admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-06-29T18:00:35.203661+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-06-29 18:00:38 +00:00
parent f82be26fdf
commit 0b7e344fed
30 changed files with 866 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2022/CVE-2022-356xx/CVE-2022-35692.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-35692",
"sourceIdentifier": "psirt@adobe.com",
"published": "2022-08-19T23:15:09.857",
"lastModified": "2022-09-04T19:33:58.237",
"lastModified": "2023-06-29T16:21:23.530",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -40,17 +40,17 @@
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
"value": "NVD-CWE-Other"
}
]
},
{
"source": "nvd@nist.gov",
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{

4
CVE-2022/CVE-2022-359xx/CVE-2022-35928.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-35928",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-08-03T20:15:08.073",
"lastModified": "2022-08-10T15:39:05.917",
"lastModified": "2023-06-29T16:20:54.723",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -65,7 +65,7 @@
"description": [
{
"lang": "en",
"value": "CWE-287"
"value": "CWE-1284"
}
]
},

14
CVE-2022/CVE-2022-35xx/CVE-2022-3592.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-3592",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-01-12T15:15:10.273",
"lastModified": "2023-01-20T07:59:06.550",
"lastModified": "2023-06-29T16:21:29.987",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -36,8 +36,18 @@
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",

14
CVE-2022/CVE-2022-360xx/CVE-2022-36006.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-36006",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-08-15T11:21:40.330",
"lastModified": "2022-08-16T17:00:52.497",
"lastModified": "2023-06-29T16:18:36.677",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -60,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",

14
CVE-2022/CVE-2022-360xx/CVE-2022-36063.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-36063",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-10-10T21:15:11.213",
"lastModified": "2022-10-12T18:17:13.403",
"lastModified": "2023-06-29T16:17:59.717",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -60,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1284"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",

22
CVE-2022/CVE-2022-360xx/CVE-2022-36069.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-36069",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-09-07T19:15:08.563",
"lastModified": "2022-09-13T17:47:37.353",
"lastModified": "2023-06-29T16:17:28.477",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -60,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-88"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -103,16 +113,14 @@
"url": "https://github.com/python-poetry/poetry/releases/tag/1.1.9",
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
"Release Notes"
]
},
{
"url": "https://github.com/python-poetry/poetry/releases/tag/1.2.0b1",
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
"Release Notes"
]
},
{
@ -120,7 +128,7 @@
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
"Vendor Advisory"
]
}
]

4
CVE-2022/CVE-2022-360xx/CVE-2022-36084.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-36084",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-09-08T22:15:08.713",
"lastModified": "2022-09-13T19:54:39.943",
"lastModified": "2023-06-29T16:16:54.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -65,7 +65,7 @@
"description": [
{
"lang": "en",
"value": "CWE-74"
"value": "NVD-CWE-Other"
}
]
},

8
CVE-2023/CVE-2023-22xx/CVE-2023-2253.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2253",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-06-06T20:15:12.493",
"lastModified": "2023-06-13T19:09:09.617",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-29T16:15:09.677",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -91,6 +91,10 @@
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html",
"source": "secalert@redhat.com"
}
]
}

24
CVE-2023/CVE-2023-260xx/CVE-2023-26085.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-26085",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-29T17:15:09.707",
"lastModified": "2023-06-29T17:15:09.707",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A possible out-of-bounds read and write (due to an improper length check of shared memory) was discovered in Arm NN Android-NN-Driver before 23.02."
}
],
"metrics": {},
"references": [
{
"url": "https://developer.arm.com/Arm%20Security%20Center",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ARM-software/android-nn-driver/releases/tag/v23.02",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-266xx/CVE-2023-26612.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-26612",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-29T16:15:09.507",
"lastModified": "2023-06-29T16:15:09.507",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the HostName field in SetParentsControlInfo."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/726232111/VulIoT/tree/main/D-Link/DIR823G%20V1.0.2B05/HNAP1/SetParentsControlInfo",
"source": "cve@mitre.org"
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-266xx/CVE-2023-26613.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-26613",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-29T16:15:09.580",
"lastModified": "2023-06-29T16:15:09.580",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted get request to excu_shel."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/726232111/VulIoT/tree/main/D-Link/DIR823G%20V1.0.2B05/excu_shell",
"source": "cve@mitre.org"
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-266xx/CVE-2023-26616.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-26616",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-29T16:15:09.627",
"lastModified": "2023-06-29T16:15:09.627",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the URL field in SetParentsControlInfo."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/726232111/VulIoT/tree/main/D-Link/DIR823G%20V1.0.2B05/HNAP1/SetParentsControlInfo",
"source": "cve@mitre.org"
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
}
]
}

