admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 11:07:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-24T23:55:25.062324+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-24 23:55:28 +00:00
parent 9a51243e8e
commit 0637fa750f
24 changed files with 1475 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
CVE-2021/CVE-2021-333xx/CVE-2021-33388.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2021-33388",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:20.567",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-24T22:02:17.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "dpic 2021.04.10 has a Heap Buffer Overflow in themakevar() function in dpic.y"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dpic_project:dpic:2021-04-10:*:*:*:*:*:*:*",
"matchCriteriaId": "B0D7A771-9B89-493C-A209-6121099F0035"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/aplevich/dpic/-/issues/8",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2021/CVE-2021-333xx/CVE-2021-33390.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2021-33390",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:20.617",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-24T22:03:03.697",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "dpic 2021.04.10 has a use-after-free in thedeletestringbox() function in dpic.y. A different vulnerablility than CVE-2021-32421."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dpic_project:dpic:2021-04-10:*:*:*:*:*:*:*",
"matchCriteriaId": "B0D7A771-9B89-493C-A209-6121099F0035"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/aplevich/dpic/-/issues/10",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2022/CVE-2022-280xx/CVE-2022-28068.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2022-28068",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:22.423",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-24T22:03:29.030",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4.0."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:radare:radare2:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "834B6EB8-099A-469F-ADA3-183E51E43717"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:radare:radare2:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DEDA4E-172C-482D-8527-D9AEF8A1D7CC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/radareorg/radare2/commit/637f4bd1af6752e28e0a9998e954e2e9ce6fa992",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

69
CVE-2022/CVE-2022-280xx/CVE-2022-28069.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2022-28069",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:22.513",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-24T22:03:46.670",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:radare:radare2:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "834B6EB8-099A-469F-ADA3-183E51E43717"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:radare:radare2:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DEDA4E-172C-482D-8527-D9AEF8A1D7CC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/radareorg/radare2/commit/49b0cebfdf0db9704e36f8a5533f1df6d3e2ed3a",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

69
CVE-2022/CVE-2022-280xx/CVE-2022-28070.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2022-28070",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:22.583",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-24T22:04:19.953",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:radare:radare2:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "834B6EB8-099A-469F-ADA3-183E51E43717"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:radare:radare2:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DEDA4E-172C-482D-8527-D9AEF8A1D7CC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/radareorg/radare2/commit/4aff1bb00224de4f5bc118f987dfd5d2fe3450d0",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

69
CVE-2022/CVE-2022-280xx/CVE-2022-28071.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2022-28071",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:22.667",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-24T22:04:41.027",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:radare:radare2:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "834B6EB8-099A-469F-ADA3-183E51E43717"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:radare:radare2:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DEDA4E-172C-482D-8527-D9AEF8A1D7CC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/radareorg/radare2/commit/65448811e5b9582a19cf631e03cfcaa025a92ef5",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

69
CVE-2022/CVE-2022-280xx/CVE-2022-28072.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2022-28072",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:22.740",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-24T22:04:59.273",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4.0."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:radare:radare2:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "834B6EB8-099A-469F-ADA3-183E51E43717"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:radare:radare2:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DEDA4E-172C-482D-8527-D9AEF8A1D7CC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/radareorg/radare2/commit/027cd9b7274988bb1af866539ba6c2fa2ff63e45",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

69
CVE-2022/CVE-2022-280xx/CVE-2022-28073.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2022-28073",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:22.843",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-24T22:05:12.257",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:radare:radare2:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "834B6EB8-099A-469F-ADA3-183E51E43717"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:radare:radare2:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DEDA4E-172C-482D-8527-D9AEF8A1D7CC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/radareorg/radare2/commit/59a9dfb60acf8b5c0312061cffd9693fc9526053",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

