admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-06T20:00:24.513007+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-06 20:00:28 +00:00
parent ea5508786b
commit 08ab252776
32 changed files with 1736 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
CVE-2020/CVE-2020-101xx/CVE-2020-10129.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2020-10129",
"sourceIdentifier": "cret@cert.org",
"published": "2023-09-06T19:15:43.727",
"lastModified": "2023-09-06T19:15:43.727",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality."
}
],
"metrics": {},
"weaknesses": [
{
"source": "cret@cert.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-266"
}
]
}
],
"references": [
{
"url": "https://developer.searchblox.com/v9.2/changelog/version-91",
"source": "cret@cert.org"
}
]
}

32
CVE-2020/CVE-2020-101xx/CVE-2020-10130.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2020-10130",
"sourceIdentifier": "cret@cert.org",
"published": "2023-09-06T19:15:43.847",
"lastModified": "2023-09-06T19:15:43.847",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system."
}
],
"metrics": {},
"weaknesses": [
{
"source": "cret@cert.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://developer.searchblox.com/v9.2/changelog/version-91",
"source": "cret@cert.org"
}
]
}

32
CVE-2020/CVE-2020-101xx/CVE-2020-10131.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2020-10131",
"sourceIdentifier": "cret@cert.org",
"published": "2023-09-06T19:15:43.913",
"lastModified": "2023-09-06T19:15:43.913",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in \"Featured Results\" parameter."
}
],
"metrics": {},
"weaknesses": [
{
"source": "cret@cert.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
]
}
],
"references": [
{
"url": "https://developer.searchblox.com/v9.2/changelog/version-921",
"source": "cret@cert.org"
}
]
}

32
CVE-2020/CVE-2020-101xx/CVE-2020-10132.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2020-10132",
"sourceIdentifier": "cret@cert.org",
"published": "2023-09-06T19:15:43.987",
"lastModified": "2023-09-06T19:15:43.987",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration."
}
],
"metrics": {},
"weaknesses": [
{
"source": "cret@cert.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://developer.searchblox.com/v9.2/changelog/version-91",
"source": "cret@cert.org"
}
]
}

32
CVE-2023/CVE-2023-09xx/CVE-2023-0925.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-0925",
"sourceIdentifier": "cret@cert.org",
"published": "2023-09-06T18:15:07.897",
"lastModified": "2023-09-06T18:15:07.897",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry (listening on TCP port 2099 by default) and two RMI interfaces (listening on a single, dynamically assigned TCP high port).\r\n\r\nPort 2099 serves as a Java Remote Method Invocation (RMI) registry which allows for remotely loading and processing data via RMI interfaces. An unauthenticated attacker with network connectivity to the RMI registry and RMI interface ports can abuse this functionality to instruct the webMethods OneData application to load a malicious serialized Java object as a parameter to one of the available Java methods presented by the RMI interface. Once deserialized on the vulnerable server, the malicious code runs as whichever operating system account is used to run the software, which in most cases is the local System account on Windows."
}
],
"metrics": {},
"weaknesses": [
{
"source": "cret@cert.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://www.softwareag.com/en_corporate/platform/integration-apis/webmethods-integration.html",
"source": "cret@cert.org"
}
]
}

43
CVE-2023/CVE-2023-202xx/CVE-2023-20238.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20238",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-09-06T18:15:08.043",
"lastModified": "2023-09-06T18:15:08.043",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to forge the credentials required to access an affected system.\r\n\r This vulnerability is due to the method used to validate SSO tokens. An attacker could exploit this vulnerability by authenticating to the application with forged credentials. A successful exploit could allow the attacker to commit toll fraud or to execute commands at the privilege level of the forged account. If that account is an Administrator account, the attacker would have the ability to view confidential information, modify customer settings, or modify settings for other users. To exploit this vulnerability, the attacker would need a valid user ID that is associated with an affected Cisco BroadWorks system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-auth-bypass-kCggMWhX",
"source": "ykramarz@cisco.com"
}
]
}

