kb.supremainc.com/knowledge/doku.php?id=en:release_note_291" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/08/GHSA-r758-p8pr-8jvg/GHSA-r758-p8pr-8jvg.json b/advisories/unreviewed/2023/08/GHSA-r758-p8pr-8jvg/GHSA-r758-p8pr-8jvg.json new file mode 100644 index 0000000000000..2aedff5b529c3 --- /dev/null +++ b/advisories/unreviewed/2023/08/GHSA-r758-p8pr-8jvg/GHSA-r758-p8pr-8jvg.json @@ -0,0 +1,35 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r758-p8pr-8jvg", + "modified": "2023-08-03T18:30:35Z", + "published": "2023-08-03T18:30:35Z", + "aliases": [ + "CVE-2023-39075" + ], + "details": "Renault Zoe EV 2021 automotive infotainment system versions 283C35202R to 283C35519R (builds 11.10.2021 to 16.01.2023) allows attackers to crash the infotainment system by sending arbitrary USB data via a USB device.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39075" + }, + { + "type": "WEB", + "url": "https://blog.jhyeon.dev/posts/vuln/202307/renault-zoe/" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/08/GHSA-rq8q-w9hr-c2fr/GHSA-rq8q-w9hr-c2fr.json b/advisories/unreviewed/2023/08/GHSA-rq8q-w9hr-c2fr/GHSA-rq8q-w9hr-c2fr.json index ff66fc0644c82..cd907f9f3f5eb 100644 --- a/advisories/unreviewed/2023/08/GHSA-rq8q-w9hr-c2fr/GHSA-rq8q-w9hr-c2fr.json +++ b/advisories/unreviewed/2023/08/GHSA-rq8q-w9hr-c2fr/GHSA-rq8q-w9hr-c2fr.json @@ -28,6 +28,14 @@ { "type": "WEB", "url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/173943/OX-App-Suite-SSRF-SQL-Injection-Cross-Site-Scripting.html" + }, + { + "type": "WEB", + "url": "http://seclists.org/fulldisclosure/2023/Aug/8" } ], "database_specific": { diff --git a/advisories/unreviewed/2023/08/GHSA-rwp5-x9r4-2qm2/GHSA-rwp5-x9r4-2qm2.json b/advisories/unreviewed/2023/08/GHSA-rwp5-x9r4-2qm2/GHSA-rwp5-x9r4-2qm2.json new file mode 100644 index 0000000000000..38ab3ea3f2f4e --- /dev/null +++ b/advisories/unreviewed/2023/08/GHSA-rwp5-x9r4-2qm2/GHSA-rwp5-x9r4-2qm2.json @@ -0,0 +1,39 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rwp5-x9r4-2qm2", + "modified": "2023-08-03T18:30:34Z", + "published": "2023-08-03T18:30:34Z", + "aliases": [ + "CVE-2022-26838" + ], + "details": "Path traversal vulnerability in Importing Mobile Device Data of Cybozu Remote Service 3.1.2 allows a remote authenticated attacker to cause a denial-of-service (DoS) condition.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26838" + }, + { + "type": "WEB", + "url": "https://jvn.jp/en/jp/JVN52694228/" + }, + { + "type": "WEB", + "url": "https://kb.cybozu.support/article/37653/" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/08/GHSA-vvf9-x2f5-h29c/GHSA-vvf9-x2f5-h29c.json b/advisories/unreviewed/2023/08/GHSA-vvf9-x2f5-h29c/GHSA-vvf9-x2f5-h29c.json index 77080698eba03..74d088e524bdf 100644 --- a/advisories/unreviewed/2023/08/GHSA-vvf9-x2f5-h29c/GHSA-vvf9-x2f5-h29c.json +++ b/advisories/unreviewed/2023/08/GHSA-vvf9-x2f5-h29c/GHSA-vvf9-x2f5-h29c.json @@ -29,6 +29,10 @@ "type": "WEB", "url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf" }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/173943/OX-App-Suite-SSRF-SQL-Injection-Cross-Site-Scripting.html" + }, { "type": "WEB", "url": "http://seclists.org/fulldisclosure/2023/Aug/8" diff --git a/advisories/unreviewed/2023/08/GHSA-w3j7-w57f-mrwq/GHSA-w3j7-w57f-mrwq.json b/advisories/unreviewed/2023/08/GHSA-w3j7-w57f-mrwq/GHSA-w3j7-w57f-mrwq.json new file mode 100644 index 0000000000000..8409dc140f18c --- /dev/null +++ b/advisories/unreviewed/2023/08/GHSA-w3j7-w57f-mrwq/GHSA-w3j7-w57f-mrwq.json @@ -0,0 +1,42 