admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-07-06T23:55:25.620723+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-07-06 23:55:28 +00:00
parent ce70999c95
commit 1291cf32af
16 changed files with 950 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
CVE-2020/CVE-2020-267xx/CVE-2020-26710.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2020-26710",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-29T21:15:09.300",
"lastModified": "2023-06-29T23:57:54.363",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-06T23:36:41.450",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "easy-parse v0.1.1 was discovered to contain a XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:easy-parse_project:easy-parse:0.1.1:*:*:*:*:python:*:*",
"matchCriteriaId": "EB0A0B5F-732F-415A-8ADC-63820D211B89"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/uncmath25/easy-parse/issues/3",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-208xx/CVE-2023-20899.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-20899",
"sourceIdentifier": "security@vmware.com",
"published": "2023-07-06T23:15:09.280",
"lastModified": "2023-07-06T23:15:09.280",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "VMware SD-WAN (Edge) contains a bypass authentication vulnerability. An unauthenticated attacker can download the Diagnostic bundle of the application under VMware SD-WAN Management."
}
],
"metrics": {},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0015.html",
"source": "security@vmware.com"
}
]
}

55
CVE-2023/CVE-2023-312xx/CVE-2023-31277.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31277",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-07-06T23:15:09.367",
"lastModified": "2023-07-06T23:15:09.367",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\nPiiGAB M-Bus transmits credentials in plaintext format.\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-523"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-01",
"source": "ics-cert@hq.dhs.gov"
}
]
}

83
CVE-2023/CVE-2023-326xx/CVE-2023-32612.json
View File

@ -2,23 +2,96 @@
"id": "CVE-2023-32612",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-30T05:15:09.453",
"lastModified": "2023-06-30T12:59:54.343",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-06T23:37:22.313",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:wavlink:wl-wn531ax2_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023526",
"matchCriteriaId": "E1BA2D27-2496-4573-AE8A-34D601424809"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:wavlink:wl-wn531ax2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3242A036-A060-4EEA-B15C-9B3F093275AF"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN78634340/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://www.wavlink.com/en_us/firmware/details/932108ffc5.html",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Product"
]
}
]
}

83
CVE-2023/CVE-2023-326xx/CVE-2023-32613.json
View File

@ -2,23 +2,96 @@
"id": "CVE-2023-32613",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-30T05:15:09.513",
"lastModified": "2023-06-30T12:59:54.343",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-06T23:38:05.257",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Exposure of resource to wrong sphere issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow a network-adjacent attacker to use functions originally available after login without logging in."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:wavlink:wl-wn531ax2_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023526",
"matchCriteriaId": "E1BA2D27-2496-4573-AE8A-34D601424809"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:wavlink:wl-wn531ax2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3242A036-A060-4EEA-B15C-9B3F093275AF"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN78634340/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://www.wavlink.com/en_us/firmware/details/932108ffc5.html",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Product"
]
}
]
}

83
CVE-2023/CVE-2023-326xx/CVE-2023-32620.json
View File

@ -2,23 +2,96 @@
"id": "CVE-2023-32620",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-30T05:15:09.567",
"lastModified": "2023-06-30T12:59:54.343",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-06T23:39:14.747",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper authentication vulnerability in WL-WN531AX2 firmware versions prior to 2023526 allows a network-adjacent attacker to obtain a password for the wireless network."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:wavlink:wl-wn531ax2_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023526",
"matchCriteriaId": "E1BA2D27-2496-4573-AE8A-34D601424809"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:wavlink:wl-wn531ax2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3242A036-A060-4EEA-B15C-9B3F093275AF"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN78634340/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://www.wavlink.com/en_us/firmware/details/932108ffc5.html",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Product"
]
}
]
}

83
CVE-2023/CVE-2023-326xx/CVE-2023-32621.json
View File

@ -2,23 +2,96 @@
"id": "CVE-2023-32621",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-30T05:15:09.617",
"lastModified": "2023-06-30T12:59:54.343",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-06T23:39:27.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to upload arbitrary files and execute OS commands with the root privilege."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:wavlink:wl-wn531ax2_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023526",
"matchCriteriaId": "E1BA2D27-2496-4573-AE8A-34D601424809"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:wavlink:wl-wn531ax2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3242A036-A060-4EEA-B15C-9B3F093275AF"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN78634340/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://www.wavlink.com/en_us/firmware/details/932108ffc5.html",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Product"
]
}
]
}

