admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-11 16:13:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-04T16:00:25.332114+00:00

Browse Source
This commit is contained in:
René Helmke 2023-05-04 18:00:28 +02:00
parent ab34f671b2
commit 21be97097b
29 changed files with 2777 additions and 142 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
CVE-2022/CVE-2022-296xx/CVE-2022-29604.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2022-29604", "id": "CVE-2022-29604",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-04-20T13:15:07.307", "published": "2023-04-20T13:15:07.307",
"lastModified": "2023-04-20T13:15:13.917", "lastModified": "2023-05-04T15:38:23.023",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows the CORRUPT state, which is misleading to a network operator. Improper handling of case sensitivity causes inconsistency between intent and flow rules in the network." "value": "An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows the CORRUPT state, which is misleading to a network operator. Improper handling of case sensitivity causes inconsistency between intent and flow rules in the network."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-178"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:onos:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DD1D050-BBF8-45B6-9B4E-93FC5D062414"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://wiki.onosproject.org/display/ONOS/Intent+Framework", "url": "https://wiki.onosproject.org/display/ONOS/Intent+Framework",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
}, },
{ {
"url": "https://www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf", "url": "https://www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
} }
] ]
} }

70
CVE-2022/CVE-2022-296xx/CVE-2022-29605.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2022-29605", "id": "CVE-2022-29605",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-04-20T13:15:07.377", "published": "2023-04-20T13:15:07.377",
"lastModified": "2023-04-20T13:15:13.917", "lastModified": "2023-05-04T15:35:35.327",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue was discovered in ONOS 2.5.1. IntentManager attempts to install the IPv6 flow rules of an intent into an OpenFlow 1.0 switch that does not support IPv6. Improper handling of the difference in capabilities of the intent and switch is misleading to a network operator." "value": "An issue was discovered in ONOS 2.5.1. IntentManager attempts to install the IPv6 flow rules of an intent into an OpenFlow 1.0 switch that does not support IPv6. Improper handling of the difference in capabilities of the intent and switch is misleading to a network operator."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-670"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:onos:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DD1D050-BBF8-45B6-9B4E-93FC5D062414"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://wiki.onosproject.org/display/ONOS/Intent+Framework", "url": "https://wiki.onosproject.org/display/ONOS/Intent+Framework",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
}, },
{ {
"url": "https://www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf", "url": "https://www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
} }
] ]
} }

53
CVE-2023/CVE-2023-16xx/CVE-2023-1624.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-1624", "id": "CVE-2023-1624",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:09.693", "published": "2023-04-24T19:15:09.693",
"lastModified": "2023-04-25T12:52:57.877", "lastModified": "2023-05-04T15:30:50.530",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcode_activate_snippets capability delete arbitrary log files on the server, including outside of the blog folders" "value": "The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcode_activate_snippets capability delete arbitrary log files on the server, including outside of the blog folders"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "contact@wpscan.com", "source": "contact@wpscan.com",
@ -23,10 +46,32 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpcode:wpcode:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.0.9",
"matchCriteriaId": "8695F540-99C6-4023-A002-7DA916F16E53"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://wpscan.com/vulnerability/132b70e5-4368-43b4-81f6-2d01bc09dc8f", "url": "https://wpscan.com/vulnerability/132b70e5-4368-43b4-81f6-2d01bc09dc8f",
"source": "contact@wpscan.com" "source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

105
CVE-2023/CVE-2023-20xx/CVE-2023-2006.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-2006", "id": "CVE-2023-2006",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2023-04-24T21:15:09.283", "published": "2023-04-24T21:15:09.283",
"lastModified": "2023-04-25T12:52:57.877", "lastModified": "2023-05-04T14:42:56.097",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel." "value": "A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
},
{ {
"source": "secalert@redhat.com", "source": "secalert@redhat.com",
"type": "Secondary", "type": "Secondary",
@ -23,18 +56,78 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"matchCriteriaId": "9064B383-DD48-40A2-8947-F5BA6E6B6713"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E7E331DA-1FB0-4DEC-91AC-7DA69D461C11"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "17F0B248-42CF-4AE6-A469-BB1BAE7F4705"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E2422816-0C14-4B5E-A1E6-A9D776E5C49B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1C6E00FE-5FB9-4D20-A1A1-5A32128F9B76"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "35B26BE4-43A6-4A36-A7F6-5B3F572D9186"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*",
"matchCriteriaId": "3FFFB0B3-930D-408A-91E2-BAE0C2715D80"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189112", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189112",
"source": "secalert@redhat.com" "source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/torvalds/linux/commit/3bcd6c7eaa53", "url": "https://github.com/torvalds/linux/commit/3bcd6c7eaa53",
"source": "secalert@redhat.com" "source": "secalert@redhat.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-439/", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-439/",
"source": "secalert@redhat.com" "source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
} }
] ]
} }

90
CVE-2023/CVE-2023-20xx/CVE-2023-2019.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-2019", "id": "CVE-2023-2019",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2023-04-24T21:15:09.347", "published": "2023-04-24T21:15:09.347",
"lastModified": "2023-04-25T12:52:57.877", "lastModified": "2023-05-04T14:42:28.350",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system." "value": "A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{ {
"source": "secalert@redhat.com", "source": "secalert@redhat.com",
"type": "Secondary", "type": "Secondary",
@ -23,18 +56,63 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0",
"matchCriteriaId": "87B81C9D-7173-4FFB-97BC-9C41AB20A53C"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189137", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189137",
"source": "secalert@redhat.com" "source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/torvalds/linux/commit/180a6a3ee60a", "url": "https://github.com/torvalds/linux/commit/180a6a3ee60a",
"source": "secalert@redhat.com" "source": "secalert@redhat.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-17811/", "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-17811/",
"source": "secalert@redhat.com" "source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
} }
] ]
} }