43
CVE-2023/CVE-2023-202xx/CVE-2023-20243.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20243",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-09-06T18:15:08.133",
"lastModified": "2023-09-06T18:15:08.133",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets.\r\n\r This vulnerability is due to improper handling of certain RADIUS accounting requests. An attacker could exploit this vulnerability by sending a crafted authentication request to a network access device (NAD) that uses Cisco ISE for authentication, authorization, and accounting (AAA). This would eventually result in the NAD sending a RADIUS accounting request packet to Cisco ISE. An attacker could also exploit this vulnerability by sending a crafted RADIUS accounting request packet to Cisco ISE directly if the RADIUS shared secret is known. A successful exploit could allow the attacker to cause the RADIUS process to unexpectedly restart, resulting in authentication or authorization timeouts and denying legitimate users access to the network or service. Clients already authenticated to the network would not be affected.\r\n\r Note: To recover the ability to process RADIUS packets, a manual restart of the affected Policy Service Node (PSN) may be required. For more information, see the Details [\"#details\"] section of this advisory."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-radius-dos-W7cNn7gt",
"source": "ykramarz@cisco.com"
}
]
}

43
CVE-2023/CVE-2023-202xx/CVE-2023-20263.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20263",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-09-06T18:15:08.217",
"lastModified": "2023-09-06T18:15:08.217",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.\r\n\r\n\r This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-redirect-UxLgqdUF",
"source": "ykramarz@cisco.com"
}
]
}

43
CVE-2023/CVE-2023-202xx/CVE-2023-20269.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20269",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-09-06T18:15:08.303",
"lastModified": "2023-09-06T18:15:08.303",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user.\r\n\r This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features. An attacker could exploit this vulnerability by specifying a default connection profile/tunnel group while conducting a brute force attack or while establishing a clientless SSL VPN session using valid credentials. A successful exploit could allow the attacker to achieve one or both of the following:\r\n\r \r Identify valid credentials that could then be used to establish an unauthorized remote access VPN session.\r Establish a clientless SSL VPN session (only when running Cisco ASA Software Release 9.16 or earlier).\r \r Notes:\r\n\r \r Establishing a client-based remote access VPN tunnel is not possible as these default connection profiles/tunnel groups do not and cannot have an IP address pool configured.\r This vulnerability does not allow an attacker to bypass authentication. To successfully establish a remote access VPN session, valid credentials are required, including a valid second factor if multi-factor authentication (MFA) is configured.\r \r Cisco will release software updates that address this vulnerability. There are workarounds that address this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC",
"source": "ykramarz@cisco.com"
}
]
}

43
CVE-2023/CVE-2023-384xx/CVE-2023-38484.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-38484",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-09-06T18:15:08.393",
"lastModified": "2023-09-06T18:15:08.393",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could\u00a0allow an attacker to execute arbitrary code early in the boot\u00a0sequence. An attacker could exploit this vulnerability to\u00a0gain access to and change underlying sensitive information\u00a0in the affected controller leading to complete system\u00a0compromise."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@hpe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt",
"source": "security-alert@hpe.com"
}
]
}

43
CVE-2023/CVE-2023-384xx/CVE-2023-38485.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-38485",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-09-06T18:15:08.480",
"lastModified": "2023-09-06T18:15:08.480",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could\u00a0allow an attacker to execute arbitrary code early in the boot\u00a0sequence. An attacker could exploit this vulnerability to\u00a0gain access to and change underlying sensitive information\u00a0in the affected controller leading to complete system\u00a0compromise."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@hpe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt",
"source": "security-alert@hpe.com"
}
]
}

43
CVE-2023/CVE-2023-384xx/CVE-2023-38486.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-38486",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-09-06T18:15:08.547",
"lastModified": "2023-09-06T18:15:08.547",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the secure boot implementation on affected\u00a0Aruba 9200 and 9000 Series Controllers and Gateways allows\u00a0an attacker to bypass security controls which would normally\u00a0prohibit unsigned kernel images from executing. An attacker\u00a0can use this vulnerability to execute arbitrary runtime\u00a0operating systems, including unverified and unsigned OS\u00a0images."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@hpe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.8
}
]
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt",
"source": "security-alert@hpe.com"
}
]
}

