mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-07-09 16:05:11 +00:00
Auto-Update: 2023-09-07T22:00:25.505475+00:00
This commit is contained in:
parent
591d13ec92
commit
1bc92ac3cf
43
CVE-2023/CVE-2023-201xx/CVE-2023-20193.json
Normal file
43
CVE-2023/CVE-2023-201xx/CVE-2023-20193.json
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
{
|
||||||
|
"id": "CVE-2023-20193",
|
||||||
|
"sourceIdentifier": "ykramarz@cisco.com",
|
||||||
|
"published": "2023-09-07T20:15:07.473",
|
||||||
|
"lastModified": "2023-09-07T20:17:06.860",
|
||||||
|
"vulnStatus": "Awaiting Analysis",
|
||||||
|
"descriptions": [
|
||||||
|
{
|
||||||
|
"lang": "en",
|
||||||
|
"value": "A vulnerability in the Embedded Service Router (ESR) of Cisco ISE could allow an authenticated, local attacker to read, write, or delete arbitrary files on the underlying operating system and escalate their privileges to root. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to improper privilege management in the ESR console. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to elevate their privileges to root and read, write, or delete arbitrary files from the underlying operating system of the affected device. Note: The ESR is not enabled by default and must be licensed. To verify the status of the ESR in the Admin GUI, choose Administration > Settings > Protocols > IPSec."
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"metrics": {
|
||||||
|
"cvssMetricV31": [
|
||||||
|
{
|
||||||
|
"source": "ykramarz@cisco.com",
|
||||||
|
"type": "Secondary",
|
||||||
|
"cvssData": {
|
||||||
|
"version": "3.1",
|
||||||
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
|
||||||
|
"attackVector": "LOCAL",
|
||||||
|
"attackComplexity": "LOW",
|
||||||
|
"privilegesRequired": "HIGH",
|
||||||
|
"userInteraction": "NONE",
|
||||||
|
"scope": "UNCHANGED",
|
||||||
|
"confidentialityImpact": "HIGH",
|
||||||
|
"integrityImpact": "HIGH",
|
||||||
|
"availabilityImpact": "NONE",
|
||||||
|
"baseScore": 6.0,
|
||||||
|
"baseSeverity": "MEDIUM"
|
||||||
|
},
|
||||||
|
"exploitabilityScore": 0.8,
|
||||||
|
"impactScore": 5.2
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": [
|
||||||
|
{
|
||||||
|
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-priv-esc-KJLp2Aw",
|
||||||
|
"source": "ykramarz@cisco.com"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
43
CVE-2023/CVE-2023-201xx/CVE-2023-20194.json
Normal file
43
CVE-2023/CVE-2023-201xx/CVE-2023-20194.json
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
{
|
||||||
|
"id": "CVE-2023-20194",
|
||||||
|
"sourceIdentifier": "ykramarz@cisco.com",
|
||||||
|
"published": "2023-09-07T20:15:07.593",
|
||||||
|
"lastModified": "2023-09-07T20:17:06.860",
|
||||||
|
"vulnStatus": "Awaiting Analysis",
|
||||||
|
"descriptions": [
|
||||||
|
{
|
||||||
|
"lang": "en",
|
||||||
|
"value": "A vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to improper privilege management in the ERS API. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to elevate their privileges beyond the sphere of their intended access level, which would allow them to obtain sensitive information from the underlying operating system. Note: The ERS is not enabled by default. To verify the status of the ERS API in the Admin GUI, choose Administration > Settings > API Settings > API Service Settings."
