admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-02T04:00:35.248216+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-02 04:00:38 +00:00
parent 525ecb0f67
commit 13284abda9
26 changed files with 1618 additions and 161 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
CVE-2021/CVE-2021-43xx/CVE-2021-4316.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2021-4316",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-07-29T00:15:10.237",
"lastModified": "2023-07-31T12:55:03.903",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T03:55:33.107",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Cast UI in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to spoof browser UI via a crafted HTML page. (Chromium security severity: Low)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "96.0.4664.45",
"matchCriteriaId": "A6F5F87E-3ECB-443C-851D-E9C88E3DC6DE"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1152952",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

72
CVE-2021/CVE-2021-43xx/CVE-2021-4317.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2021-4317",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-07-29T00:15:10.327",
"lastModified": "2023-07-31T12:55:03.903",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T03:55:42.957",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Use after free in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "96.0.4664.93",
"matchCriteriaId": "61D5ECF4-E8AE-4610-B6DE-641C200FF999"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1260783",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

72
CVE-2021/CVE-2021-43xx/CVE-2021-4318.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2021-4318",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-07-29T00:15:10.383",
"lastModified": "2023-07-31T12:55:03.903",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T03:55:47.293",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Object corruption in Blink in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "94.0.4606.54",
"matchCriteriaId": "DD4C5B39-3BD9-41A9-A220-0AC9D89CDAA6"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1237730",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

72
CVE-2021/CVE-2021-43xx/CVE-2021-4319.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2021-4319",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-07-29T00:15:10.440",
"lastModified": "2023-07-31T12:55:03.903",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T03:55:53.193",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Use after free in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "93.0.4577.82",
"matchCriteriaId": "B5BE60BD-114C-4278-9F01-065274D86699"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1214199",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

72
CVE-2021/CVE-2021-43xx/CVE-2021-4320.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2021-4320",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-07-29T00:15:10.493",
"lastModified": "2023-07-31T12:54:58.620",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T03:55:58.853",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Use after free in Blink in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "92.0.4515.107",
"matchCriteriaId": "D3B28B79-DBC9-423C-B8C7-338CE3A1805F"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1224238",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

72
CVE-2021/CVE-2021-43xx/CVE-2021-4321.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2021-4321",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-07-29T00:15:10.553",
"lastModified": "2023-07-31T12:54:58.620",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T03:56:36.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Policy bypass in Blink in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "91.0.4472.77",
"matchCriteriaId": "E013E0FE-A60A-4C98-91CA-F5D06FD43116"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1161891",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

72
CVE-2021/CVE-2021-43xx/CVE-2021-4322.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2021-4322",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-07-29T00:15:10.610",
"lastModified": "2023-07-31T12:54:58.620",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T03:56:55.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Use after free in DevTools in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "91.0.4472.77",
"matchCriteriaId": "E013E0FE-A60A-4C98-91CA-F5D06FD43116"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1190550",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

72
CVE-2021/CVE-2021-43xx/CVE-2021-4323.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2021-4323",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-07-29T00:15:10.667",
"lastModified": "2023-07-31T12:54:58.620",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T03:57:02.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Insufficient validation of untrusted input in Extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to access local files via a crafted Chrome Extension. (Chromium security severity: Medium)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "90.0.4430.72",
"matchCriteriaId": "AA25EC6D-14D9-4EAA-AA09-065B7DF90FE8"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1176031",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

72
CVE-2021/CVE-2021-43xx/CVE-2021-4324.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2021-4324",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-07-29T00:15:10.720",
"lastModified": "2023-07-31T12:54:58.620",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T03:57:09.120",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Insufficient policy enforcement in Google Update in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to read arbitrary files via a malicious file. (Chromium security severity: Medium)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "90.0.4430.93",
"matchCriteriaId": "4DDD2401-6267-4B1E-BA94-6D79037D5E42"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1193233",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

43
CVE-2022/CVE-2022-23xx/CVE-2022-2346.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-2346",
"sourceIdentifier": "security@octopus.com",
"published": "2023-08-02T02:15:12.507",
"lastModified": "2023-08-02T02:15:12.507",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In affected versions of Octopus Deploy it is possible for a low privileged guest user to interact with extension endpoints."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@octopus.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
]
},
"references": [
{
"url": "https://advisories.octopus.com/post/2023/sa2023-10/",
"source": "security@octopus.com"
}
]
}

72
CVE-2022/CVE-2022-49xx/CVE-2022-4906.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2022-4906",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-07-29T00:15:10.800",
"lastModified": "2023-07-31T12:54:58.620",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T03:57:13.620",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Blink in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "108.0.5359.71",
"matchCriteriaId": "540AD23D-514E-4CDA-BD61-63F304A65613"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1382434",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

