admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-31T22:00:24.364248+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-31 22:00:27 +00:00
parent 175716aa85
commit 11c6a90cd2
26 changed files with 1413 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
CVE-2020/CVE-2020-189xx/CVE-2020-18912.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2020-18912", "id": "CVE-2020-18912",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-29T23:15:07.980", "published": "2023-08-29T23:15:07.980",
"lastModified": "2023-08-29T23:49:20.647", "lastModified": "2023-08-31T20:34:31.370",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue found in Earcms Ear App v.20181124 allows a remote attacker to execute arbitrary code via the uload/index-uplog.php." "value": "An issue found in Earcms Ear App v.20181124 allows a remote attacker to execute arbitrary code via the uload/index-uplog.php."
},
{
"lang": "es",
"value": "Un problema encontrado en Earcms Ear App v20181124 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de \"uload/index-uplog.php\"."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:earcms:ear:2018-11-24:*:*:*:*:*:*:*",
"matchCriteriaId": "FBED1480-6629-4EAF-A15D-FEF32D9818D6"
}
]
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://www.cnblogs.com/hantom/p/10621198.html", "url": "https://www.cnblogs.com/hantom/p/10621198.html",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.cnblogs.com/yiwd/archive/2013/03/03/2941269.html", "url": "https://www.cnblogs.com/yiwd/archive/2013/03/03/2941269.html",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

55
CVE-2022/CVE-2022-468xx/CVE-2022-46869.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-46869",
"sourceIdentifier": "security@acronis.com",
"published": "2023-08-31T20:15:08.027",
"lastModified": "2023-08-31T20:15:08.027",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@acronis.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@acronis.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-3835",
"source": "security@acronis.com"
}
]
}

47
CVE-2023/CVE-2023-341xx/CVE-2023-34183.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34183", "id": "CVE-2023-34183",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-30T14:15:09.690", "published": "2023-08-30T14:15:09.690",
"lastModified": "2023-08-31T10:02:10.690", "lastModified": "2023-08-31T20:43:17.427",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +66,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:unitegallery:unite_gallery_lite:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.7.61",
"matchCriteriaId": "644A7E3F-0790-4FD6-9D68-112DDC10F507"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/vulnerability/unite-gallery-lite/wordpress-unite-gallery-lite-plugin-1-7-60-cross-site-scripting-xss-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/vulnerability/unite-gallery-lite/wordpress-unite-gallery-lite-plugin-1-7-60-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

47
CVE-2023/CVE-2023-341xx/CVE-2023-34184.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34184", "id": "CVE-2023-34184",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-30T14:15:09.877", "published": "2023-08-30T14:15:09.877",
"lastModified": "2023-08-31T10:02:10.690", "lastModified": "2023-08-31T20:48:11.473",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +66,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bhavikpatel:woocommerce-order-address-print:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.2",
"matchCriteriaId": "6A50DBF6-0C6A-4136-B16F-EE54883576D1"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/vulnerability/woocommerce-order-address-print/wordpress-woocommerce-order-address-print-plugin-3-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/vulnerability/woocommerce-order-address-print/wordpress-woocommerce-order-address-print-plugin-3-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

47
CVE-2023/CVE-2023-341xx/CVE-2023-34187.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34187", "id": "CVE-2023-34187",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-30T14:15:10.043", "published": "2023-08-30T14:15:10.043",
"lastModified": "2023-08-31T10:02:10.690", "lastModified": "2023-08-31T21:02:52.107",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +66,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:alantien:call_now_icon_animate:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "0.1.0",
"matchCriteriaId": "2BAFBB85-4719-425A-B4FA-3F16563EE111"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/vulnerability/call-now-icon-animate/wordpress-call-now-icon-animate-plugin-0-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/vulnerability/call-now-icon-animate/wordpress-call-now-icon-animate-plugin-0-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