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"metrics": {
|
||||||
|
"cvssMetricV31": [
|
||||||
|
{
|
||||||
|
"source": "ykramarz@cisco.com",
|
||||||
|
"type": "Secondary",
|
||||||
|
"cvssData": {
|
||||||
|
"version": "3.1",
|
||||||
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
|
||||||
|
"attackVector": "NETWORK",
|
||||||
|
"attackComplexity": "LOW",
|
||||||
|
"privilegesRequired": "HIGH",
|
||||||
|
"userInteraction": "NONE",
|
||||||
|
"scope": "UNCHANGED",
|
||||||
|
"confidentialityImpact": "HIGH",
|
||||||
|
"integrityImpact": "NONE",
|
||||||
|
"availabilityImpact": "NONE",
|
||||||
|
"baseScore": 4.9,
|
||||||
|
"baseSeverity": "MEDIUM"
|
||||||
|
},
|
||||||
|
"exploitabilityScore": 1.2,
|
||||||
|
"impactScore": 3.6
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": [
|
||||||
|
{
|
||||||
|
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-priv-esc-KJLp2Aw",
|
||||||
|
"source": "ykramarz@cisco.com"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
@ -2,8 +2,8 @@
|
|||||||
"id": "CVE-2023-37798",
|
"id": "CVE-2023-37798",
|
||||||
"sourceIdentifier": "cve@mitre.org",
|
"sourceIdentifier": "cve@mitre.org",
|
||||||
"published": "2023-09-07T19:15:47.510",
|
"published": "2023-09-07T19:15:47.510",
|
||||||
"lastModified": "2023-09-07T19:15:47.510",
|
"lastModified": "2023-09-07T20:17:06.860",
|
||||||
"vulnStatus": "Received",
|
"vulnStatus": "Awaiting Analysis",
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
|
@ -2,8 +2,8 @@
|
|||||||
"id": "CVE-2023-39979",
|
"id": "CVE-2023-39979",
|
||||||
"sourceIdentifier": "psirt@moxa.com",
|
"sourceIdentifier": "psirt@moxa.com",
|
||||||
"published": "2023-09-02T13:15:44.733",
|
"published": "2023-09-02T13:15:44.733",
|
||||||
"lastModified": "2023-09-04T00:06:16.703",
|
"lastModified": "2023-09-07T20:16:28.350",
|
||||||
"vulnStatus": "Awaiting Analysis",
|
"vulnStatus": "Analyzed",
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
@ -12,6 +12,26 @@
|
|||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
"cvssMetricV31": [
|
"cvssMetricV31": [
|
||||||
|
{
|
||||||
|
"source": "nvd@nist.gov",
|
||||||
|
"type": "Primary",
|
||||||
|
"cvssData": {
|
||||||
|
"version": "3.1",
|
||||||
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||||
|
"attackVector": "NETWORK",
|
||||||
|
"attackComplexity": "LOW",
|
||||||
|
"privilegesRequired": "NONE",
|
||||||
|
"userInteraction": "NONE",
|
||||||
|
"scope": "UNCHANGED",
|
||||||
|
"confidentialityImpact": "HIGH",
|
||||||
|
"integrityImpact": "HIGH",
|
||||||
|
"availabilityImpact": "HIGH",
|
||||||
|
"baseScore": 9.8,
|
||||||
|
"baseSeverity": "CRITICAL"
|
||||||
|
},
|
||||||
|
"exploitabilityScore": 3.9,
|
||||||
|
"impactScore": 5.9
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"source": "psirt@moxa.com",
|
"source": "psirt@moxa.com",
|
||||||
"type": "Secondary",
|
"type": "Secondary",
|
||||||
@ -35,6 +55,16 @@
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
"weaknesses": [
|
"weaknesses": [
|
||||||
|
{
|
||||||
|
"source": "nvd@nist.gov",
|
||||||
|
"type": "Primary",
|
||||||
|
"description": [
|
||||||
|
{
|
||||||
|
"lang": "en",
|
||||||
|
"value": "CWE-330"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"source": "psirt@moxa.com",
|
"source": "psirt@moxa.com",
|
||||||
"type": "Secondary",
|
"type": "Secondary",
|
||||||
@ -46,10 +76,31 @@
|
|||||||
]
|
]
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"references": [
|
"configurations": [
|
||||||
{
|
{
|
||||||
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities",
|
"nodes": [
|
||||||
"source": "psirt@moxa.com"
|
{
|
||||||
|
"operator": "OR",
|
||||||
|
"negate": false,
|
||||||
|
"cpeMatch": [
|
||||||
|
{
|
||||||
|
"vulnerable": true,
|
||||||
|
"criteria": "cpe:2.3:a:moxa:mxsecurity:*:*:*:*:*:*:*:*",
|
||||||
|
"versionEndExcluding": "1.1.0",
|
||||||
|
"matchCriteriaId": "7714E640-769C-40AB-AE67-67EF9442FD5C"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"references": [
|
||||||
|
{
|
||||||
|