27
CVE-2023/CVE-2023-29xx/CVE-2023-2907.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2907",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-06-19T13:15:09.580",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-29T17:10:00.027",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,10 +46,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:marksoft:marksoft:*:*:*:*:mobile:*:*:*",
"versionEndIncluding": "7.1.7",
"matchCriteriaId": "A44160CC-6EE6-424D-882A-015CD6E12BE5"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0363",
"source": "cve@usom.gov.tr"
"source": "cve@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-30xx/CVE-2023-3022.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-3022",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-06-19T18:15:09.870",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-29T17:32:50.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the IPv6 module of the Linux kernel. The arg.result was not used consistently in fib6_rule_lookup, sometimes holding rt6_info and other times fib6_info. This was not accounted for in other parts of the code where rt6_info was expected unconditionally, potentially leading to a kernel panic in fib6_rule_suppress."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -23,14 +56,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.1",
"matchCriteriaId": "A1E6CFAF-D31D-4E5F-BB85-AC66A715BFF4"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211440",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/torvalds/linux/commit/a65120bae4b7",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Patch"
]
}
]
}

55
CVE-2023/CVE-2023-312xx/CVE-2023-31222.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31222",
"sourceIdentifier": "security@medtronic.com",
"published": "2023-06-29T16:15:09.777",
"lastModified": "2023-06-29T16:15:09.777",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of untrusted data\u00a0in Microsoft Messaging Queuing Service in Medtronic's Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact a\u00a0healthcare delivery organization\u2019s Paceart Optima system\u00a0cardiac device causing data to be deleted, stolen, or modified, or the Paceart Optima system being used for further network penetration\u00a0via network connectivity."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@medtronic.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@medtronic.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/paceart-optima-system.html",
"source": "security@medtronic.com"
}
]
}

24
CVE-2023/CVE-2023-332xx/CVE-2023-33277.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-33277",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-29T16:15:09.850",
"lastModified": "2023-06-29T16:15:09.850",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 allows a remote attacker to read sensitive files via directory-traversal sequences in the URL."
}
],
"metrics": {},
"references": [
{
"url": "https://www.syss.de/en/responsible-disclosure-policy",
"source": "cve@mitre.org"
},
{
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-015.txt",
"source": "cve@mitre.org"
}
]
}

71
CVE-2023/CVE-2023-33xx/CVE-2023-3306.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3306",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-18T08:15:09.287",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-29T16:25:10.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,57 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ruijie:rg-ew1200g_firmware:ew_3.0\\(1\\)b11p204:*:*:*:*:*:*:*",
"matchCriteriaId": "82E23D3E-4A15-4766-BA4C-98E0679AFFFC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ruijie:rg-ew1200g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D49D3A7-F8C9-4273-B947-21B516DB5877"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/RCEraser/cve/blob/main/RG-EW1200G.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.231802",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.231802",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-346xx/CVE-2023-34658.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-34658",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-29T17:15:09.767",
"lastModified": "2023-06-29T17:15:09.767",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calling the function SFSafariViewController."
}
],
"metrics": {},
"references": [
{
"url": "https://crsrg.sh/crsrg-2308101/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-358xx/CVE-2023-35830.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-35830",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-29T16:15:09.897",
"lastModified": "2023-06-29T16:15:09.897",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "STW (aka Sensor-Technik Wiedemann) TCG-4 Connectivity Module DeploymentPackage_v3.03r0-Impala and DeploymentPackage_v3.04r2-Jellyfish and TCG-4lite Connectivity Module DeploymentPackage_v3.04r2-Jellyfish allow an attacker to gain full remote access with root privileges without the need for authentication, giving an attacker arbitrary remote code execution over LTE / 4G network via SMS."
}
],
"metrics": {},
"references": [
{
"url": "https://www.stw-mobile-machines.com/fileadmin/user_upload/content/STW/PSIRT/STW-IR-23-001.pdf",
"source": "cve@mitre.org"
},
{
"url": "https://www.stw-mobile-machines.com/psirt/",
"source": "cve@mitre.org"
}
]
}