59
CVE-2023/CVE-2023-393xx/CVE-2023-39350.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-39350",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T20:15:08.170",
"lastModified": "2023-08-31T20:15:08.170",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-191"
}
]
}
],
"references": [
{
"url": "https://github.com/FreeRDP/FreeRDP/commit/e204fc8be5a372626b13f66daf2abafe71dbc2dc",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrrv-3w42-pffh",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-393xx/CVE-2023-39351.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-39351",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T20:15:08.280",
"lastModified": "2023-08-31T20:15:08.280",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling. Inside the `rfx_process_message_tileset` function, the program allocates tiles using `rfx_allocate_tiles` for the number of numTiles. If the initialization process of tiles is not completed for various reasons, tiles will have a NULL pointer. Which may be accessed in further processing and would cause a program crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q9x9-cqjc-rgwq",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-393xx/CVE-2023-39352.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-39352",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T21:15:07.873",
"lastModified": "2023-08-31T21:15:07.873",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values `rect->left` and `rect->top` are exactly equal to `surface->width` and `surface->height`. eg. `rect->left` == `surface->width` && `rect->top` == `surface->height`. In practice this should cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://github.com/FreeRDP/FreeRDP/blob/63a2f65618748c12f79ff7450d46c6e194f2db76/libfreerdp/gdi/gfx.c#L1219-L1239",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-whwr-qcf2-2mvj",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-393xx/CVE-2023-39353.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-39353",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T21:15:08.213",
"lastModified": "2023-08-31T21:15:08.213",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the `libfreerdp/codec/rfx.c` file there is no offset validation in `tile->quantIdxY`, `tile->quantIdxCb`, and `tile->quantIdxCr`. As a result crafted input can lead to an out of bounds read access which in turn will cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://github.com/FreeRDP/FreeRDP/blob/63a2f65618748c12f79ff7450d46c6e194f2db76/libfreerdp/codec/rfx.c#L994-L996",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hg53-9j9h-3c8f",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-393xx/CVE-2023-39354.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-39354",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T20:15:08.367",
"lastModified": "2023-08-31T20:15:08.367",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` without checking if it contains data of sufficient length. Should an attacker be able to leverage this vulnerability they may be able to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://github.com/FreeRDP/FreeRDP/commit/cd1da25a87358eb3b5512fd259310e95b19a05ec",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c3r2-pxxp-f8r6",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-393xx/CVE-2023-39355.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-39355",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T20:15:08.457",
"lastModified": "2023-08-31T20:15:08.457",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Versions of FreeRDP on the 3.x release branch before beta3 are subject to a Use-After-Free in processing `RDPGFX_CMDID_RESETGRAPHICS` packets. If `context->maxPlaneSize` is 0, `context->planesBuffer` will be freed. However, without updating `context->planesBuffer`, this leads to a Use-After-Free exploit vector. In most environments this should only result in a crash. This issue has been addressed in version 3.0.0-beta3 and users of the beta 3.x releases are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://github.com/FreeRDP/FreeRDP/commit/d6f9d33a7db0b346195b6a15b5b99944ba41beee",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hvwj-vmg6-2f5h",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2023/CVE-2023-393xx/CVE-2023-39356.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-39356",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T21:15:08.390",
"lastModified": "2023-08-31T21:15:08.390",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function `gdi_multi_opaque_rect`. In particular there is no code to validate if the value `multi_opaque_rect->numRectangles` is less than 45. Looping through `multi_opaque_rect->`numRectangles without proper boundary checks can lead to Out-of-Bounds Read errors which will likely lead to a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://github.com/FreeRDP/FreeRDP/blob/63a2f65618748c12f79ff7450d46c6e194f2db76/include/freerdp/primary.h#L186-L196",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/FreeRDP/FreeRDP/blob/63a2f65618748c12f79ff7450d46c6e194f2db76/libfreerdp/core/orders.c#L1503-L1504",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/FreeRDP/FreeRDP/blob/63a2f65618748c12f79ff7450d46c6e194f2db76/libfreerdp/gdi/gdi.c#L723C1-L758",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5v5-qhj5-mh6m",
"source": "security-advisories@github.com"
}
]
}