26
CVE-2022/CVE-2022-392xx/CVE-2022-39266.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-39266",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-09-29T18:15:10.227",
"lastModified": "2023-07-14T17:24:45.333",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-24T23:15:07.693",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "isolated-vm is a library for nodejs which gives the user access to v8's Isolate interface. In versions 4.3.6 and prior, if the untrusted v8 cached data is passed to the API through CachedDataOptions, attackers can bypass the sandbox and run arbitrary code in the nodejs process. As of time of publication, there are no known fixed versions or workarounds."
"value": "isolated-vm is a library for nodejs which gives the user access to v8's Isolate interface. In versions 4.3.6 and prior, if the untrusted v8 cached data is passed to the API through CachedDataOptions, attackers can bypass the sandbox and run arbitrary code in the nodejs process. Version 4.3.7 changes the documentation to warn users that they should not accept `cachedData` payloads from a user."
},
{
"lang": "es",
@ -60,7 +60,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
@ -69,12 +69,12 @@
},
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-693"
}
]
},
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
@ -83,7 +83,7 @@
},
{
"lang": "en",
"value": "CWE-693"
"value": "NVD-CWE-Other"
}
]
}
@ -107,6 +107,18 @@
}
],
"references": [
{
"url": "https://github.com/laverdet/isolated-vm/commit/218e87a6d4e8cb818bea76d1ab30cd0be51920e8",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/laverdet/isolated-vm/commits/v4.3.7",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/laverdet/isolated-vm/issues/379",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/laverdet/isolated-vm/security/advisories/GHSA-2jjq-x548-rhpv",
"source": "security-advisories@github.com",

75
CVE-2023/CVE-2023-235xx/CVE-2023-23563.json
View File

@ -2,27 +2,90 @@
"id": "CVE-2023-23563",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:32.563",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-24T22:05:24.360",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to obtain sensitive database content via SQL Injection."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:geomatika:isigeo_web:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E8D9BA-5485-46B9-A2F5-10441D984215"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Orange-Cyberdefense/CVE-repository",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/Orange-Cyberdefense/CVE-repository/blob/master/PoCs/poc_geomatika_isigeoweb.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.geomatika.fr/isigeo-web/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

75
CVE-2023/CVE-2023-235xx/CVE-2023-23564.json
View File

@ -2,27 +2,90 @@
"id": "CVE-2023-23564",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:32.647",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-24T22:05:33.550",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to execute commands."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:geomatika:isigeo_web:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E8D9BA-5485-46B9-A2F5-10441D984215"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Orange-Cyberdefense/CVE-repository",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/Orange-Cyberdefense/CVE-repository/blob/master/PoCs/poc_geomatika_isigeoweb.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.geomatika.fr/isigeo-web/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

75
CVE-2023/CVE-2023-235xx/CVE-2023-23565.json
View File

@ -2,27 +2,90 @@
"id": "CVE-2023-23565",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:32.720",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-24T22:05:49.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retrieve PHP files from the server via Local File Inclusion."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:geomatika:isigeo_web:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E8D9BA-5485-46B9-A2F5-10441D984215"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Orange-Cyberdefense/CVE-repository",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/Orange-Cyberdefense/CVE-repository/blob/master/PoCs/poc_geomatika_isigeoweb.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.geomatika.fr/isigeo-web/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

67
CVE-2023/CVE-2023-320xx/CVE-2023-32077.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-32077",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-24T22:15:08.077",
"lastModified": "2023-08-24T22:15:08.077",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone who is using version 0.17.1 can pull the latest docker image of the backend and restart the server."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-321"
}
]
}
],
"references": [
{
"url": "https://github.com/gravitl/netmaker/commit/1621c27c1d176b639e9768b2acad7693e387fd51",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/gravitl/netmaker/commit/9362c39a9a822f0e07361aa7c77af2610597e657",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/gravitl/netmaker/pull/2170",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/gravitl/netmaker/security/advisories/GHSA-8x8h-hcq8-jwwx",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-320xx/CVE-2023-32078.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-32078",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-24T22:15:10.267",
"lastModified": "2023-08-24T23:15:08.447",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Netmaker makes networks with WireGuard. An Insecure Direct Object Reference (IDOR) vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user's username, it was possible to update the other user's password. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone using version 0.17.1 can pull the latest docker image of the backend and restart the server."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://github.com/gravitl/netmaker/commit/b3be57c65bf0bbfab43b66853c8e3637a43e2839",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/gravitl/netmaker/pull/2158",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/gravitl/netmaker/security/advisories/GHSA-256m-j5qw-38f4",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-320xx/CVE-2023-32079.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32079",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-24T23:15:08.570",
"lastModified": "2023-08-24T23:15:08.570",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Netmaker makes networks with WireGuard. A Mass assignment vulnerability was found in versions prior to 0.17.1 and 0.18.6 that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone using version 0.17.1 can pull the latest docker image of the backend and restart the server."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-915"
}
]
}
],
"references": [
{
"url": "https://github.com/gravitl/netmaker/security/advisories/GHSA-826j-8wp2-4x6q",
"source": "security-advisories@github.com"
}
]
}

