admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-06-30T23:55:25.723490+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-06-30 23:55:29 +00:00
parent 8163c1ab77
commit 17631220f1
25 changed files with 677 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2015/CVE-2015-201xx/CVE-2015-20107.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2015-20107",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-04-13T16:15:08.937",
"lastModified": "2023-05-24T21:15:09.160",
"lastModified": "2023-06-30T23:15:09.223",
"vulnStatus": "Modified",
"descriptions": [
{
@ -192,6 +192,10 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html",
"source": "cve@mitre.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46KWPTI72SSEOF53DOYQBQOCN4QQB2GE/",
"source": "cve@mitre.org",

6
CVE-2015/CVE-2015-75xx/CVE-2015-7559.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2015-7559",
"sourceIdentifier": "secalert@redhat.com",
"published": "2019-08-01T14:15:10.940",
"lastModified": "2023-03-03T18:35:36.953",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-30T22:15:09.373",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "It was found that the Apache ActiveMQ client before 5.15.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client."
"value": "It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client."
},
{
"lang": "es",

6
CVE-2020/CVE-2020-107xx/CVE-2020-10735.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-10735",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-09-09T14:15:08.660",
"lastModified": "2023-02-12T22:15:15.970",
"lastModified": "2023-06-30T23:15:09.393",
"vulnStatus": "Modified",
"descriptions": [
{
@ -241,6 +241,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VCU6EVQDIXNCEDJUCTFIER2WVNNDTYZ/",
"source": "secalert@redhat.com"

6
CVE-2021/CVE-2021-07xx/CVE-2021-0701.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2021-0701",
"sourceIdentifier": "security@android.com",
"published": "2023-06-15T19:15:09.163",
"lastModified": "2023-06-22T19:22:22.497",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-30T22:15:09.567",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Product: AndroidVersions: Android SoCAndroid ID: A-277775870"
"value": "In PVRSRVBridgeSyncPrimOpCreate of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {

6
CVE-2021/CVE-2021-09xx/CVE-2021-0945.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2021-0945",
"sourceIdentifier": "security@android.com",
"published": "2023-06-15T19:15:09.217",
"lastModified": "2023-06-22T19:22:07.407",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-30T22:15:09.640",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Product: AndroidVersions: Android SoCAndroid ID: A-278156680"
"value": "In _PMRCreate of the PowerVR kernel driver, a missing bounds check means it is possible to overwrite heap memory via PhysmemNewRamBackedPMR. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {

8
CVE-2021/CVE-2021-34xx/CVE-2021-3426.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-3426",
"sourceIdentifier": "secalert@redhat.com",
"published": "2021-05-20T13:15:07.753",
"lastModified": "2022-10-25T20:56:30.737",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-30T23:15:09.543",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -284,6 +284,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/",
"source": "secalert@redhat.com",

6
CVE-2021/CVE-2021-37xx/CVE-2021-3733.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-3733",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-03-10T17:42:59.623",
"lastModified": "2023-05-24T21:15:10.037",
"lastModified": "2023-06-30T23:15:09.690",
"vulnStatus": "Modified",
"descriptions": [
{
@ -308,6 +308,10 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html",
"source": "secalert@redhat.com"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220407-0001/",
"source": "secalert@redhat.com",

6
CVE-2021/CVE-2021-37xx/CVE-2021-3737.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-3737",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-03-04T19:15:08.730",
"lastModified": "2023-05-24T21:15:10.180",
"lastModified": "2023-06-30T23:15:09.843",
"vulnStatus": "Modified",
"descriptions": [
{
@ -337,6 +337,10 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html",
"source": "secalert@redhat.com"
},
{
"url": "https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html",
"source": "secalert@redhat.com",

6
CVE-2021/CVE-2021-41xx/CVE-2021-4189.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-4189",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-08-24T16:15:09.827",
"lastModified": "2023-05-24T21:15:10.313",
"lastModified": "2023-06-30T23:15:09.980",
"vulnStatus": "Modified",
"descriptions": [
{
@ -187,6 +187,10 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html",
"source": "secalert@redhat.com"
},
{
"url": "https://python-security.readthedocs.io/vuln/ftplib-pasv.html",
"source": "secalert@redhat.com",