70
CVE-2023/CVE-2023-395xx/CVE-2023-39558.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-39558", "id": "CVE-2023-39558",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-29T23:15:08.827", "published": "2023-08-29T23:15:08.827",
"lastModified": "2023-08-29T23:49:20.647", "lastModified": "2023-08-31T20:10:44.260",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "AudimexEE v15.0 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the Show Kai Data component." "value": "AudimexEE v15.0 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the Show Kai Data component."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:web-audimex:audimexee:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D48549E4-C7C3-4020-8A27-3EAFF4E47F23"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://en.web-audimex.com/", "url": "https://en.web-audimex.com/",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
}, },
{ {
"url": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-2023-39558.md", "url": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-2023-39558.md",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
]
} }
] ]
} }

73
CVE-2023/CVE-2023-395xx/CVE-2023-39559.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-39559", "id": "CVE-2023-39559",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-29T23:15:08.967", "published": "2023-08-29T23:15:08.967",
"lastModified": "2023-08-29T23:49:20.647", "lastModified": "2023-08-31T20:05:28.393",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "AudimexEE 15.0 was discovered to contain a full path disclosure vulnerability." "value": "AudimexEE 15.0 was discovered to contain a full path disclosure vulnerability."
},
{
"lang": "es",
"value": "Se ha descubierto que AudimexEE v15.0 contiene una vulnerabilidad de divulgaci\u00f3n de ruta completa. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:web-audimex:audimexee:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D48549E4-C7C3-4020-8A27-3EAFF4E47F23"
}
]
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://en.web-audimex.com/", "url": "https://en.web-audimex.com/",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
}, },
{ {
"url": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-2023-39559.md", "url": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-2023-39559.md",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

65
CVE-2023/CVE-2023-396xx/CVE-2023-39615.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-39615", "id": "CVE-2023-39615",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-29T17:15:12.527", "published": "2023-08-29T17:15:12.527",
"lastModified": "2023-08-29T18:14:25.027", "lastModified": "2023-08-31T20:15:34.983",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file." "value": "Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C8E29C6-1739-4360-A026-01ABD987031A"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/535", "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/535",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
]
} }
] ]
} }

70
CVE-2023/CVE-2023-396xx/CVE-2023-39616.json
View File

@ -2,19 +2,81 @@
"id": "CVE-2023-39616", "id": "CVE-2023-39616",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-29T17:15:12.633", "published": "2023-08-29T17:15:12.633",
"lastModified": "2023-08-29T18:14:25.027", "lastModified": "2023-08-31T20:23:23.827",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h." "value": "AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h."
},
{
"lang": "es",
"value": "Se ha descubierto que AOMedia v3.0.0 a v3.5.0 contiene un acceso no v\u00e1lido a la memoria de lectura a trav\u00e9s del componente \"assign_frame_buffer_p in av1/common/av1_common_int.h. \"."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aomedia:aomedia:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndIncluding": "3.5.0",
"matchCriteriaId": "CAF85870-799A-4A12-B6E7-62A63B77CC6A"
}
]
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=3372#c3", "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=3372#c3",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
]
} }
] ]
} }

53
CVE-2023/CVE-2023-39xx/CVE-2023-3992.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-3992", "id": "CVE-2023-3992",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-30T15:15:09.493", "published": "2023-08-30T15:15:09.493",
"lastModified": "2023-08-31T10:02:10.690", "lastModified": "2023-08-31T21:17:17.220",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The PostX WordPress plugin before 3.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" "value": "The PostX WordPress plugin before 3.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "contact@wpscan.com", "source": "contact@wpscan.com",
@ -23,10 +46,32 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpxpo:postx:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.0.6",
"matchCriteriaId": "4DF675DD-A7D2-4F45-8A7B-61FE3DE5E23F"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://wpscan.com/vulnerability/c43b669f-0377-4402-833c-817b75001888", "url": "https://wpscan.com/vulnerability/c43b669f-0377-4402-833c-817b75001888",
"source": "contact@wpscan.com" "source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

64
CVE-2023/CVE-2023-415xx/CVE-2023-41537.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-41537", "id": "CVE-2023-41537",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-30T14:15:10.847", "published": "2023-08-30T14:15:10.847",
"lastModified": "2023-08-31T10:02:10.690", "lastModified": "2023-08-31T21:06:11.770",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "phpjabbers Business Directory Script 3.2 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter." "value": "phpjabbers Business Directory Script 3.2 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpjabbers:business_directory_script:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "359566F7-E057-4F40-9D16-33D8BDF0C5A7"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Business-Directory-Script-Version%3A3.2", "url": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Business-Directory-Script-Version%3A3.2",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