71
CVE-2023/CVE-2023-374xx/CVE-2023-37469.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-37469",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-24T23:15:08.700",
"lastModified": "2023-08-24T23:15:08.700",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://github.com/IceWhaleTech/CasaOS/blob/96e92842357230098c771bc41fd3baf46189b859/route/v1/samba.go#L121",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/IceWhaleTech/CasaOS/blob/96e92842357230098c771bc41fd3baf46189b859/service/connections.go#L58",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/IceWhaleTech/CasaOS/commit/af440eac5563644854ff33f72041e52d3fd1f47c",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/IceWhaleTech/CasaOS/releases/tag/v0.4.4",
"source": "security-advisories@github.com"
},
{
"url": "https://securitylab.github.com/advisories/GHSL-2022-119_CasaOS/",
"source": "security-advisories@github.com"
}
]
}

71
CVE-2023/CVE-2023-385xx/CVE-2023-38508.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-38508",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-24T23:15:08.803",
"lastModified": "2023-08-24T23:15:08.803",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to versions 14.10-6 and 14.11-3, the preview of an artifact link with a type does not respect the project, tracker and artifact level permissions. The issue occurs on the artifact view (not reproducible on the artifact modal). Users might get access to information they should not have access to. Only the title, status, assigned to and last update date fields as defined by the semantics are impacted. If those fields have strict permissions (e.g. the title is only visible to a specific user group) those permissions are still enforced. Tuleap Community Edition 14.11.99.28, Tuleap Enterprise Edition 14.10-6, and Tuleap Enterprise Edition 14.11-3 contain a fix for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-285"
},
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://github.com/Enalean/tuleap/commit/307c1c8044522a2dcc711062b18a3b3f9059a6c3",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-h637-g4xp-2992",
"source": "security-advisories@github.com"
},
{
"url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=307c1c8044522a2dcc711062b18a3b3f9059a6c3",
"source": "security-advisories@github.com"
},
{
"url": "https://tuleap.net/plugins/tracker/?aid=33608",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-395xx/CVE-2023-39519.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-39519",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-24T23:15:08.907",
"lastModified": "2023-08-24T23:15:08.907",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cloud Explorer Lite is an open source cloud management platform. Prior to version 1.4.0, there is a risk of sensitive information leakage in the user information acquisition of CloudExplorer Lite. The vulnerability has been fixed in version 1.4.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/releases/tag/v1.4.0",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-hh2g-77xq-x4vq",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2023/CVE-2023-395xx/CVE-2023-39521.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-39521",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-24T23:15:09.000",
"lastModified": "2023-08-24T23:15:09.000",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to versions 14.10-6 and 14.11-3, content displayed in the \"card fields\" (visible in the kanban and PV2 apps) is not properly escaped. An agile dashboard administrator deleting a kanban with a malicious label can be forced to execute uncontrolled code. Tuleap Community Edition 14.11.99.28, Tuleap Enterprise Edition 14.10-6, and Tuleap Enterprise Edition 14.11-3 contain a fix for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/Enalean/tuleap/commit/93d10654b1d95c5bf500204666310418b01b8a8d",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-h9xc-w7qq-vpfc",
"source": "security-advisories@github.com"
},
{
"url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=93d10654b1d95c5bf500204666310418b01b8a8d",
"source": "security-advisories@github.com"
},
{
"url": "https://tuleap.net/plugins/tracker/?aid=33656",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-400xx/CVE-2023-40017.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-40017",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-24T23:15:09.097",
"lastModified": "2023-08-24T23:15:09.097",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint `/proxy/?url=` does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and request information from internal hosts. A patch is available at commit a9eebae80cb362009660a1fd49e105e7cdb499b9."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://github.com/GeoNode/geonode/commit/a9eebae80cb362009660a1fd49e105e7cdb499b9",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/GeoNode/geonode/security/advisories/GHSA-rmxg-6qqf-x8mr",
"source": "security-advisories@github.com"
}
]
}