6
CVE-2022/CVE-2022-450xx/CVE-2022-45061.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-45061",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-11-09T07:15:09.887",
"lastModified": "2023-05-24T21:15:10.923",
"lastModified": "2023-06-30T23:15:10.097",
"vulnStatus": "Modified",
"descriptions": [
{
@ -274,6 +274,10 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html",
"source": "cve@mitre.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/",
"source": "cve@mitre.org",

32
CVE-2023/CVE-2023-12xx/CVE-2023-1206.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-1206",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-06-30T22:15:09.747",
"lastModified": "2023-06-30T22:15:09.747",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel\u2019s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%."
}
],
"metrics": {},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175903",
"source": "secalert@redhat.com"
}
]
}

55
CVE-2023/CVE-2023-228xx/CVE-2023-22815.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-22815",
"sourceIdentifier": "psirt@wdc.com",
"published": "2023-06-30T22:15:09.817",
"lastModified": "2023-06-30T22:15:09.817",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nPost-authentication remote command injection vulnerabilities in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files.\n\n\n\nThis issue affects My Cloud OS 5 devices: before 5.26.300.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@wdc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "psirt@wdc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://www.westerndigital.com/support/product-security/wdc-23010-my-cloud-firmware-version-5-26-300",
"source": "psirt@wdc.com"
}
]
}

55
CVE-2023/CVE-2023-228xx/CVE-2023-22816.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-22816",
"sourceIdentifier": "psirt@wdc.com",
"published": "2023-06-30T22:15:09.883",
"lastModified": "2023-06-30T22:15:09.883",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads.\nThis issue affects My Cloud OS 5 devices: before 5.26.300.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@wdc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "psirt@wdc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://www.westerndigital.com/support/product-security/wdc-23010-my-cloud-firmware-version-5-26-300",
"source": "psirt@wdc.com"
}
]
}

55
CVE-2023/CVE-2023-292xx/CVE-2023-29241.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-29241",
"sourceIdentifier": "psirt@bosch.com",
"published": "2023-06-30T22:15:09.947",
"lastModified": "2023-06-30T22:15:09.947",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Information in Cybersecurity Guidebook in Bosch Building Integration System (BIS) 5.0 may lead to wrong configuration which allows local users to access data via network"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "psirt@bosch.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1112"
}
]
}
],
"references": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-988400-BT.html",
"source": "psirt@bosch.com"
}
]
}

44
CVE-2023/CVE-2023-29xx/CVE-2023-2908.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2023-2908",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-06-30T22:15:10.017",
"lastModified": "2023-06-30T22:15:10.017",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A null pointer dereference issue was discovered in Libtiff's tif_dir.c file. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcp utility, which triggers runtime error, causing an undefined behavior, resulting in an application crash, eventually leading to a denial of service."
}
],
"metrics": {},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-2908",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218830",
"source": "secalert@redhat.com"
},
{
"url": "https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f",
"source": "secalert@redhat.com"
},
{
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/479",
"source": "secalert@redhat.com"
}
]
}

32
CVE-2023/CVE-2023-31xx/CVE-2023-3117.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-3117",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-06-30T22:15:10.127",
"lastModified": "2023-06-30T22:15:10.127",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system."
}
],
"metrics": {},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97",
"source": "secalert@redhat.com"
}
]
}

24
CVE-2023/CVE-2023-332xx/CVE-2023-33298.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-33298",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-30T22:15:10.077",
"lastModified": "2023-06-30T22:15:10.077",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "com.perimeter81.osx.HelperTool in Perimeter81 10.0.0.19 on macOS allows Local Privilege Escalation (to root) via shell metacharacters in usingCAPath."
}
],
"metrics": {},
"references": [
{
"url": "https://support.perimeter81.com/docs/macos-agent-release-notes",
"source": "cve@mitre.org"
},
{
"url": "https://www.ns-echo.com/posts/cve_2023_33298.html",
"source": "cve@mitre.org"
}
]
}

