admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-30 10:10:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-07-13T12:00:45.154153+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-07-13 12:00:48 +00:00
parent 30c0ae6698
commit 1c340430f6
18 changed files with 1044 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2023/CVE-2023-224xx/CVE-2023-22435.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-22435",
"sourceIdentifier": "psirt@honeywell.com",
"published": "2023-07-13T11:15:08.770",
"lastModified": "2023-07-13T11:15:08.770",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Experion server may experience a DoS due to a stack overflow when handling a specially crafted message."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@honeywell.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@honeywell.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-697"
}
]
}
],
"references": [
{
"url": "https://process.honeywell.com",
"source": "psirt@honeywell.com"
}
]
}

55
CVE-2023/CVE-2023-235xx/CVE-2023-23585.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-23585",
"sourceIdentifier": "psirt@honeywell.com",
"published": "2023-07-13T11:15:08.857",
"lastModified": "2023-07-13T11:15:08.857",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@honeywell.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@honeywell.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://process.honeywell.com",
"source": "psirt@honeywell.com"
}
]
}

55
CVE-2023/CVE-2023-244xx/CVE-2023-24474.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-24474",
"sourceIdentifier": "psirt@honeywell.com",
"published": "2023-07-13T11:15:08.930",
"lastModified": "2023-07-13T11:15:08.930",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted message"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@honeywell.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@honeywell.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://process.honeywell.com",
"source": "psirt@honeywell.com"
}
]
}

55
CVE-2023/CVE-2023-244xx/CVE-2023-24480.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-24480",
"sourceIdentifier": "psirt@honeywell.com",
"published": "2023-07-13T11:15:08.997",
"lastModified": "2023-07-13T11:15:08.997",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Controller DoS due to stack overflow when decoding a message from the server"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@honeywell.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@honeywell.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-116"
}
]
}
],
"references": [
{
"url": "https://process.honeywell.com",
"source": "psirt@honeywell.com"
}
]
}

55
CVE-2023/CVE-2023-250xx/CVE-2023-25078.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25078",
"sourceIdentifier": "psirt@honeywell.com",
"published": "2023-07-13T11:15:09.060",
"lastModified": "2023-07-13T11:15:09.060",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@honeywell.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@honeywell.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://process.honeywell.com",
"source": "psirt@honeywell.com"
}
]
}

55
CVE-2023/CVE-2023-251xx/CVE-2023-25178.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25178",
"sourceIdentifier": "psirt@honeywell.com",
"published": "2023-07-13T11:15:09.123",
"lastModified": "2023-07-13T11:15:09.123",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Controller may be loaded with malicious firmware which could enable remote code execution\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@honeywell.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@honeywell.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
}
],
"references": [
{
"url": "https://process.honeywell.com",
"source": "psirt@honeywell.com"
}
]
}

55
CVE-2023/CVE-2023-257xx/CVE-2023-25770.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25770",
"sourceIdentifier": "psirt@honeywell.com",
"published": "2023-07-13T11:15:09.183",
"lastModified": "2023-07-13T11:15:09.183",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@honeywell.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@honeywell.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://process.honeywell.com",
"source": "psirt@honeywell.com"
}
]
}

55
CVE-2023/CVE-2023-294xx/CVE-2023-29451.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-29451",
"sourceIdentifier": "security@zabbix.com",
"published": "2023-07-13T10:15:09.137",
"lastModified": "2023-07-13T10:15:09.137",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zabbix.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security@zabbix.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-22587",
"source": "security@zabbix.com"
}
]
}

55
CVE-2023/CVE-2023-294xx/CVE-2023-29452.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-29452",
"sourceIdentifier": "security@zabbix.com",
"published": "2023-07-13T10:15:09.247",
"lastModified": "2023-07-13T11:15:09.250",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nCurrently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field \u201cAttribution text\u201d when selected \u201cOther\u201d Tile provider.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zabbix.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security@zabbix.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-22981",
"source": "security@zabbix.com"
}
]
}

55
CVE-2023/CVE-2023-294xx/CVE-2023-29454.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-29454",
"sourceIdentifier": "security@zabbix.com",
"published": "2023-07-13T10:15:09.320",
"lastModified": "2023-07-13T10:15:09.320",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": " Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload (e.g., in a database or server-side text files), and finally, the application unintentionally executes the payload for every victim visiting its web pages."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zabbix.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security@zabbix.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-22985",
"source": "security@zabbix.com"
}
]
}

55
CVE-2023/CVE-2023-294xx/CVE-2023-29455.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-29455",
"sourceIdentifier": "security@zabbix.com",
"published": "2023-07-13T10:15:09.377",
"lastModified": "2023-07-13T10:15:09.377",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zabbix.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@zabbix.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-22986",
"source": "security@zabbix.com"
}
]
}

55
CVE-2023/CVE-2023-294xx/CVE-2023-29456.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-29456",
"sourceIdentifier": "security@zabbix.com",
"published": "2023-07-13T10:15:09.440",
"lastModified": "2023-07-13T10:15:09.440",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zabbix.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security@zabbix.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-22987",
"source": "security@zabbix.com"
}
]
}