64
CVE-2023/CVE-2023-415xx/CVE-2023-41538.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-41538", "id": "CVE-2023-41538",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-30T14:15:11.023", "published": "2023-08-30T14:15:11.023",
"lastModified": "2023-08-31T10:02:10.690", "lastModified": "2023-08-31T21:14:02.197",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "phpjabbers PHP Forum Script 3.0 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter." "value": "phpjabbers PHP Forum Script 3.0 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpjabbers:php_forum_script:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E52E6313-BBF9-4487-BF57-0F9D8B3644A9"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/PHP-Forum-Script-3.0", "url": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/PHP-Forum-Script-3.0",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

4
CVE-2023/CVE-2023-417xx/CVE-2023-41743.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-41743", "id": "CVE-2023-41743",
"sourceIdentifier": "security@acronis.com", "sourceIdentifier": "security@acronis.com",
"published": "2023-08-31T16:15:10.270", "published": "2023-08-31T16:15:10.270",
"lastModified": "2023-08-31T17:25:54.340", "lastModified": "2023-08-31T20:15:08.560",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173, Acronis Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979." "value": "Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979."
} }
], ],
"metrics": { "metrics": {

55
CVE-2023/CVE-2023-417xx/CVE-2023-41749.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41749",
"sourceIdentifier": "security@acronis.com",
"published": "2023-08-31T21:15:08.583",
"lastModified": "2023-08-31T21:15:08.583",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Windows) before build 32047, Acronis Cyber Protect 15 (Windows) before build 35979."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@acronis.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@acronis.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-5287",
"source": "security@acronis.com"
}
]
}

55
CVE-2023/CVE-2023-417xx/CVE-2023-41750.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41750",
"sourceIdentifier": "security@acronis.com",
"published": "2023-08-31T21:15:08.790",
"lastModified": "2023-08-31T21:15:08.790",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 32047."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@acronis.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@acronis.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-5382",
"source": "security@acronis.com"
}
]
}

55
CVE-2023/CVE-2023-417xx/CVE-2023-41751.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41751",
"sourceIdentifier": "security@acronis.com",
"published": "2023-08-31T21:15:08.963",
"lastModified": "2023-08-31T21:15:08.963",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to improper token expiration validation. The following products are affected: Acronis Agent (Windows) before build 32047."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@acronis.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@acronis.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-5615",
"source": "security@acronis.com"
}
]
}

59
CVE-2023/CVE-2023-42xx/CVE-2023-4299.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4299",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-08-31T21:15:09.183",
"lastModified": "2023-08-31T21:15:09.183",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nDigi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-836"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf",
"source": "ics-cert@hq.dhs.gov"
}
]
}

55
CVE-2023/CVE-2023-46xx/CVE-2023-4688.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-4688",
"sourceIdentifier": "security@acronis.com",
"published": "2023-08-31T21:15:09.417",
"lastModified": "2023-08-31T21:15:09.417",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Sensitive information leak through log files. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35433."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@acronis.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@acronis.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-5782",
"source": "security@acronis.com"
}
]
}