72
CVE-2022/CVE-2022-49xx/CVE-2022-4907.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2022-4907",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-07-29T00:15:10.860",
"lastModified": "2023-07-31T12:54:58.620",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T03:57:26.400",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "108.0.5359.71",
"matchCriteriaId": "540AD23D-514E-4CDA-BD61-63F304A65613"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1358168",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

72
CVE-2022/CVE-2022-49xx/CVE-2022-4908.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2022-4908",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-07-29T00:15:10.917",
"lastModified": "2023-07-31T12:54:58.620",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T03:57:36.927",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "107.0.5304.62",
"matchCriteriaId": "6E3E8C15-896B-4126-A53A-771C50A24E4F"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1359122",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

72
CVE-2022/CVE-2022-49xx/CVE-2022-4910.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2022-4910",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-07-29T00:15:11.023",
"lastModified": "2023-07-31T12:54:58.620",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T03:58:33.100",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Autofill in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "107.0.5304.62",
"matchCriteriaId": "6E3E8C15-896B-4126-A53A-771C50A24E4F"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1279268",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-214xx/CVE-2023-21406.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21406",
"sourceIdentifier": "product-security@axis.com",
"published": "2023-07-25T08:15:10.003",
"lastModified": "2023-07-25T13:00:59.687",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T03:53:46.127",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "product-security@axis.com",
"type": "Secondary",
@ -34,10 +54,55 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:axis:a1001_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.65.4",
"matchCriteriaId": "250BA4C3-1498-4C31-9199-ED26336E4467"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:axis:a1001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17AB03CB-201D-4838-AA48-EE2BEABB1DDE"
}
]
}
]
}
],
"references": [
{
"url": "https://www.axis.com/dam/public/1b/21/5f/cve-2023-21406-en-US-407245.pdf",
"source": "product-security@axis.com"
"source": "product-security@axis.com",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-319xx/CVE-2023-31932.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-31932",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-28T14:15:10.007",
"lastModified": "2023-07-28T14:51:32.413",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T03:54:45.403",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-enquiry.php file."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rail_pass_management_system_project:rail_pass_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "352BBD1B-E3E7-4A7F-A2EF-23D1818CC7B7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/DiliLearngent/BugReport/blob/main/php/Rail-Pass-Management-System/bug5-SQL-Injection-viewid.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-319xx/CVE-2023-31933.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-31933",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-28T14:15:10.290",
"lastModified": "2023-07-28T14:51:32.413",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T03:55:03.500",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-pass-detail.php file."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rail_pass_management_system_project:rail_pass_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "352BBD1B-E3E7-4A7F-A2EF-23D1818CC7B7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/DiliLearngent/BugReport/blob/main/php/Rail-Pass-Management-System/bug4-SQL-Injection-editid2.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-319xx/CVE-2023-31934.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-31934",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-28T14:15:10.347",
"lastModified": "2023-07-28T14:51:32.413",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T03:55:08.470",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the adminname parameter of admin-profile.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rail_pass_management_system_project:rail_pass_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "352BBD1B-E3E7-4A7F-A2EF-23D1818CC7B7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/DiliLearngent/BugReport/blob/main/php/Rail-Pass-Management-System/bug1-XSS-in-Admin-Name.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-319xx/CVE-2023-31935.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-31935",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-28T14:15:10.403",
"lastModified": "2023-07-28T14:51:32.413",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T03:55:11.817",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the emial parameter of admin-profile.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rail_pass_management_system_project:rail_pass_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "352BBD1B-E3E7-4A7F-A2EF-23D1818CC7B7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/DiliLearngent/BugReport/blob/main/php/Rail-Pass-Management-System/bug1-XSS-in-Admin-Name.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/DiliLearngent/BugReport/blob/main/php/Rail-Pass-Management-System/bug2-XSS-in-Email-address.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-319xx/CVE-2023-31936.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-31936",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-28T14:15:10.457",
