admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-21T16:00:31.634679+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-21 16:00:35 +00:00
parent 4324bdf8d1
commit 093f7aa010
13 changed files with 2046 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
CVE-2021/CVE-2021-280xx/CVE-2021-28025.json
View File

@ -2,19 +2,161 @@
"id": "CVE-2021-28025", "id": "CVE-2021-28025",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:12.453", "published": "2023-08-11T14:15:12.453",
"lastModified": "2023-08-11T15:18:01.437", "lastModified": "2023-08-21T15:41:19.287",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS)." "value": "Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS)."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:5.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7FCB6B-872F-4900-A2CF-192AFECC4DFC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:6.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "C0A66DBD-439D-45EA-BC80-502314D5B0AC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:6.0.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "D47A6409-4A47-4963-9D77-DCC92668B6F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:6.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "28417B5D-0086-436E-9698-20E8C3E5E2E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:6.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "9EDDE01F-6F8A-412E-BFE3-5D0561629D12"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:6.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F869EA5F-9246-48B2-8BF0-BF68DA091750"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:6.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "508C8F60-141E-4168-BCC8-114CD777D2E0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:6.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "94F0B03A-ABD8-44AC-99D6-3232EC44DDE1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:6.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "44C86D23-6D06-4A62-90C3-173852C1545B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:6.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E1FFE318-54E1-44B8-9164-696EE8CE280C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AC14C9CB-1965-4659-8254-17EAB448616D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:6.2.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "B5846684-AB3C-4CF6-BEDB-660FDA8675DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:6.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "58B3621A-04A2-4302-9848-482B102895D8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:6.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EC7DBCDC-72EE-4C57-8E69-8A733A4F3602"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:6.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "D6212764-5B80-4340-8150-E8CD918ED396"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:6.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "3D2F8A83-BB1A-4938-B1CD-2B604C43D4CB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:6.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EF6E8E02-CBCA-4AB3-8BDA-4177FEDECFF1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:6.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "221D7C16-BB9A-4145-9D18-D68728AFBF3B"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://bugreports.qt.io/browse/QTBUG-91507", "url": "https://bugreports.qt.io/browse/QTBUG-91507",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
} }
] ]
} }

1158
CVE-2022/CVE-2022-363xx/CVE-2022-36392.json
View File

File diff suppressed because it is too large Load Diff

97
CVE-2022/CVE-2022-389xx/CVE-2022-38973.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-38973", "id": "CVE-2022-38973",
"sourceIdentifier": "secure@intel.com", "sourceIdentifier": "secure@intel.com",
"published": "2023-08-11T03:15:14.240", "published": "2023-08-11T03:15:14.240",
"lastModified": "2023-08-11T03:44:51.127", "lastModified": "2023-08-21T14:34:40.520",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
},
{ {
"source": "secure@intel.com", "source": "secure@intel.com",
"type": "Secondary", "type": "Secondary",
@ -34,10 +54,81 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:arc_a750_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "720400DE-6327-473C-B50B-AB9477912723"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:arc_a750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E92E63D9-B5E9-49F7-B96F-9C4BE6B8F41C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:arc_a770_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "605707F5-7F3E-4336-A8FA-BCB61AE6E751"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:arc_a770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE38F333-3BA1-4C84-A311-5DFC90A0BEAA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00812.html", "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00812.html",
"source": "secure@intel.com" "source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

97
CVE-2022/CVE-2022-419xx/CVE-2022-41984.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-41984", "id": "CVE-2022-41984",
"sourceIdentifier": "secure@intel.com", "sourceIdentifier": "secure@intel.com",
"published": "2023-08-11T03:15:15.307", "published": "2023-08-11T03:15:15.307",
"lastModified": "2023-08-11T03:44:51.127", "lastModified": "2023-08-21T14:33:50.620",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
},
{ {
"source": "secure@intel.com", "source": "secure@intel.com",
"type": "Secondary", "type": "Secondary",
@ -34,10 +54,81 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:arc_a750_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "720400DE-6327-473C-B50B-AB9477912723"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:arc_a750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E92E63D9-B5E9-49F7-B96F-9C4BE6B8F41C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:arc_a770_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "605707F5-7F3E-4336-A8FA-BCB61AE6E751"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:arc_a770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE38F333-3BA1-4C84-A311-5DFC90A0BEAA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00812.html", "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00812.html",
"source": "secure@intel.com" "source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