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities",
|
||||||
|
"source": "psirt@moxa.com",
|
||||||
|
"tags": [
|
||||||
|
"Vendor Advisory"
|
||||||
|
]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
@ -2,8 +2,8 @@
|
|||||||
"id": "CVE-2023-39980",
|
"id": "CVE-2023-39980",
|
||||||
"sourceIdentifier": "psirt@moxa.com",
|
"sourceIdentifier": "psirt@moxa.com",
|
||||||
"published": "2023-09-02T13:15:45.173",
|
"published": "2023-09-02T13:15:45.173",
|
||||||
"lastModified": "2023-09-04T00:06:16.703",
|
"lastModified": "2023-09-07T20:29:10.830",
|
||||||
"vulnStatus": "Awaiting Analysis",
|
"vulnStatus": "Analyzed",
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
@ -12,6 +12,26 @@
|
|||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
"cvssMetricV31": [
|
"cvssMetricV31": [
|
||||||
|
{
|
||||||
|
"source": "nvd@nist.gov",
|
||||||
|
"type": "Primary",
|
||||||
|
"cvssData": {
|
||||||
|
"version": "3.1",
|
||||||
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
|
||||||
|
"attackVector": "NETWORK",
|
||||||
|
"attackComplexity": "LOW",
|
||||||
|
"privilegesRequired": "LOW",
|
||||||
|
"userInteraction": "NONE",
|
||||||
|
"scope": "UNCHANGED",
|
||||||
|
"confidentialityImpact": "HIGH",
|
||||||
|
"integrityImpact": "HIGH",
|
||||||
|
"availabilityImpact": "NONE",
|
||||||
|
"baseScore": 8.1,
|
||||||
|
"baseSeverity": "HIGH"
|
||||||
|
},
|
||||||
|
"exploitabilityScore": 2.8,
|
||||||
|
"impactScore": 5.2
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"source": "psirt@moxa.com",
|
"source": "psirt@moxa.com",
|
||||||
"type": "Secondary",
|
"type": "Secondary",
|
||||||
@ -35,6 +55,16 @@
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
"weaknesses": [
|
"weaknesses": [
|
||||||
|
{
|
||||||
|
"source": "nvd@nist.gov",
|
||||||
|
"type": "Primary",
|
||||||
|
"description": [
|
||||||
|
{
|
||||||
|
"lang": "en",
|
||||||
|
"value": "CWE-89"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"source": "psirt@moxa.com",
|
"source": "psirt@moxa.com",
|
||||||
"type": "Secondary",
|
"type": "Secondary",
|
||||||
@ -46,10 +76,32 @@
|
|||||||
]
|
]
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"references": [
|
"configurations": [
|
||||||
{
|
{
|
||||||
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities",
|
"nodes": [
|
||||||
"source": "psirt@moxa.com"
|
{
|
||||||
|
"operator": "OR",
|
||||||
|
"negate": false,
|
||||||
|
"cpeMatch": [
|
||||||
|
{
|
||||||
|
"vulnerable": true,
|
||||||
|
"criteria": "cpe:2.3:a:moxa:mxsecurity:*:*:*:*:*:*:*:*",
|
||||||
|
"versionEndIncluding": "1.0.1",
|
||||||
|
"matchCriteriaId": "0ED6F989-0F7D-46CC-BCEC-91E50F1B42AC"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"references": [
|
||||||
|
{
|
||||||
|
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities",
|
||||||
|
"source": "psirt@moxa.com",
|
||||||
|
"tags": [
|
||||||
|
"Patch",
|
||||||
|
"Vendor Advisory"
|
||||||
|
]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
@ -2,8 +2,8 @@
|
|||||||
"id": "CVE-2023-39981",
|
"id": "CVE-2023-39981",
|
||||||
"sourceIdentifier": "psirt@moxa.com",
|
"sourceIdentifier": "psirt@moxa.com",
|
||||||
"published": "2023-09-02T13:15:45.257",
|
"published": "2023-09-02T13:15:45.257",
|
||||||
"lastModified": "2023-09-04T00:06:16.703",
|
"lastModified": "2023-09-07T20:38:42.433",
|
||||||
"vulnStatus": "Awaiting Analysis",
|
"vulnStatus": "Analyzed",
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
@ -12,6 +12,26 @@
|
|||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
"cvssMetricV31": [
|
"cvssMetricV31": [
|
||||||
|
{
|
||||||
|
"source": "nvd@nist.gov",
|
||||||
|
"type": "Primary",
|
||||||
|
"cvssData": {
|
||||||
|
"version": "3.1",
|
||||||
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
||||||
|
"attackVector": "NETWORK",
|
||||||
|
"attackComplexity": "LOW",
|
||||||
|
"privilegesRequired": "NONE",
|
||||||
|
"userInteraction": "NONE",
|
||||||
|
"scope": "UNCHANGED",
|
||||||
|
"confidentialityImpact": "HIGH",
|
||||||
|
"integrityImpact": "NONE",