12
CVE-2023/CVE-2023-33xx/CVE-2023-3316.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3316",
"sourceIdentifier": "reefs@jfrog.com",
"published": "2023-06-19T12:15:09.520",
"lastModified": "2023-06-27T12:49:10.240",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-30T22:15:10.183",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -99,6 +99,14 @@
}
],
"references": [
{
"url": "https://gitlab.com/libtiff/libtiff/-/issues/515",
"source": "reefs@jfrog.com"
},
{
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/468",
"source": "reefs@jfrog.com"
},
{
"url": "https://research.jfrog.com/vulnerabilities/libtiff-nullderef-dos-xray-522144/",
"source": "reefs@jfrog.com",

32
CVE-2023/CVE-2023-33xx/CVE-2023-3338.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-3338",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-06-30T22:15:10.270",
"lastModified": "2023-06-30T22:15:10.270",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw null pointer dereference in the Linux kernel DECnet networking protocol was found. A remote user could use this flaw to crash the system."
}
],
"metrics": {},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-376"
}
]
}
],
"references": [
{
"url": "https://seclists.org/oss-sec/2023/q2/276",
"source": "secalert@redhat.com"
}
]
}

59
CVE-2023/CVE-2023-34xx/CVE-2023-3490.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-3490",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-06-30T22:15:10.327",
"lastModified": "2023-06-30T22:15:10.327",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": " SQL Injection in GitHub repository fossbilling/fossbilling prior to 0.5.3."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/fossbilling/fossbilling/commit/2ddb7438ee0d05f9a9d01555edcfed820960f114",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/4e60ebc1-e00f-48cb-b011-3cefce688ecd",
"source": "security@huntr.dev"
}
]
}

59
CVE-2023/CVE-2023-34xx/CVE-2023-3491.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-3491",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-06-30T22:15:10.393",
"lastModified": "2023-06-30T22:15:10.393",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/fossbilling/fossbilling/commit/2ddb7438ee0d05f9a9d01555edcfed820960f114",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/043bd900-ac78-44d2-a340-84ddd0bc4a1d",
"source": "security@huntr.dev"
}
]
}

59
CVE-2023/CVE-2023-34xx/CVE-2023-3493.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-3493",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-06-30T22:15:10.460",
"lastModified": "2023-06-30T22:15:10.460",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
]
}
],
"references": [
{
"url": "https://github.com/fossbilling/fossbilling/commit/9402d6c4d44b77ccd68d98d1e6cedf782bd913dc",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/e9a272ca-b050-441d-a8cb-4fdecb76ccce",
"source": "security@huntr.dev"
}
]
}

24
CVE-2023/CVE-2023-361xx/CVE-2023-36144.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-36144",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-30T23:15:10.223",
"lastModified": "2023-06-30T23:15:10.223",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration."
}
],
"metrics": {},
"references": [
{
"url": "http://intelbras.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/leonardobg/CVE-2023-36144",
"source": "cve@mitre.org"
}
]
}

63
CVE-2023/CVE-2023-368xx/CVE-2023-36812.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-36812",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-30T23:15:10.287",
"lastModified": "2023-06-30T23:15:10.287",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit `07c4641471c` and further refined in commit `fa88d3e4b`. These patches are available in the `2.4.2` release. Users are advised to upgrade. User unable to upgrade may disable Gunuplot via the config option`tsd.core.enable_ui = true` and remove the shell files `mygnuplot.bat` and `mygnuplot.sh`."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"references": [
{
"url": "https://github.com/OpenTSDB/opentsdb/commit/07c4641471c6f5c2ab5aab615969e97211eb50d9",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/OpenTSDB/opentsdb/commit/fa88d3e4b5369f9fb73da384fab0b23e246309ba",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/OpenTSDB/opentsdb/security/advisories/GHSA-76f7-9v52-v2fw",
"source": "security-advisories@github.com"
}
]
}

