admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-11 16:13:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-06-28T18:00:33.751734+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-06-28 18:00:37 +00:00
parent 5e555eff4a
commit 24cdd5ee5c
19 changed files with 1174 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
CVE-2019/CVE-2019-251xx/CVE-2019-25152.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2019-25152", "id": "CVE-2019-25152",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2023-06-22T02:15:47.730", "published": "2023-06-22T02:15:47.730",
"lastModified": "2023-06-22T12:51:30.407", "lastModified": "2023-06-28T17:44:14.823",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -13,8 +13,28 @@
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "security@wordfence.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
@ -46,22 +66,59 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tychesoftwares:abandoned_cart_lite_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "5.2.0",
"matchCriteriaId": "8931697D-8EC8-4B2A-881B-286B495DCCC0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tychesoftwares:abandoned_cart_pro_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "7.12.0",
"matchCriteriaId": "371B5867-CE38-44E6-9DCD-3FB3DABAE8A5"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://plugins.trac.wordpress.org/changeset/2033212", "url": "https://plugins.trac.wordpress.org/changeset/2033212",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://wpscan.com/vulnerability/9229", "url": "https://wpscan.com/vulnerability/9229",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.wordfence.com/blog/2019/03/xss-flaw-in-abandoned-cart-plugin-leads-to-wordpress-site-takeovers/", "url": "https://www.wordfence.com/blog/2019/03/xss-flaw-in-abandoned-cart-plugin-leads-to-wordpress-site-takeovers/",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a9cc5c6d-4396-4ebf-8788-f01dd9e9cfbc?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a9cc5c6d-4396-4ebf-8788-f01dd9e9cfbc?source=cve",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

68
CVE-2022/CVE-2022-33xx/CVE-2022-3372.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-3372", "id": "CVE-2022-3372",
"sourceIdentifier": "cve-coordination@incibe.es", "sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-06-21T13:15:09.673", "published": "2023-06-21T13:15:09.673",
"lastModified": "2023-06-21T15:14:56.427", "lastModified": "2023-06-28T17:45:46.973",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{ {
"source": "cve-coordination@incibe.es", "source": "cve-coordination@incibe.es",
"type": "Secondary", "type": "Secondary",
@ -35,6 +55,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{ {
"source": "cve-coordination@incibe.es", "source": "cve-coordination@incibe.es",
"type": "Secondary", "type": "Secondary",
@ -46,10 +76,42 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:riello-ups:netman_204_firmware:02.05:*:*:*:*:*:*:*",
"matchCriteriaId": "1FFA2E71-B762-42C9-A991-801DC16E8BF5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:riello-ups:netman_204:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06001306-7B00-453C-9C45-17E5A64DF4C2"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/cross-site-request-forgery-csrf-riello-ups-netman-204", "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/cross-site-request-forgery-csrf-riello-ups-netman-204",
"source": "cve-coordination@incibe.es" "source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

74
CVE-2022/CVE-2022-452xx/CVE-2022-45287.json
View File

@ -2,27 +2,89 @@
"id": "CVE-2022-45287", "id": "CVE-2022-45287",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-21T13:15:09.750", "published": "2023-06-21T13:15:09.750",
"lastModified": "2023-06-21T15:14:56.427", "lastModified": "2023-06-28T17:33:09.597",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An access control issue in Registration.aspx of Temenos CWX 8.5.6 allows authenticated attackers to escalate privileges and perform arbitrary Administrative commands." "value": "An access control issue in Registration.aspx of Temenos CWX 8.5.6 allows authenticated attackers to escalate privileges and perform arbitrary Administrative commands."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:temenos:cwx:8.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF60BBC-5444-474E-AD80-2C22E21FD71A"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://cwx.com", "url": "http://cwx.com",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
}, },
{ {
"url": "http://temenos.com", "url": "http://temenos.com",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
}, },
{ {
"url": "https://github.com/WhiteBearVN/CWX-Registration-Broken-Access-Control/blob/main/README.md", "url": "https://github.com/WhiteBearVN/CWX-Registration-Broken-Access-Control/blob/main/README.md",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