63
CVE-2023/CVE-2023-393xx/CVE-2023-39350.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39350",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T20:15:08.170",
"lastModified": "2023-09-01T07:32:13.003",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-06T19:39:44.343",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +66,49 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.11.0",
"matchCriteriaId": "80B02150-FC4E-43F5-A3DF-D8E585200977"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "D8720D61-0B0D-40ED-B3C4-B452D83BF3C2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "18A75D02-0E7A-4AAF-8E23-0CDCB1733FEA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FreeRDP/FreeRDP/commit/e204fc8be5a372626b13f66daf2abafe71dbc2dc",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrrv-3w42-pffh",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-393xx/CVE-2023-39351.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39351",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T20:15:08.280",
"lastModified": "2023-09-01T07:32:13.003",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-06T19:49:14.563",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,10 +66,42 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.11.0",
"matchCriteriaId": "80B02150-FC4E-43F5-A3DF-D8E585200977"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "D8720D61-0B0D-40ED-B3C4-B452D83BF3C2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "18A75D02-0E7A-4AAF-8E23-0CDCB1733FEA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q9x9-cqjc-rgwq",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-395xx/CVE-2023-39511.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-39511",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-06T18:15:08.627",
"lastModified": "2023-09-06T18:15:08.627",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `reports_admin.php` displays reporting information about graphs, devices, data sources etc. _CENSUS_ found that an adversary that is able to configure a malicious device name, related to a graph attached to a report, can deploy a stored XSS attack against any super user who has privileges of viewing the `reports_admin.php` page, such as administrative accounts. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/reports_admin.php` when the a graph with the maliciously altered device name is linked to the report. This issue has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to upgrade should manually filter HTML output.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/Cacti/cacti/security/advisories/GHSA-5hpr-4hhc-8q42",
"source": "security-advisories@github.com"
}
]
}

64
CVE-2023/CVE-2023-405xx/CVE-2023-40589.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40589",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T19:15:11.360",
"lastModified": "2023-09-01T07:32:13.003",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-06T19:35:13.987",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +66,50 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.11.0",
"matchCriteriaId": "80B02150-FC4E-43F5-A3DF-D8E585200977"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "D8720D61-0B0D-40ED-B3C4-B452D83BF3C2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "18A75D02-0E7A-4AAF-8E23-0CDCB1733FEA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FreeRDP/FreeRDP/commit/16141a30f983dd6f7a6e5b0356084171942c9416",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gc34-mw6m-g42x",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-405xx/CVE-2023-40591.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-40591",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-06T19:15:44.100",
"lastModified": "2023-09-06T19:15:44.100",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix is included in geth version `1.12.1-stable`, i.e, `1.12.2-unstable` and onwards. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://geth.ethereum.org/docs/developers/geth-developer/disclosures",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.12.1",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-ppjg-v974-84cm",
"source": "security-advisories@github.com"
}
]
}