61
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-06-30T22:00:25.985565+00:00
2023-06-30T23:55:25.723490+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-06-30T21:35:58.937000+00:00
2023-06-30T23:15:10.287000+00:00
```
### Last Data Feed Release
@ -29,46 +29,43 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
218971
218984
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `13`
* [CVE-2023-27469](CVE-2023/CVE-2023-274xx/CVE-2023-27469.json) (`2023-06-30T20:15:09.360`)
* [CVE-2023-29145](CVE-2023/CVE-2023-291xx/CVE-2023-29145.json) (`2023-06-30T20:15:09.427`)
* [CVE-2023-31543](CVE-2023/CVE-2023-315xx/CVE-2023-31543.json) (`2023-06-30T20:15:09.477`)
* [CVE-2023-29147](CVE-2023/CVE-2023-291xx/CVE-2023-29147.json) (`2023-06-30T21:15:08.920`)
* [CVE-2023-35946](CVE-2023/CVE-2023-359xx/CVE-2023-35946.json) (`2023-06-30T21:15:09.070`)
* [CVE-2023-35947](CVE-2023/CVE-2023-359xx/CVE-2023-35947.json) (`2023-06-30T21:15:09.147`)
* [CVE-2023-1206](CVE-2023/CVE-2023-12xx/CVE-2023-1206.json) (`2023-06-30T22:15:09.747`)
* [CVE-2023-22815](CVE-2023/CVE-2023-228xx/CVE-2023-22815.json) (`2023-06-30T22:15:09.817`)
* [CVE-2023-22816](CVE-2023/CVE-2023-228xx/CVE-2023-22816.json) (`2023-06-30T22:15:09.883`)
* [CVE-2023-29241](CVE-2023/CVE-2023-292xx/CVE-2023-29241.json) (`2023-06-30T22:15:09.947`)
* [CVE-2023-2908](CVE-2023/CVE-2023-29xx/CVE-2023-2908.json) (`2023-06-30T22:15:10.017`)
* [CVE-2023-33298](CVE-2023/CVE-2023-332xx/CVE-2023-33298.json) (`2023-06-30T22:15:10.077`)
* [CVE-2023-3117](CVE-2023/CVE-2023-31xx/CVE-2023-3117.json) (`2023-06-30T22:15:10.127`)
* [CVE-2023-3338](CVE-2023/CVE-2023-33xx/CVE-2023-3338.json) (`2023-06-30T22:15:10.270`)
* [CVE-2023-3490](CVE-2023/CVE-2023-34xx/CVE-2023-3490.json) (`2023-06-30T22:15:10.327`)
* [CVE-2023-3491](CVE-2023/CVE-2023-34xx/CVE-2023-3491.json) (`2023-06-30T22:15:10.393`)
* [CVE-2023-3493](CVE-2023/CVE-2023-34xx/CVE-2023-3493.json) (`2023-06-30T22:15:10.460`)
* [CVE-2023-36144](CVE-2023/CVE-2023-361xx/CVE-2023-36144.json) (`2023-06-30T23:15:10.223`)
* [CVE-2023-36812](CVE-2023/CVE-2023-368xx/CVE-2023-36812.json) (`2023-06-30T23:15:10.287`)
### CVEs modified in the last Commit
Recently modified CVEs: `21`
Recently modified CVEs: `11`
* [CVE-2021-26726](CVE-2021/CVE-2021-267xx/CVE-2021-26726.json) (`2023-06-30T21:23:46.500`)
* [CVE-2021-27770](CVE-2021/CVE-2021-277xx/CVE-2021-27770.json) (`2023-06-30T21:26:36.650`)
* [CVE-2021-28510](CVE-2021/CVE-2021-285xx/CVE-2021-28510.json) (`2023-06-30T21:28:04.387`)
* [CVE-2021-28498](CVE-2021/CVE-2021-284xx/CVE-2021-28498.json) (`2023-06-30T21:29:50.630`)