55
CVE-2023/CVE-2023-294xx/CVE-2023-29457.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-29457",
"sourceIdentifier": "security@zabbix.com",
"published": "2023-07-13T10:15:09.507",
"lastModified": "2023-07-13T10:15:09.507",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be activated through Action form fields, which can be sent as request to a website with a vulnerability that enables execution of malicious scripts."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zabbix.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security@zabbix.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-22988",
"source": "security@zabbix.com"
}
]
}

55
CVE-2023/CVE-2023-294xx/CVE-2023-29458.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-29458",
"sourceIdentifier": "security@zabbix.com",
"published": "2023-07-13T10:15:09.573",
"lastModified": "2023-07-13T10:15:09.573",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zabbix.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security@zabbix.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-129"
}
]
}
],
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-22989",
"source": "security@zabbix.com"
}
]
}

84
CVE-2023/CVE-2023-36xx/CVE-2023-3657.json Normal file
View File

@ -0,0 +1,84 @@
{
"id": "CVE-2023-3657",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-13T10:15:09.643",
"lastModified": "2023-07-13T10:15:09.643",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in SourceCodester AC Repair and Services System 1.0. This issue affects some unknown processing of the file Master.php?f=save_book of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-234011."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.234011",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.234011",
"source": "cna@vuldb.com"
}
]
}

84
CVE-2023/CVE-2023-36xx/CVE-2023-3658.json Normal file
View File

@ -0,0 +1,84 @@
{
"id": "CVE-2023-3658",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-13T11:15:09.340",
"lastModified": "2023-07-13T11:15:09.340",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in SourceCodester AC Repair and Services System 1.0. Affected is an unknown function of the file Master.php?f=delete_book of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-234012."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.234012",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.234012",
"source": "cna@vuldb.com"
}
]
}

84
CVE-2023/CVE-2023-36xx/CVE-2023-3659.json Normal file
View File

@ -0,0 +1,84 @@
{
"id": "CVE-2023-3659",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-13T11:15:09.417",
"lastModified": "2023-07-13T11:15:09.417",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/?page=user/manage_user. The manipulation of the argument firstname/middlename leads to cross site scripting. The attack can be launched remotely. The identifier VDB-234013 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.234013",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.234013",
"source": "cna@vuldb.com"
}
]
}