|
||||||
|
"availabilityImpact": "NONE",
|
||||||
|
"baseScore": 7.5,
|
||||||
|
"baseSeverity": "HIGH"
|
||||||
|
},
|
||||||
|
"exploitabilityScore": 3.9,
|
||||||
|
"impactScore": 3.6
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"source": "psirt@moxa.com",
|
"source": "psirt@moxa.com",
|
||||||
"type": "Secondary",
|
"type": "Secondary",
|
||||||
@ -35,6 +55,16 @@
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
"weaknesses": [
|
"weaknesses": [
|
||||||
|
{
|
||||||
|
"source": "nvd@nist.gov",
|
||||||
|
"type": "Primary",
|
||||||
|
"description": [
|
||||||
|
{
|
||||||
|
"lang": "en",
|
||||||
|
"value": "CWE-287"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"source": "psirt@moxa.com",
|
"source": "psirt@moxa.com",
|
||||||
"type": "Secondary",
|
"type": "Secondary",
|
||||||
@ -46,10 +76,32 @@
|
|||||||
]
|
]
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"references": [
|
"configurations": [
|
||||||
{
|
{
|
||||||
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities",
|
"nodes": [
|
||||||
"source": "psirt@moxa.com"
|
{
|
||||||
|
"operator": "OR",
|
||||||
|
"negate": false,
|
||||||
|
"cpeMatch": [
|
||||||
|
{
|
||||||
|
"vulnerable": true,
|
||||||
|
"criteria": "cpe:2.3:a:moxa:mxsecurity:*:*:*:*:*:*:*:*",
|
||||||
|
"versionEndIncluding": "1.0.1",
|
||||||
|
"matchCriteriaId": "0ED6F989-0F7D-46CC-BCEC-91E50F1B42AC"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"references": [
|
||||||
|
{
|
||||||
|
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities",
|
||||||
|
"source": "psirt@moxa.com",
|
||||||
|
"tags": [
|
||||||
|
"Patch",
|
||||||
|
"Vendor Advisory"
|
||||||
|
]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
@ -2,8 +2,8 @@
|
|||||||
"id": "CVE-2023-41061",
|
"id": "CVE-2023-41061",
|
||||||
"sourceIdentifier": "product-security@apple.com",
|
"sourceIdentifier": "product-security@apple.com",
|
||||||
"published": "2023-09-07T18:15:07.617",
|
"published": "2023-09-07T18:15:07.617",
|
||||||
"lastModified": "2023-09-07T19:15:47.803",
|
"lastModified": "2023-09-07T20:17:06.860",
|
||||||
"vulnStatus": "Received",
|
"vulnStatus": "Awaiting Analysis",
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
|
@ -2,8 +2,8 @@
|
|||||||
"id": "CVE-2023-41064",
|
"id": "CVE-2023-41064",
|
||||||
"sourceIdentifier": "product-security@apple.com",
|
"sourceIdentifier": "product-security@apple.com",
|
||||||
"published": "2023-09-07T18:15:07.727",
|
"published": "2023-09-07T18:15:07.727",
|
||||||
"lastModified": "2023-09-07T19:15:48.070",
|
"lastModified": "2023-09-07T20:17:06.860",
|
||||||
"vulnStatus": "Received",
|
"vulnStatus": "Awaiting Analysis",
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
|
63
CVE-2023/CVE-2023-413xx/CVE-2023-41316.json
Normal file
63
CVE-2023/CVE-2023-413xx/CVE-2023-41316.json
Normal file
@ -0,0 +1,63 @@
|
|||||||
|
{
|
||||||
|
"id": "CVE-2023-41316",
|
||||||
|
"sourceIdentifier": "security-advisories@github.com",
|
||||||
|
"published": "2023-09-07T20:15:07.677",
|
||||||
|
"lastModified": "2023-09-07T20:17:06.860",
|
||||||
|
"vulnStatus": "Awaiting Analysis",
|
||||||
|
"descriptions": [
|
||||||
|
{
|
||||||
|
"lang": "en",
|
||||||
|
"value": "Tolgee is an open-source localization platform. Due to lack of validation field - Org Name, bad actor can send emails with HTML injected code to the victims. Registered users can inject HTML into unsanitized emails from the Tolgee instance to other users. This unsanitized HTML ends up in invitation emails which appear as legitimate org invitations. Bad actors may direct users to malicious website or execute javascript in the context of the users browser. This vulnerability has been addressed in version 3.29.2. Users are advised to upgrade. There are no known workarounds for this vulnerability."
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"metrics": {
|
||||||
|
"cvssMetricV31": [
|
||||||
|
{
|
||||||
|
"source": "security-advisories@github.com",
|
||||||
|
"type": "Secondary",
|
||||||
|
