admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-13T08:00:26.015634+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-13 08:00:29 +00:00
parent 32bfe81878
commit 11060905c8
11 changed files with 535 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2023/CVE-2023-263xx/CVE-2023-26366.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-26366",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-10-13T07:15:38.933",
"lastModified": "2023-10-13T07:15:38.933",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction, scope is changed due to the fact that an attacker can enforce file read outside the application's path boundary."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-263xx/CVE-2023-26367.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-26367",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-10-13T07:15:39.767",
"lastModified": "2023-10-13T07:15:39.767",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-382xx/CVE-2023-38218.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-38218",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-10-13T07:15:40.047",
"lastModified": "2023-10-13T07:15:40.047",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-382xx/CVE-2023-38219.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-38219",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-10-13T07:15:40.327",
"lastModified": "2023-10-13T07:15:40.327",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. Payload is stored in an admin area, resulting in high confidentiality and integrity impact."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-382xx/CVE-2023-38220.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-38220",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-10-13T07:15:40.557",
"lastModified": "2023-10-13T07:15:40.557",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Authorization vulnerability that could lead in a security feature bypass in a way that an attacker could access unauthorised data. Exploitation of this issue does not require user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-382xx/CVE-2023-38221.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-38221",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-10-13T07:15:40.777",
"lastModified": "2023-10-13T07:15:40.777",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-382xx/CVE-2023-38249.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-38249",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-10-13T07:15:41.037",
"lastModified": "2023-10-13T07:15:41.037",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-382xx/CVE-2023-38250.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-38250",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-10-13T07:15:41.420",
"lastModified": "2023-10-13T07:15:41.420",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-382xx/CVE-2023-38251.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-38251",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-10-13T07:15:41.577",
"lastModified": "2023-10-13T07:15:41.577",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. Exploitation of this issue does not require user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html",
"source": "psirt@adobe.com"
}
]
}

27
CVE-2023/CVE-2023-55xx/CVE-2023-5554.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5554",
"sourceIdentifier": "dl_cve@linecorp.com",
"published": "2023-10-12T10:15:13.397",
"lastModified": "2023-10-12T12:59:34.797",
"lastModified": "2023-10-13T06:15:51.553",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -10,7 +10,30 @@
"value": "Lack of TLS certificate verification in log transmission of a financial module within LINE Client for iOS prior to 13.16.0."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "dl_cve@linecorp.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "https://hackerone.com/reports/2106827",

39
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-10-13T06:00:24.566789+00:00
2023-10-13T08:00:26.015634+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-10-13T04:15:13.840000+00:00
2023-10-13T07:15:41.577000+00:00
```
### Last Data Feed Release
@ -29,38 +29,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
227724
227733
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `9`
* [CVE-2023-26366](CVE-2023/CVE-2023-263xx/CVE-2023-26366.json) (`2023-10-13T07:15:38.933`)
* [CVE-2023-26367](CVE-2023/CVE-2023-263xx/CVE-2023-26367.json) (`2023-10-13T07:15:39.767`)
* [CVE-2023-38218](CVE-2023/CVE-2023-382xx/CVE-2023-38218.json) (`2023-10-13T07:15:40.047`)
* [CVE-2023-38219](CVE-2023/CVE-2023-382xx/CVE-2023-38219.json) (`2023-10-13T07:15:40.327`)
* [CVE-2023-38220](CVE-2023/CVE-2023-382xx/CVE-2023-38220.json) (`2023-10-13T07:15:40.557`)
* [CVE-2023-38221](CVE-2023/CVE-2023-382xx/CVE-2023-38221.json) (`2023-10-13T07:15:40.777`)
* [CVE-2023-38249](CVE-2023/CVE-2023-382xx/CVE-2023-38249.json) (`2023-10-13T07:15:41.037`)
* [CVE-2023-38250](CVE-2023/CVE-2023-382xx/CVE-2023-38250.json) (`2023-10-13T07:15:41.420`)
* [CVE-2023-38251](CVE-2023/CVE-2023-382xx/CVE-2023-38251.json) (`2023-10-13T07:15:41.577`)
### CVEs modified in the last Commit
Recently modified CVEs: `19`
Recently modified CVEs: `1`
* [CVE-2023-30534](CVE-2023/CVE-2023-305xx/CVE-2023-30534.json) (`2023-10-13T04:15:11.693`)
* [CVE-2023-31132](CVE-2023/CVE-2023-311xx/CVE-2023-31132.json) (`2023-10-13T04:15:11.910`)
* [CVE-2023-39357](CVE-2023/CVE-2023-393xx/CVE-2023-39357.json) (`2023-10-13T04:15:12.090`)
* [CVE-2023-39358](CVE-2023/CVE-2023-393xx/CVE-2023-39358.json) (`2023-10-13T04:15:12.217`)
* [CVE-2023-39359](CVE-2023/CVE-2023-393xx/CVE-2023-39359.json) (`2023-10-13T04:15:12.317`)
* [CVE-2023-39360](CVE-2023/CVE-2023-393xx/CVE-2023-39360.json) (`2023-10-13T04:15:12.443`)
* [CVE-2023-39361](CVE-2023/CVE-2023-393xx/CVE-2023-39361.json) (`2023-10-13T04:15:12.567`)
* [CVE-2023-39362](CVE-2023/CVE-2023-393xx/CVE-2023-39362.json) (`2023-10-13T04:15:12.677`)
* [CVE-2023-39364](CVE-2023/CVE-2023-393xx/CVE-2023-39364.json) (`2023-10-13T04:15:12.777`)
* [CVE-2023-39365](CVE-2023/CVE-2023-393xx/CVE-2023-39365.json) (`2023-10-13T04:15:12.890`)
* [CVE-2023-39366](CVE-2023/CVE-2023-393xx/CVE-2023-39366.json) (`2023-10-13T04:15:13.003`)
* [CVE-2023-39510](CVE-2023/CVE-2023-395xx/CVE-2023-39510.json) (`2023-10-13T04:15:13.100`)
* [CVE-2023-39511](CVE-2023/CVE-2023-395xx/CVE-2023-39511.json) (`2023-10-13T04:15:13.200`)
* [CVE-2023-39512](CVE-2023/CVE-2023-395xx/CVE-2023-39512.json) (`2023-10-13T04:15:13.327`)
* [CVE-2023-39513](CVE-2023/CVE-2023-395xx/CVE-2023-39513.json) (`2023-10-13T04:15:13.423`)
* [CVE-2023-39514](CVE-2023/CVE-2023-395xx/CVE-2023-39514.json) (`2023-10-13T04:15:13.530`)
* [CVE-2023-39515](CVE-2023/CVE-2023-395xx/CVE-2023-39515.json) (`2023-10-13T04:15:13.640`)
* [CVE-2023-39516](CVE-2023/CVE-2023-395xx/CVE-2023-39516.json) (`2023-10-13T04:15:13.740`)
* [CVE-2023-43615](CVE-2023/CVE-2023-436xx/CVE-2023-43615.json) (`2023-10-13T04:15:13.840`)
* [CVE-2023-5554](CVE-2023/CVE-2023-55xx/CVE-2023-5554.json) (`2023-10-13T06:15:51.553`)
## Download and Usage