admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-09 03:57:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-03T20:00:24.590046+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-03 20:00:28 +00:00
parent f7ea351f41
commit 1342422d60
17 changed files with 679 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2022/CVE-2022-462xx/CVE-2022-46285.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-46285",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-02-07T19:15:09.147",
"lastModified": "2023-06-20T14:15:09.957",
"lastModified": "2023-10-03T18:15:10.050",
"vulnStatus": "Modified",
"descriptions": [
{
@ -65,6 +65,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/1",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160092",
"source": "secalert@redhat.com",

8
CVE-2023/CVE-2023-26xx/CVE-2023-2624.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2624",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-27T14:15:11.030",
"lastModified": "2023-06-30T18:17:52.560",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-03T18:15:10.153",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -65,6 +65,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174895/WordPress-KiviCare-3.2.0-Cross-Site-Scripting.html",
"source": "contact@wpscan.com"
},
{
"url": "https://wpscan.com/vulnerability/dc3a841d-a95b-462e-be4b-acaa44e77264",
"source": "contact@wpscan.com",

4
CVE-2023/CVE-2023-332xx/CVE-2023-33200.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33200",
"sourceIdentifier": "arm-security@arm.com",
"published": "2023-10-03T17:15:09.727",
"lastModified": "2023-10-03T17:15:09.727",
"vulnStatus": "Received",
"lastModified": "2023-10-03T18:09:47.093",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-349xx/CVE-2023-34970.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34970",
"sourceIdentifier": "arm-security@arm.com",
"published": "2023-10-03T17:15:09.790",
"lastModified": "2023-10-03T17:15:09.790",
"vulnStatus": "Received",
"lastModified": "2023-10-03T18:09:47.093",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

94
CVE-2023/CVE-2023-34xx/CVE-2023-3413.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3413",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-09-29T09:15:10.180",
"lastModified": "2023-09-29T12:45:25.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-03T19:55:22.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -50,14 +80,70 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.2",
"versionEndExcluding": "16.2.8",
"matchCriteriaId": "168E0D83-64EF-4A48-8251-6AE3BDF006D8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.2",
"versionEndExcluding": "16.2.8",
"matchCriteriaId": "8215D0EC-C0BF-417C-8D70-7F1493A82BB1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.3.0",
"versionEndExcluding": "16.3.5",
"matchCriteriaId": "50271B2B-7070-4ED0-AB68-65B99D44A68A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.3.0",
"versionEndExcluding": "16.3.5",
"matchCriteriaId": "CC5696C9-592A-4D50-B5BB-9A250DAB6589"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:community:*:*:*",
"matchCriteriaId": "B5D4FDD1-7A68-4245-A4D5-842E4FD03FAE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "6696C987-61C1-462E-8A73-016F9902BC67"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/416284",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2027967",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

8
CVE-2023/CVE-2023-379xx/CVE-2023-37988.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37988",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-10T11:15:12.427",
"lastModified": "2023-08-15T12:41:48.440",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-03T18:15:10.247",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -85,6 +85,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174896/WordPress-Contact-Form-Generator-2.5.5-Cross-Site-Scripting.html",
"source": "audit@patchstack.com"
},
{
"url": "https://patchstack.com/database/vulnerability/contact-form-generator/wordpress-contact-form-generator-plugin-2-5-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",

6
CVE-2023/CVE-2023-383xx/CVE-2023-38355.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-38355",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-19T16:15:12.007",
"lastModified": "2023-09-22T16:45:26.050",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-03T19:15:09.603",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "MiniTool Movie Maker 6.1.0 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack."
"value": "MiniTool Movie Maker 7.0 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack."
},
{
"lang": "es",