83
CVE-2023/CVE-2023-326xx/CVE-2023-32622.json
View File

@ -2,23 +2,96 @@
"id": "CVE-2023-32622",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-30T05:15:09.667",
"lastModified": "2023-06-30T12:59:54.343",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-06T23:39:37.940",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of special elements in WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to execute OS commands with the root privilege."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:wavlink:wl-wn531ax2_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023526",
"matchCriteriaId": "E1BA2D27-2496-4573-AE8A-34D601424809"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:wavlink:wl-wn531ax2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3242A036-A060-4EEA-B15C-9B3F093275AF"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN78634340/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://www.wavlink.com/en_us/firmware/details/932108ffc5.html",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Product"
]
}
]
}

55
CVE-2023/CVE-2023-338xx/CVE-2023-33868.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-33868",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-07-06T23:15:09.467",
"lastModified": "2023-07-06T23:15:09.467",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nThe number of login attempts is not limited. This could allow an attacker to perform a brute force on HTTP basic authentication.\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-01",
"source": "ics-cert@hq.dhs.gov"
}
]
}

56
CVE-2023/CVE-2023-34xx/CVE-2023-3490.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3490",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-06-30T22:15:10.327",
"lastModified": "2023-07-03T01:10:10.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-06T23:34:29.743",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +68,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.5.3",
"matchCriteriaId": "FBB9E4E5-B7F6-4CD5-BC9B-BEB53D588084"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/fossbilling/fossbilling/commit/2ddb7438ee0d05f9a9d01555edcfed820960f114",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/4e60ebc1-e00f-48cb-b011-3cefce688ecd",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-34xx/CVE-2023-3493.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3493",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-06-30T22:15:10.460",
"lastModified": "2023-07-03T01:10:10.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-06T23:42:13.627",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +68,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.5.3",
"matchCriteriaId": "FBB9E4E5-B7F6-4CD5-BC9B-BEB53D588084"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/fossbilling/fossbilling/commit/9402d6c4d44b77ccd68d98d1e6cedf782bd913dc",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/e9a272ca-b050-441d-a8cb-4fdecb76ccce",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-359xx/CVE-2023-35987.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-35987",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-07-06T23:15:09.550",
"lastModified": "2023-07-06T23:15:09.550",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\nPiiGAB M-Bus contains hard-coded credentials which it uses for authentication.\n\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-01",
"source": "ics-cert@hq.dhs.gov"
}
]
}

71
CVE-2023/CVE-2023-368xx/CVE-2023-36829.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-36829",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-06T23:15:09.620",
"lastModified": "2023-07-06T23:15:09.620",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the `access-control-allow-credentials: true` HTTP header if the `Origin` request header ends with the `system.base-hostname` option of Sentry installation. This only affects installations that have `system.base-hostname` option explicitly set, as it is empty by default. Impact is limited since recent versions of major browsers have cross-site cookie blocking enabled by default. However, this flaw could allow other multi-step attacks. The patch has been released in Sentry 23.6.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
},
{
"lang": "en",
"value": "CWE-942"
}
]
}
],
"references": [
{
"url": "https://github.com/getsentry/self-hosted/releases/tag/23.6.2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/getsentry/sentry/commit/ee44c6be35e5e464bc40637580f39867898acd8b",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/getsentry/sentry/pull/52276",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/getsentry/sentry/security/advisories/GHSA-4xqm-4p72-87h6",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-368xx/CVE-2023-36859.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-36859",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-07-06T23:15:09.707",
"lastModified": "2023-07-06T23:15:09.707",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nPiiGAB M-Bus \n\nSoftwarePack 900S\n\ndoes not correctly sanitize user input, which could allow an attacker to inject arbitrary commands.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-01",
"source": "ics-cert@hq.dhs.gov"
}
]
}

71
CVE-2023/CVE-2023-373xx/CVE-2023-37300.json
View File

@ -2,23 +2,84 @@
"id": "CVE-2023-37300",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-30T17:15:09.477",
"lastModified": "2023-06-30T18:05:17.307",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-06T23:42:40.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.39.3",
"matchCriteriaId": "DEA20A42-6E1A-4DA2-8869-A49894256285"
}
]
}
]
}
],
"references": [
{
"url": "https://gerrit.wikimedia.org/r/q/I993fdcae1fedb7dd543b35a477026bc727615b0a",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://phabricator.wikimedia.org/T330968",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
]
}
]
}