75
CVE-2023/CVE-2023-358xx/CVE-2023-35843.json
View File

@ -2,27 +2,90 @@
"id": "CVE-2023-35843",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-19T18:15:09.830",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-29T17:21:55.743",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nocodb:nocodb:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.106.1",
"matchCriteriaId": "7C43261A-6BC2-447D-9FB3-831FA0916B88"
}
]
}
]
}
],
"references": [
{
"url": "https://advisory.dw1.io/60",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/nocodb/nocodb/blob/6decfa2b20c28db9946bddce0bcb1442b683ecae/packages/nocodb/src/lib/controllers/attachment.ctl.ts#L62-L74",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/nocodb/nocodb/blob/f7ee7e3beb91d313a159895d1edc1aba9d91b0bc/packages/nocodb/src/controllers/attachments.controller.ts#L55-L66",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

71
CVE-2023/CVE-2023-363xx/CVE-2023-36368.json
View File

@ -2,19 +2,82 @@
"id": "CVE-2023-36368",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-22T14:15:09.977",
"lastModified": "2023-06-22T14:49:18.643",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-29T18:00:05.380",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in the cs_bind_ubat component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:monetdb:monetdb:11.45.17:*:*:*:*:*:*:*",
"matchCriteriaId": "FDFC7EDE-25CA-42BF-8D78-5EDBF01ED8F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:monetdb:monetdb:11.46.0:*:*:*:*:*:*:*",
"matchCriteriaId": "547C7347-281D-4B2F-99B3-7C0C8DF14194"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/MonetDB/MonetDB/issues/7379",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-363xx/CVE-2023-36370.json
View File

@ -2,19 +2,82 @@
"id": "CVE-2023-36370",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-22T14:15:10.067",
"lastModified": "2023-06-22T14:49:18.643",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-29T17:50:13.513",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in the gc_col component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:monetdb:monetdb:11.45.17:*:*:*:*:*:*:*",
"matchCriteriaId": "FDFC7EDE-25CA-42BF-8D78-5EDBF01ED8F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:monetdb:monetdb:11.46.0:*:*:*:*:*:*:*",
"matchCriteriaId": "547C7347-281D-4B2F-99B3-7C0C8DF14194"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/MonetDB/MonetDB/issues/7382",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-363xx/CVE-2023-36371.json
View File