57
CVE-2023/CVE-2023-09xx/CVE-2023-0970.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0970", "id": "CVE-2023-0970",
"sourceIdentifier": "product-security@silabs.com", "sourceIdentifier": "product-security@silabs.com",
"published": "2023-06-21T20:15:09.843", "published": "2023-06-21T20:15:09.843",
"lastModified": "2023-06-22T12:51:30.407", "lastModified": "2023-06-28T16:05:03.873",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
},
{ {
"source": "product-security@silabs.com", "source": "product-security@silabs.com",
"type": "Secondary", "type": "Secondary",
@ -35,6 +55,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{ {
"source": "product-security@silabs.com", "source": "product-security@silabs.com",
"type": "Secondary", "type": "Secondary",
@ -50,10 +80,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:silabs:z\\/ip_gateway_sdk:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.18.01",
"matchCriteriaId": "6F96CB0A-344E-4061-808B-79DBA47375A3"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000V6HZzQAN?operationContext=S1", "url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000V6HZzQAN?operationContext=S1",
"source": "product-security@silabs.com" "source": "product-security@silabs.com",
"tags": [
"Permissions Required"
]
} }
] ]
} }

57
CVE-2023/CVE-2023-09xx/CVE-2023-0971.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0971", "id": "CVE-2023-0971",
"sourceIdentifier": "product-security@silabs.com", "sourceIdentifier": "product-security@silabs.com",
"published": "2023-06-21T20:15:09.943", "published": "2023-06-21T20:15:09.943",
"lastModified": "2023-06-22T12:51:30.407", "lastModified": "2023-06-28T16:10:43.917",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{ {
"source": "product-security@silabs.com", "source": "product-security@silabs.com",
"type": "Secondary", "type": "Secondary",
@ -35,6 +55,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
},
{ {
"source": "product-security@silabs.com", "source": "product-security@silabs.com",
"type": "Secondary", "type": "Secondary",
@ -54,10 +84,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:silabs:z\\/ip_gateway_sdk:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.18.01",
"matchCriteriaId": "6F96CB0A-344E-4061-808B-79DBA47375A3"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000V6HZzQAN?operationContext=S1", "url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000V6HZzQAN?operationContext=S1",
"source": "product-security@silabs.com" "source": "product-security@silabs.com",
"tags": [
"Permissions Required"
]
} }
] ]
} }

57
CVE-2023/CVE-2023-09xx/CVE-2023-0972.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0972", "id": "CVE-2023-0972",
"sourceIdentifier": "product-security@silabs.com", "sourceIdentifier": "product-security@silabs.com",
"published": "2023-06-21T20:15:10.023", "published": "2023-06-21T20:15:10.023",
"lastModified": "2023-06-22T12:51:30.407", "lastModified": "2023-06-28T16:15:36.920",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{ {
"source": "product-security@silabs.com", "source": "product-security@silabs.com",
"type": "Secondary", "type": "Secondary",
@ -35,6 +55,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
},
{ {
"source": "product-security@silabs.com", "source": "product-security@silabs.com",
"type": "Secondary", "type": "Secondary",
@ -50,10 +80,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:silabs:z\\/ip_gateway_sdk:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.18.01",
"matchCriteriaId": "6F96CB0A-344E-4061-808B-79DBA47375A3"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000V6HZzQAN?operationContext=S1", "url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000V6HZzQAN?operationContext=S1",
"source": "product-security@silabs.com" "source": "product-security@silabs.com",
"tags": [
"Permissions Required"
]
} }
] ]
} }

136
CVE-2023/CVE-2023-253xx/CVE-2023-25367.json
View File

@ -2,23 +2,149 @@
"id": "CVE-2023-25367", "id": "CVE-2023-25367",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-14T17:15:09.193", "published": "2023-06-14T17:15:09.193",
"lastModified": "2023-06-14T18:20:18.790", "lastModified": "2023-06-28T17:56:58.883",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered user input resulting in Remote Code Execution (RCE) with SCPI interface or web server." "value": "Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered user input resulting in Remote Code Execution (RCE) with SCPI interface or web server."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siglent:sds1204x-e_firmware:6.1.37r9.ads:*:*:*:*:*:*:*",
"matchCriteriaId": "36535DCD-638C-45CA-9992-904EC2485D4C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siglent:sds1204x-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4545B019-407C-414B-B28B-805C18B69A32"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siglent:sds1104x-e_firmware:6.1.37r9.ads:*:*:*:*:*:*:*",
"matchCriteriaId": "C9BB7B63-BBCE-4D51-8F67-E2C5423E0A20"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siglent:sds1104x-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FD5938A-0016-432E-9E15-5F064524AC59"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siglent:sds1074x-e_firmware:6.1.37r9.ads:*:*:*:*:*:*:*",
"matchCriteriaId": "41C2AB7F-FD37-4690-86AB-B92C758381BA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siglent:sds1074x-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE44C86E-FE82-4B37-9059-FBF105E220CF"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/BretMcDanel/CVE/blob/main/CVE-2023-25367.md", "url": "https://github.com/BretMcDanel/CVE/blob/main/CVE-2023-25367.md",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
]
}, },
{ {
"url": "https://siglent.com", "url": "https://siglent.com",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
} }
] ]
} }