* [CVE-2022-2368](CVE-2022/CVE-2022-23xx/CVE-2022-2368.json) (`2023-06-30T21:31:47.073`)
* [CVE-2022-2370](CVE-2022/CVE-2022-23xx/CVE-2022-2370.json) (`2023-06-30T21:34:25.667`)
* [CVE-2022-2377](CVE-2022/CVE-2022-23xx/CVE-2022-2377.json) (`2023-06-30T21:35:58.937`)
* [CVE-2023-36345](CVE-2023/CVE-2023-363xx/CVE-2023-36345.json) (`2023-06-30T21:12:11.977`)
* [CVE-2023-36346](CVE-2023/CVE-2023-363xx/CVE-2023-36346.json) (`2023-06-30T21:13:25.140`)
* [CVE-2023-34367](CVE-2023/CVE-2023-343xx/CVE-2023-34367.json) (`2023-06-30T21:13:38.460`)
* [CVE-2023-34241](CVE-2023/CVE-2023-342xx/CVE-2023-34241.json) (`2023-06-30T21:15:08.973`)
* [CVE-2023-36348](CVE-2023/CVE-2023-363xx/CVE-2023-36348.json) (`2023-06-30T21:15:15.083`)
* [CVE-2023-28065](CVE-2023/CVE-2023-280xx/CVE-2023-28065.json) (`2023-06-30T21:16:46.027`)
* [CVE-2023-32480](CVE-2023/CVE-2023-324xx/CVE-2023-32480.json) (`2023-06-30T21:17:04.100`)
* [CVE-2023-28073](CVE-2023/CVE-2023-280xx/CVE-2023-28073.json) (`2023-06-30T21:17:26.547`)
* [CVE-2023-28071](CVE-2023/CVE-2023-280xx/CVE-2023-28071.json) (`2023-06-30T21:17:54.033`)
* [CVE-2023-28064](CVE-2023/CVE-2023-280xx/CVE-2023-28064.json) (`2023-06-30T21:18:13.453`)
* [CVE-2023-1329](CVE-2023/CVE-2023-13xx/CVE-2023-1329.json) (`2023-06-30T21:18:40.523`)
* [CVE-2023-21178](CVE-2023/CVE-2023-211xx/CVE-2023-21178.json) (`2023-06-30T21:20:09.863`)
* [CVE-2023-21179](CVE-2023/CVE-2023-211xx/CVE-2023-21179.json) (`2023-06-30T21:20:41.290`)
* [CVE-2023-36612](CVE-2023/CVE-2023-366xx/CVE-2023-36612.json) (`2023-06-30T21:22:47.610`)
* [CVE-2015-7559](CVE-2015/CVE-2015-75xx/CVE-2015-7559.json) (`2023-06-30T22:15:09.373`)
* [CVE-2015-20107](CVE-2015/CVE-2015-201xx/CVE-2015-20107.json) (`2023-06-30T23:15:09.223`)
* [CVE-2020-10735](CVE-2020/CVE-2020-107xx/CVE-2020-10735.json) (`2023-06-30T23:15:09.393`)
* [CVE-2021-0701](CVE-2021/CVE-2021-07xx/CVE-2021-0701.json) (`2023-06-30T22:15:09.567`)
* [CVE-2021-0945](CVE-2021/CVE-2021-09xx/CVE-2021-0945.json) (`2023-06-30T22:15:09.640`)
* [CVE-2021-3426](CVE-2021/CVE-2021-34xx/CVE-2021-3426.json) (`2023-06-30T23:15:09.543`)
* [CVE-2021-3733](CVE-2021/CVE-2021-37xx/CVE-2021-3733.json) (`2023-06-30T23:15:09.690`)
* [CVE-2021-3737](CVE-2021/CVE-2021-37xx/CVE-2021-3737.json) (`2023-06-30T23:15:09.843`)
* [CVE-2021-4189](CVE-2021/CVE-2021-41xx/CVE-2021-4189.json) (`2023-06-30T23:15:09.980`)
* [CVE-2022-45061](CVE-2022/CVE-2022-450xx/CVE-2022-45061.json) (`2023-06-30T23:15:10.097`)
* [CVE-2023-3316](CVE-2023/CVE-2023-33xx/CVE-2023-3316.json) (`2023-06-30T22:15:10.183`)
## Download and Usage