"cvssData": {
|
||||||
|
"version": "3.1",
|
||||||
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
|
||||||
|
"attackVector": "NETWORK",
|
||||||
|
"attackComplexity": "LOW",
|
||||||
|
"privilegesRequired": "LOW",
|
||||||
|
"userInteraction": "REQUIRED",
|
||||||
|
"scope": "UNCHANGED",
|
||||||
|
"confidentialityImpact": "LOW",
|
||||||
|
"integrityImpact": "LOW",
|
||||||
|
"availabilityImpact": "LOW",
|
||||||
|
"baseScore": 5.5,
|
||||||
|
"baseSeverity": "MEDIUM"
|
||||||
|
},
|
||||||
|
"exploitabilityScore": 2.1,
|
||||||
|
"impactScore": 3.4
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"weaknesses": [
|
||||||
|
{
|
||||||
|
"source": "security-advisories@github.com",
|
||||||
|
"type": "Primary",
|
||||||
|
"description": [
|
||||||
|
{
|
||||||
|
"lang": "en",
|
||||||
|
"value": "CWE-20"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "en",
|
||||||
|
"value": "CWE-79"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"references": [
|
||||||
|
{
|
||||||
|
"url": "https://github.com/tolgee/tolgee-platform/commit/bab718b1c9b3e90327bfb10d27b9799996e5c35b",
|
||||||
|
"source": "security-advisories@github.com"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "https://github.com/tolgee/tolgee-platform/security/advisories/GHSA-gx3w-rwh5-w5cg",
|
||||||
|
"source": "security-advisories@github.com"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
@ -2,8 +2,8 @@
|
|||||||
"id": "CVE-2023-4528",
|
"id": "CVE-2023-4528",
|
||||||
"sourceIdentifier": "cve@rapid7.con",
|
"sourceIdentifier": "cve@rapid7.con",
|
||||||
"published": "2023-09-07T18:15:07.797",
|
"published": "2023-09-07T18:15:07.797",
|
||||||
"lastModified": "2023-09-07T18:15:07.797",
|
"lastModified": "2023-09-07T20:17:06.860",
|
||||||
"vulnStatus": "Received",
|
"vulnStatus": "Awaiting Analysis",
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
|
@ -2,8 +2,8 @@
|
|||||||
"id": "CVE-2023-4647",
|
"id": "CVE-2023-4647",
|
||||||
"sourceIdentifier": "cve@gitlab.com",
|
"sourceIdentifier": "cve@gitlab.com",
|
||||||
"published": "2023-09-01T11:15:43.363",
|
"published": "2023-09-01T11:15:43.363",
|
||||||
"lastModified": "2023-09-01T11:47:43.290",
|
"lastModified": "2023-09-07T20:02:15.837",
|
||||||
"vulnStatus": "Awaiting Analysis",
|
"vulnStatus": "Analyzed",
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
@ -12,6 +12,26 @@
|
|||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
"cvssMetricV31": [
|
"cvssMetricV31": [
|
||||||
|
{
|
||||||
|
"source": "nvd@nist.gov",
|
||||||
|
"type": "Primary",
|
||||||
|
"cvssData": {
|
||||||
|
"version": "3.1",
|
||||||
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||||||
|
"attackVector": "NETWORK",
|
||||||
|
"attackComplexity": "LOW",
|
||||||
|
"privilegesRequired": "NONE",
|
||||||
|
"userInteraction": "NONE",
|
||||||
|
"scope": "UNCHANGED",
|
||||||
|
"confidentialityImpact": "NONE",
|
||||||
|
"integrityImpact": "NONE",
|
||||||
|
"availabilityImpact": "HIGH",
|
||||||
|
"baseScore": 7.5,
|
||||||
|
"baseSeverity": "HIGH"
|
||||||
|
},
|
||||||
|
"exploitabilityScore": 3.9,
|
||||||
|
"impactScore": 3.6
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"source": "cve@gitlab.com",
|
"source": "cve@gitlab.com",
|
||||||
"type": "Secondary",
|
"type": "Secondary",
|
||||||
@ -35,6 +55,16 @@
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
"weaknesses": [
|
"weaknesses": [
|
||||||
|
{
|
||||||
|
"source": "nvd@nist.gov",
|
||||||
|
"type": "Primary",
|
||||||
|
"description": [
|
||||||
|
{
|
||||||
|
"lang": "en",
|
||||||
|
"value": "CWE-400"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"source": "cve@gitlab.com",
|
"source": "cve@gitlab.com",
|
||||||
"type": "Secondary",
|
"type": "Secondary",
|
||||||
@ -46,10 +76,63 @@
|
|||||||
]
|
]
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"references": [
|
"configurations": [
|
||||||
{
|
{
|
||||||
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/414502",
|
"nodes": [
|
||||||
"source": "cve@gitlab.com"
|
{
|
||||||
|