360
CVE-2023/CVE-2023-229xx/CVE-2023-22914.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22914", "id": "CVE-2023-22914",
"sourceIdentifier": "security@zyxel.com.tw", "sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-04-24T17:15:09.627", "published": "2023-04-24T17:15:09.627",
"lastModified": "2023-04-24T17:43:16.267", "lastModified": "2023-05-04T14:32:03.143",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{ {
"source": "security@zyxel.com.tw", "source": "security@zyxel.com.tw",
"type": "Secondary", "type": "Secondary",
@ -35,6 +55,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{ {
"source": "security@zyxel.com.tw", "source": "security@zyxel.com.tw",
"type": "Secondary", "type": "Secondary",
@ -46,10 +76,334 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.35",
"matchCriteriaId": "FFE84F5F-0D2D-4B13-8B11-061D6AF36E0D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.35",
"matchCriteriaId": "E0248888-B2CD-4CAA-8475-B9CD68CDA4C1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.35",
"matchCriteriaId": "BB46C274-12D1-4155-AB7B-6FE9282FD307"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.35",
"matchCriteriaId": "513FCF86-307E-4230-9A59-653BE2450525"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.35",
"matchCriteriaId": "FE6D206F-B365-408A-9200-656B9C6A4AEE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.35",
"matchCriteriaId": "3C7F5651-F9E1-4F7C-84BD-AF06ADDCBF82"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.35",
"matchCriteriaId": "3473C5D7-91AC-4FCA-851D-D6583B42F768"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.35",
"matchCriteriaId": "3E3AC1DD-9BD8-42AD-A443-BCCBA6A4F27B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.35",
"matchCriteriaId": "06C109E1-5D08-41E7-BDB2-8D53CA87FCA8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.35",
"matchCriteriaId": "16394FD3-8C28-4AD8-AE57-4C61D5E69D3E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.35",
"matchCriteriaId": "FD0F0319-5402-4E2D-8E79-8C492422438D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps", "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps",
"source": "security@zyxel.com.tw" "source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

389
CVE-2023/CVE-2023-229xx/CVE-2023-22915.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22915", "id": "CVE-2023-22915",
"sourceIdentifier": "security@zyxel.com.tw", "sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-04-24T17:15:09.690", "published": "2023-04-24T17:15:09.690",
"lastModified": "2023-04-24T17:43:16.267", "lastModified": "2023-05-04T14:44:10.363",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{ {
"source": "security@zyxel.com.tw", "source": "security@zyxel.com.tw",
"type": "Secondary", "type": "Secondary",
@ -35,6 +55,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{ {
"source": "security@zyxel.com.tw", "source": "security@zyxel.com.tw",
"type": "Secondary", "type": "Secondary",
@ -46,10 +76,363 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.35",
"matchCriteriaId": "FFE84F5F-0D2D-4B13-8B11-061D6AF36E0D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.35",
"matchCriteriaId": "E0248888-B2CD-4CAA-8475-B9CD68CDA4C1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.35",
"matchCriteriaId": "BB46C274-12D1-4155-AB7B-6FE9282FD307"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.35",
"matchCriteriaId": "513FCF86-307E-4230-9A59-653BE2450525"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.30",
"versionEndIncluding": "5.35",
"matchCriteriaId": "44C99310-56C3-4392-8D68-8290A209B2DA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.35",
"matchCriteriaId": "3C7F5651-F9E1-4F7C-84BD-AF06ADDCBF82"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.35",
"matchCriteriaId": "3473C5D7-91AC-4FCA-851D-D6583B42F768"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.35",
"matchCriteriaId": "3E3AC1DD-9BD8-42AD-A443-BCCBA6A4F27B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.35",
"matchCriteriaId": "06C109E1-5D08-41E7-BDB2-8D53CA87FCA8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.35",
"matchCriteriaId": "16394FD3-8C28-4AD8-AE57-4C61D5E69D3E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.35",
"matchCriteriaId": "FD0F0319-5402-4E2D-8E79-8C492422438D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.30",
"versionEndIncluding": "5.35",
"matchCriteriaId": "3C160661-113D-4B5A-A253-FEB1E4CBB267"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps", "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps",
"source": "security@zyxel.com.tw" "source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

62
CVE-2023/CVE-2023-22xx/CVE-2023-2250.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-2250", "id": "CVE-2023-2250",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2023-04-24T21:15:09.410", "published": "2023-04-24T21:15:09.410",
"lastModified": "2023-04-25T12:52:57.877", "lastModified": "2023-05-04T14:41:52.360",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service account to list all secrets for all kubernetes namespaces, leading into a cluster-level privilege escalation." "value": "A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service account to list all secrets for all kubernetes namespaces, leading into a cluster-level privilege escalation."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{ {
"source": "secalert@redhat.com", "source": "secalert@redhat.com",
"type": "Secondary", "type": "Secondary",
@ -27,10 +60,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:open_cluster_management:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0834F4B0-F5C7-43E7-9A7E-74B7FA455A6F"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/open-cluster-management-io/registration-operator/pull/344", "url": "https://github.com/open-cluster-management-io/registration-operator/pull/344",
"source": "secalert@redhat.com" "source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
]
} }
] ]
} }