75
CVE-2023/CVE-2023-394xx/CVE-2023-39410.json
View File

@ -2,19 +2,56 @@
"id": "CVE-2023-39410",
"sourceIdentifier": "security@apache.org",
"published": "2023-09-29T17:15:46.923",
"lastModified": "2023-09-29T18:15:09.777",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-03T20:00:06.703",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.\n\nThis issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.\n\n"
},
{
"lang": "es",
"value": "Al deserializar datos corruptos o que no son de confianza, es posible que un lector consuma memoria m\u00e1s all\u00e1 de las restricciones permitidas y, por lo tanto, provoque una falta de memoria en el sistema. Este problema afecta a las aplicaciones Java que utilizan Apache Avro Java SDK hasta la versi\u00f3n 1.11.2 incluida. Los usuarios deben actualizar a la versi\u00f3n 1.11.3 de Apache-avro, que soluciona este problema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
},
{
"source": "security@apache.org",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -23,14 +60,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:avro:*:*:*:*:*:-:*:*",
"versionEndExcluding": "1.11.3",
"matchCriteriaId": "3FD3A974-85E9-48F7-A946-57679CE29859"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/29/6",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

94
CVE-2023/CVE-2023-39xx/CVE-2023-3922.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3922",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-09-29T08:15:09.537",
"lastModified": "2023-09-29T12:45:25.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-03T19:46:15.090",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -50,14 +80,70 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "8.15",
"versionEndExcluding": "16.2.8",
"matchCriteriaId": "BDDBDB1B-AC24-4A29-BA7C-86000095393F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "8.15",
"versionEndExcluding": "16.2.8",
"matchCriteriaId": "36F30B4B-BB02-42CF-B173-AFFC924B9965"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.3.0",
"versionEndExcluding": "16.3.5",
"matchCriteriaId": "50271B2B-7070-4ED0-AB68-65B99D44A68A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.3.0",
"versionEndExcluding": "16.3.5",
"matchCriteriaId": "CC5696C9-592A-4D50-B5BB-9A250DAB6589"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:community:*:*:*",
"matchCriteriaId": "B5D4FDD1-7A68-4245-A4D5-842E4FD03FAE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "6696C987-61C1-462E-8A73-016F9902BC67"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/394770",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/1887323",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

24
CVE-2023/CVE-2023-439xx/CVE-2023-43976.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-43976",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-03T19:15:09.677",
"lastModified": "2023-10-03T19:15:09.677",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in CatoNetworks CatoClient before v.5.4.0 allows attackers to escalate privileges and winning the race condition (TOCTOU) via the PrivilegedHelperTool component."
}
],
"metrics": {},
"references": [
{
"url": "https://www.catonetworks.com",
"source": "cve@mitre.org"
},
{
"url": "https://www.ns-echo.com/posts/cve_2023_43976.html",
"source": "cve@mitre.org"
}
]
}

94
CVE-2023/CVE-2023-45xx/CVE-2023-4532.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4532",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-09-29T07:15:14.200",
"lastModified": "2023-09-29T12:45:25.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-03T19:28:34.357",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -50,14 +80,70 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.2",
"versionEndExcluding": "16.2.8",
"matchCriteriaId": "168E0D83-64EF-4A48-8251-6AE3BDF006D8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.2",
"versionEndExcluding": "16.2.8",
"matchCriteriaId": "8215D0EC-C0BF-417C-8D70-7F1493A82BB1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.3.0",
"versionEndExcluding": "16.3.5",
"matchCriteriaId": "50271B2B-7070-4ED0-AB68-65B99D44A68A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.3.0",
"versionEndExcluding": "16.3.5",
"matchCriteriaId": "CC5696C9-592A-4D50-B5BB-9A250DAB6589"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:community:*:*:*",
"matchCriteriaId": "B5D4FDD1-7A68-4245-A4D5-842E4FD03FAE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "6696C987-61C1-462E-8A73-016F9902BC67"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/423357",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2084199",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

4
CVE-2023/CVE-2023-47xx/CVE-2023-4732.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4732",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-03T17:15:09.853",
"lastModified": "2023-10-03T17:15:09.853",
"vulnStatus": "Received",
"lastModified": "2023-10-03T18:09:47.093",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-49xx/CVE-2023-4911.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-4911",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-03T18:15:10.463",
"lastModified": "2023-10-03T18:15:10.463",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4911",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238352",
"source": "secalert@redhat.com"
},
{
"url": "https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt",
"source": "secalert@redhat.com"
},
{
"url": "https://www.qualys.com/cve-2023-4911/",
"source": "secalert@redhat.com"
}
]
}