69
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-08-31T20:00:25.305280+00:00 2023-08-31T22:00:24.364248+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-08-31T19:15:11.473000+00:00 2023-08-31T21:17:17.220000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,53 +29,44 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
223842 223855
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `9` Recently added CVEs: `13`
* [CVE-2022-40214](CVE-2022/CVE-2022-402xx/CVE-2022-40214.json) (`2023-08-31T19:15:08.340`) * [CVE-2022-46869](CVE-2022/CVE-2022-468xx/CVE-2022-46869.json) (`2023-08-31T20:15:08.027`)
* [CVE-2023-41034](CVE-2023/CVE-2023-410xx/CVE-2023-41034.json) (`2023-08-31T18:15:09.020`) * [CVE-2023-39350](CVE-2023/CVE-2023-393xx/CVE-2023-39350.json) (`2023-08-31T20:15:08.170`)
* [CVE-2023-41044](CVE-2023/CVE-2023-410xx/CVE-2023-41044.json) (`2023-08-31T18:15:09.187`) * [CVE-2023-39351](CVE-2023/CVE-2023-393xx/CVE-2023-39351.json) (`2023-08-31T20:15:08.280`)
* [CVE-2023-41045](CVE-2023/CVE-2023-410xx/CVE-2023-41045.json) (`2023-08-31T18:15:09.280`) * [CVE-2023-39354](CVE-2023/CVE-2023-393xx/CVE-2023-39354.json) (`2023-08-31T20:15:08.367`)
* [CVE-2023-41745](CVE-2023/CVE-2023-417xx/CVE-2023-41745.json) (`2023-08-31T18:15:09.373`) * [CVE-2023-39355](CVE-2023/CVE-2023-393xx/CVE-2023-39355.json) (`2023-08-31T20:15:08.457`)
* [CVE-2023-41746](CVE-2023/CVE-2023-417xx/CVE-2023-41746.json) (`2023-08-31T18:15:09.453`) * [CVE-2023-39352](CVE-2023/CVE-2023-393xx/CVE-2023-39352.json) (`2023-08-31T21:15:07.873`)
* [CVE-2023-41747](CVE-2023/CVE-2023-417xx/CVE-2023-41747.json) (`2023-08-31T18:15:09.523`) * [CVE-2023-39353](CVE-2023/CVE-2023-393xx/CVE-2023-39353.json) (`2023-08-31T21:15:08.213`)
* [CVE-2023-41748](CVE-2023/CVE-2023-417xx/CVE-2023-41748.json) (`2023-08-31T18:15:09.587`) * [CVE-2023-39356](CVE-2023/CVE-2023-393xx/CVE-2023-39356.json) (`2023-08-31T21:15:08.390`)
* [CVE-2023-40589](CVE-2023/CVE-2023-405xx/CVE-2023-40589.json) (`2023-08-31T19:15:11.360`) * [CVE-2023-41749](CVE-2023/CVE-2023-417xx/CVE-2023-41749.json) (`2023-08-31T21:15:08.583`)
* [CVE-2023-41750](CVE-2023/CVE-2023-417xx/CVE-2023-41750.json) (`2023-08-31T21:15:08.790`)
* [CVE-2023-41751](CVE-2023/CVE-2023-417xx/CVE-2023-41751.json) (`2023-08-31T21:15:08.963`)
* [CVE-2023-4299](CVE-2023/CVE-2023-42xx/CVE-2023-4299.json) (`2023-08-31T21:15:09.183`)
* [CVE-2023-4688](CVE-2023/CVE-2023-46xx/CVE-2023-4688.json) (`2023-08-31T21:15:09.417`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `69` Recently modified CVEs: `12`
* [CVE-2023-4546](CVE-2023/CVE-2023-45xx/CVE-2023-4546.json) (`2023-08-31T18:51:33.963`) * [CVE-2020-18912](CVE-2020/CVE-2020-189xx/CVE-2020-18912.json) (`2023-08-31T20:34:31.370`)
* [CVE-2023-40587](CVE-2023/CVE-2023-405xx/CVE-2023-40587.json) (`2023-08-31T18:51:48.433`) * [CVE-2023-39559](CVE-2023/CVE-2023-395xx/CVE-2023-39559.json) (`2023-08-31T20:05:28.393`)