81
CVE-2023/CVE-2023-22xx/CVE-2023-2257.json
View File

@ -2,19 +2,92 @@
"id": "CVE-2023-2257", "id": "CVE-2023-2257",
"sourceIdentifier": "security@devolutions.net", "sourceIdentifier": "security@devolutions.net",
"published": "2023-04-24T19:15:09.820", "published": "2023-04-24T19:15:09.820",
"lastModified": "2023-04-25T12:52:57.877", "lastModified": "2023-05-04T15:55:03.020",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub \nBusiness space without being prompted to enter the password via an \nunimplemented \"Force Login\" security feature.\n\nThis vulnerability occurs only if \"Force Login\" feature is enabled on the Hub Business instance and that an attacker has access to a locked Workspace desktop application configured with a Hub Business space.\n" "value": "Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub \nBusiness space without being prompted to enter the password via an \nunimplemented \"Force Login\" security feature.\n\nThis vulnerability occurs only if \"Force Login\" feature is enabled on the Hub Business instance and that an attacker has access to a locked Workspace desktop application configured with a Hub Business space.\n"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:devolutions:workspace:*:*:*:*:desktop:*:*:*",
"versionEndExcluding": "2023.1.1.4",
"matchCriteriaId": "4C4BA203-752A-421F-9A01-4127E6E3DDE7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://devolutions.net/security/advisories/DEVO-2023-0011", "url": "https://devolutions.net/security/advisories/DEVO-2023-0011",
"source": "security@devolutions.net" "source": "security@devolutions.net",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

88
CVE-2023/CVE-2023-22xx/CVE-2023-2282.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-2282",
"sourceIdentifier": "security@devolutions.net",
"published": "2023-04-25T19:15:11.100",
"lastModified": "2023-05-04T15:16:53.583",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an authenticated user to bypass administrator-enforced Web Login restrictions and gain access to entries via an unexpected vector.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2023.1.22",
"matchCriteriaId": "7D029076-CEDD-4678-9B60-390670047C15"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://devolutions.net/security/advisories/DEVO-2023-0012",
"source": "security@devolutions.net",
"tags": [
"Vendor Advisory"
]
}
]
}

320
CVE-2023/CVE-2023-234xx/CVE-2023-23451.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-23451", "id": "CVE-2023-23451",
"sourceIdentifier": "psirt@sick.de", "sourceIdentifier": "psirt@sick.de",
"published": "2023-04-19T23:15:06.970", "published": "2023-04-19T23:15:06.970",
"lastModified": "2023-04-20T13:15:05.443", "lastModified": "2023-05-04T15:24:37.877",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW., SICK UE410-EN1 FLEXI ETHERNET GATEW., SICK UE410-EN3S04 FLEXI ETHERNET GATEW., SICK UE410-EN4 FLEXI ETHERNET GATEW., SICK FX0-GENT00000 FLEXISOFT EIP GATEW., SICK FX0-GMOD00000 FLEXISOFT MOD GATEW., SICK FX0-GPNT00000 FLEXISOFT PNET GATEW., SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 and SICK FX0-GMOD00010 FLEXISOFT MOD GW. have Telnet enabled by factory default. No password is set in the default configuration. Gateways with a serial number >2311xxxx have the Telnet interface disabled by factory default." "value": "The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW., SICK UE410-EN1 FLEXI ETHERNET GATEW., SICK UE410-EN3S04 FLEXI ETHERNET GATEW., SICK UE410-EN4 FLEXI ETHERNET GATEW., SICK FX0-GENT00000 FLEXISOFT EIP GATEW., SICK FX0-GMOD00000 FLEXISOFT MOD GATEW., SICK FX0-GPNT00000 FLEXISOFT PNET GATEW., SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 and SICK FX0-GMOD00010 FLEXISOFT MOD GW. have Telnet enabled by factory default. No password is set in the default configuration. Gateways with a serial number >2311xxxx have the Telnet interface disabled by factory default."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
},
{ {
"source": "psirt@sick.de", "source": "psirt@sick.de",
"type": "Secondary", "type": "Secondary",
@ -23,10 +56,289 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sick:ue410-en3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AA9F3C9-61F5-4C21-9650-76C0FC9C51EE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sick:ue410-en3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F4C5D33-6A97-4509-8151-65D79F03F18A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sick:ue410-en1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF96D6FC-3053-433E-8B7D-CEA3C7FC7CBA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sick:ue410-en1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A963DB6B-C9A9-4B1D-A239-C7B608F2CBD1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sick:ue410-en3s04_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB62B37C-E8E4-4305-8F6A-127765CC54AD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sick:ue410-en3s04:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06416A50-B978-4F67-AA50-010ECBD2DB2F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sick:ue410-en4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30951A8A-8B78-4F58-8E8B-5697F89B332A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sick:ue410-en4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "593FA8EA-007A-47C0-9F22-89E420BBE0D4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sick:fx0-gent00000_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.11.0",
"matchCriteriaId": "87586615-29B4-46E4-9CE7-F7BB8F012155"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sick:fx0-gent00000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB590A4-F5E4-4A17-B5A6-33A995C96BAB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sick:fx0-gmod00000_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.11.0",
"matchCriteriaId": "042B4FDB-BC05-43D6-84FC-F65203CDBE0D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sick:fx0-gmod00000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D96296E7-65D3-4C0A-8126-4AA8BEF85B39"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sick:fx0-gpnt00000_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.12.0",
"matchCriteriaId": "61F9ADB1-DBED-4AC6-9CED-C0CCAC7C31F7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sick:fx0-gpnt00000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF3BF752-4F49-4E90-9790-1913ED64D8B3"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sick:fx0-gent00030_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F133BB19-8D61-4BD7-B706-A3FD81E71ECD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sick:fx0-gent00030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1809BCF9-541E-4348-87A3-4CB37D680704"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sick:fx0-gpnt00030_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96A20EA8-57F4-4CDD-8F44-F02E2FC010AA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sick:fx0-gpnt00030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CABEFF4-C0A4-4054-8174-7B3762BC0C3F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sick:fx0-gmod00010_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.11.0",
"matchCriteriaId": "D09286BA-A20C-44DA-BE0C-98EF4851BA73"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sick:fx0-gmod00010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97742720-A8E3-49FE-BE43-EFF720F3D52D"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://sick.com/psirt", "url": "https://sick.com/psirt",
"source": "psirt@sick.de" "source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