59
CVE-2022/CVE-2022-451xx/CVE-2022-45112.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-45112", "id": "CVE-2022-45112",
"sourceIdentifier": "secure@intel.com", "sourceIdentifier": "secure@intel.com",
"published": "2023-08-11T03:15:16.437", "published": "2023-08-11T03:15:16.437",
"lastModified": "2023-08-11T03:44:51.127", "lastModified": "2023-08-21T14:34:23.620",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{ {
"source": "secure@intel.com", "source": "secure@intel.com",
"type": "Secondary", "type": "Secondary",
@ -34,10 +54,43 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:virtual_raid_on_cpu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0.0.4035",
"matchCriteriaId": "D5F2140A-F65D-456B-8E70-11360B17E1F8"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00846.html", "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00846.html",
"source": "secure@intel.com" "source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

127
CVE-2023/CVE-2023-222xx/CVE-2023-22276.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22276", "id": "CVE-2023-22276",
"sourceIdentifier": "secure@intel.com", "sourceIdentifier": "secure@intel.com",
"published": "2023-08-11T03:15:16.613", "published": "2023-08-11T03:15:16.613",
"lastModified": "2023-08-11T03:44:51.127", "lastModified": "2023-08-21T14:31:52.990",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
},
{ {
"source": "secure@intel.com", "source": "secure@intel.com",
"type": "Secondary", "type": "Secondary",
@ -34,10 +54,111 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:ethernet_network_controller_e810-xxvam2_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.7.2.4",
"matchCriteriaId": "D234BAF3-82F7-4050-AFC4-9F920FB0054A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:ethernet_network_controller_e810-xxvam2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC7B304-7705-40F7-A357-5F7E8FD71E47"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:ethernet_network_controller_e810-cam1_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.7.2.4",
"matchCriteriaId": "942E4413-6421-4520-842F-83D5DB6805E2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:ethernet_network_controller_e810-cam1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "839854C2-8442-4EB8-8FE0-434FEAD3B559"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:ethernet_network_controller_e810-cam2_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.7.2.4",
"matchCriteriaId": "DF401F02-CFDE-4E67-B676-26FF6184FEA5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:ethernet_network_controller_e810-cam2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42E8F0FF-94C1-4AB5-A9D3-D2963A2200F3"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00835.html", "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00835.html",
"source": "secure@intel.com" "source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

53
CVE-2023/CVE-2023-26xx/CVE-2023-2606.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-2606", "id": "CVE-2023-2606",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-14T20:15:11.080", "published": "2023-08-14T20:15:11.080",
"lastModified": "2023-08-15T12:29:16.237", "lastModified": "2023-08-21T14:05:18.320",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The WP Brutal AI WordPress plugin before 2.06 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." "value": "The WP Brutal AI WordPress plugin before 2.06 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "contact@wpscan.com", "source": "contact@wpscan.com",
@ -23,10 +46,32 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:brutalplugins:wp_brutal_ai:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.06",
"matchCriteriaId": "E8F4E90D-1C82-49DD-B491-A4841BFDB9A5"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://wpscan.com/vulnerability/62deb3ed-a7e4-4cdc-a615-cad2ec2e1e8f", "url": "https://wpscan.com/vulnerability/62deb3ed-a7e4-4cdc-a615-cad2ec2e1e8f",
"source": "contact@wpscan.com" "source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

53
CVE-2023/CVE-2023-28xx/CVE-2023-2802.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-2802", "id": "CVE-2023-2802",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-14T20:15:11.297", "published": "2023-08-14T20:15:11.297",
"lastModified": "2023-08-15T12:29:16.237", "lastModified": "2023-08-21T14:27:16.020",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" "value": "The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "contact@wpscan.com", "source": "contact@wpscan.com",
@ -23,10 +46,32 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themefic:ultimate_addons_for_contact_form_7:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.1.29",
"matchCriteriaId": "56F326EB-BF3E-4B11-9605-75D5B0403DCB"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://wpscan.com/vulnerability/c5cc136a-2fa6-44ff-b5b5-26d367937df9", "url": "https://wpscan.com/vulnerability/c5cc136a-2fa6-44ff-b5b5-26d367937df9",
"source": "contact@wpscan.com" "source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

