admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-19 16:00:30.743485+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-05-19 16:00:34 +00:00
parent d97116160f
commit 26d63bc09e
12 changed files with 295 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
CVE-2023/CVE-2023-208xx/CVE-2023-20881.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-20881",
"sourceIdentifier": "security@vmware.com",
"published": "2023-05-19T15:15:08.673",
"lastModified": "2023-05-19T15:15:08.673",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user to override the private key and add or modify a certificate authority used for the connection."
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@vmware.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"references": [
{
"url": "https://www.cloudfoundry.org/blog/cve-2023-20881-cas-for-syslog-drain-mtls-feature-can-be-overwritten/",
"source": "security@vmware.com"
}
]
}

6
CVE-2023/CVE-2023-21xx/CVE-2023-2156.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2156",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-05-09T22:15:10.133",
"lastModified": "2023-05-18T09:15:10.090",
"lastModified": "2023-05-19T15:15:08.840",
"vulnStatus": "Modified",
"descriptions": [
{
@ -116,6 +116,10 @@
"url": "http://www.openwall.com/lists/oss-security/2023/05/18/1",
"source": "secalert@redhat.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/05/19/1",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196292",
"source": "secalert@redhat.com",

11
CVE-2023/CVE-2023-233xx/CVE-2023-23313.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23313",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-03T22:15:09.690",
"lastModified": "2023-03-10T14:52:03.627",
"vulnStatus": "Analyzed",
"lastModified": "2023-05-19T14:15:09.130",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -2605,11 +2605,8 @@
]
},
{
"url": "https://www.horizonsecurity.it/lang_EN/advisories/?a=22&title=Multiple+XSS+Stored+in+DrayTek+routers+web+interface++CVE202323313",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
"url": "https://www.horizonconsulting.com/advisories23-Multiple-XSS-Stored-in-DrayTek-routers-CVE-2023-23313",
"source": "cve@mitre.org"
}
]
}

10
CVE-2023/CVE-2023-233xx/CVE-2023-23396.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-23396",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-03-14T17:15:13.177",
"lastModified": "2023-03-20T21:20:32.613",
"lastModified": "2023-05-19T15:09:58.743",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -17,8 +17,8 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
@ -26,10 +26,10 @@
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{

14
CVE-2023/CVE-2023-248xx/CVE-2023-24892.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-24892",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-03-14T17:15:18.197",
"lastModified": "2023-05-09T18:15:11.823",
"vulnStatus": "Modified",
"lastModified": "2023-05-19T15:09:28.003",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -37,20 +37,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
"impactScore": 4.7
}
]
},

59
CVE-2023/CVE-2023-285xx/CVE-2023-28514.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-28514",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-05-19T15:15:08.750",
"lastModified": "2023-05-19T15:15:08.750",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-209"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250398",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/6985835",
"source": "psirt@us.ibm.com"
}
]
}

47
CVE-2023/CVE-2023-301xx/CVE-2023-30199.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-30199",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-19T14:15:09.683",
"lastModified": "2023-05-19T14:15:09.683",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Prestashop customexporter <= 1.7.20 is vulnerable to Incorrect Access Control via modules/customexporter/downloads/download.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://friends-of-presta.github.io/security-advisories/modules/2023/05/16/customexporter.html",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/PrestaShop/PrestaShop/blob/6c05518b807d014ee8edb811041e3de232520c28/classes/Tools.php#L1247",
"source": "cve@mitre.org"
}
]
}

40
CVE-2023/CVE-2023-307xx/CVE-2023-30774.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-30774",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-05-19T15:15:08.923",
"lastModified": "2023-05-19T15:15:08.923",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values."
}
],
"metrics": {},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-30774",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187139",
"source": "secalert@redhat.com"
},
{
"url": "https://gitlab.com/libtiff/libtiff/-/issues/463",
"source": "secalert@redhat.com"
}
]
}

40
CVE-2023/CVE-2023-307xx/CVE-2023-30775.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-30775",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-05-19T15:15:08.980",
"lastModified": "2023-05-19T15:15:08.980",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c."
}
],
"metrics": {},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-30775",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187141",
"source": "secalert@redhat.com"
},
{
"url": "https://gitlab.com/libtiff/libtiff/-/issues/464",
"source": "secalert@redhat.com"
}
]
}