66
CVE-2023/CVE-2023-254xx/CVE-2023-25435.json
View File

@ -2,19 +2,77 @@
"id": "CVE-2023-25435", "id": "CVE-2023-25435",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-21T20:15:10.100", "published": "2023-06-21T20:15:10.100",
"lastModified": "2023-06-22T12:51:30.407", "lastModified": "2023-06-28T16:20:23.263",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753." "value": "libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libtiff:libtiff:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FDFE597E-7A29-4E39-BF28-28DCCF51912A"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://gitlab.com/libtiff/libtiff/-/issues/518", "url": "https://gitlab.com/libtiff/libtiff/-/issues/518",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

55
CVE-2023/CVE-2023-26xx/CVE-2023-2625.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-2625",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2023-06-28T17:15:10.627",
"lastModified": "2023-06-28T17:15:10.627",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user interface that will be executed by the system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000163&LanguageCode=en&DocumentPartId=&Action=Launch",
"source": "cybersecurity@hitachienergy.com"
}
]
}

47
CVE-2023/CVE-2023-274xx/CVE-2023-27443.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27443", "id": "CVE-2023-27443",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-21T13:15:09.977", "published": "2023-06-21T13:15:09.977",
"lastModified": "2023-06-21T15:14:56.427", "lastModified": "2023-06-28T16:01:26.587",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +66,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:simple_vimeo_shortcode_project:simple_vimeo_shortcode:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.9.1",
"matchCriteriaId": "273B2A27-D7EF-44C4-84A8-0229EA819FB2"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/vulnerability/the-very-simple-vimeo-shortcode/wordpress-simple-vimeo-shortcode-plugin-2-9-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/vulnerability/the-very-simple-vimeo-shortcode/wordpress-simple-vimeo-shortcode-plugin-2-9-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

47
CVE-2023/CVE-2023-274xx/CVE-2023-27450.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27450", "id": "CVE-2023-27450",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-21T13:15:10.047", "published": "2023-06-21T13:15:10.047",
"lastModified": "2023-06-21T15:14:56.427", "lastModified": "2023-06-28T16:02:29.510",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +66,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:te-st:leyka:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.30",
"matchCriteriaId": "8821ABE6-51C0-4094-A27F-624ACA4B035D"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/vulnerability/leyka/wordpress-leyka-plugin-3-29-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/vulnerability/leyka/wordpress-leyka-plugin-3-29-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

59
CVE-2023/CVE-2023-278xx/CVE-2023-27866.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-27866",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-06-28T16:15:19.717",
"lastModified": "2023-06-28T16:15:19.717",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in Connect String. IBM X-Force ID: 249511."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249511",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7007615",
"source": "psirt@us.ibm.com"
}
]
}

58
CVE-2023/CVE-2023-305xx/CVE-2023-30500.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30500", "id": "CVE-2023-30500",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T12:15:11.847", "published": "2023-06-22T12:15:11.847",
"lastModified": "2023-06-22T12:51:15.117", "lastModified": "2023-06-28T17:52:48.087",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -46,14 +66,44 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpforms:contact_form:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.8.1.2",
"matchCriteriaId": "0C30D2DC-2B09-4C22-9983-C412ECA75E2E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpforms:wpforms:*:*:*:*:pro:wordpress:*:*",
"versionEndIncluding": "1.8.1.2",
"matchCriteriaId": "B1964F0D-644B-4426-9469-BBB78898F4EE"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/vulnerability/wpforms-lite/wordpress-wpforms-lite-plugin-1-8-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/vulnerability/wpforms-lite/wordpress-wpforms-lite-plugin-1-8-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://patchstack.com/database/vulnerability/wpforms/wordpress-wpforms-pro-plugin-1-8-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/vulnerability/wpforms/wordpress-wpforms-pro-plugin-1-8-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