59
CVE-2023/CVE-2023-322xx/CVE-2023-32267.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32267", "id": "CVE-2023-32267",
"sourceIdentifier": "security@opentext.com", "sourceIdentifier": "security@opentext.com",
"published": "2023-08-11T14:15:13.150", "published": "2023-08-11T14:15:13.150",
"lastModified": "2023-08-11T15:18:01.437", "lastModified": "2023-08-21T15:48:26.110",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{ {
"source": "security@opentext.com", "source": "security@opentext.com",
"type": "Secondary", "type": "Secondary",
@ -34,10 +54,43 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:arcsight_management_center:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.2.1",
"matchCriteriaId": "A68E42E3-4571-46AC-91FE-23CDC1F115A1"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://portal.microfocus.com/s/article/KM000020296?language=en_US", "url": "https://portal.microfocus.com/s/article/KM000020296?language=en_US",
"source": "security@opentext.com" "source": "security@opentext.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

66
CVE-2023/CVE-2023-395xx/CVE-2023-39553.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-39553", "id": "CVE-2023-39553",
"sourceIdentifier": "security@apache.org", "sourceIdentifier": "security@apache.org",
"published": "2023-08-11T08:15:09.103", "published": "2023-08-11T08:15:09.103",
"lastModified": "2023-08-11T15:15:10.837", "lastModified": "2023-08-21T15:55:47.347",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.\n\nApache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server.\nThis issue affects Apache Airflow Drill Provider: before 2.4.3.\nIt is recommended to upgrade to a version that is not affected.\n\n" "value": "Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.\n\nApache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server.\nThis issue affects Apache Airflow Drill Provider: before 2.4.3.\nIt is recommended to upgrade to a version that is not affected.\n\n"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "security@apache.org", "source": "security@apache.org",
@ -23,18 +46,49 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:apache-airflow-providers-apache-drill:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.4.3",
"matchCriteriaId": "A3513EAE-88C8-489D-AA08-1AB4D382503E"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://www.openwall.com/lists/oss-security/2023/08/11/1", "url": "http://www.openwall.com/lists/oss-security/2023/08/11/1",
"source": "security@apache.org" "source": "security@apache.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/apache/airflow/pull/33074", "url": "https://github.com/apache/airflow/pull/33074",
"source": "security@apache.org" "source": "security@apache.org",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://lists.apache.org/thread/ozpl0opmob49rkcz8svo8wkxyw1395sf", "url": "https://lists.apache.org/thread/ozpl0opmob49rkcz8svo8wkxyw1395sf",
"source": "security@apache.org" "source": "security@apache.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

83
CVE-2023/CVE-2023-402xx/CVE-2023-40235.json
View File

@ -2,31 +2,100 @@
"id": "CVE-2023-40235", "id": "CVE-2023-40235",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-10T23:15:09.957", "published": "2023-08-10T23:15:09.957",
"lastModified": "2023-08-11T03:44:51.127", "lastModified": "2023-08-21T14:38:48.630",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0. When parsing the XMLNS value of an ArchiMate project file, if the namespace does not match the expected ArchiMate URL, the parser will access the provided resource. If the provided resource is a UNC path pointing to a share server that does not accept a guest account, the host will try to authenticate on the share by using the current user's session. NOTE: this issue occurs because Archi uses an unsafe configuration of the Eclipse Modeling Framework." "value": "An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0. When parsing the XMLNS value of an ArchiMate project file, if the namespace does not match the expected ArchiMate URL, the parser will access the provided resource. If the provided resource is a UNC path pointing to a share server that does not accept a guest account, the host will try to authenticate on the share by using the current user's session. NOTE: this issue occurs because Archi uses an unsafe configuration of the Eclipse Modeling Framework."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opengroup:archi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.1.0",
"matchCriteriaId": "C770113C-74AA-4FDD-9AA4-CFC3FD4CEEC6"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/archimatetool/archi/commit/bcab676beddfbeddffecacf755b6692f0b0151f1", "url": "https://github.com/archimatetool/archi/commit/bcab676beddfbeddffecacf755b6692f0b0151f1",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/archimatetool/archi/compare/release_5.0.2...release_5.1.0", "url": "https://github.com/archimatetool/archi/compare/release_5.0.2...release_5.1.0",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}, },
{ {
"url": "https://github.com/archimatetool/archi/issues/946", "url": "https://github.com/archimatetool/archi/issues/946",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}, },
{ {
"url": "https://github.com/eclipse-emf/org.eclipse.emf/issues/8", "url": "https://github.com/eclipse-emf/org.eclipse.emf/issues/8",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
} }
] ]
} }