128
CVE-2023/CVE-2023-410xx/CVE-2023-41034.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41034",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T18:15:09.020",
"lastModified": "2023-09-01T07:32:13.003",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-06T19:02:03.790",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,26 +66,120 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eclipse:leshan:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.5.0",
"matchCriteriaId": "0BAB8220-65D9-49C4-A405-E467D18DA48B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eclipse:leshan:2.0.0:milestone1:*:*:*:*:*:*",
"matchCriteriaId": "A9CD995F-4DDF-4E8A-BCF9-B70128AC91A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eclipse:leshan:2.0.0:milestone10:*:*:*:*:*:*",
"matchCriteriaId": "966926A3-EF5B-4478-A78E-37D664221ECB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eclipse:leshan:2.0.0:milestone11:*:*:*:*:*:*",
"matchCriteriaId": "C22BE585-DC78-4483-B7CF-C9315873C913"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eclipse:leshan:2.0.0:milestone12:*:*:*:*:*:*",
"matchCriteriaId": "92268218-018E-4924-A2CF-2D2DB4D36F11"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eclipse:leshan:2.0.0:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "A4055FDA-E535-4675-B6D3-812D7A3E9C1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eclipse:leshan:2.0.0:milestone3:*:*:*:*:*:*",
"matchCriteriaId": "A700BAD9-5289-49DB-9B9E-E7710522086E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eclipse:leshan:2.0.0:milestone4:*:*:*:*:*:*",
"matchCriteriaId": "7CE7B0A5-CF9B-469F-9DB6-4CCEB0F36269"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eclipse:leshan:2.0.0:milestone5:*:*:*:*:*:*",
"matchCriteriaId": "E7E15E8A-B316-4CD5-9330-14F6A7E2C69C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eclipse:leshan:2.0.0:milestone6:*:*:*:*:*:*",
"matchCriteriaId": "FFD798EF-A5BD-4E21-ABA4-F3AD00E9E7C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eclipse:leshan:2.0.0:milestone7:*:*:*:*:*:*",
"matchCriteriaId": "93448A3D-67AB-474C-AEFA-ABBD7DD7B9E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eclipse:leshan:2.0.0:milestone8:*:*:*:*:*:*",
"matchCriteriaId": "B52ECC69-1524-4581-88AE-4CE7DC47DC33"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eclipse:leshan:2.0.0:milestone9:*:*:*:*:*:*",
"matchCriteriaId": "2254C713-BE7F-40D7-BDF3-901C03406FA7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/eclipse-leshan/leshan/commit/29577d2879ba8e7674c3b216a7f01193fc7ae013",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/eclipse-leshan/leshan/commit/4d3e63ac271a817f81fba3e3229c519af7a3049c",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/eclipse-leshan/leshan/security/advisories/GHSA-wc9j-gc65-3cm7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Third Party Advisory"
]
},
{
"url": "https://github.com/eclipse-leshan/leshan/wiki/Adding-new-objects#the-lwm2m-model",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
]
}
]
}

16
CVE-2023/CVE-2023-410xx/CVE-2023-41040.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41040",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-30T22:15:09.857",
"lastModified": "2023-09-05T18:59:32.280",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-06T18:15:08.720",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -37,8 +37,8 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
@ -46,17 +46,17 @@
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"exploitabilityScore": 2.5,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
@ -66,7 +66,7 @@
]
},
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

60
CVE-2023/CVE-2023-410xx/CVE-2023-41044.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41044",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T18:15:09.187",
"lastModified": "2023-09-01T07:32:13.003",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-06T19:48:09.783",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +66,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:graylog:graylog:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.1.0",
"versionEndExcluding": "5.1.3",
"matchCriteriaId": "E213B603-847C-439D-86AA-D77E59653492"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Graylog2/graylog2-server/commit/02b8792e6f4b829f0c1d87fcbf2d58b73458b938",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/Graylog2/graylog2-server/security/advisories/GHSA-2q4p-f6gf-mqr5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
]
},
{
"url": "https://go2docs.graylog.org/5-1/making_sense_of_your_log_data/cluster_support_bundle.htm",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
}
]
}