68
CVE-2023/CVE-2023-318xx/CVE-2023-31868.json
View File

@ -2,23 +2,81 @@
"id": "CVE-2023-31868", "id": "CVE-2023-31868",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-22T12:15:11.967", "published": "2023-06-22T12:15:11.967",
"lastModified": "2023-06-22T12:51:15.117", "lastModified": "2023-06-28T16:32:29.423",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting (XSS). Some parts of the Web application are dynamically built using user's inputs. Yet, those inputs are not verified nor filtered by the application, so they mathed the expected format. Therefore, when HTML/JavaScript code is injected into those fields, this code will be saved by the application and executed by the web browser of the user viewing the web page. Several injection points have been identified on the application. The major one requires the user to be authenticated with a common account, he can then target an Administrator. All others endpoints need the malicious user to be authenticated as an Administrator. Therefore, the impact is diminished." "value": "Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting (XSS). Some parts of the Web application are dynamically built using user's inputs. Yet, those inputs are not verified nor filtered by the application, so they mathed the expected format. Therefore, when HTML/JavaScript code is injected into those fields, this code will be saved by the application and executed by the web browser of the user viewing the web page. Several injection points have been identified on the application. The major one requires the user to be authenticated with a common account, he can then target an Administrator. All others endpoints need the malicious user to be authenticated as an Administrator. Therefore, the impact is diminished."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sage:x3:12.14.0.50-0:*:*:*:*:*:*:*",
"matchCriteriaId": "E02F0A76-5C3C-4F96-B67E-E6BED5F39C57"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://sage.com", "url": "http://sage.com",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
}, },
{ {
"url": "https://github.com/Digitemis/Advisory/blob/main/CVE-2023-31868.txt", "url": "https://github.com/Digitemis/Advisory/blob/main/CVE-2023-31868.txt",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

75
CVE-2023/CVE-2023-332xx/CVE-2023-33289.json
View File

@ -2,27 +2,90 @@
"id": "CVE-2023-33289", "id": "CVE-2023-33289",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-21T20:15:10.157", "published": "2023-06-21T20:15:10.157",
"lastModified": "2023-06-22T12:51:30.407", "lastModified": "2023-06-28T16:44:05.340",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs." "value": "The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:urlnorm_project:urlnorm:*:*:*:*:*:rust:*:*",
"versionEndIncluding": "0.1.4",
"matchCriteriaId": "5C62072A-C151-4AAB-AB11-8D4FE776C2C7"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://gist.github.com/6en6ar/b118888dc739e8979038f24c8ac33611", "url": "https://gist.github.com/6en6ar/b118888dc739e8979038f24c8ac33611",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/progscrape/urlnorm", "url": "https://github.com/progscrape/urlnorm",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
}, },
{ {
"url": "https://lib.rs/crates/urlnorm", "url": "https://lib.rs/crates/urlnorm",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
} }
] ]
} }

75
CVE-2023/CVE-2023-349xx/CVE-2023-34939.json
View File

@ -2,27 +2,90 @@
"id": "CVE-2023-34939", "id": "CVE-2023-34939",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-22T12:15:12.013", "published": "2023-06-22T12:15:12.013",
"lastModified": "2023-06-22T12:51:15.117", "lastModified": "2023-06-28T16:40:31.400",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component UploadProgress.ashx." "value": "Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component UploadProgress.ashx."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:onlyoffice:onlyoffice:*:*:*:*:community_server:*:*:*",
"versionEndExcluding": "12.5.2",
"matchCriteriaId": "D0CC476D-04E3-4267-8B60-FC93D8852AE5"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/ONLYOFFICE/CommunityServer/blob/master/CHANGELOG.md#version-1252", "url": "https://github.com/ONLYOFFICE/CommunityServer/blob/master/CHANGELOG.md#version-1252",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}, },
{ {
"url": "https://github.com/firsov/onlyoffice", "url": "https://github.com/firsov/onlyoffice",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit"
]
}, },
{ {
"url": "https://github.com/firsov/onlyoffice/blob/main/CVE-2023-34939-PoC.md", "url": "https://github.com/firsov/onlyoffice/blob/main/CVE-2023-34939-PoC.md",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