77
CVE-2023/CVE-2023-403xx/CVE-2023-40303.json
View File

@ -2,27 +2,92 @@
"id": "CVE-2023-40303", "id": "CVE-2023-40303",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-14T05:15:10.233", "published": "2023-08-14T05:15:10.233",
"lastModified": "2023-08-14T13:06:15.630", "lastModified": "2023-08-21T14:24:42.610",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "GNU inetutils through 2.4 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process." "value": "GNU inetutils through 2.4 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-252"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnu:inetutils:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.4",
"matchCriteriaId": "7262D919-99CB-4C30-94B8-F0D1AD4A628F"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://ftp.gnu.org/gnu/inetutils/", "url": "https://ftp.gnu.org/gnu/inetutils/",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
}, },
{ {
"url": "https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6", "url": "https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://lists.gnu.org/archive/html/bug-inetutils/2023-07/msg00000.html", "url": "https://lists.gnu.org/archive/html/bug-inetutils/2023-07/msg00000.html",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

48
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-08-21T14:00:29.661992+00:00 2023-08-21T16:00:31.634679+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-08-21T13:50:03.827000+00:00 2023-08-21T15:55:47.347000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -34,42 +34,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `3` Recently added CVEs: `0`
* [CVE-2020-28715](CVE-2020/CVE-2020-287xx/CVE-2020-28715.json) (`2023-08-21T12:15:07.913`)
* [CVE-2023-38899](CVE-2023/CVE-2023-388xx/CVE-2023-38899.json) (`2023-08-21T12:15:08.483`)
* [CVE-2023-40735](CVE-2023/CVE-2023-407xx/CVE-2023-40735.json) (`2023-08-21T12:15:09.410`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `50` Recently modified CVEs: `12`
* [CVE-2023-4441](CVE-2023/CVE-2023-44xx/CVE-2023-4441.json) (`2023-08-21T12:47:13.573`) * [CVE-2021-28025](CVE-2021/CVE-2021-280xx/CVE-2021-28025.json) (`2023-08-21T15:41:19.287`)
* [CVE-2023-4442](CVE-2023/CVE-2023-44xx/CVE-2023-4442.json) (`2023-08-21T12:47:13.573`) * [CVE-2022-41984](CVE-2022/CVE-2022-419xx/CVE-2022-41984.json) (`2023-08-21T14:33:50.620`)
* [CVE-2023-39784](CVE-2023/CVE-2023-397xx/CVE-2023-39784.json) (`2023-08-21T12:47:13.573`) * [CVE-2022-36392](CVE-2022/CVE-2022-363xx/CVE-2022-36392.json) (`2023-08-21T14:34:05.403`)
* [CVE-2023-39785](CVE-2023/CVE-2023-397xx/CVE-2023-39785.json) (`2023-08-21T12:47:13.573`) * [CVE-2022-45112](CVE-2022/CVE-2022-451xx/CVE-2022-45112.json) (`2023-08-21T14:34:23.620`)