@ -2,19 +2,82 @@
"id": "CVE-2023-36371",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-22T14:15:10.117",
"lastModified": "2023-06-22T14:49:18.643",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-29T17:50:18.560",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in the GDKfree component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:monetdb:monetdb:11.45.17:*:*:*:*:*:*:*",
"matchCriteriaId": "FDFC7EDE-25CA-42BF-8D78-5EDBF01ED8F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:monetdb:monetdb:11.46.0:*:*:*:*:*:*:*",
"matchCriteriaId": "547C7347-281D-4B2F-99B3-7C0C8DF14194"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/MonetDB/MonetDB/issues/7385",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-364xx/CVE-2023-36487.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-36487",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-29T17:15:09.813",
"lastModified": "2023-06-29T17:15:09.813",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows remote attackers to take over the account."
}
],
"metrics": {},
"references": [
{
"url": "https://docu.ilias.de/ilias.php?ref_id=1719&obj_id=141694&obj_type=PageObject&cmd=layout&cmdClass=illmpresentationgui&cmdNode=13g&baseClass=ilLMPresentationGUI",
"source": "cve@mitre.org"
},
{
"url": "https://docu.ilias.de/ilias.php?ref_id=1719&obj_id=141703&obj_type=PageObject&cmd=layout&cmdClass=illmpresentationgui&cmdNode=13g&baseClass=ilLMPresentationGUI",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-364xx/CVE-2023-36488.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-36488",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-29T17:15:09.857",
"lastModified": "2023-06-29T17:15:09.857",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ILIAS 7.21 allows stored Cross Site Scripting (XSS)."
}
],
"metrics": {},
"references": [
{
"url": "https://docu.ilias.de/ilias.php?ref_id=1719&obj_id=141704&obj_type=PageObject&cmd=layout&cmdClass=illmpresentationgui&cmdNode=13g&baseClass=ilLMPresentationGUI",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-372xx/CVE-2023-37251.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-37251",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-29T16:15:09.947",
"lastModified": "2023-06-29T16:15:09.947",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs."
}
],
"metrics": {},
"references": [
{
"url": "https://phabricator.wikimedia.org/T333980",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-372xx/CVE-2023-37254.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-37254",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-29T16:15:10.000",
"lastModified": "2023-06-29T16:15:10.000",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format."
}
],
"metrics": {},
"references": [
{
"url": "https://phabricator.wikimedia.org/T331065",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-372xx/CVE-2023-37255.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-37255",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-29T16:15:10.043",
"lastModified": "2023-06-29T16:15:10.043",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the \"get edits\" type is vulnerable to HTML injection through the User-Agent HTTP request header."
}
],
"metrics": {},
"references": [
{
"url": "https://phabricator.wikimedia.org/T333569",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-372xx/CVE-2023-37256.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-37256",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-29T16:15:10.087",
"lastModified": "2023-06-29T16:15:10.087",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. It allows one to store javascript: URLs in URL fields, and automatically links these URLs."
}
],
"metrics": {},
"references": [
{
"url": "https://phabricator.wikimedia.org/T331311",
"source": "cve@mitre.org"
}
]
}