* [CVE-2023-32678](CVE-2023/CVE-2023-326xx/CVE-2023-32678.json) (`2023-08-31T18:52:21.143`) * [CVE-2023-39558](CVE-2023/CVE-2023-395xx/CVE-2023-39558.json) (`2023-08-31T20:10:44.260`)
* [CVE-2023-40787](CVE-2023/CVE-2023-407xx/CVE-2023-40787.json) (`2023-08-31T18:53:45.687`) * [CVE-2023-41743](CVE-2023/CVE-2023-417xx/CVE-2023-41743.json) (`2023-08-31T20:15:08.560`)
* [CVE-2023-26095](CVE-2023/CVE-2023-260xx/CVE-2023-26095.json) (`2023-08-31T18:58:14.647`) * [CVE-2023-39615](CVE-2023/CVE-2023-396xx/CVE-2023-39615.json) (`2023-08-31T20:15:34.983`)
* [CVE-2023-36481](CVE-2023/CVE-2023-364xx/CVE-2023-36481.json) (`2023-08-31T19:03:24.843`) * [CVE-2023-39616](CVE-2023/CVE-2023-396xx/CVE-2023-39616.json) (`2023-08-31T20:23:23.827`)
* [CVE-2023-41363](CVE-2023/CVE-2023-413xx/CVE-2023-41363.json) (`2023-08-31T19:07:05.343`) * [CVE-2023-34183](CVE-2023/CVE-2023-341xx/CVE-2023-34183.json) (`2023-08-31T20:43:17.427`)
* [CVE-2023-1386](CVE-2023/CVE-2023-13xx/CVE-2023-1386.json) (`2023-08-31T19:15:08.630`) * [CVE-2023-34184](CVE-2023/CVE-2023-341xx/CVE-2023-34184.json) (`2023-08-31T20:48:11.473`)
* [CVE-2023-26045](CVE-2023/CVE-2023-260xx/CVE-2023-26045.json) (`2023-08-31T19:15:08.797`) * [CVE-2023-34187](CVE-2023/CVE-2023-341xx/CVE-2023-34187.json) (`2023-08-31T21:02:52.107`)
* [CVE-2023-29407](CVE-2023/CVE-2023-294xx/CVE-2023-29407.json) (`2023-08-31T19:15:08.927`) * [CVE-2023-41537](CVE-2023/CVE-2023-415xx/CVE-2023-41537.json) (`2023-08-31T21:06:11.770`)
* [CVE-2023-29408](CVE-2023/CVE-2023-294xx/CVE-2023-29408.json) (`2023-08-31T19:15:09.037`) * [CVE-2023-41538](CVE-2023/CVE-2023-415xx/CVE-2023-41538.json) (`2023-08-31T21:14:02.197`)
* [CVE-2023-29409](CVE-2023/CVE-2023-294xx/CVE-2023-29409.json) (`2023-08-31T19:15:09.133`) * [CVE-2023-3992](CVE-2023/CVE-2023-39xx/CVE-2023-3992.json) (`2023-08-31T21:17:17.220`)
* [CVE-2023-35009](CVE-2023/CVE-2023-350xx/CVE-2023-35009.json) (`2023-08-31T19:15:09.253`)
* [CVE-2023-36119](CVE-2023/CVE-2023-361xx/CVE-2023-36119.json) (`2023-08-31T19:15:10.073`)
* [CVE-2023-37466](CVE-2023/CVE-2023-374xx/CVE-2023-37466.json) (`2023-08-31T19:15:10.143`)
* [CVE-2023-37903](CVE-2023/CVE-2023-379xx/CVE-2023-37903.json) (`2023-08-31T19:15:10.287`)
* [CVE-2023-38428](CVE-2023/CVE-2023-384xx/CVE-2023-38428.json) (`2023-08-31T19:15:10.410`)
* [CVE-2023-38430](CVE-2023/CVE-2023-384xx/CVE-2023-38430.json) (`2023-08-31T19:15:10.493`)
* [CVE-2023-38432](CVE-2023/CVE-2023-384xx/CVE-2023-38432.json) (`2023-08-31T19:15:10.583`)
* [CVE-2023-38633](CVE-2023/CVE-2023-386xx/CVE-2023-38633.json) (`2023-08-31T19:15:10.663`)
* [CVE-2023-3019](CVE-2023/CVE-2023-30xx/CVE-2023-3019.json) (`2023-08-31T19:15:10.777`)
* [CVE-2023-3180](CVE-2023/CVE-2023-31xx/CVE-2023-3180.json) (`2023-08-31T19:15:10.890`)
* [CVE-2023-3494](CVE-2023/CVE-2023-34xx/CVE-2023-3494.json) (`2023-08-31T19:15:11.010`)
* [CVE-2023-3896](CVE-2023/CVE-2023-38xx/CVE-2023-3896.json) (`2023-08-31T19:15:11.223`)
* [CVE-2023-4009](CVE-2023/CVE-2023-40xx/CVE-2023-4009.json) (`2023-08-31T19:15:11.473`)
## Download and Usage ## Download and Usage