* [CVE-2023-39786](CVE-2023/CVE-2023-397xx/CVE-2023-39786.json) (`2023-08-21T12:47:13.573`) * [CVE-2022-38973](CVE-2022/CVE-2022-389xx/CVE-2022-38973.json) (`2023-08-21T14:34:40.520`)
* [CVE-2023-39807](CVE-2023/CVE-2023-398xx/CVE-2023-39807.json) (`2023-08-21T12:47:13.573`) * [CVE-2023-2606](CVE-2023/CVE-2023-26xx/CVE-2023-2606.json) (`2023-08-21T14:05:18.320`)
* [CVE-2023-39808](CVE-2023/CVE-2023-398xx/CVE-2023-39808.json) (`2023-08-21T12:47:13.573`) * [CVE-2023-40303](CVE-2023/CVE-2023-403xx/CVE-2023-40303.json) (`2023-08-21T14:24:42.610`)
* [CVE-2023-39809](CVE-2023/CVE-2023-398xx/CVE-2023-39809.json) (`2023-08-21T12:47:13.573`) * [CVE-2023-2802](CVE-2023/CVE-2023-28xx/CVE-2023-2802.json) (`2023-08-21T14:27:16.020`)
* [CVE-2023-4443](CVE-2023/CVE-2023-44xx/CVE-2023-4443.json) (`2023-08-21T12:47:13.573`) * [CVE-2023-22276](CVE-2023/CVE-2023-222xx/CVE-2023-22276.json) (`2023-08-21T14:31:52.990`)
* [CVE-2023-4444](CVE-2023/CVE-2023-44xx/CVE-2023-4444.json) (`2023-08-21T12:47:13.573`) * [CVE-2023-40235](CVE-2023/CVE-2023-402xx/CVE-2023-40235.json) (`2023-08-21T14:38:48.630`)
* [CVE-2023-4445](CVE-2023/CVE-2023-44xx/CVE-2023-4445.json) (`2023-08-21T12:47:13.573`) * [CVE-2023-32267](CVE-2023/CVE-2023-322xx/CVE-2023-32267.json) (`2023-08-21T15:48:26.110`)
* [CVE-2023-4446](CVE-2023/CVE-2023-44xx/CVE-2023-4446.json) (`2023-08-21T12:47:13.573`) * [CVE-2023-39553](CVE-2023/CVE-2023-395xx/CVE-2023-39553.json) (`2023-08-21T15:55:47.347`)
* [CVE-2023-39617](CVE-2023/CVE-2023-396xx/CVE-2023-39617.json) (`2023-08-21T12:47:13.573`)
* [CVE-2023-39618](CVE-2023/CVE-2023-396xx/CVE-2023-39618.json) (`2023-08-21T12:47:13.573`)
* [CVE-2023-4447](CVE-2023/CVE-2023-44xx/CVE-2023-4447.json) (`2023-08-21T12:47:13.573`)
* [CVE-2023-40711](CVE-2023/CVE-2023-407xx/CVE-2023-40711.json) (`2023-08-21T12:47:18.157`)
* [CVE-2023-4434](CVE-2023/CVE-2023-44xx/CVE-2023-4434.json) (`2023-08-21T12:47:18.157`)
* [CVE-2023-4435](CVE-2023/CVE-2023-44xx/CVE-2023-4435.json) (`2023-08-21T12:47:18.157`)
* [CVE-2023-37369](CVE-2023/CVE-2023-373xx/CVE-2023-37369.json) (`2023-08-21T12:47:18.157`)
* [CVE-2023-37250](CVE-2023/CVE-2023-372xx/CVE-2023-37250.json) (`2023-08-21T12:47:18.157`)
* [CVE-2023-4451](CVE-2023/CVE-2023-44xx/CVE-2023-4451.json) (`2023-08-21T12:47:18.157`)
* [CVE-2023-36674](CVE-2023/CVE-2023-366xx/CVE-2023-36674.json) (`2023-08-21T12:47:18.157`)
* [CVE-2023-21235](CVE-2023/CVE-2023-212xx/CVE-2023-21235.json) (`2023-08-21T13:37:06.693`)
* [CVE-2023-38857](CVE-2023/CVE-2023-388xx/CVE-2023-38857.json) (`2023-08-21T13:48:29.323`)
* [CVE-2023-4349](CVE-2023/CVE-2023-43xx/CVE-2023-4349.json) (`2023-08-21T13:50:03.827`)
## Download and Usage ## Download and Usage