76
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-06-29T16:00:30.629401+00:00
2023-06-29T18:00:35.203661+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-06-29T15:50:03.207000+00:00
2023-06-29T18:00:05.380000+00:00
```
### Last Data Feed Release
@ -29,56 +29,48 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
218882
218896
```
### CVEs added in the last Commit
Recently added CVEs: `12`
Recently added CVEs: `14`
* [CVE-2015-1313](CVE-2015/CVE-2015-13xx/CVE-2015-1313.json) (`2023-06-29T15:15:09.190`)
* [CVE-2023-34486](CVE-2023/CVE-2023-344xx/CVE-2023-34486.json) (`2023-06-29T14:15:09.633`)
* [CVE-2023-34487](CVE-2023/CVE-2023-344xx/CVE-2023-34487.json) (`2023-06-29T14:15:09.693`)
* [CVE-2023-34735](CVE-2023/CVE-2023-347xx/CVE-2023-34735.json) (`2023-06-29T14:15:09.740`)
* [CVE-2023-3457](CVE-2023/CVE-2023-34xx/CVE-2023-3457.json) (`2023-06-29T14:15:09.807`)
* [CVE-2023-3458](CVE-2023/CVE-2023-34xx/CVE-2023-3458.json) (`2023-06-29T14:15:09.887`)
* [CVE-2023-33466](CVE-2023/CVE-2023-334xx/CVE-2023-33466.json) (`2023-06-29T15:15:09.483`)
* [CVE-2023-34598](CVE-2023/CVE-2023-345xx/CVE-2023-34598.json) (`2023-06-29T15:15:09.530`)
* [CVE-2023-34599](CVE-2023/CVE-2023-345xx/CVE-2023-34599.json) (`2023-06-29T15:15:09.570`)
* [CVE-2023-34656](CVE-2023/CVE-2023-346xx/CVE-2023-34656.json) (`2023-06-29T15:15:09.613`)
* [CVE-2023-34844](CVE-2023/CVE-2023-348xx/CVE-2023-34844.json) (`2023-06-29T15:15:09.657`)
* [CVE-2023-34849](CVE-2023/CVE-2023-348xx/CVE-2023-34849.json) (`2023-06-29T15:15:09.697`)
* [CVE-2023-26612](CVE-2023/CVE-2023-266xx/CVE-2023-26612.json) (`2023-06-29T16:15:09.507`)
* [CVE-2023-26613](CVE-2023/CVE-2023-266xx/CVE-2023-26613.json) (`2023-06-29T16:15:09.580`)
* [CVE-2023-26616](CVE-2023/CVE-2023-266xx/CVE-2023-26616.json) (`2023-06-29T16:15:09.627`)
* [CVE-2023-31222](CVE-2023/CVE-2023-312xx/CVE-2023-31222.json) (`2023-06-29T16:15:09.777`)
* [CVE-2023-33277](CVE-2023/CVE-2023-332xx/CVE-2023-33277.json) (`2023-06-29T16:15:09.850`)
* [CVE-2023-35830](CVE-2023/CVE-2023-358xx/CVE-2023-35830.json) (`2023-06-29T16:15:09.897`)
* [CVE-2023-37251](CVE-2023/CVE-2023-372xx/CVE-2023-37251.json) (`2023-06-29T16:15:09.947`)
* [CVE-2023-37254](CVE-2023/CVE-2023-372xx/CVE-2023-37254.json) (`2023-06-29T16:15:10.000`)
* [CVE-2023-37255](CVE-2023/CVE-2023-372xx/CVE-2023-37255.json) (`2023-06-29T16:15:10.043`)
* [CVE-2023-37256](CVE-2023/CVE-2023-372xx/CVE-2023-37256.json) (`2023-06-29T16:15:10.087`)
* [CVE-2023-26085](CVE-2023/CVE-2023-260xx/CVE-2023-26085.json) (`2023-06-29T17:15:09.707`)
* [CVE-2023-34658](CVE-2023/CVE-2023-346xx/CVE-2023-34658.json) (`2023-06-29T17:15:09.767`)
* [CVE-2023-36487](CVE-2023/CVE-2023-364xx/CVE-2023-36487.json) (`2023-06-29T17:15:09.813`)
* [CVE-2023-36488](CVE-2023/CVE-2023-364xx/CVE-2023-36488.json) (`2023-06-29T17:15:09.857`)
### CVEs modified in the last Commit
Recently modified CVEs: `103`
Recently modified CVEs: `15`
* [CVE-2023-3439](CVE-2023/CVE-2023-34xx/CVE-2023-3439.json) (`2023-06-29T15:35:43.220`)
* [CVE-2023-34647](CVE-2023/CVE-2023-346xx/CVE-2023-34647.json) (`2023-06-29T15:35:43.220`)
* [CVE-2023-34736](CVE-2023/CVE-2023-347xx/CVE-2023-34736.json) (`2023-06-29T15:35:43.220`)
* [CVE-2023-36474](CVE-2023/CVE-2023-364xx/CVE-2023-36474.json) (`2023-06-29T15:35:43.220`)