47
CVE-2023/CVE-2023-234xx/CVE-2023-23470.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-23470",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-05-04T14:15:08.847",
"lastModified": "2023-05-04T14:15:08.847",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged administrator to gain elevated privileges in non-default configurations, as a result of improper SQL processing. By using a specially crafted SQL operation, the administrator could exploit the vulnerability to perform additional administrator operations. IBM X-Force ID: 244510."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/244510",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/6987767",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2023/CVE-2023-249xx/CVE-2023-24958.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-24958",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-05-04T14:15:10.173",
"lastModified": "2023-05-04T14:15:10.173",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the IBM TS7700 Management Interface 8.51.2.12, 8.52.200.111, 8.52.102.13, and 8.53.0.63 could allow an authenticated user to submit a specially crafted URL leading to privilege escalation and remote code execution. IBM X-Force ID: 246320."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/246320",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/6980845",
"source": "psirt@us.ibm.com"
}
]
}

55
CVE-2023/CVE-2023-260xx/CVE-2023-26010.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-26010",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-04T14:15:10.593",
"lastModified": "2023-05-04T14:15:10.593",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMobile.App plugin <=\u00a011.18 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wpappninja/wordpress-wpmobile-app-android-and-ios-mobile-application-plugin-11-18-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-260xx/CVE-2023-26012.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-26012",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-04T14:15:11.090",
"lastModified": "2023-05-04T14:15:11.090",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Denzel Chia | Phire Design Custom Login Page plugin <=\u00a02.0 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-custom-login-page/wordpress-custom-login-page-plugin-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

64
CVE-2023/CVE-2023-260xx/CVE-2023-26061.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26061", "id": "CVE-2023-26061",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-04-24T17:15:10.627", "published": "2023-04-24T17:15:10.627",
"lastModified": "2023-04-24T17:43:16.267", "lastModified": "2023-05-04T15:20:01.543",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{ {
"source": "cve@mitre.org", "source": "cve@mitre.org",
"type": "Secondary", "type": "Secondary",
@ -34,14 +54,50 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nokia:netact:*:*:*:*:*:*:*:*",
"versionEndIncluding": "20.1",
"matchCriteriaId": "C5E0663C-CBA9-4808-895C-7E2A04D919F3"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://nokia.com", "url": "https://nokia.com",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
}, },
{ {
"url": "https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2022-05/", "url": "https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2022-05/",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

82
CVE-2023/CVE-2023-280xx/CVE-2023-28086.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2023-28086",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-04-25T19:15:10.753",
"lastModified": "2023-05-04T14:56:37.440",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An HPE OneView appliance dump may expose proxy credential settings"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:lts:*:*:*",
"versionEndExcluding": "6.60.04",
"matchCriteriaId": "BA5D7ED2-08B6-478C-BC68-F9B6B84A9666"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.2",
"matchCriteriaId": "1489D2EF-12C5-4540-A69E-326B4C41A4E3"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04469en_us",
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

82
CVE-2023/CVE-2023-280xx/CVE-2023-28087.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2023-28087",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-04-25T19:15:10.817",
"lastModified": "2023-05-04T14:53:25.137",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An HPE OneView appliance dump may expose OneView user accounts"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:lts:*:*:*",
"versionEndExcluding": "6.60.04",
"matchCriteriaId": "BA5D7ED2-08B6-478C-BC68-F9B6B84A9666"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.2",
"matchCriteriaId": "1489D2EF-12C5-4540-A69E-326B4C41A4E3"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04469en_us",
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

82
CVE-2023/CVE-2023-280xx/CVE-2023-28088.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2023-28088",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-04-25T19:15:10.873",
"lastModified": "2023-05-04T14:30:04.933",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An HPE OneView appliance dump may expose SAN switch administrative credentials"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:lts:*:*:*",
"versionEndExcluding": "6.60.04",
"matchCriteriaId": "BA5D7ED2-08B6-478C-BC68-F9B6B84A9666"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.2",
"matchCriteriaId": "1489D2EF-12C5-4540-A69E-326B4C41A4E3"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04469en_us",
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

82
CVE-2023/CVE-2023-280xx/CVE-2023-28089.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2023-28089",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-04-25T19:15:10.927",
"lastModified": "2023-05-04T14:27:34.107",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:lts:*:*:*",
"versionEndExcluding": "6.60.04",
"matchCriteriaId": "BA5D7ED2-08B6-478C-BC68-F9B6B84A9666"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.2",
"matchCriteriaId": "1489D2EF-12C5-4540-A69E-326B4C41A4E3"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04469en_us",
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