71
CVE-2023/CVE-2023-400xx/CVE-2023-40022.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-40022",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-24T23:15:09.177",
"lastModified": "2023-08-24T23:15:09.177",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in `consume_count` of `src/gnu_v2/cplus-dem.c`. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block as unreachable code since the prior statement is multiplication by 10 and fails to consider overflow assuming the count will always be a multiple of 10. Rizin version 0.6.1 contains a fix for the issue. A temporary workaround would be disabling C++ demangling using the configuration option `bin.demangle=false`."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"references": [
{
"url": "https://github.com/rizinorg/rizin/pull/3753",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-92h6-wwc2-53cq",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/rizinorg/rz-libdemangle/blob/main/src/gnu_v2/cplus-dem.c#L419",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/rizinorg/rz-libdemangle/commit/51d016750e704b27ab8ace23c0f72acabca67018",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/rizinorg/rz-libdemangle/pull/54",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2023/CVE-2023-400xx/CVE-2023-40030.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-40030",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-24T23:15:09.287",
"lastModified": "2023-08-24T23:15:09.287",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cargo downloads a Rust project\u2019s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by `cargo build --timings`. A malicious package included as a dependency may inject nearly arbitrary HTML here, potentially leading to cross-site scripting if the report is subsequently uploaded somewhere. The vulnerability affects users relying on dependencies from git, local paths, or alternative registries. Users who solely depend on crates.io are unaffected.\n\nRust 1.60.0 introduced `cargo build --timings`, which produces a report of how long the different steps of the build process took. It includes lists of Cargo features for each crate. Prior to Rust 1.72, Cargo feature names were allowed to contain almost any characters (with some exceptions as used by the feature syntax), but it would produce a future incompatibility warning about them since Rust 1.49. crates.io is far more stringent about what it considers a valid feature name and has not allowed such feature names. As the feature names were included unescaped in the timings report, they could be used to inject Javascript into the page, for example with a feature name like `features = [\"<img src='' onerror=alert(0)\"]`. If this report were subsequently uploaded to a domain that uses credentials, the injected Javascript could access resources from the website visitor.\n\nThis issue was fixed in Rust 1.72 by turning the future incompatibility warning into an error. Users should still exercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io has server-side checks preventing this attack, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to excercise care in choosing their dependencies though, as remote code execution is allowed by design there as well."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/rust-lang/cargo/commit/9835622853f08be9a4b58ebe29dcec8f43b64b33",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/rust-lang/cargo/commit/f975722a0eac934c0722f111f107c4ea2f5c4365",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/rust-lang/cargo/pull/12291",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/rust-lang/cargo/security/advisories/GHSA-wrrj-h57r-vx9p",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-45xx/CVE-2023-4508.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-4508",
"sourceIdentifier": "security@ubuntu.com",
"published": "2023-08-24T23:15:09.380",
"lastModified": "2023-08-24T23:15:09.380",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@ubuntu.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@ubuntu.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-824"
}
]
}
],
"references": [
{
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4508",
"source": "security@ubuntu.com"
},
{
"url": "https://github.com/gerbv/gerbv/commit/dfb5aac533a3f9e8ccd93ca217a753258cba4fe5",
"source": "security@ubuntu.com"
},
{
"url": "https://github.com/gerbv/gerbv/issues/191",
"source": "security@ubuntu.com"
}
]
}