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w3j7-w57f-mrwq", + "modified": "2023-08-03T18:30:35Z", + "published": "2023-08-03T18:30:35Z", + "aliases": [ + "CVE-2023-4133" + ], + "details": "A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4133" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2023-4133" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221702" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/08/GHSA-w8fx-ccjx-3crw/GHSA-w8fx-ccjx-3crw.json b/advisories/unreviewed/2023/08/GHSA-w8fx-ccjx-3crw/GHSA-w8fx-ccjx-3crw.json index fe5dd563eb291..ec2c4b0652cd1 100644 --- a/advisories/unreviewed/2023/08/GHSA-w8fx-ccjx-3crw/GHSA-w8fx-ccjx-3crw.json +++ b/advisories/unreviewed/2023/08/GHSA-w8fx-ccjx-3crw/GHSA-w8fx-ccjx-3crw.json @@ -28,6 +28,10 @@ { "type": "WEB", "url": "https://vuldb.com/?id.235966" + }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/173941/Academy-LMS-6.0-Cross-Site-Scripting.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2023/08/GHSA-wc5r-96vx-4jj6/GHSA-wc5r-96vx-4jj6.json b/advisories/unreviewed/2023/08/GHSA-wc5r-96vx-4jj6/GHSA-wc5r-96vx-4jj6.json new file mode 100644 index 0000000000000..78126e0b37088 --- /dev/null +++ b/advisories/unreviewed/2023/08/GHSA-wc5r-96vx-4jj6/GHSA-wc5r-96vx-4jj6.json @@ -0,0 +1,39 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wc5r-96vx-4jj6", + "modified": "2023-08-03T18:30:35Z", + "published": "2023-08-03T18:30:35Z", + "aliases": [ + "CVE-2023-33364" + ], + "details": "An OS Command injection vulnerability exists in Suprema BioStar 2 before V2.9.1, which allows authenticated users to execute arbitrary OS commands on the BioStar 2 server.", + "severity": [ + + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33364" + }, + { + "type": "WEB", + "url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33364" + }, + { + "type": "WEB", + "url": "https://kb.supremainc.com/knowledge/doku.php?id=en:release_note_291" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/08/GHSA-wwrg-2w5j-grvx/GHSA-wwrg-2w5j-grvx.json b/advisories/unreviewed/2023/08/GHSA-wwrg-2w5j-grvx/GHSA-wwrg-2w5j-grvx.json new file mode 100644 index 0000000000000..fca696fbfed99 --- /dev/null +++ b/advisories/unreviewed/2023/08/GHSA-wwrg-2w5j-grvx/GHSA-wwrg-2w5j-grvx.json @@ -0,0 +1,42 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wwrg-2w5j-grvx", + "modified": "2023-08-03T18:30:35Z", + "published": "2023-08-03T18:30:35Z", + "aliases": [ + "CVE-2023-4138" + ], + "details": "Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.0.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4138" + }, + { + "type": "WEB", + "url": "https://github.com/ikus060/rdiffweb/commit/feef0d7b11d86aed29bf98c21526088117964d85" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/1b1fa915-d588-4bb1-9e82-6a6be79befed" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-770" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/08/GHSA-xq7r-2vx2-8jgj/GHSA-xq7r-2vx2-8jgj.json b/advisories/unreviewed/2023/08/GHSA-xq7r-2vx2-8jgj/GHSA-xq7r-2vx2-8jgj.json index d6920f20c59b8..dc5426c8a223a 100644 --- a/advisories/unreviewed/2023/08/GHSA-xq7r-2vx2-8jgj/GHSA-xq7r-2vx2-8jgj.json +++ b/advisories/unreviewed/2023/08/GHSA-xq7r-2vx2-8jgj/GHSA-xq7r-2vx2-8jgj.json @@ -29,6 +29,10 @@ "type": "WEB", "url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf" }, + { + "type": "WEB", + "url": "http://packetstormsecurity.com/files/173943/OX-App-Suite-SSRF-SQL-Injection-Cross-Site-Scripting.html" + }, { "type": "WEB", "url": "http://seclists.org/fulldisclosure/2023/Aug/8"