82
CVE-2023/CVE-2023-280xx/CVE-2023-28090.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2023-28090",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-04-25T19:15:10.980",
"lastModified": "2023-05-04T14:16:23.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An HPE OneView appliance dump may expose SNMPv3 read credentials"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:lts:*:*:*",
"versionEndExcluding": "6.60.04",
"matchCriteriaId": "BA5D7ED2-08B6-478C-BC68-F9B6B84A9666"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.2",
"matchCriteriaId": "1489D2EF-12C5-4540-A69E-326B4C41A4E3"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04469en_us",
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-290xx/CVE-2023-29019.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29019", "id": "CVE-2023-29019",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-21T23:15:20.197", "published": "2023-04-21T23:15:20.197",
"lastModified": "2023-04-24T13:02:13.210", "lastModified": "2023-05-04T14:43:34.297",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -36,7 +56,7 @@
}, },
"weaknesses": [ "weaknesses": [
{ {
"source": "security-advisories@github.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"description": [ "description": [
{ {
@ -44,20 +64,64 @@
"value": "CWE-384" "value": "CWE-384"
} }
] ]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-384"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fastify:passport:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "1.1.0",
"matchCriteriaId": "3F071BA9-FBA0-4860-9B99-9D48230422D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fastify:passport:*:*:*:*:*:node.js:*:*",
"versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.3.0",
"matchCriteriaId": "341AD078-D84A-45B6-876F-7FA286EECAAA"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/fastify/fastify-passport/commit/43c82c321db58ea3e375dd475de60befbfcf2a11", "url": "https://github.com/fastify/fastify-passport/commit/43c82c321db58ea3e375dd475de60befbfcf2a11",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/fastify/fastify-passport/security/advisories/GHSA-4m3m-ppvx-xgw9", "url": "https://github.com/fastify/fastify-passport/security/advisories/GHSA-4m3m-ppvx-xgw9",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://owasp.org/www-community/attacks/Session_fixation", "url": "https://owasp.org/www-community/attacks/Session_fixation",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Technical Description"
]
} }
] ]
} }

81
CVE-2023/CVE-2023-297xx/CVE-2023-29780.json
View File

@ -2,23 +2,94 @@
"id": "CVE-2023-29780", "id": "CVE-2023-29780",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-04-24T19:15:09.767", "published": "2023-04-24T19:15:09.767",
"lastModified": "2023-04-25T12:52:57.877", "lastModified": "2023-05-04T15:54:20.907",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Third Reality Smart Blind 1.00.54 contains a denial-of-service vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes." "value": "Third Reality Smart Blind 1.00.54 contains a denial-of-service vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:3reality:3rsb015bz_firmware:1.00.54:*:*:*:*:*:*:*",
"matchCriteriaId": "7E00DF2A-7E43-43AD-9D6A-F4FA98033AEC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:3reality:3rsb015bz:-:*:*:*:*:*:*:*",
"matchCriteriaId": "856A30F4-A58D-477E-86E3-7AFCF6595549"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/iot-sec23/IoT-CVE/blob/main/Third%20Reality%20Smart%20Blind%20Vulnerability%20Report.pdf", "url": "https://github.com/iot-sec23/IoT-CVE/blob/main/Third%20Reality%20Smart%20Blind%20Vulnerability%20Report.pdf",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.3reality.com/", "url": "https://www.3reality.com/",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
} }
] ]
} }

20
CVE-2023/CVE-2023-298xx/CVE-2023-29827.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-29827",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-04T14:15:11.363",
"lastModified": "2023-05-04T14:15:11.363",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/mde/ejs/issues/720",
"source": "cve@mitre.org"
}
]
}

67
CVE-2023/CVE-2023-306xx/CVE-2023-30619.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-30619",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-04T14:15:11.663",
"lastModified": "2023-05-04T14:15:11.663",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Tuleap Open ALM is a Libre and Open Source tool for end to end traceability of application and system developments. The title of an artifact is not properly escaped in the tooltip. A malicious user with the capability to create an artifact or to edit a field title could force victim to execute uncontrolled code. This issue has been patched in version 14.7.99.143.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/Enalean/tuleap/commit/fdc93a736cbccad05de16ff0cc7cc3ef18dc93df",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-7fm3-cr3g-5922",
"source": "security-advisories@github.com"
},
{
"url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=fdc93a736cbccad05de16ff0cc7cc3ef18dc93df",
"source": "security-advisories@github.com"
},
{
"url": "https://tuleap.net/plugins/tracker/?aid=31586",
"source": "security-advisories@github.com"
}
]
}

58
CVE-2023/CVE-2023-306xx/CVE-2023-30623.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30623", "id": "CVE-2023-30623",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-24T22:15:09.870", "published": "2023-04-24T22:15:09.870",
"lastModified": "2023-04-25T12:52:57.877", "lastModified": "2023-05-04T15:54:43.193",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -46,18 +66,46 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wip_project:wip:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.0",
"matchCriteriaId": "D020BBA6-CF6E-436E-8D8E-CF85E0F7F490"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/embano1/wip/commit/c25450f77ed02c20d00b76ee3b33ff43838739a2", "url": "https://github.com/embano1/wip/commit/c25450f77ed02c20d00b76ee3b33ff43838739a2",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/embano1/wip/security/advisories/GHSA-rg3q-prf8-qxmp", "url": "https://github.com/embano1/wip/security/advisories/GHSA-rg3q-prf8-qxmp",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://securitylab.github.com/research/github-actions-untrusted-input/", "url": "https://securitylab.github.com/research/github-actions-untrusted-input/",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