72
CVE-2023/CVE-2023-51xx/CVE-2023-5196.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5196",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-09-29T10:15:10.890",
"lastModified": "2023-09-29T12:45:25.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-03T18:03:34.537",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -50,10 +80,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.8.10",
"matchCriteriaId": "69C58AE2-7A73-4736-B442-4C67D98AD157"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.0.2",
"matchCriteriaId": "A3EF6CB2-48DC-49F2-A478-DA7F87A53D2A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.1.0",
"versionEndExcluding": "8.1.1",
"matchCriteriaId": "67FF836B-1B31-4FB8-A17F-F98D3FC44AC8"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Vendor Advisory"
]
}
]
}

94
CVE-2023/CVE-2023-51xx/CVE-2023-5198.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5198",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-09-29T08:15:09.610",
"lastModified": "2023-09-29T12:45:25.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-03T19:47:42.877",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -50,14 +80,70 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "8.15",
"versionEndExcluding": "16.2.8",
"matchCriteriaId": "BDDBDB1B-AC24-4A29-BA7C-86000095393F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "8.15",
"versionEndExcluding": "16.2.8",
"matchCriteriaId": "36F30B4B-BB02-42CF-B173-AFFC924B9965"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.3.0",
"versionEndExcluding": "16.3.5",
"matchCriteriaId": "50271B2B-7070-4ED0-AB68-65B99D44A68A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.3.0",
"versionEndExcluding": "16.3.5",
"matchCriteriaId": "CC5696C9-592A-4D50-B5BB-9A250DAB6589"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:community:*:*:*",
"matchCriteriaId": "B5D4FDD1-7A68-4245-A4D5-842E4FD03FAE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "6696C987-61C1-462E-8A73-016F9902BC67"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/416957",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2041789",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

55
CVE-2023/CVE-2023-52xx/CVE-2023-5255.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5255",
"sourceIdentifier": "security@puppet.com",
"published": "2023-10-03T18:15:10.577",
"lastModified": "2023-10-03T18:15:10.577",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@puppet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@puppet.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-404"
}
]
}
],
"references": [
{
"url": "https://www.puppet.com/security/cve/cve-2023-5255-denial-service-revocation-auto-renewed-certificates-0",
"source": "security@puppet.com"
}
]
}