* [CVE-2023-3357](CVE-2023/CVE-2023-33xx/CVE-2023-3357.json) (`2023-06-29T15:35:43.220`)
* [CVE-2023-3358](CVE-2023/CVE-2023-33xx/CVE-2023-3358.json) (`2023-06-29T15:35:43.220`)
* [CVE-2023-3359](CVE-2023/CVE-2023-33xx/CVE-2023-3359.json) (`2023-06-29T15:35:43.220`)
* [CVE-2023-36475](CVE-2023/CVE-2023-364xx/CVE-2023-36475.json) (`2023-06-29T15:35:43.220`)
* [CVE-2023-33661](CVE-2023/CVE-2023-336xx/CVE-2023-33661.json) (`2023-06-29T15:35:43.220`)
* [CVE-2023-34738](CVE-2023/CVE-2023-347xx/CVE-2023-34738.json) (`2023-06-29T15:35:43.220`)
* [CVE-2023-34843](CVE-2023/CVE-2023-348xx/CVE-2023-34843.json) (`2023-06-29T15:35:43.220`)
* [CVE-2023-32610](CVE-2023/CVE-2023-326xx/CVE-2023-32610.json) (`2023-06-29T15:35:43.220`)
* [CVE-2023-36476](CVE-2023/CVE-2023-364xx/CVE-2023-36476.json) (`2023-06-29T15:35:43.220`)
* [CVE-2023-1602](CVE-2023/CVE-2023-16xx/CVE-2023-1602.json) (`2023-06-29T15:35:43.220`)
* [CVE-2023-2982](CVE-2023/CVE-2023-29xx/CVE-2023-2982.json) (`2023-06-29T15:35:43.220`)
* [CVE-2023-37237](CVE-2023/CVE-2023-372xx/CVE-2023-37237.json) (`2023-06-29T15:35:43.220`)
* [CVE-2023-34648](CVE-2023/CVE-2023-346xx/CVE-2023-34648.json) (`2023-06-29T15:35:43.220`)
* [CVE-2023-34734](CVE-2023/CVE-2023-347xx/CVE-2023-34734.json) (`2023-06-29T15:35:43.220`)
* [CVE-2023-34831](CVE-2023/CVE-2023-348xx/CVE-2023-34831.json) (`2023-06-29T15:35:43.220`)
* [CVE-2023-34834](CVE-2023/CVE-2023-348xx/CVE-2023-34834.json) (`2023-06-29T15:35:43.220`)
* [CVE-2023-3447](CVE-2023/CVE-2023-34xx/CVE-2023-3447.json) (`2023-06-29T15:35:43.220`)
* [CVE-2023-22886](CVE-2023/CVE-2023-228xx/CVE-2023-22886.json) (`2023-06-29T15:35:43.220`)
* [CVE-2023-36617](CVE-2023/CVE-2023-366xx/CVE-2023-36617.json) (`2023-06-29T15:35:43.220`)
* [CVE-2023-30904](CVE-2023/CVE-2023-309xx/CVE-2023-30904.json) (`2023-06-29T15:40:01.620`)
* [CVE-2023-30905](CVE-2023/CVE-2023-309xx/CVE-2023-30905.json) (`2023-06-29T15:49:56.300`)
* [CVE-2022-36084](CVE-2022/CVE-2022-360xx/CVE-2022-36084.json) (`2023-06-29T16:16:54.117`)
* [CVE-2022-36069](CVE-2022/CVE-2022-360xx/CVE-2022-36069.json) (`2023-06-29T16:17:28.477`)
* [CVE-2022-36063](CVE-2022/CVE-2022-360xx/CVE-2022-36063.json) (`2023-06-29T16:17:59.717`)
* [CVE-2022-36006](CVE-2022/CVE-2022-360xx/CVE-2022-36006.json) (`2023-06-29T16:18:36.677`)
* [CVE-2022-35928](CVE-2022/CVE-2022-359xx/CVE-2022-35928.json) (`2023-06-29T16:20:54.723`)
* [CVE-2022-35692](CVE-2022/CVE-2022-356xx/CVE-2022-35692.json) (`2023-06-29T16:21:23.530`)
* [CVE-2022-3592](CVE-2022/CVE-2022-35xx/CVE-2022-3592.json) (`2023-06-29T16:21:29.987`)
* [CVE-2023-2253](CVE-2023/CVE-2023-22xx/CVE-2023-2253.json) (`2023-06-29T16:15:09.677`)
* [CVE-2023-3306](CVE-2023/CVE-2023-33xx/CVE-2023-3306.json) (`2023-06-29T16:25:10.917`)
* [CVE-2023-2907](CVE-2023/CVE-2023-29xx/CVE-2023-2907.json) (`2023-06-29T17:10:00.027`)
* [CVE-2023-35843](CVE-2023/CVE-2023-358xx/CVE-2023-35843.json) (`2023-06-29T17:21:55.743`)
* [CVE-2023-3022](CVE-2023/CVE-2023-30xx/CVE-2023-3022.json) (`2023-06-29T17:32:50.937`)
* [CVE-2023-36370](CVE-2023/CVE-2023-363xx/CVE-2023-36370.json) (`2023-06-29T17:50:13.513`)
* [CVE-2023-36371](CVE-2023/CVE-2023-363xx/CVE-2023-36371.json) (`2023-06-29T17:50:18.560`)
* [CVE-2023-36368](CVE-2023/CVE-2023-363xx/CVE-2023-36368.json) (`2023-06-29T18:00:05.380`)
## Download and Usage