59
CVE-2023/CVE-2023-410xx/CVE-2023-41050.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-41050",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-06T18:15:08.847",
"lastModified": "2023-09-06T18:15:08.847",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "AccessControl provides a general security framework for use in Zope. Python's \"format\" functionality allows someone controlling the format string to \"read\" objects accessible (recursively) via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use Python's full blown `getattr` and `getitem`, not the policy restricted `AccessControl` variants `_getattr_` and `_getitem_`. This can lead to critical information disclosure. `AccessControl` already provides a safe variant for `str.format` and denies access to `string.Formatter`. However, `str.format_map` is still unsafe. Affected are all users who allow untrusted users to create `AccessControl` controlled Python code and execute it. A fix has been introduced in versions 4.4, 5.8 and 6.2. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/zopefoundation/AccessControl/commit/6bc32692e0d4b8d5cf64eae3d19de987c7375bc9",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/zopefoundation/AccessControl/security/advisories/GHSA-8xv7-89vj-q48c",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-413xx/CVE-2023-41319.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-41319",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-06T18:15:08.937",
"lastModified": "2023-09-06T18:15:08.937",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows custom integrations to be uploaded as a ZIP file. This ZIP file must contain YAML files, but Fides can be configured to also accept the inclusion of custom Python code in it. The custom code is executed in a restricted, sandboxed environment, but the sandbox can be bypassed to execute any arbitrary code. The vulnerability allows the execution of arbitrary code on the target system within the context of the webserver python process owner on the webserver container, which by default is `root`, and leverage that access to attack underlying infrastructure and integrated systems. This vulnerability affects Fides versions `2.11.0` through `2.19.0`. Exploitation is limited to API clients with the `CONNECTOR_TEMPLATE_REGISTER` authorization scope. In the Fides Admin UI this scope is restricted to highly privileged users, specifically root users and users with the owner role. Exploitation is only possible if the security configuration parameter `allow_custom_connector_functions` is enabled by the user deploying the Fides webserver container, either in `fides.toml` or by setting the env var `FIDES__SECURITY__ALLOW_CUSTOM_CONNECTOR_FUNCTIONS=True`. By default this configuration parameter is disabled. The vulnerability has been patched in Fides version `2.19.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. Users unable to upgrade should ensure that `allow_custom_connector_functions` in `fides.toml` and the `FIDES__SECURITY__ALLOW_CUSTOM_CONNECTOR_FUNCTIONS` are both either unset or explicit set to `False`."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-693"
},
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://github.com/ethyca/fides/commit/5989b5fa744c8d8c340963b895a054883549358a",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/ethyca/fides/security/advisories/GHSA-p6p2-qq95-vq5h",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-413xx/CVE-2023-41328.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-41328",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-06T18:15:09.047",
"lastModified": "2023-09-06T18:15:09.047",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Frappe is a low code web framework written in Python and Javascript. A SQL Injection vulnerability has been identified in the Frappe Framework which could allow a malicious actor to access sensitive information. This issue has been addressed in versions 13.46.1 and 14.20.0. Users are advised to upgrade. There's no workaround to fix this without upgrading."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/frappe/frappe/releases/tag/v13.46.1",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/frappe/frappe/releases/tag/v14.20.0",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/frappe/frappe/security/advisories/GHSA-53wh-f67g-9679",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-413xx/CVE-2023-41330.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-41330",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-06T18:15:09.153",
"lastModified": "2023-09-06T18:15:09.153",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page.\n## Issue\n\nOn March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. Version 1.4.2 added a check `if (\\strpos($filename, 'phar://') === 0)` in the `prepareOutput` function to resolve this CVE, however if the user is able to control the second parameter of the `generateFromHtml()` function of Snappy, it will then be passed as the `$filename` parameter in the `prepareOutput()` function. In the original vulnerability, a file name with a `phar://` wrapper could be sent to the `fileExists()` function, equivalent to the `file_exists()` PHP function. This allowed users to trigger a deserialization on arbitrary PHAR files. To fix this issue, the string is now passed to the `strpos()` function and if it starts with `phar://`, an exception is raised. However, PHP wrappers being case insensitive, this patch can be bypassed using `PHAR://` instead of `phar://`. A successful exploitation of this vulnerability allows executing arbitrary code and accessing the underlying filesystem. The attacker must be able to upload a file and the server must be running a PHP version prior to 8. This issue has been addressed in commit `d3b742d61a` which has been included in version 1.4.3. Users are advised to upgrade. Users unable to upgrade should ensure that only trusted users may submit data to the `AbstractGenerator->generate(...)` function.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://github.com/KnpLabs/snappy/commit/d3b742d61a68bf93866032c2c0a7f1486128b67e",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/KnpLabs/snappy/security/advisories/GHSA-92rv-4j2h-8mjj",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/KnpLabs/snappy/security/advisories/GHSA-gq6w-q6wh-jggc",
"source": "security-advisories@github.com"
}
]
}

48
CVE-2023/CVE-2023-417xx/CVE-2023-41740.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41740",
"sourceIdentifier": "security@synology.com",
"published": "2023-08-31T10:15:08.637",
"lastModified": "2023-08-31T12:19:08.010",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-06T18:35:58.047",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security@synology.com",
"type": "Secondary",
@ -46,10 +66,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:synology:router_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.1-9346-6",
"matchCriteriaId": "60F8F9E6-060A-44F5-B41E-EF2E1A233776"
}
]
}
]
}
],
"references": [
{
"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_23_10",
"source": "security@synology.com"
"source": "security@synology.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