77
CVE-2023/CVE-2023-306xx/CVE-2023-30626.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30626", "id": "CVE-2023-30626",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-24T21:15:09.687", "published": "2023-04-24T21:15:09.687",
"lastModified": "2023-04-25T12:52:57.877", "lastModified": "2023-05-04T14:09:25.893",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -46,30 +66,71 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jellyfin:jellyfin:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.8.0",
"versionEndExcluding": "10.8.10",
"matchCriteriaId": "F5C18A18-B001-405D-9787-509225E4E7D2"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/jellyfin/jellyfin-web/security/advisories/GHSA-89hp-h43h-r5pq", "url": "https://github.com/jellyfin/jellyfin-web/security/advisories/GHSA-89hp-h43h-r5pq",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://github.com/jellyfin/jellyfin/blob/22d880662283980dec994cd7d35fe269613bfce3/Jellyfin.Api/Controllers/ClientLogController.cs#L44", "url": "https://github.com/jellyfin/jellyfin/blob/22d880662283980dec994cd7d35fe269613bfce3/Jellyfin.Api/Controllers/ClientLogController.cs#L44",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}, },
{ {
"url": "https://github.com/jellyfin/jellyfin/commit/82ad2633fdfb1c37a158057c7935f83e1129eda7", "url": "https://github.com/jellyfin/jellyfin/commit/82ad2633fdfb1c37a158057c7935f83e1129eda7",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/jellyfin/jellyfin/pull/5918", "url": "https://github.com/jellyfin/jellyfin/pull/5918",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}, },
{ {
"url": "https://github.com/jellyfin/jellyfin/releases/tag/v10.8.10", "url": "https://github.com/jellyfin/jellyfin/releases/tag/v10.8.10",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
}, },
{ {
"url": "https://github.com/jellyfin/jellyfin/security/advisories/GHSA-9p5f-5x8v-x65m", "url": "https://github.com/jellyfin/jellyfin/security/advisories/GHSA-9p5f-5x8v-x65m",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

65
CVE-2023/CVE-2023-306xx/CVE-2023-30627.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30627", "id": "CVE-2023-30627",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-24T21:15:09.760", "published": "2023-04-24T21:15:09.760",
"lastModified": "2023-04-25T12:52:57.877", "lastModified": "2023-05-04T14:02:22.583",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -46,22 +66,55 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jellyfin:jellyfin:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.1.0",
"versionEndExcluding": "10.8.10",
"matchCriteriaId": "2987978F-8A1B-4CE2-BDC9-A6C5AAA9AE18"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/jellyfin/jellyfin-web/commit/b88a5951e1a517ff4c820e693d9c0da981cf68ee", "url": "https://github.com/jellyfin/jellyfin-web/commit/b88a5951e1a517ff4c820e693d9c0da981cf68ee",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/jellyfin/jellyfin-web/releases/tag/v10.8.10", "url": "https://github.com/jellyfin/jellyfin-web/releases/tag/v10.8.10",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
}, },
{ {
"url": "https://github.com/jellyfin/jellyfin-web/security/advisories/GHSA-89hp-h43h-r5pq", "url": "https://github.com/jellyfin/jellyfin-web/security/advisories/GHSA-89hp-h43h-r5pq",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://github.com/jellyfin/jellyfin/security/advisories/GHSA-9p5f-5x8v-x65m", "url": "https://github.com/jellyfin/jellyfin/security/advisories/GHSA-9p5f-5x8v-x65m",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