79
CVE-2023/CVE-2023-349xx/CVE-2023-34981.json
View File

@ -2,19 +2,90 @@
"id": "CVE-2023-34981", "id": "CVE-2023-34981",
"sourceIdentifier": "security@apache.org", "sourceIdentifier": "security@apache.org",
"published": "2023-06-21T11:15:09.410", "published": "2023-06-21T11:15:09.410",
"lastModified": "2023-06-21T12:29:48.917", "lastModified": "2023-06-28T17:56:03.113",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak." "value": "A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:8.5.88:*:*:*:*:*:*:*",
"matchCriteriaId": "E6EE9DE8-16EA-44D0-A03D-69F319D7DA00"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "16971568-BE35-4653-B828-B66982DF6E21"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:10.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "74C4852D-81E8-46EC-8B54-313CB096B34A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*",
"matchCriteriaId": "538E68C4-0BA4-495F-AEF8-4EF6EE7963CF"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://lists.apache.org/thread/j1ksjh9m9gx1q60rtk1sbzmxhvj5h5qz", "url": "https://lists.apache.org/thread/j1ksjh9m9gx1q60rtk1sbzmxhvj5h5qz",
"source": "security@apache.org" "source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
} }
] ]
} }

71
CVE-2023/CVE-2023-363xx/CVE-2023-36363.json
View File

@ -2,19 +2,82 @@
"id": "CVE-2023-36363", "id": "CVE-2023-36363",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-22T14:15:09.740", "published": "2023-06-22T14:15:09.740",
"lastModified": "2023-06-22T14:49:18.643", "lastModified": "2023-06-28T16:49:34.877",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue in the __nss_database_lookup component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." "value": "An issue in the __nss_database_lookup component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:monetdb:monetdb:11.45.17:*:*:*:*:*:*:*",
"matchCriteriaId": "FDFC7EDE-25CA-42BF-8D78-5EDBF01ED8F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:monetdb:monetdb:11.46.0:*:*:*:*:*:*:*",
"matchCriteriaId": "547C7347-281D-4B2F-99B3-7C0C8DF14194"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/MonetDB/MonetDB/issues/7384", "url": "https://github.com/MonetDB/MonetDB/issues/7384",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
} }
] ]
} }