48
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-10-03T18:00:25.785282+00:00
2023-10-03T20:00:24.590046+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-10-03T17:42:49.350000+00:00
2023-10-03T20:00:06.703000+00:00
```
### Last Data Feed Release
@ -29,41 +29,35 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
226894
226897
```
### CVEs added in the last Commit
Recently added CVEs: `7`
Recently added CVEs: `3`
* [CVE-2023-2222](CVE-2023/CVE-2023-22xx/CVE-2023-2222.json) (`2023-10-03T16:15:10.017`)
* [CVE-2023-3196](CVE-2023/CVE-2023-31xx/CVE-2023-3196.json) (`2023-10-03T16:15:10.077`)
* [CVE-2023-4564](CVE-2023/CVE-2023-45xx/CVE-2023-4564.json) (`2023-10-03T16:15:10.227`)
* [CVE-2023-4817](CVE-2023/CVE-2023-48xx/CVE-2023-4817.json) (`2023-10-03T16:15:10.297`)
* [CVE-2023-33200](CVE-2023/CVE-2023-332xx/CVE-2023-33200.json) (`2023-10-03T17:15:09.727`)
* [CVE-2023-34970](CVE-2023/CVE-2023-349xx/CVE-2023-34970.json) (`2023-10-03T17:15:09.790`)
* [CVE-2023-4732](CVE-2023/CVE-2023-47xx/CVE-2023-4732.json) (`2023-10-03T17:15:09.853`)
* [CVE-2023-4911](CVE-2023/CVE-2023-49xx/CVE-2023-4911.json) (`2023-10-03T18:15:10.463`)
* [CVE-2023-5255](CVE-2023/CVE-2023-52xx/CVE-2023-5255.json) (`2023-10-03T18:15:10.577`)
* [CVE-2023-43976](CVE-2023/CVE-2023-439xx/CVE-2023-43976.json) (`2023-10-03T19:15:09.677`)
### CVEs modified in the last Commit
Recently modified CVEs: `15`
Recently modified CVEs: `13`
* [CVE-2014-3153](CVE-2014/CVE-2014-31xx/CVE-2014-3153.json) (`2023-10-03T16:57:40.937`)
* [CVE-2014-1737](CVE-2014/CVE-2014-17xx/CVE-2014-1737.json) (`2023-10-03T16:58:17.553`)
* [CVE-2014-3534](CVE-2014/CVE-2014-35xx/CVE-2014-3534.json) (`2023-10-03T16:59:01.453`)
* [CVE-2023-3979](CVE-2023/CVE-2023-39xx/CVE-2023-3979.json) (`2023-10-03T16:04:10.050`)
* [CVE-2023-4882](CVE-2023/CVE-2023-48xx/CVE-2023-4882.json) (`2023-10-03T16:13:07.253`)
* [CVE-2023-4883](CVE-2023/CVE-2023-48xx/CVE-2023-4883.json) (`2023-10-03T16:13:07.253`)
* [CVE-2023-4884](CVE-2023/CVE-2023-48xx/CVE-2023-4884.json) (`2023-10-03T16:13:07.253`)
* [CVE-2023-4885](CVE-2023/CVE-2023-48xx/CVE-2023-4885.json) (`2023-10-03T16:13:07.253`)
* [CVE-2023-4886](CVE-2023/CVE-2023-48xx/CVE-2023-4886.json) (`2023-10-03T16:13:07.253`)
* [CVE-2023-41915](CVE-2023/CVE-2023-419xx/CVE-2023-41915.json) (`2023-10-03T16:15:10.147`)
* [CVE-2023-44469](CVE-2023/CVE-2023-444xx/CVE-2023-44469.json) (`2023-10-03T17:09:21.780`)
* [CVE-2023-5159](CVE-2023/CVE-2023-51xx/CVE-2023-5159.json) (`2023-10-03T17:18:32.967`)
* [CVE-2023-5193](CVE-2023/CVE-2023-51xx/CVE-2023-5193.json) (`2023-10-03T17:32:42.060`)
* [CVE-2023-5194](CVE-2023/CVE-2023-51xx/CVE-2023-5194.json) (`2023-10-03T17:36:14.853`)
* [CVE-2023-5195](CVE-2023/CVE-2023-51xx/CVE-2023-5195.json) (`2023-10-03T17:42:49.350`)
* [CVE-2022-46285](CVE-2022/CVE-2022-462xx/CVE-2022-46285.json) (`2023-10-03T18:15:10.050`)
* [CVE-2023-5196](CVE-2023/CVE-2023-51xx/CVE-2023-5196.json) (`2023-10-03T18:03:34.537`)
* [CVE-2023-33200](CVE-2023/CVE-2023-332xx/CVE-2023-33200.json) (`2023-10-03T18:09:47.093`)
* [CVE-2023-34970](CVE-2023/CVE-2023-349xx/CVE-2023-34970.json) (`2023-10-03T18:09:47.093`)
* [CVE-2023-4732](CVE-2023/CVE-2023-47xx/CVE-2023-4732.json) (`2023-10-03T18:09:47.093`)
* [CVE-2023-2624](CVE-2023/CVE-2023-26xx/CVE-2023-2624.json) (`2023-10-03T18:15:10.153`)
* [CVE-2023-37988](CVE-2023/CVE-2023-379xx/CVE-2023-37988.json) (`2023-10-03T18:15:10.247`)
* [CVE-2023-38355](CVE-2023/CVE-2023-383xx/CVE-2023-38355.json) (`2023-10-03T19:15:09.603`)
* [CVE-2023-4532](CVE-2023/CVE-2023-45xx/CVE-2023-4532.json) (`2023-10-03T19:28:34.357`)
* [CVE-2023-3922](CVE-2023/CVE-2023-39xx/CVE-2023-3922.json) (`2023-10-03T19:46:15.090`)
* [CVE-2023-5198](CVE-2023/CVE-2023-51xx/CVE-2023-5198.json) (`2023-10-03T19:47:42.877`)
* [CVE-2023-3413](CVE-2023/CVE-2023-34xx/CVE-2023-3413.json) (`2023-10-03T19:55:22.067`)
* [CVE-2023-39410](CVE-2023/CVE-2023-394xx/CVE-2023-39410.json) (`2023-10-03T20:00:06.703`)
## Download and Usage