48
CVE-2023/CVE-2023-417xx/CVE-2023-41741.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41741",
"sourceIdentifier": "security@synology.com",
"published": "2023-08-31T10:15:08.737",
"lastModified": "2023-08-31T12:19:08.010",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-06T18:34:28.687",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security@synology.com",
"type": "Secondary",
@ -46,10 +66,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:synology:router_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.1-9346-6",
"matchCriteriaId": "60F8F9E6-060A-44F5-B41E-EF2E1A233776"
}
]
}
]
}
],
"references": [
{
"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_23_10",
"source": "security@synology.com"
"source": "security@synology.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

112
CVE-2023/CVE-2023-417xx/CVE-2023-41742.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41742",
"sourceIdentifier": "security@acronis.com",
"published": "2023-08-31T15:15:08.520",
"lastModified": "2023-08-31T17:25:54.340",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-06T18:44:03.223",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "security@acronis.com",
@ -35,6 +57,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
},
{
"source": "security@acronis.com",
"type": "Secondary",
@ -46,10 +78,84 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*",
"versionEndExcluding": "22.09",
"matchCriteriaId": "BC812D29-D735-4C72-94B1-F20E92B5FF24"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*",
"matchCriteriaId": "89899D10-1343-4276-919A-9C1DF2DB8B55"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*",
"matchCriteriaId": "A77B2499-B3A4-4278-BA0D-59AB59C60352"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*",
"matchCriteriaId": "BAF6A576-C320-4550-B7F8-4FCAE82FB06A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update3:*:*:*:*:*:*",
"matchCriteriaId": "9740A956-D589-4846-8717-B6182EB65F8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update4:*:*:*:*:*:*",
"matchCriteriaId": "9AB8B19B-2B40-4F1B-AE24-1C43D362E4BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update5:*:*:*:*:*:*",
"matchCriteriaId": "69506F27-DEF8-4317-9E54-D79CA430AD4B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-4351",
"source": "security@acronis.com"
"source": "security@acronis.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

112
CVE-2023/CVE-2023-417xx/CVE-2023-41745.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41745",
"sourceIdentifier": "security@acronis.com",
"published": "2023-08-31T18:15:09.373",
"lastModified": "2023-09-01T07:32:13.003",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-06T19:07:18.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "security@acronis.com",
@ -35,6 +57,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
},
{
"source": "security@acronis.com",
"type": "Secondary",
@ -46,10 +78,84 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*",
"versionEndIncluding": "c22.11",
"matchCriteriaId": "B291A569-A059-4ABC-8A87-4391B322CD92"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*",
"matchCriteriaId": "89899D10-1343-4276-919A-9C1DF2DB8B55"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*",
"matchCriteriaId": "A77B2499-B3A4-4278-BA0D-59AB59C60352"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*",
"matchCriteriaId": "BAF6A576-C320-4550-B7F8-4FCAE82FB06A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update3:*:*:*:*:*:*",
"matchCriteriaId": "9740A956-D589-4846-8717-B6182EB65F8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update4:*:*:*:*:*:*",
"matchCriteriaId": "9AB8B19B-2B40-4F1B-AE24-1C43D362E4BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update5:*:*:*:*:*:*",
"matchCriteriaId": "69506F27-DEF8-4317-9E54-D79CA430AD4B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-2008",
"source": "security@acronis.com"
"source": "security@acronis.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-417xx/CVE-2023-41746.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41746",
"sourceIdentifier": "security@acronis.com",
"published": "2023-08-31T18:15:09.453",
"lastModified": "2023-09-01T07:32:13.003",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-06T19:14:18.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@acronis.com",
@ -35,6 +57,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "security@acronis.com",
"type": "Secondary",
@ -46,10 +78,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cloud_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2.23089.203",
"matchCriteriaId": "13C9405F-5DED-448F-A8E2-940BD829227B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-5810",
"source": "security@acronis.com"
"source": "security@acronis.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-417xx/CVE-2023-41747.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41747",
"sourceIdentifier": "security@acronis.com",
"published": "2023-08-31T18:15:09.523",
"lastModified": "2023-09-01T07:32:13.003",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-06T19:16:34.043",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "security@acronis.com",
@ -35,6 +57,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "security@acronis.com",
"type": "Secondary",
@ -46,10 +78,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cloud_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2.23089.203",
"matchCriteriaId": "13C9405F-5DED-448F-A8E2-940BD829227B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-5811",
"source": "security@acronis.com"
"source": "security@acronis.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-417xx/CVE-2023-41748.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41748",
"sourceIdentifier": "security@acronis.com",
"published": "2023-08-31T18:15:09.587",
"lastModified": "2023-09-01T07:32:13.003",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-06T19:20:31.677",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@acronis.com",
@ -35,6 +57,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "security@acronis.com",
"type": "Secondary",
@ -46,10 +78,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cloud_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2.23089.203",
"matchCriteriaId": "13C9405F-5DED-448F-A8E2-940BD829227B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-5816",
"source": "security@acronis.com"
"source": "security@acronis.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