78
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-06-28T16:00:29.495226+00:00 2023-06-28T18:00:33.751734+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-06-28T15:59:59.863000+00:00 2023-06-28T17:56:58.883000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,69 +29,37 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
218737 218739
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `28` Recently added CVEs: `2`
* [CVE-2023-20006](CVE-2023/CVE-2023-200xx/CVE-2023-20006.json) (`2023-06-28T15:15:09.387`) * [CVE-2023-27866](CVE-2023/CVE-2023-278xx/CVE-2023-27866.json) (`2023-06-28T16:15:19.717`)
* [CVE-2023-20028](CVE-2023/CVE-2023-200xx/CVE-2023-20028.json) (`2023-06-28T15:15:09.457`) * [CVE-2023-2625](CVE-2023/CVE-2023-26xx/CVE-2023-2625.json) (`2023-06-28T17:15:10.627`)
* [CVE-2023-20105](CVE-2023/CVE-2023-201xx/CVE-2023-20105.json) (`2023-06-28T15:15:09.517`)
* [CVE-2023-20108](CVE-2023/CVE-2023-201xx/CVE-2023-20108.json) (`2023-06-28T15:15:09.577`)
* [CVE-2023-20116](CVE-2023/CVE-2023-201xx/CVE-2023-20116.json) (`2023-06-28T15:15:09.640`)
* [CVE-2023-20119](CVE-2023/CVE-2023-201xx/CVE-2023-20119.json) (`2023-06-28T15:15:09.700`)
* [CVE-2023-20120](CVE-2023/CVE-2023-201xx/CVE-2023-20120.json) (`2023-06-28T15:15:09.760`)
* [CVE-2023-20136](CVE-2023/CVE-2023-201xx/CVE-2023-20136.json) (`2023-06-28T15:15:09.820`)
* [CVE-2023-20178](CVE-2023/CVE-2023-201xx/CVE-2023-20178.json) (`2023-06-28T15:15:09.880`)
* [CVE-2023-20188](CVE-2023/CVE-2023-201xx/CVE-2023-20188.json) (`2023-06-28T15:15:09.943`)
* [CVE-2023-20192](CVE-2023/CVE-2023-201xx/CVE-2023-20192.json) (`2023-06-28T15:15:10.007`)
* [CVE-2023-20199](CVE-2023/CVE-2023-201xx/CVE-2023-20199.json) (`2023-06-28T15:15:10.070`)
* [CVE-2023-26615](CVE-2023/CVE-2023-266xx/CVE-2023-26615.json) (`2023-06-28T15:15:10.137`)
* [CVE-2023-34933](CVE-2023/CVE-2023-349xx/CVE-2023-34933.json) (`2023-06-28T15:15:10.193`)
* [CVE-2023-34934](CVE-2023/CVE-2023-349xx/CVE-2023-34934.json) (`2023-06-28T15:15:10.240`)
* [CVE-2023-34935](CVE-2023/CVE-2023-349xx/CVE-2023-34935.json) (`2023-06-28T15:15:10.283`)
* [CVE-2023-34936](CVE-2023/CVE-2023-349xx/CVE-2023-34936.json) (`2023-06-28T15:15:10.333`)
* [CVE-2023-34937](CVE-2023/CVE-2023-349xx/CVE-2023-34937.json) (`2023-06-28T15:15:10.377`)
* [CVE-2023-30259](CVE-2023/CVE-2023-302xx/CVE-2023-30259.json) (`2023-06-28T14:15:09.677`)
* [CVE-2023-34928](CVE-2023/CVE-2023-349xx/CVE-2023-34928.json) (`2023-06-28T14:15:09.743`)
* [CVE-2023-34929](CVE-2023/CVE-2023-349xx/CVE-2023-34929.json) (`2023-06-28T14:15:09.790`)
* [CVE-2023-34930](CVE-2023/CVE-2023-349xx/CVE-2023-34930.json) (`2023-06-28T14:15:09.833`)
* [CVE-2023-34931](CVE-2023/CVE-2023-349xx/CVE-2023-34931.json) (`2023-06-28T14:15:09.877`)
* [CVE-2023-34932](CVE-2023/CVE-2023-349xx/CVE-2023-34932.json) (`2023-06-28T14:15:09.923`)
* [CVE-2023-36467](CVE-2023/CVE-2023-364xx/CVE-2023-36467.json) (`2023-06-28T14:15:09.967`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `54` Recently modified CVEs: `16`
* [CVE-2023-3427](CVE-2023/CVE-2023-34xx/CVE-2023-3427.json) (`2023-06-28T12:34:43.903`) * [CVE-2019-25152](CVE-2019/CVE-2019-251xx/CVE-2019-25152.json) (`2023-06-28T17:44:14.823`)
* [CVE-2023-1844](CVE-2023/CVE-2023-18xx/CVE-2023-1844.json) (`2023-06-28T12:34:43.903`) * [CVE-2022-45287](CVE-2022/CVE-2022-452xx/CVE-2022-45287.json) (`2023-06-28T17:33:09.597`)