59
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-24T22:00:25.415449+00:00
2023-08-24T23:55:25.062324+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-24T21:59:32.583000+00:00
2023-08-24T23:15:09.380000+00:00
```
### Last Data Feed Release
@ -29,45 +29,42 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
223394
223405
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `11`
* [CVE-2023-39801](CVE-2023/CVE-2023-398xx/CVE-2023-39801.json) (`2023-08-24T20:15:08.657`)
* [CVE-2023-32077](CVE-2023/CVE-2023-320xx/CVE-2023-32077.json) (`2023-08-24T22:15:08.077`)
* [CVE-2023-32078](CVE-2023/CVE-2023-320xx/CVE-2023-32078.json) (`2023-08-24T22:15:10.267`)
* [CVE-2023-32079](CVE-2023/CVE-2023-320xx/CVE-2023-32079.json) (`2023-08-24T23:15:08.570`)
* [CVE-2023-37469](CVE-2023/CVE-2023-374xx/CVE-2023-37469.json) (`2023-08-24T23:15:08.700`)
* [CVE-2023-38508](CVE-2023/CVE-2023-385xx/CVE-2023-38508.json) (`2023-08-24T23:15:08.803`)
* [CVE-2023-39519](CVE-2023/CVE-2023-395xx/CVE-2023-39519.json) (`2023-08-24T23:15:08.907`)
* [CVE-2023-39521](CVE-2023/CVE-2023-395xx/CVE-2023-39521.json) (`2023-08-24T23:15:09.000`)
* [CVE-2023-40017](CVE-2023/CVE-2023-400xx/CVE-2023-40017.json) (`2023-08-24T23:15:09.097`)
* [CVE-2023-40022](CVE-2023/CVE-2023-400xx/CVE-2023-40022.json) (`2023-08-24T23:15:09.177`)
* [CVE-2023-40030](CVE-2023/CVE-2023-400xx/CVE-2023-40030.json) (`2023-08-24T23:15:09.287`)
* [CVE-2023-4508](CVE-2023/CVE-2023-45xx/CVE-2023-4508.json) (`2023-08-24T23:15:09.380`)
### CVEs modified in the last Commit
Recently modified CVEs: `50`
Recently modified CVEs: `12`
* [CVE-2023-38836](CVE-2023/CVE-2023-388xx/CVE-2023-38836.json) (`2023-08-24T21:07:15.960`)
* [CVE-2023-32002](CVE-2023/CVE-2023-320xx/CVE-2023-32002.json) (`2023-08-24T21:09:53.487`)
* [CVE-2023-4455](CVE-2023/CVE-2023-44xx/CVE-2023-4455.json) (`2023-08-24T21:11:31.950`)
* [CVE-2023-38035](CVE-2023/CVE-2023-380xx/CVE-2023-38035.json) (`2023-08-24T21:13:56.893`)
* [CVE-2023-4454](CVE-2023/CVE-2023-44xx/CVE-2023-4454.json) (`2023-08-24T21:14:29.063`)
* [CVE-2023-4453](CVE-2023/CVE-2023-44xx/CVE-2023-4453.json) (`2023-08-24T21:14:48.307`)
* [CVE-2023-4450](CVE-2023/CVE-2023-44xx/CVE-2023-4450.json) (`2023-08-24T21:20:48.827`)
* [CVE-2023-39751](CVE-2023/CVE-2023-397xx/CVE-2023-39751.json) (`2023-08-24T21:22:30.270`)
* [CVE-2023-39750](CVE-2023/CVE-2023-397xx/CVE-2023-39750.json) (`2023-08-24T21:24:15.563`)
* [CVE-2023-39749](CVE-2023/CVE-2023-397xx/CVE-2023-39749.json) (`2023-08-24T21:24:40.110`)