97
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-05-04T14:00:24.407451+00:00 2023-05-04T16:00:25.332114+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-05-04T13:58:41.697000+00:00 2023-05-04T15:55:03.020000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,78 +29,47 @@ Download and Changelog: [Click](releases/latest)
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
214049 214055
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `3` Recently added CVEs: `6`
* [CVE-2022-45818](CVE-2022/CVE-2022-458xx/CVE-2022-45818.json) (`2023-05-04T13:15:13.580`) * [CVE-2023-23470](CVE-2023/CVE-2023-234xx/CVE-2023-23470.json) (`2023-05-04T14:15:08.847`)
* [CVE-2023-25962](CVE-2023/CVE-2023-259xx/CVE-2023-25962.json) (`2023-05-04T13:15:18.060`) * [CVE-2023-24958](CVE-2023/CVE-2023-249xx/CVE-2023-24958.json) (`2023-05-04T14:15:10.173`)
* [CVE-2023-26016](CVE-2023/CVE-2023-260xx/CVE-2023-26016.json) (`2023-05-04T13:15:18.633`) * [CVE-2023-26010](CVE-2023/CVE-2023-260xx/CVE-2023-26010.json) (`2023-05-04T14:15:10.593`)
* [CVE-2023-26012](CVE-2023/CVE-2023-260xx/CVE-2023-26012.json) (`2023-05-04T14:15:11.090`)
* [CVE-2023-29827](CVE-2023/CVE-2023-298xx/CVE-2023-29827.json) (`2023-05-04T14:15:11.363`)
* [CVE-2023-30619](CVE-2023/CVE-2023-306xx/CVE-2023-30619.json) (`2023-05-04T14:15:11.663`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `56` Recently modified CVEs: `22`
* [CVE-2017-11197](CVE-2017/CVE-2017-111xx/CVE-2017-11197.json) (`2023-05-04T13:03:15.830`) * [CVE-2022-29604](CVE-2022/CVE-2022-296xx/CVE-2022-29604.json) (`2023-05-04T15:38:23.023`)
* [CVE-2017-20184](CVE-2017/CVE-2017-201xx/CVE-2017-20184.json) (`2023-05-04T13:03:05.007`) * [CVE-2022-29605](CVE-2022/CVE-2022-296xx/CVE-2022-29605.json) (`2023-05-04T15:35:35.327`)
* [CVE-2020-22429](CVE-2020/CVE-2020-224xx/CVE-2020-22429.json) (`2023-05-04T13:03:12.273`) * [CVE-2023-1624](CVE-2023/CVE-2023-16xx/CVE-2023-1624.json) (`2023-05-04T15:30:50.530`)
* [CVE-2021-33971](CVE-2021/CVE-2021-339xx/CVE-2021-33971.json) (`2023-05-04T13:42:40.960`) * [CVE-2023-2006](CVE-2023/CVE-2023-20xx/CVE-2023-2006.json) (`2023-05-04T14:42:56.097`)
* [CVE-2021-3429](CVE-2021/CVE-2021-34xx/CVE-2021-3429.json) (`2023-05-04T13:00:46.217`) * [CVE-2023-2019](CVE-2023/CVE-2023-20xx/CVE-2023-2019.json) (`2023-05-04T14:42:28.350`)
* [CVE-2022-39161](CVE-2022/CVE-2022-391xx/CVE-2022-39161.json) (`2023-05-04T13:03:12.273`) * [CVE-2023-2250](CVE-2023/CVE-2023-22xx/CVE-2023-2250.json) (`2023-05-04T14:41:52.360`)
* [CVE-2022-4259](CVE-2022/CVE-2022-42xx/CVE-2022-4259.json) (`2023-05-04T13:03:05.007`) * [CVE-2023-2257](CVE-2023/CVE-2023-22xx/CVE-2023-2257.json) (`2023-05-04T15:55:03.020`)
* [CVE-2022-4376](CVE-2022/CVE-2022-43xx/CVE-2022-4376.json) (`2023-05-04T13:03:12.273`) * [CVE-2023-2282](CVE-2023/CVE-2023-22xx/CVE-2023-2282.json) (`2023-05-04T15:16:53.583`)
* [CVE-2022-43950](CVE-2022/CVE-2022-439xx/CVE-2022-43950.json) (`2023-05-04T13:03:12.273`) * [CVE-2023-22914](CVE-2023/CVE-2023-229xx/CVE-2023-22914.json) (`2023-05-04T14:32:03.143`)
* [CVE-2022-45858](CVE-2022/CVE-2022-458xx/CVE-2022-45858.json) (`2023-05-04T13:03:12.273`) * [CVE-2023-22915](CVE-2023/CVE-2023-229xx/CVE-2023-22915.json) (`2023-05-04T14:44:10.363`)
* [CVE-2022-45859](CVE-2022/CVE-2022-458xx/CVE-2022-45859.json) (`2023-05-04T13:03:12.273`) * [CVE-2023-23451](CVE-2023/CVE-2023-234xx/CVE-2023-23451.json) (`2023-05-04T15:24:37.877`)
* [CVE-2022-45860](CVE-2022/CVE-2022-458xx/CVE-2022-45860.json) (`2023-05-04T13:03:12.273`) * [CVE-2023-26061](CVE-2023/CVE-2023-260xx/CVE-2023-26061.json) (`2023-05-04T15:20:01.543`)
* [CVE-2022-47757](CVE-2022/CVE-2022-477xx/CVE-2022-47757.json) (`2023-05-04T13:03:05.007`) * [CVE-2023-28086](CVE-2023/CVE-2023-280xx/CVE-2023-28086.json) (`2023-05-04T14:56:37.440`)
* [CVE-2023-0155](CVE-2023/CVE-2023-01xx/CVE-2023-0155.json) (`2023-05-04T13:03:12.273`) * [CVE-2023-28087](CVE-2023/CVE-2023-280xx/CVE-2023-28087.json) (`2023-05-04T14:53:25.137`)
* [CVE-2023-0485](CVE-2023/CVE-2023-04xx/CVE-2023-0485.json) (`2023-05-04T13:03:12.273`) * [CVE-2023-28088](CVE-2023/CVE-2023-280xx/CVE-2023-28088.json) (`2023-05-04T14:30:04.933`)
* [CVE-2023-0756](CVE-2023/CVE-2023-07xx/CVE-2023-0756.json) (`2023-05-04T13:03:12.273`) * [CVE-2023-28089](CVE-2023/CVE-2023-280xx/CVE-2023-28089.json) (`2023-05-04T14:27:34.107`)