* [CVE-2023-3407](CVE-2023/CVE-2023-34xx/CVE-2023-3407.json) (`2023-06-28T12:34:43.903`) * [CVE-2022-3372](CVE-2022/CVE-2022-33xx/CVE-2022-3372.json) (`2023-06-28T17:45:46.973`)
* [CVE-2023-26134](CVE-2023/CVE-2023-261xx/CVE-2023-26134.json) (`2023-06-28T12:34:43.903`) * [CVE-2023-27443](CVE-2023/CVE-2023-274xx/CVE-2023-27443.json) (`2023-06-28T16:01:26.587`)
* [CVE-2023-32623](CVE-2023/CVE-2023-326xx/CVE-2023-32623.json) (`2023-06-28T12:34:43.903`) * [CVE-2023-27450](CVE-2023/CVE-2023-274xx/CVE-2023-27450.json) (`2023-06-28T16:02:29.510`)
* [CVE-2023-3034](CVE-2023/CVE-2023-30xx/CVE-2023-3034.json) (`2023-06-28T12:34:43.903`) * [CVE-2023-0970](CVE-2023/CVE-2023-09xx/CVE-2023-0970.json) (`2023-06-28T16:05:03.873`)
* [CVE-2023-34340](CVE-2023/CVE-2023-343xx/CVE-2023-34340.json) (`2023-06-28T12:43:31.883`) * [CVE-2023-0971](CVE-2023/CVE-2023-09xx/CVE-2023-0971.json) (`2023-06-28T16:10:43.917`)
* [CVE-2023-33869](CVE-2023/CVE-2023-338xx/CVE-2023-33869.json) (`2023-06-28T12:51:10.270`) * [CVE-2023-0972](CVE-2023/CVE-2023-09xx/CVE-2023-0972.json) (`2023-06-28T16:15:36.920`)
* [CVE-2023-3325](CVE-2023/CVE-2023-33xx/CVE-2023-3325.json) (`2023-06-28T13:26:34.913`) * [CVE-2023-25435](CVE-2023/CVE-2023-254xx/CVE-2023-25435.json) (`2023-06-28T16:20:23.263`)
* [CVE-2023-27243](CVE-2023/CVE-2023-272xx/CVE-2023-27243.json) (`2023-06-28T13:50:19.303`) * [CVE-2023-31868](CVE-2023/CVE-2023-318xx/CVE-2023-31868.json) (`2023-06-28T16:32:29.423`)
* [CVE-2023-36630](CVE-2023/CVE-2023-366xx/CVE-2023-36630.json) (`2023-06-28T14:15:10.047`) * [CVE-2023-34939](CVE-2023/CVE-2023-349xx/CVE-2023-34939.json) (`2023-06-28T16:40:31.400`)
* [CVE-2023-27414](CVE-2023/CVE-2023-274xx/CVE-2023-27414.json) (`2023-06-28T14:30:54.427`) * [CVE-2023-33289](CVE-2023/CVE-2023-332xx/CVE-2023-33289.json) (`2023-06-28T16:44:05.340`)
* [CVE-2023-27432](CVE-2023/CVE-2023-274xx/CVE-2023-27432.json) (`2023-06-28T14:31:07.147`) * [CVE-2023-36363](CVE-2023/CVE-2023-363xx/CVE-2023-36363.json) (`2023-06-28T16:49:34.877`)
* [CVE-2023-28956](CVE-2023/CVE-2023-289xx/CVE-2023-28956.json) (`2023-06-28T14:51:02.947`) * [CVE-2023-30500](CVE-2023/CVE-2023-305xx/CVE-2023-30500.json) (`2023-06-28T17:52:48.087`)
* [CVE-2023-0969](CVE-2023/CVE-2023-09xx/CVE-2023-0969.json) (`2023-06-28T14:59:30.573`) * [CVE-2023-34981](CVE-2023/CVE-2023-349xx/CVE-2023-34981.json) (`2023-06-28T17:56:03.113`)
* [CVE-2023-34012](CVE-2023/CVE-2023-340xx/CVE-2023-34012.json) (`2023-06-28T15:04:03.897`) * [CVE-2023-25367](CVE-2023/CVE-2023-253xx/CVE-2023-25367.json) (`2023-06-28T17:56:58.883`)
* [CVE-2023-33842](CVE-2023/CVE-2023-338xx/CVE-2023-33842.json) (`2023-06-28T15:08:42.347`)
* [CVE-2023-3303](CVE-2023/CVE-2023-33xx/CVE-2023-3303.json) (`2023-06-28T15:19:14.713`)
* [CVE-2023-3304](CVE-2023/CVE-2023-33xx/CVE-2023-3304.json) (`2023-06-28T15:21:27.977`)
* [CVE-2023-32449](CVE-2023/CVE-2023-324xx/CVE-2023-32449.json) (`2023-06-28T15:21:44.097`)
* [CVE-2023-29711](CVE-2023/CVE-2023-297xx/CVE-2023-29711.json) (`2023-06-28T15:33:24.683`)
* [CVE-2023-33405](CVE-2023/CVE-2023-334xx/CVE-2023-33405.json) (`2023-06-28T15:46:39.587`)
* [CVE-2023-33591](CVE-2023/CVE-2023-335xx/CVE-2023-33591.json) (`2023-06-28T15:47:35.893`)
* [CVE-2023-24261](CVE-2023/CVE-2023-242xx/CVE-2023-24261.json) (`2023-06-28T15:57:40.363`)
* [CVE-2023-3110](CVE-2023/CVE-2023-31xx/CVE-2023-3110.json) (`2023-06-28T15:59:59.863`)
## Download and Usage ## Download and Usage