"lastModified": "2023-07-28T14:51:32.413",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T03:55:14.950",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-pass-detail.php file."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rail_pass_management_system_project:rail_pass_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "352BBD1B-E3E7-4A7F-A2EF-23D1818CC7B7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/DiliLearngent/BugReport/blob/main/php/Rail-Pass-Management-System/bug6-SQL-Injection-viewid2.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-319xx/CVE-2023-31937.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-31937",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-28T14:15:10.507",
"lastModified": "2023-07-28T14:51:32.413",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T03:55:18.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-cateogry-detail.php file."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rail_pass_management_system_project:rail_pass_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "352BBD1B-E3E7-4A7F-A2EF-23D1818CC7B7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/DiliLearngent/BugReport/blob/main/php/Rail-Pass-Management-System/bug3-SQL-Injection-editid.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-344xx/CVE-2023-34434.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-34434",
"sourceIdentifier": "security@apache.org",
"published": "2023-07-25T08:15:10.147",
"lastModified": "2023-07-26T07:15:09.590",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T03:53:15.197",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0.\u00a0\n\nThe attacker could bypass the current logic and achieve arbitrary file reading. To solve it, users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8130 .\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
@ -23,18 +46,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:inlong:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.4.0",
"versionEndIncluding": "1.7.0",
"matchCriteriaId": "A758C808-F9C0-43D5-8061-DA3A69751D21"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/43",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/25/3",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread/7f1o71w5r732cspltmtdydn01gllf4jo",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-350xx/CVE-2023-35088.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-35088",
"sourceIdentifier": "security@apache.org",
"published": "2023-07-25T08:15:10.213",
"lastModified": "2023-07-26T07:15:09.787",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T03:53:04.510",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements Used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0.\u00a0\nIn the toAuditCkSql method, the groupId, streamId, auditId, and dt are directly concatenated into the SQL query statement, which may lead to SQL injection attacks.\nUsers are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick [1] to solve it.\n\n[1] https://github.com/apache/inlong/pull/8198 \n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
@ -23,18 +46,49 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:inlong:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.4.0",
"versionEndIncluding": "1.7.0",
"matchCriteriaId": "A758C808-F9C0-43D5-8061-DA3A69751D21"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/43",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/25/4",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread/os7b66x4n8dbtrdpb7c6x37bb1vjb0tk",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-35xx/CVE-2023-3598.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2023-3598",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-07-28T21:15:14.287",
"lastModified": "2023-07-31T12:55:03.903",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T03:55:25.707",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Out of bounds read and write in ANGLE in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "114.0.5735.90",
"matchCriteriaId": "0228D6A1-F19F-4796-A4C2-690B66612ED4"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1427865",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-38xx/CVE-2023-3897.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3897",
"sourceIdentifier": "security@42gears.com",
"published": "2023-07-25T09:15:11.687",
"lastModified": "2023-07-25T13:00:59.687",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T03:52:51.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security@42gears.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
},
{
"source": "security@42gears.com",
"type": "Secondary",
@ -46,10 +76,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:42gears:suremdm:*:*:*:*:on-premise:*:*:*",
"versionEndIncluding": "6.31",
"matchCriteriaId": "78A2FB66-0FBE-40FB-AEEF-1E4FE8658FB7"
}
]
}
]
}
],
"references": [
{
"url": "https://www.42gears.com/security-and-compliance",
"source": "security@42gears.com"
"source": "security@42gears.com",
"tags": [
"Vendor Advisory"
]
}
]
}