59
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-07-13T10:00:52.794864+00:00
2023-07-13T12:00:45.154153+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-07-13T09:15:09.660000+00:00
2023-07-13T11:15:09.417000+00:00
```
### Last Data Feed Release
@ -29,51 +29,36 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
220213
220230
```
### CVEs added in the last Commit
Recently added CVEs: `7`
Recently added CVEs: `17`
* [CVE-2023-1547](CVE-2023/CVE-2023-15xx/CVE-2023-1547.json) (`2023-07-13T08:15:10.400`)
* [CVE-2023-2957](CVE-2023/CVE-2023-29xx/CVE-2023-2957.json) (`2023-07-13T08:15:10.603`)
* [CVE-2023-35069](CVE-2023/CVE-2023-350xx/CVE-2023-35069.json) (`2023-07-13T08:15:10.683`)
* [CVE-2023-37415](CVE-2023/CVE-2023-374xx/CVE-2023-37415.json) (`2023-07-13T08:15:10.767`)
* [CVE-2023-3319](CVE-2023/CVE-2023-33xx/CVE-2023-3319.json) (`2023-07-13T08:15:10.837`)
* [CVE-2023-29449](CVE-2023/CVE-2023-294xx/CVE-2023-29449.json) (`2023-07-13T09:15:09.263`)
* [CVE-2023-29450](CVE-2023/CVE-2023-294xx/CVE-2023-29450.json) (`2023-07-13T09:15:09.660`)
* [CVE-2023-29451](CVE-2023/CVE-2023-294xx/CVE-2023-29451.json) (`2023-07-13T10:15:09.137`)
* [CVE-2023-29454](CVE-2023/CVE-2023-294xx/CVE-2023-29454.json) (`2023-07-13T10:15:09.320`)
* [CVE-2023-29455](CVE-2023/CVE-2023-294xx/CVE-2023-29455.json) (`2023-07-13T10:15:09.377`)
* [CVE-2023-29456](CVE-2023/CVE-2023-294xx/CVE-2023-29456.json) (`2023-07-13T10:15:09.440`)
* [CVE-2023-29457](CVE-2023/CVE-2023-294xx/CVE-2023-29457.json) (`2023-07-13T10:15:09.507`)
* [CVE-2023-29458](CVE-2023/CVE-2023-294xx/CVE-2023-29458.json) (`2023-07-13T10:15:09.573`)
* [CVE-2023-3657](CVE-2023/CVE-2023-36xx/CVE-2023-3657.json) (`2023-07-13T10:15:09.643`)
* [CVE-2023-22435](CVE-2023/CVE-2023-224xx/CVE-2023-22435.json) (`2023-07-13T11:15:08.770`)
* [CVE-2023-23585](CVE-2023/CVE-2023-235xx/CVE-2023-23585.json) (`2023-07-13T11:15:08.857`)
* [CVE-2023-24474](CVE-2023/CVE-2023-244xx/CVE-2023-24474.json) (`2023-07-13T11:15:08.930`)
* [CVE-2023-24480](CVE-2023/CVE-2023-244xx/CVE-2023-24480.json) (`2023-07-13T11:15:08.997`)
* [CVE-2023-25078](CVE-2023/CVE-2023-250xx/CVE-2023-25078.json) (`2023-07-13T11:15:09.060`)
* [CVE-2023-25178](CVE-2023/CVE-2023-251xx/CVE-2023-25178.json) (`2023-07-13T11:15:09.123`)
* [CVE-2023-25770](CVE-2023/CVE-2023-257xx/CVE-2023-25770.json) (`2023-07-13T11:15:09.183`)
* [CVE-2023-29452](CVE-2023/CVE-2023-294xx/CVE-2023-29452.json) (`2023-07-13T10:15:09.247`)
* [CVE-2023-3658](CVE-2023/CVE-2023-36xx/CVE-2023-3658.json) (`2023-07-13T11:15:09.340`)
* [CVE-2023-3659](CVE-2023/CVE-2023-36xx/CVE-2023-3659.json) (`2023-07-13T11:15:09.417`)
### CVEs modified in the last Commit
Recently modified CVEs: `71`
Recently modified CVEs: `0`
* [CVE-2023-37567](CVE-2023/CVE-2023-375xx/CVE-2023-37567.json) (`2023-07-13T08:32:09.673`)
* [CVE-2023-37568](CVE-2023/CVE-2023-375xx/CVE-2023-37568.json) (`2023-07-13T08:32:09.673`)
* [CVE-2023-38197](CVE-2023/CVE-2023-381xx/CVE-2023-38197.json) (`2023-07-13T08:32:09.673`)
* [CVE-2023-2200](CVE-2023/CVE-2023-22xx/CVE-2023-2200.json) (`2023-07-13T08:32:09.673`)
* [CVE-2023-2576](CVE-2023/CVE-2023-25xx/CVE-2023-2576.json) (`2023-07-13T08:32:09.673`)
* [CVE-2023-2620](CVE-2023/CVE-2023-26xx/CVE-2023-2620.json) (`2023-07-13T08:32:09.673`)
* [CVE-2023-34131](CVE-2023/CVE-2023-341xx/CVE-2023-34131.json) (`2023-07-13T08:32:09.673`)
* [CVE-2023-34132](CVE-2023/CVE-2023-341xx/CVE-2023-34132.json) (`2023-07-13T08:32:09.673`)
* [CVE-2023-34133](CVE-2023/CVE-2023-341xx/CVE-2023-34133.json) (`2023-07-13T08:32:09.673`)
* [CVE-2023-34134](CVE-2023/CVE-2023-341xx/CVE-2023-34134.json) (`2023-07-13T08:32:09.673`)
* [CVE-2023-34135](CVE-2023/CVE-2023-341xx/CVE-2023-34135.json) (`2023-07-13T08:32:09.673`)
* [CVE-2023-34136](CVE-2023/CVE-2023-341xx/CVE-2023-34136.json) (`2023-07-13T08:32:09.673`)
* [CVE-2023-34137](CVE-2023/CVE-2023-341xx/CVE-2023-34137.json) (`2023-07-13T08:32:09.673`)
* [CVE-2023-37562](CVE-2023/CVE-2023-375xx/CVE-2023-37562.json) (`2023-07-13T08:32:09.673`)
* [CVE-2023-37563](CVE-2023/CVE-2023-375xx/CVE-2023-37563.json) (`2023-07-13T08:32:09.673`)
* [CVE-2023-38198](CVE-2023/CVE-2023-381xx/CVE-2023-38198.json) (`2023-07-13T08:32:09.673`)
* [CVE-2023-38199](CVE-2023/CVE-2023-381xx/CVE-2023-38199.json) (`2023-07-13T08:32:09.673`)
* [CVE-2023-3342](CVE-2023/CVE-2023-33xx/CVE-2023-3342.json) (`2023-07-13T08:32:09.673`)
* [CVE-2023-3343](CVE-2023/CVE-2023-33xx/CVE-2023-3343.json) (`2023-07-13T08:32:09.673`)
* [CVE-2023-3362](CVE-2023/CVE-2023-33xx/CVE-2023-3362.json) (`2023-07-13T08:32:09.673`)
* [CVE-2023-3363](CVE-2023/CVE-2023-33xx/CVE-2023-3363.json) (`2023-07-13T08:32:09.673`)
* [CVE-2023-3424](CVE-2023/CVE-2023-34xx/CVE-2023-3424.json) (`2023-07-13T08:32:09.673`)
* [CVE-2023-3444](CVE-2023/CVE-2023-34xx/CVE-2023-3444.json) (`2023-07-13T08:32:09.673`)
* [CVE-2023-37564](CVE-2023/CVE-2023-375xx/CVE-2023-37564.json) (`2023-07-13T08:32:09.673`)
* [CVE-2023-37565](CVE-2023/CVE-2023-375xx/CVE-2023-37565.json) (`2023-07-13T08:32:09.673`)
## Download and Usage