"operator": "OR",
|
||||||
|
"negate": false,
|
||||||
|
"cpeMatch": [
|
||||||
|
{
|
||||||
|
"vulnerable": true,
|
||||||
|
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
|
||||||
|
"versionStartIncluding": "15.2.0",
|
||||||
|
"versionEndExcluding": "16.1.5",
|
||||||
|
"matchCriteriaId": "0BB62198-2175-4319-9754-A55F5AA20EDD"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"vulnerable": true,
|
||||||
|
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
|
||||||
|
"versionStartIncluding": "15.2.0",
|
||||||
|
"versionEndExcluding": "16.1.5",
|
||||||
|
"matchCriteriaId": "8EBBBC86-4F64-4EAB-AF11-5552ED8FD0F8"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"vulnerable": true,
|
||||||
|
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
|
||||||
|
"versionStartIncluding": "16.2",
|
||||||
|
"versionEndExcluding": "16.2.5",
|
||||||
|
"matchCriteriaId": "18116007-7452-495F-80A1-39499882656E"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"vulnerable": true,
|
||||||
|
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
|
||||||
|
"versionStartIncluding": "16.2",
|
||||||
|
"versionEndExcluding": "16.2.5",
|
||||||
|
"matchCriteriaId": "4E03E8BA-63C8-47D5-B5A1-26DF199E1F65"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"vulnerable": true,
|
||||||
|
"criteria": "cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:community:*:*:*",
|
||||||
|
"matchCriteriaId": "EE9B8DE8-9990-494B-BDBE-F867DDBB9D57"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"vulnerable": true,
|
||||||
|
"criteria": "cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:enterprise:*:*:*",
|
||||||
|
"matchCriteriaId": "08D6B555-39B6-493D-8460-3DC998BAF651"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"references": [
|
||||||
|
{
|
||||||
|
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/414502",
|
||||||
|
"source": "cve@gitlab.com",
|
||||||
|
"tags": [
|
||||||
|
"Broken Link"
|
||||||
|
]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
@ -2,8 +2,8 @@
|
|||||||
"id": "CVE-2023-4685",
|
"id": "CVE-2023-4685",
|
||||||
"sourceIdentifier": "ics-cert@hq.dhs.gov",
|
"sourceIdentifier": "ics-cert@hq.dhs.gov",
|
||||||
"published": "2023-09-07T18:15:07.883",
|
"published": "2023-09-07T18:15:07.883",
|
||||||
"lastModified": "2023-09-07T18:15:07.883",
|
"lastModified": "2023-09-07T20:17:06.860",
|
||||||
"vulnStatus": "Received",
|
"vulnStatus": "Awaiting Analysis",
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
|
@ -2,8 +2,8 @@
|
|||||||
"id": "CVE-2023-4718",
|
"id": "CVE-2023-4718",
|
||||||
"sourceIdentifier": "security@wordfence.com",
|
"sourceIdentifier": "security@wordfence.com",
|
||||||
"published": "2023-09-02T04:15:09.933",
|
"published": "2023-09-02T04:15:09.933",
|
||||||
"lastModified": "2023-09-04T00:06:16.703",
|
"lastModified": "2023-09-07T20:12:06.297",
|
||||||
"vulnStatus": "Awaiting Analysis",
|
"vulnStatus": "Analyzed",
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
@ -13,8 +13,28 @@
|
|||||||
"metrics": {
|
"metrics": {
|
||||||
"cvssMetricV31": [
|
"cvssMetricV31": [
|
||||||
{
|
{
|
||||||
"source": "security@wordfence.com",
|
"source": "nvd@nist.gov",
|
||||||
"type": "Primary",
|
"type": "Primary",
|
||||||
|
"cvssData": {
|
||||||
|
"version": "3.1",
|
||||||
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
|
||||||
|
"attackVector": "NETWORK",
|
||||||
|
"attackComplexity": "LOW",
|
||||||
|
"privilegesRequired": "LOW",
|
||||||
|
"userInteraction": "REQUIRED",
|
||||||
|
"scope": "CHANGED",
|
||||||
|
"confidentialityImpact": "LOW",
|
||||||
|
"integrityImpact": "LOW",
|
||||||
|
"availabilityImpact": "NONE",
|
||||||
|
"baseScore": 5.4,
|
||||||
|
"baseSeverity": "MEDIUM"
|
||||||
|
},
|
||||||
|
"exploitabilityScore": 2.3,
|
||||||
|
"impactScore": 2.7
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"source": "security@wordfence.com",
|
||||||
|
"type": "Secondary",
|
||||||
"cvssData": {
|
"cvssData": {
|
||||||
"version": "3.1",
|
"version": "3.1",
|