78
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-02T02:00:31.995702+00:00
2023-08-02T04:00:35.248216+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-02T01:15:53.020000+00:00
2023-08-02T03:58:33.100000+00:00
```
### Last Data Feed Release
@ -29,62 +29,44 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
221436
221437
```
### CVEs added in the last Commit
Recently added CVEs: `18`
Recently added CVEs: `1`
* [CVE-2023-0632](CVE-2023/CVE-2023-06xx/CVE-2023-0632.json) (`2023-08-02T00:15:16.163`)
* [CVE-2023-1210](CVE-2023/CVE-2023-12xx/CVE-2023-1210.json) (`2023-08-02T00:15:16.430`)
* [CVE-2023-2164](CVE-2023/CVE-2023-21xx/CVE-2023-2164.json) (`2023-08-02T00:15:16.683`)
* [CVE-2023-31428](CVE-2023/CVE-2023-314xx/CVE-2023-31428.json) (`2023-08-02T00:15:16.977`)
* [CVE-2023-31430](CVE-2023/CVE-2023-314xx/CVE-2023-31430.json) (`2023-08-02T00:15:17.187`)
* [CVE-2023-31431](CVE-2023/CVE-2023-314xx/CVE-2023-31431.json) (`2023-08-02T00:15:17.410`)
* [CVE-2023-31432](CVE-2023/CVE-2023-314xx/CVE-2023-31432.json) (`2023-08-02T00:15:17.587`)
* [CVE-2023-31928](CVE-2023/CVE-2023-319xx/CVE-2023-31928.json) (`2023-08-02T00:15:17.800`)
* [CVE-2023-36121](CVE-2023/CVE-2023-361xx/CVE-2023-36121.json) (`2023-08-02T00:15:18.030`)
* [CVE-2023-38990](CVE-2023/CVE-2023-389xx/CVE-2023-38990.json) (`2023-08-02T00:15:18.293`)
* [CVE-2023-3364](CVE-2023/CVE-2023-33xx/CVE-2023-3364.json) (`2023-08-02T00:15:18.467`)
* [CVE-2023-3385](CVE-2023/CVE-2023-33xx/CVE-2023-3385.json) (`2023-08-02T00:15:18.690`)
* [CVE-2023-31926](CVE-2023/CVE-2023-319xx/CVE-2023-31926.json) (`2023-08-02T01:15:09.343`)
* [CVE-2023-31927](CVE-2023/CVE-2023-319xx/CVE-2023-31927.json) (`2023-08-02T01:15:09.437`)
* [CVE-2023-3500](CVE-2023/CVE-2023-35xx/CVE-2023-3500.json) (`2023-08-02T01:15:09.520`)
* [CVE-2023-3900](CVE-2023/CVE-2023-39xx/CVE-2023-3900.json) (`2023-08-02T01:15:09.607`)
* [CVE-2023-3993](CVE-2023/CVE-2023-39xx/CVE-2023-3993.json) (`2023-08-02T01:15:09.690`)
* [CVE-2023-3994](CVE-2023/CVE-2023-39xx/CVE-2023-3994.json) (`2023-08-02T01:15:09.773`)
* [CVE-2022-2346](CVE-2022/CVE-2022-23xx/CVE-2022-2346.json) (`2023-08-02T02:15:12.507`)
### CVEs modified in the last Commit
Recently modified CVEs: `68`
Recently modified CVEs: `24`
* [CVE-2021-31211](CVE-2021/CVE-2021-312xx/CVE-2021-31211.json) (`2023-08-02T00:15:15.053`)
* [CVE-2021-31213](CVE-2021/CVE-2021-312xx/CVE-2021-31213.json) (`2023-08-02T00:15:15.177`)
* [CVE-2021-31214](CVE-2021/CVE-2021-312xx/CVE-2021-31214.json) (`2023-08-02T00:15:15.387`)
* [CVE-2021-31936](CVE-2021/CVE-2021-319xx/CVE-2021-31936.json) (`2023-08-02T00:15:15.657`)
* [CVE-2022-32449](CVE-2022/CVE-2022-324xx/CVE-2022-32449.json) (`2023-08-02T00:15:15.913`)
* [CVE-2022-30280](CVE-2022/CVE-2022-302xx/CVE-2022-30280.json) (`2023-08-02T01:01:05.877`)
* [CVE-2022-28867](CVE-2022/CVE-2022-288xx/CVE-2022-28867.json) (`2023-08-02T01:05:10.263`)
* [CVE-2022-28865](CVE-2022/CVE-2022-288xx/CVE-2022-28865.json) (`2023-08-02T01:07:06.837`)
* [CVE-2022-28864](CVE-2022/CVE-2022-288xx/CVE-2022-28864.json) (`2023-08-02T01:15:43.183`)
* [CVE-2022-28863](CVE-2022/CVE-2022-288xx/CVE-2022-28863.json) (`2023-08-02T01:15:53.020`)
* [CVE-2023-37623](CVE-2023/CVE-2023-376xx/CVE-2023-37623.json) (`2023-08-02T00:30:17.953`)
* [CVE-2023-37624](CVE-2023/CVE-2023-376xx/CVE-2023-37624.json) (`2023-08-02T00:35:41.437`)