* [CVE-2023-38894](CVE-2023/CVE-2023-388xx/CVE-2023-38894.json) (`2023-08-24T21:25:14.317`)
* [CVE-2023-38889](CVE-2023/CVE-2023-388xx/CVE-2023-38889.json) (`2023-08-24T21:25:23.500`)
* [CVE-2023-31041](CVE-2023/CVE-2023-310xx/CVE-2023-31041.json) (`2023-08-24T21:26:16.843`)
* [CVE-2023-39660](CVE-2023/CVE-2023-396xx/CVE-2023-39660.json) (`2023-08-24T21:28:27.337`)
* [CVE-2023-38899](CVE-2023/CVE-2023-388xx/CVE-2023-38899.json) (`2023-08-24T21:32:56.497`)
* [CVE-2023-4303](CVE-2023/CVE-2023-43xx/CVE-2023-4303.json) (`2023-08-24T21:35:28.103`)
* [CVE-2023-4302](CVE-2023/CVE-2023-43xx/CVE-2023-4302.json) (`2023-08-24T21:36:00.570`)
* [CVE-2023-4301](CVE-2023/CVE-2023-43xx/CVE-2023-4301.json) (`2023-08-24T21:36:21.440`)
* [CVE-2023-25915](CVE-2023/CVE-2023-259xx/CVE-2023-25915.json) (`2023-08-24T21:37:26.140`)
* [CVE-2023-25914](CVE-2023/CVE-2023-259xx/CVE-2023-25914.json) (`2023-08-24T21:38:58.693`)
* [CVE-2023-25913](CVE-2023/CVE-2023-259xx/CVE-2023-25913.json) (`2023-08-24T21:39:11.560`)
* [CVE-2023-38158](CVE-2023/CVE-2023-381xx/CVE-2023-38158.json) (`2023-08-24T21:39:33.910`)
* [CVE-2023-36787](CVE-2023/CVE-2023-367xx/CVE-2023-36787.json) (`2023-08-24T21:39:50.107`)
* [CVE-2023-4459](CVE-2023/CVE-2023-44xx/CVE-2023-4459.json) (`2023-08-24T21:40:25.650`)
* [CVE-2023-3366](CVE-2023/CVE-2023-33xx/CVE-2023-3366.json) (`2023-08-24T21:41:42.800`)
* [CVE-2021-33388](CVE-2021/CVE-2021-333xx/CVE-2021-33388.json) (`2023-08-24T22:02:17.067`)
* [CVE-2021-33390](CVE-2021/CVE-2021-333xx/CVE-2021-33390.json) (`2023-08-24T22:03:03.697`)
* [CVE-2022-28068](CVE-2022/CVE-2022-280xx/CVE-2022-28068.json) (`2023-08-24T22:03:29.030`)
* [CVE-2022-28069](CVE-2022/CVE-2022-280xx/CVE-2022-28069.json) (`2023-08-24T22:03:46.670`)
* [CVE-2022-28070](CVE-2022/CVE-2022-280xx/CVE-2022-28070.json) (`2023-08-24T22:04:19.953`)
* [CVE-2022-28071](CVE-2022/CVE-2022-280xx/CVE-2022-28071.json) (`2023-08-24T22:04:41.027`)
* [CVE-2022-28072](CVE-2022/CVE-2022-280xx/CVE-2022-28072.json) (`2023-08-24T22:04:59.273`)
* [CVE-2022-28073](CVE-2022/CVE-2022-280xx/CVE-2022-28073.json) (`2023-08-24T22:05:12.257`)
* [CVE-2022-39266](CVE-2022/CVE-2022-392xx/CVE-2022-39266.json) (`2023-08-24T23:15:07.693`)
* [CVE-2023-23563](CVE-2023/CVE-2023-235xx/CVE-2023-23563.json) (`2023-08-24T22:05:24.360`)
* [CVE-2023-23564](CVE-2023/CVE-2023-235xx/CVE-2023-23564.json) (`2023-08-24T22:05:33.550`)
* [CVE-2023-23565](CVE-2023/CVE-2023-235xx/CVE-2023-23565.json) (`2023-08-24T22:05:49.407`)
## Download and Usage