56
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-06T18:00:25.238708+00:00
2023-09-06T20:00:24.513007+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-06T17:18:57.333000+00:00
2023-09-06T19:49:14.563000+00:00
```
### Last Data Feed Release
@ -29,34 +29,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
224390
224408
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `18`
* [CVE-2021-36646](CVE-2021/CVE-2021-366xx/CVE-2021-36646.json) (`2023-09-06T17:15:49.873`)
* [CVE-2023-20250](CVE-2023/CVE-2023-202xx/CVE-2023-20250.json) (`2023-09-06T17:15:50.100`)
* [CVE-2023-4498](CVE-2023/CVE-2023-44xx/CVE-2023-4498.json) (`2023-09-06T17:15:50.687`)
* [CVE-2020-10129](CVE-2020/CVE-2020-101xx/CVE-2020-10129.json) (`2023-09-06T19:15:43.727`)
* [CVE-2020-10130](CVE-2020/CVE-2020-101xx/CVE-2020-10130.json) (`2023-09-06T19:15:43.847`)
* [CVE-2020-10131](CVE-2020/CVE-2020-101xx/CVE-2020-10131.json) (`2023-09-06T19:15:43.913`)
* [CVE-2020-10132](CVE-2020/CVE-2020-101xx/CVE-2020-10132.json) (`2023-09-06T19:15:43.987`)
* [CVE-2023-0925](CVE-2023/CVE-2023-09xx/CVE-2023-0925.json) (`2023-09-06T18:15:07.897`)
* [CVE-2023-20238](CVE-2023/CVE-2023-202xx/CVE-2023-20238.json) (`2023-09-06T18:15:08.043`)
* [CVE-2023-20243](CVE-2023/CVE-2023-202xx/CVE-2023-20243.json) (`2023-09-06T18:15:08.133`)
* [CVE-2023-20263](CVE-2023/CVE-2023-202xx/CVE-2023-20263.json) (`2023-09-06T18:15:08.217`)
* [CVE-2023-20269](CVE-2023/CVE-2023-202xx/CVE-2023-20269.json) (`2023-09-06T18:15:08.303`)
* [CVE-2023-38484](CVE-2023/CVE-2023-384xx/CVE-2023-38484.json) (`2023-09-06T18:15:08.393`)
* [CVE-2023-38485](CVE-2023/CVE-2023-384xx/CVE-2023-38485.json) (`2023-09-06T18:15:08.480`)
* [CVE-2023-38486](CVE-2023/CVE-2023-384xx/CVE-2023-38486.json) (`2023-09-06T18:15:08.547`)
* [CVE-2023-39511](CVE-2023/CVE-2023-395xx/CVE-2023-39511.json) (`2023-09-06T18:15:08.627`)
* [CVE-2023-41050](CVE-2023/CVE-2023-410xx/CVE-2023-41050.json) (`2023-09-06T18:15:08.847`)
* [CVE-2023-41319](CVE-2023/CVE-2023-413xx/CVE-2023-41319.json) (`2023-09-06T18:15:08.937`)
* [CVE-2023-41328](CVE-2023/CVE-2023-413xx/CVE-2023-41328.json) (`2023-09-06T18:15:09.047`)
* [CVE-2023-41330](CVE-2023/CVE-2023-413xx/CVE-2023-41330.json) (`2023-09-06T18:15:09.153`)
* [CVE-2023-40591](CVE-2023/CVE-2023-405xx/CVE-2023-40591.json) (`2023-09-06T19:15:44.100`)
### CVEs modified in the last Commit
Recently modified CVEs: `12`