* [CVE-2023-37692](CVE-2023/CVE-2023-376xx/CVE-2023-37692.json) (`2023-08-02T00:38:53.690`)
* [CVE-2023-37732](CVE-2023/CVE-2023-377xx/CVE-2023-37732.json) (`2023-08-02T00:39:04.113`)
* [CVE-2023-38285](CVE-2023/CVE-2023-382xx/CVE-2023-38285.json) (`2023-08-02T00:39:37.267`)
* [CVE-2023-32381](CVE-2023/CVE-2023-323xx/CVE-2023-32381.json) (`2023-08-02T00:42:34.140`)
* [CVE-2023-32433](CVE-2023/CVE-2023-324xx/CVE-2023-32433.json) (`2023-08-02T00:43:07.483`)
* [CVE-2023-32437](CVE-2023/CVE-2023-324xx/CVE-2023-32437.json) (`2023-08-02T00:43:20.510`)
* [CVE-2023-35983](CVE-2023/CVE-2023-359xx/CVE-2023-35983.json) (`2023-08-02T00:46:23.367`)
* [CVE-2023-36854](CVE-2023/CVE-2023-368xx/CVE-2023-36854.json) (`2023-08-02T00:48:51.350`)
* [CVE-2023-36862](CVE-2023/CVE-2023-368xx/CVE-2023-36862.json) (`2023-08-02T00:51:50.443`)
* [CVE-2023-37450](CVE-2023/CVE-2023-374xx/CVE-2023-37450.json) (`2023-08-02T00:54:49.737`)
* [CVE-2023-38133](CVE-2023/CVE-2023-381xx/CVE-2023-38133.json) (`2023-08-02T00:55:00.387`)
* [CVE-2023-3567](CVE-2023/CVE-2023-35xx/CVE-2023-3567.json) (`2023-08-02T00:59:52.037`)
* [CVE-2023-3019](CVE-2023/CVE-2023-30xx/CVE-2023-3019.json) (`2023-08-02T01:00:46.400`)
* [CVE-2021-4316](CVE-2021/CVE-2021-43xx/CVE-2021-4316.json) (`2023-08-02T03:55:33.107`)
* [CVE-2021-4317](CVE-2021/CVE-2021-43xx/CVE-2021-4317.json) (`2023-08-02T03:55:42.957`)
* [CVE-2021-4318](CVE-2021/CVE-2021-43xx/CVE-2021-4318.json) (`2023-08-02T03:55:47.293`)
* [CVE-2021-4319](CVE-2021/CVE-2021-43xx/CVE-2021-4319.json) (`2023-08-02T03:55:53.193`)
* [CVE-2021-4320](CVE-2021/CVE-2021-43xx/CVE-2021-4320.json) (`2023-08-02T03:55:58.853`)
* [CVE-2021-4321](CVE-2021/CVE-2021-43xx/CVE-2021-4321.json) (`2023-08-02T03:56:36.857`)
* [CVE-2021-4322](CVE-2021/CVE-2021-43xx/CVE-2021-4322.json) (`2023-08-02T03:56:55.237`)
* [CVE-2021-4323](CVE-2021/CVE-2021-43xx/CVE-2021-4323.json) (`2023-08-02T03:57:02.937`)
* [CVE-2021-4324](CVE-2021/CVE-2021-43xx/CVE-2021-4324.json) (`2023-08-02T03:57:09.120`)
* [CVE-2022-4906](CVE-2022/CVE-2022-49xx/CVE-2022-4906.json) (`2023-08-02T03:57:13.620`)
* [CVE-2022-4907](CVE-2022/CVE-2022-49xx/CVE-2022-4907.json) (`2023-08-02T03:57:26.400`)
* [CVE-2022-4908](CVE-2022/CVE-2022-49xx/CVE-2022-4908.json) (`2023-08-02T03:57:36.927`)
* [CVE-2022-4910](CVE-2022/CVE-2022-49xx/CVE-2022-4910.json) (`2023-08-02T03:58:33.100`)
* [CVE-2023-3897](CVE-2023/CVE-2023-38xx/CVE-2023-3897.json) (`2023-08-02T03:52:51.327`)
* [CVE-2023-35088](CVE-2023/CVE-2023-350xx/CVE-2023-35088.json) (`2023-08-02T03:53:04.510`)
* [CVE-2023-34434](CVE-2023/CVE-2023-344xx/CVE-2023-34434.json) (`2023-08-02T03:53:15.197`)
* [CVE-2023-21406](CVE-2023/CVE-2023-214xx/CVE-2023-21406.json) (`2023-08-02T03:53:46.127`)
* [CVE-2023-31932](CVE-2023/CVE-2023-319xx/CVE-2023-31932.json) (`2023-08-02T03:54:45.403`)
* [CVE-2023-31933](CVE-2023/CVE-2023-319xx/CVE-2023-31933.json) (`2023-08-02T03:55:03.500`)
* [CVE-2023-31934](CVE-2023/CVE-2023-319xx/CVE-2023-31934.json) (`2023-08-02T03:55:08.470`)
* [CVE-2023-31935](CVE-2023/CVE-2023-319xx/CVE-2023-31935.json) (`2023-08-02T03:55:11.817`)
* [CVE-2023-31936](CVE-2023/CVE-2023-319xx/CVE-2023-31936.json) (`2023-08-02T03:55:14.950`)
* [CVE-2023-31937](CVE-2023/CVE-2023-319xx/CVE-2023-31937.json) (`2023-08-02T03:55:18.067`)
* [CVE-2023-3598](CVE-2023/CVE-2023-35xx/CVE-2023-3598.json) (`2023-08-02T03:55:25.707`)
## Download and Usage