||||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
|
||||||
@ -36,7 +56,7 @@
|
|||||||
},
|
},
|
||||||
"weaknesses": [
|
"weaknesses": [
|
||||||
{
|
{
|
||||||
"source": "security@wordfence.com",
|
"source": "nvd@nist.gov",
|
||||||
"type": "Primary",
|
"type": "Primary",
|
||||||
"description": [
|
"description": [
|
||||||
{
|
{
|
||||||
@ -44,20 +64,57 @@
|
|||||||
"value": "CWE-79"
|
"value": "CWE-79"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"source": "security@wordfence.com",
|
||||||
|
"type": "Secondary",
|
||||||
|
"description": [
|
||||||
|
{
|
||||||
|
"lang": "en",
|
||||||
|
"value": "CWE-79"
|
||||||
|
}
|
||||||
|
]
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"references": [
|
"configurations": [
|
||||||
{
|
{
|
||||||
"url": "https://plugins.trac.wordpress.org/browser/font-awesome-4-menus/trunk/n9m-font-awesome-4.php?rev=1526295#L197",
|
"nodes": [
|
||||||
"source": "security@wordfence.com"
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"url": "https://plugins.trac.wordpress.org/browser/font-awesome-4-menus/trunk/n9m-font-awesome-4.php?rev=1526295#L214",
|
"operator": "OR",
|
||||||
"source": "security@wordfence.com"
|
"negate": false,
|
||||||
},
|
"cpeMatch": [
|
||||||
{
|
{
|
||||||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc59510c-6eaf-4526-8acb-c07e39923ad9?source=cve",
|
"vulnerable": true,
|
||||||
"source": "security@wordfence.com"
|
"criteria": "cpe:2.3:a:newnine:font_awesome_4_menus:*:*:*:*:*:wordpress:*:*",
|
||||||
|
"versionEndIncluding": "4.7.0",
|
||||||
|
"matchCriteriaId": "C72960B8-CAEB-4DF6-8FCA-76EA3847B8E9"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"references": [
|
||||||
|
{
|
||||||
|
"url": "https://plugins.trac.wordpress.org/browser/font-awesome-4-menus/trunk/n9m-font-awesome-4.php?rev=1526295#L197",
|
||||||
|
"source": "security@wordfence.com",
|
||||||
|
"tags": [
|
||||||
|
"Product"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "https://plugins.trac.wordpress.org/browser/font-awesome-4-menus/trunk/n9m-font-awesome-4.php?rev=1526295#L214",
|
||||||
|
"source": "security@wordfence.com",
|
||||||
|
"tags": [
|
||||||
|
"Product"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc59510c-6eaf-4526-8acb-c07e39923ad9?source=cve",
|
||||||
|
"source": "security@wordfence.com",
|
||||||
|
"tags": [
|
||||||
|
"Third Party Advisory"
|
||||||
|
]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
53
README.md
53
README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
|
|||||||
### Last Repository Update
|
### Last Repository Update
|
||||||
|
|
||||||
```plain
|
```plain
|
||||||
2023-09-07T20:00:25.590602+00:00
|
2023-09-07T22:00:25.505475+00:00
|
||||||
```
|
```
|
||||||
|
|
||||||
### Most recent CVE Modification Timestamp synchronized with NVD
|
### Most recent CVE Modification Timestamp synchronized with NVD
|
||||||
|
|
||||||
```plain
|
```plain
|
||||||
2023-09-07T19:53:27.870000+00:00
|
2023-09-07T20:38:42.433000+00:00
|
||||||
```
|
```
|
||||||
|
|
||||||
### Last Data Feed Release
|
### Last Data Feed Release
|
||||||
@ -29,49 +29,32 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
|
|||||||
### Total Number of included CVEs
|
### Total Number of included CVEs
|
||||||
|
|
||||||
```plain
|
```plain
|
||||||
224479
|
224482
|
||||||
```
|
```
|
||||||
|
|
||||||
### CVEs added in the last Commit
|
### CVEs added in the last Commit
|
||||||
|
|
||||||
Recently added CVEs: `5`
|
Recently added CVEs: `3`
|
||||||
|
|
||||||
* [CVE-2023-4528](CVE-2023/CVE-2023-45xx/CVE-2023-4528.json) (`2023-09-07T18:15:07.797`)
|
* [CVE-2023-20193](CVE-2023/CVE-2023-201xx/CVE-2023-20193.json) (`2023-09-07T20:15:07.473`)
|
||||||
* [CVE-2023-4685](CVE-2023/CVE-2023-46xx/CVE-2023-4685.json) (`2023-09-07T18:15:07.883`)
|
* [CVE-2023-20194](CVE-2023/CVE-2023-201xx/CVE-2023-20194.json) (`2023-09-07T20:15:07.593`)
|
||||||
* [CVE-2023-37798](CVE-2023/CVE-2023-377xx/CVE-2023-37798.json) (`2023-09-07T19:15:47.510`)
|
* [CVE-2023-41316](CVE-2023/CVE-2023-413xx/CVE-2023-41316.json) (`2023-09-07T20:15:07.677`)