Recently modified CVEs: `13`
* [CVE-2020-36130](CVE-2020/CVE-2020-361xx/CVE-2020-36130.json) (`2023-09-06T16:15:07.610`)
* [CVE-2020-36131](CVE-2020/CVE-2020-361xx/CVE-2020-36131.json) (`2023-09-06T16:15:07.743`)
* [CVE-2020-36133](CVE-2020/CVE-2020-361xx/CVE-2020-36133.json) (`2023-09-06T16:15:07.817`)
* [CVE-2020-36135](CVE-2020/CVE-2020-361xx/CVE-2020-36135.json) (`2023-09-06T16:15:07.887`)
* [CVE-2021-30473](CVE-2021/CVE-2021-304xx/CVE-2021-30473.json) (`2023-09-06T16:15:07.967`)
* [CVE-2021-30474](CVE-2021/CVE-2021-304xx/CVE-2021-30474.json) (`2023-09-06T16:15:08.053`)
* [CVE-2021-30475](CVE-2021/CVE-2021-304xx/CVE-2021-30475.json) (`2023-09-06T16:15:08.130`)
* [CVE-2022-34038](CVE-2022/CVE-2022-340xx/CVE-2022-34038.json) (`2023-09-06T16:15:08.227`)
* [CVE-2022-47022](CVE-2022/CVE-2022-470xx/CVE-2022-47022.json) (`2023-09-06T17:17:25.753`)
* [CVE-2023-34188](CVE-2023/CVE-2023-341xx/CVE-2023-34188.json) (`2023-09-06T17:15:50.190`)
* [CVE-2023-39615](CVE-2023/CVE-2023-396xx/CVE-2023-39615.json) (`2023-09-06T17:15:50.447`)
* [CVE-2023-0667](CVE-2023/CVE-2023-06xx/CVE-2023-0667.json) (`2023-09-06T17:18:57.333`)
* [CVE-2023-41040](CVE-2023/CVE-2023-410xx/CVE-2023-41040.json) (`2023-09-06T18:15:08.720`)
* [CVE-2023-41741](CVE-2023/CVE-2023-417xx/CVE-2023-41741.json) (`2023-09-06T18:34:28.687`)
* [CVE-2023-41740](CVE-2023/CVE-2023-417xx/CVE-2023-41740.json) (`2023-09-06T18:35:58.047`)
* [CVE-2023-41742](CVE-2023/CVE-2023-417xx/CVE-2023-41742.json) (`2023-09-06T18:44:03.223`)
* [CVE-2023-41034](CVE-2023/CVE-2023-410xx/CVE-2023-41034.json) (`2023-09-06T19:02:03.790`)
* [CVE-2023-41745](CVE-2023/CVE-2023-417xx/CVE-2023-41745.json) (`2023-09-06T19:07:18.077`)
* [CVE-2023-41746](CVE-2023/CVE-2023-417xx/CVE-2023-41746.json) (`2023-09-06T19:14:18.157`)
* [CVE-2023-41747](CVE-2023/CVE-2023-417xx/CVE-2023-41747.json) (`2023-09-06T19:16:34.043`)
* [CVE-2023-41748](CVE-2023/CVE-2023-417xx/CVE-2023-41748.json) (`2023-09-06T19:20:31.677`)
* [CVE-2023-40589](CVE-2023/CVE-2023-405xx/CVE-2023-40589.json) (`2023-09-06T19:35:13.987`)
* [CVE-2023-39350](CVE-2023/CVE-2023-393xx/CVE-2023-39350.json) (`2023-09-06T19:39:44.343`)
* [CVE-2023-41044](CVE-2023/CVE-2023-410xx/CVE-2023-41044.json) (`2023-09-06T19:48:09.783`)
* [CVE-2023-39351](CVE-2023/CVE-2023-393xx/CVE-2023-39351.json) (`2023-09-06T19:49:14.563`)
## Download and Usage