42
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-07-06T22:00:26.115652+00:00
2023-07-06T23:55:25.620723+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-07-06T21:39:33.310000+00:00
2023-07-06T23:42:40.587000+00:00
```
### Last Data Feed Release
@ -29,36 +29,34 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
219423
219429
```
### CVEs added in the last Commit
Recently added CVEs: `5`
Recently added CVEs: `6`
* [CVE-2023-30195](CVE-2023/CVE-2023-301xx/CVE-2023-30195.json) (`2023-07-06T20:15:09.247`)
* [CVE-2023-35934](CVE-2023/CVE-2023-359xx/CVE-2023-35934.json) (`2023-07-06T20:15:09.333`)
* [CVE-2023-36462](CVE-2023/CVE-2023-364xx/CVE-2023-36462.json) (`2023-07-06T20:15:09.423`)
* [CVE-2023-3531](CVE-2023/CVE-2023-35xx/CVE-2023-3531.json) (`2023-07-06T20:15:09.593`)
* [CVE-2023-29824](CVE-2023/CVE-2023-298xx/CVE-2023-29824.json) (`2023-07-06T21:15:09.060`)
* [CVE-2023-20899](CVE-2023/CVE-2023-208xx/CVE-2023-20899.json) (`2023-07-06T23:15:09.280`)
* [CVE-2023-31277](CVE-2023/CVE-2023-312xx/CVE-2023-31277.json) (`2023-07-06T23:15:09.367`)
* [CVE-2023-33868](CVE-2023/CVE-2023-338xx/CVE-2023-33868.json) (`2023-07-06T23:15:09.467`)
* [CVE-2023-35987](CVE-2023/CVE-2023-359xx/CVE-2023-35987.json) (`2023-07-06T23:15:09.550`)
* [CVE-2023-36829](CVE-2023/CVE-2023-368xx/CVE-2023-36829.json) (`2023-07-06T23:15:09.620`)
* [CVE-2023-36859](CVE-2023/CVE-2023-368xx/CVE-2023-36859.json) (`2023-07-06T23:15:09.707`)
### CVEs modified in the last Commit
Recently modified CVEs: `12`
Recently modified CVEs: `9`
* [CVE-2020-26708](CVE-2020/CVE-2020-267xx/CVE-2020-26708.json) (`2023-07-06T20:59:00.767`)
* [CVE-2020-26709](CVE-2020/CVE-2020-267xx/CVE-2020-26709.json) (`2023-07-06T21:02:24.347`)
* [CVE-2022-46407](CVE-2022/CVE-2022-464xx/CVE-2022-46407.json) (`2023-07-06T20:53:58.867`)
* [CVE-2023-26432](CVE-2023/CVE-2023-264xx/CVE-2023-26432.json) (`2023-07-06T20:05:13.003`)
* [CVE-2023-3529](CVE-2023/CVE-2023-35xx/CVE-2023-3529.json) (`2023-07-06T20:15:09.527`)
* [CVE-2023-2982](CVE-2023/CVE-2023-29xx/CVE-2023-2982.json) (`2023-07-06T21:04:26.413`)
* [CVE-2023-20192](CVE-2023/CVE-2023-201xx/CVE-2023-20192.json) (`2023-07-06T21:08:47.440`)
* [CVE-2023-35935](CVE-2023/CVE-2023-359xx/CVE-2023-35935.json) (`2023-07-06T21:15:09.260`)
* [CVE-2023-21518](CVE-2023/CVE-2023-215xx/CVE-2023-21518.json) (`2023-07-06T21:20:49.410`)
* [CVE-2023-21513](CVE-2023/CVE-2023-215xx/CVE-2023-21513.json) (`2023-07-06T21:23:49.590`)
* [CVE-2023-3390](CVE-2023/CVE-2023-33xx/CVE-2023-3390.json) (`2023-07-06T21:32:34.897`)
* [CVE-2023-3439](CVE-2023/CVE-2023-34xx/CVE-2023-3439.json) (`2023-07-06T21:39:33.310`)
* [CVE-2020-26710](CVE-2020/CVE-2020-267xx/CVE-2020-26710.json) (`2023-07-06T23:36:41.450`)
* [CVE-2023-3490](CVE-2023/CVE-2023-34xx/CVE-2023-3490.json) (`2023-07-06T23:34:29.743`)
* [CVE-2023-32612](CVE-2023/CVE-2023-326xx/CVE-2023-32612.json) (`2023-07-06T23:37:22.313`)
* [CVE-2023-32613](CVE-2023/CVE-2023-326xx/CVE-2023-32613.json) (`2023-07-06T23:38:05.257`)
* [CVE-2023-32620](CVE-2023/CVE-2023-326xx/CVE-2023-32620.json) (`2023-07-06T23:39:14.747`)
* [CVE-2023-32621](CVE-2023/CVE-2023-326xx/CVE-2023-32621.json) (`2023-07-06T23:39:27.227`)
* [CVE-2023-32622](CVE-2023/CVE-2023-326xx/CVE-2023-32622.json) (`2023-07-06T23:39:37.940`)
* [CVE-2023-3493](CVE-2023/CVE-2023-34xx/CVE-2023-3493.json) (`2023-07-06T23:42:13.627`)
* [CVE-2023-37300](CVE-2023/CVE-2023-373xx/CVE-2023-37300.json) (`2023-07-06T23:42:40.587`)
## Download and Usage