|
||||||
* [CVE-2023-41061](CVE-2023/CVE-2023-410xx/CVE-2023-41061.json) (`2023-09-07T18:15:07.617`)
|
|
||||||
* [CVE-2023-41064](CVE-2023/CVE-2023-410xx/CVE-2023-41064.json) (`2023-09-07T18:15:07.727`)
|
|
||||||
|
|
||||||
|
|
||||||
### CVEs modified in the last Commit
|
### CVEs modified in the last Commit
|
||||||
|
|
||||||
Recently modified CVEs: `55`
|
Recently modified CVEs: `10`
|
||||||
|
|
||||||
* [CVE-2023-32810](CVE-2023/CVE-2023-328xx/CVE-2023-32810.json) (`2023-09-07T19:12:56.850`)
|
* [CVE-2023-4647](CVE-2023/CVE-2023-46xx/CVE-2023-4647.json) (`2023-09-07T20:02:15.837`)
|
||||||
* [CVE-2023-32811](CVE-2023/CVE-2023-328xx/CVE-2023-32811.json) (`2023-09-07T19:13:05.170`)
|
* [CVE-2023-4718](CVE-2023/CVE-2023-47xx/CVE-2023-4718.json) (`2023-09-07T20:12:06.297`)
|
||||||
* [CVE-2023-20826](CVE-2023/CVE-2023-208xx/CVE-2023-20826.json) (`2023-09-07T19:13:15.787`)
|
* [CVE-2023-39979](CVE-2023/CVE-2023-399xx/CVE-2023-39979.json) (`2023-09-07T20:16:28.350`)
|
||||||
* [CVE-2023-20827](CVE-2023/CVE-2023-208xx/CVE-2023-20827.json) (`2023-09-07T19:13:24.850`)
|
* [CVE-2023-41061](CVE-2023/CVE-2023-410xx/CVE-2023-41061.json) (`2023-09-07T20:17:06.860`)
|
||||||
* [CVE-2023-20828](CVE-2023/CVE-2023-208xx/CVE-2023-20828.json) (`2023-09-07T19:13:33.270`)
|
* [CVE-2023-41064](CVE-2023/CVE-2023-410xx/CVE-2023-41064.json) (`2023-09-07T20:17:06.860`)
|
||||||
* [CVE-2023-20835](CVE-2023/CVE-2023-208xx/CVE-2023-20835.json) (`2023-09-07T19:13:46.380`)
|
* [CVE-2023-4528](CVE-2023/CVE-2023-45xx/CVE-2023-4528.json) (`2023-09-07T20:17:06.860`)
|
||||||
* [CVE-2023-20825](CVE-2023/CVE-2023-208xx/CVE-2023-20825.json) (`2023-09-07T19:14:16.880`)
|
* [CVE-2023-4685](CVE-2023/CVE-2023-46xx/CVE-2023-4685.json) (`2023-09-07T20:17:06.860`)
|
||||||
* [CVE-2023-20822](CVE-2023/CVE-2023-208xx/CVE-2023-20822.json) (`2023-09-07T19:14:27.697`)
|
* [CVE-2023-37798](CVE-2023/CVE-2023-377xx/CVE-2023-37798.json) (`2023-09-07T20:17:06.860`)
|
||||||
* [CVE-2023-20821](CVE-2023/CVE-2023-208xx/CVE-2023-20821.json) (`2023-09-07T19:14:35.620`)
|
* [CVE-2023-39980](CVE-2023/CVE-2023-399xx/CVE-2023-39980.json) (`2023-09-07T20:29:10.830`)
|
||||||
* [CVE-2023-20836](CVE-2023/CVE-2023-208xx/CVE-2023-20836.json) (`2023-09-07T19:14:40.490`)
|
* [CVE-2023-39981](CVE-2023/CVE-2023-399xx/CVE-2023-39981.json) (`2023-09-07T20:38:42.433`)
|
||||||
* [CVE-2023-20820](CVE-2023/CVE-2023-208xx/CVE-2023-20820.json) (`2023-09-07T19:14:49.727`)
|
|
||||||
* [CVE-2023-38283](CVE-2023/CVE-2023-382xx/CVE-2023-38283.json) (`2023-09-07T19:15:12.473`)
|
|
||||||
* [CVE-2023-4710](CVE-2023/CVE-2023-47xx/CVE-2023-4710.json) (`2023-09-07T19:16:32.170`)
|
|
||||||
* [CVE-2023-41051](CVE-2023/CVE-2023-410xx/CVE-2023-41051.json) (`2023-09-07T19:19:19.957`)
|
|
||||||
* [CVE-2023-41046](CVE-2023/CVE-2023-410xx/CVE-2023-41046.json) (`2023-09-07T19:20:17.653`)
|
|
||||||
* [CVE-2023-4711](CVE-2023/CVE-2023-47xx/CVE-2023-4711.json) (`2023-09-07T19:21:02.327`)
|
|
||||||
* [CVE-2023-4712](CVE-2023/CVE-2023-47xx/CVE-2023-4712.json) (`2023-09-07T19:21:25.680`)
|
|
||||||
* [CVE-2023-4713](CVE-2023/CVE-2023-47xx/CVE-2023-4713.json) (`2023-09-07T19:22:48.413`)
|
|
||||||
* [CVE-2023-4714](CVE-2023/CVE-2023-47xx/CVE-2023-4714.json) (`2023-09-07T19:23:35.707`)
|
|
||||||
* [CVE-2023-3297](CVE-2023/CVE-2023-32xx/CVE-2023-3297.json) (`2023-09-07T19:24:36.467`)
|
|
||||||
* [CVE-2023-31167](CVE-2023/CVE-2023-311xx/CVE-2023-31167.json) (`2023-09-07T19:26:11.297`)
|
|
||||||
* [CVE-2023-4778](CVE-2023/CVE-2023-47xx/CVE-2023-4778.json) (`2023-09-07T19:34:34.170`)
|
|
||||||
* [CVE-2023-20897](CVE-2023/CVE-2023-208xx/CVE-2023-20897.json) (`2023-09-07T19:40:05.767`)
|
|
||||||
* [CVE-2023-4709](CVE-2023/CVE-2023-47xx/CVE-2023-4709.json) (`2023-09-07T19:43:43.600`)
|
|
||||||
* [CVE-2023-23763](CVE-2023/CVE-2023-237xx/CVE-2023-23763.json) (`2023-09-07T19:53:27.870`)
|
|
||||||
|
|
||||||
|
|
||||||
## Download and Usage
|
## Download and Usage
|
||||||
|
Loading…
x
Reference in New Issue
Block a user