* [CVE-2023-0805](CVE-2023/CVE-2023-08xx/CVE-2023-0805.json) (`2023-05-04T13:03:12.273`) * [CVE-2023-28090](CVE-2023/CVE-2023-280xx/CVE-2023-28090.json) (`2023-05-04T14:16:23.857`)
* [CVE-2023-1178](CVE-2023/CVE-2023-11xx/CVE-2023-1178.json) (`2023-05-04T13:03:05.007`) * [CVE-2023-29019](CVE-2023/CVE-2023-290xx/CVE-2023-29019.json) (`2023-05-04T14:43:34.297`)
* [CVE-2023-1204](CVE-2023/CVE-2023-12xx/CVE-2023-1204.json) (`2023-05-04T13:03:12.273`) * [CVE-2023-29780](CVE-2023/CVE-2023-297xx/CVE-2023-29780.json) (`2023-05-04T15:54:20.907`)
* [CVE-2023-1265](CVE-2023/CVE-2023-12xx/CVE-2023-1265.json) (`2023-05-04T13:03:12.273`) * [CVE-2023-30623](CVE-2023/CVE-2023-306xx/CVE-2023-30623.json) (`2023-05-04T15:54:43.193`)
* [CVE-2023-1836](CVE-2023/CVE-2023-18xx/CVE-2023-1836.json) (`2023-05-04T13:03:12.273`) * [CVE-2023-30626](CVE-2023/CVE-2023-306xx/CVE-2023-30626.json) (`2023-05-04T14:09:25.893`)
* [CVE-2023-1965](CVE-2023/CVE-2023-19xx/CVE-2023-1965.json) (`2023-05-04T13:03:12.273`) * [CVE-2023-30627](CVE-2023/CVE-2023-306xx/CVE-2023-30627.json) (`2023-05-04T14:02:22.583`)
* [CVE-2023-2069](CVE-2023/CVE-2023-20xx/CVE-2023-2069.json) (`2023-05-04T13:03:12.273`)
* [CVE-2023-2182](CVE-2023/CVE-2023-21xx/CVE-2023-2182.json) (`2023-05-04T13:03:05.007`)
* [CVE-2023-22637](CVE-2023/CVE-2023-226xx/CVE-2023-22637.json) (`2023-05-04T13:03:05.007`)
* [CVE-2023-22640](CVE-2023/CVE-2023-226xx/CVE-2023-22640.json) (`2023-05-04T13:03:05.007`)
* [CVE-2023-22651](CVE-2023/CVE-2023-226xx/CVE-2023-22651.json) (`2023-05-04T13:03:05.007`)
* [CVE-2023-22913](CVE-2023/CVE-2023-229xx/CVE-2023-22913.json) (`2023-05-04T13:17:24.853`)
* [CVE-2023-22917](CVE-2023/CVE-2023-229xx/CVE-2023-22917.json) (`2023-05-04T13:28:13.717`)
* [CVE-2023-22948](CVE-2023/CVE-2023-229xx/CVE-2023-22948.json) (`2023-05-04T13:32:19.617`)
* [CVE-2023-22950](CVE-2023/CVE-2023-229xx/CVE-2023-22950.json) (`2023-05-04T13:31:57.710`)
* [CVE-2023-24744](CVE-2023/CVE-2023-247xx/CVE-2023-24744.json) (`2023-05-04T13:03:12.273`)
* [CVE-2023-25438](CVE-2023/CVE-2023-254xx/CVE-2023-25438.json) (`2023-05-04T13:03:05.007`)
* [CVE-2023-25934](CVE-2023/CVE-2023-259xx/CVE-2023-25934.json) (`2023-05-04T13:03:05.007`)
* [CVE-2023-26060](CVE-2023/CVE-2023-260xx/CVE-2023-26060.json) (`2023-05-04T13:52:08.417`)
* [CVE-2023-26125](CVE-2023/CVE-2023-261xx/CVE-2023-26125.json) (`2023-05-04T13:03:05.007`)
* [CVE-2023-26203](CVE-2023/CVE-2023-262xx/CVE-2023-26203.json) (`2023-05-04T13:03:05.007`)
* [CVE-2023-27075](CVE-2023/CVE-2023-270xx/CVE-2023-27075.json) (`2023-05-04T13:03:05.007`)
* [CVE-2023-27568](CVE-2023/CVE-2023-275xx/CVE-2023-27568.json) (`2023-05-04T13:03:05.007`)
* [CVE-2023-27993](CVE-2023/CVE-2023-279xx/CVE-2023-27993.json) (`2023-05-04T13:03:05.007`)
* [CVE-2023-27999](CVE-2023/CVE-2023-279xx/CVE-2023-27999.json) (`2023-05-04T13:03:05.007`)
* [CVE-2023-28458](CVE-2023/CVE-2023-284xx/CVE-2023-28458.json) (`2023-05-04T12:38:48.727`)
* [CVE-2023-28459](CVE-2023/CVE-2023-284xx/CVE-2023-28459.json) (`2023-05-04T12:38:31.430`)
* [CVE-2023-28983](CVE-2023/CVE-2023-289xx/CVE-2023-28983.json) (`2023-05-04T13:01:39.027`)
* [CVE-2023-29002](CVE-2023/CVE-2023-290xx/CVE-2023-29002.json) (`2023-05-04T13:01:18.917`)
* [CVE-2023-29842](CVE-2023/CVE-2023-298xx/CVE-2023-29842.json) (`2023-05-04T13:03:05.007`)
* [CVE-2023-30077](CVE-2023/CVE-2023-300xx/CVE-2023-30077.json) (`2023-05-04T13:03:05.007`)
* [CVE-2023-30204](CVE-2023/CVE-2023-302xx/CVE-2023-30204.json) (`2023-05-04T13:03:12.273`)
* [CVE-2023-30205](CVE-2023/CVE-2023-302xx/CVE-2023-30205.json) (`2023-05-04T13:03:12.273`)
* [CVE-2023-30300](CVE-2023/CVE-2023-303xx/CVE-2023-30300.json) (`2023-05-04T13:03:12.273`)
* [CVE-2023-30331](CVE-2023/CVE-2023-303xx/CVE-2023-30331.json) (`2023-05-04T13:03:05.007`)
* [CVE-2023-30410](CVE-2023/CVE-2023-304xx/CVE-2023-30410.json) (`2023-05-04T13:58:28.100`)
* [CVE-2023-30414](CVE-2023/CVE-2023-304xx/CVE-2023-30414.json) (`2023-05-04T13:58:41.697`)
* [CVE-2023-30618](CVE-2023/CVE-2023-306xx/CVE-2023-30618.json) (`2023-05-04T12:37:53.263`)
* [CVE-2023-30622](CVE-2023/CVE-2023-306xx/CVE-2023-30622.json) (`2023-05-04T12:53:56.153`)
* [CVE-2023-31099](CVE-2023/CVE-2023-310xx/CVE-2023-31099.json) (`2023-05-04T13:03:05.007`)
## Download and Usage ## Download and Usage