20
CVE-2023/CVE-2023-317xx/CVE-2023-31707.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-31707",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-19T14:15:09.743",
"lastModified": "2023-05-19T14:15:09.743",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/fnylad/SCSHOP/blob/main/semcms-1.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-317xx/CVE-2023-31757.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-31757",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-19T14:15:09.780",
"lastModified": "2023-05-19T14:15:09.780",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "DedeCMS up to v5.7.108 is vulnerable to XSS in sys_info.php via parameters 'edit___cfg_powerby' and 'edit___cfg_beian'"
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/sleepyvv/vul_report/blob/main/DedeCMS/XSS.md",
"source": "cve@mitre.org"
}
]
}

47
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-05-19T14:00:31.074891+00:00
2023-05-19T16:00:30.743485+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-05-19T13:38:43.693000+00:00
2023-05-19T15:15:08.980000+00:00
```
### Last Data Feed Release
@ -29,45 +29,30 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
215656
215663
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `7`
* [CVE-2022-30114](CVE-2022/CVE-2022-301xx/CVE-2022-30114.json) (`2023-05-19T12:15:09.340`)
* [CVE-2023-26818](CVE-2023/CVE-2023-268xx/CVE-2023-26818.json) (`2023-05-19T12:15:09.407`)
* [CVE-2023-31756](CVE-2023/CVE-2023-317xx/CVE-2023-31756.json) (`2023-05-19T13:15:08.877`)
* [CVE-2023-31862](CVE-2023/CVE-2023-318xx/CVE-2023-31862.json) (`2023-05-19T13:15:08.920`)
* [CVE-2023-30199](CVE-2023/CVE-2023-301xx/CVE-2023-30199.json) (`2023-05-19T14:15:09.683`)
* [CVE-2023-31707](CVE-2023/CVE-2023-317xx/CVE-2023-31707.json) (`2023-05-19T14:15:09.743`)
* [CVE-2023-31757](CVE-2023/CVE-2023-317xx/CVE-2023-31757.json) (`2023-05-19T14:15:09.780`)
* [CVE-2023-20881](CVE-2023/CVE-2023-208xx/CVE-2023-20881.json) (`2023-05-19T15:15:08.673`)
* [CVE-2023-28514](CVE-2023/CVE-2023-285xx/CVE-2023-28514.json) (`2023-05-19T15:15:08.750`)
* [CVE-2023-30774](CVE-2023/CVE-2023-307xx/CVE-2023-30774.json) (`2023-05-19T15:15:08.923`)
* [CVE-2023-30775](CVE-2023/CVE-2023-307xx/CVE-2023-30775.json) (`2023-05-19T15:15:08.980`)
### CVEs modified in the last Commit
Recently modified CVEs: `22`
Recently modified CVEs: `4`
* [CVE-2022-35798](CVE-2022/CVE-2022-357xx/CVE-2022-35798.json) (`2023-05-19T13:00:09.947`)
* [CVE-2022-41998](CVE-2022/CVE-2022-419xx/CVE-2022-41998.json) (`2023-05-19T13:38:20.740`)
* [CVE-2022-41982](CVE-2022/CVE-2022-419xx/CVE-2022-41982.json) (`2023-05-19T13:38:43.693`)
* [CVE-2023-2025](CVE-2023/CVE-2023-20xx/CVE-2023-2025.json) (`2023-05-19T13:00:09.947`)
* [CVE-2023-1195](CVE-2023/CVE-2023-11xx/CVE-2023-1195.json) (`2023-05-19T13:00:09.947`)
* [CVE-2023-23556](CVE-2023/CVE-2023-235xx/CVE-2023-23556.json) (`2023-05-19T13:00:09.947`)
* [CVE-2023-23557](CVE-2023/CVE-2023-235xx/CVE-2023-23557.json) (`2023-05-19T13:00:09.947`)
* [CVE-2023-23759](CVE-2023/CVE-2023-237xx/CVE-2023-23759.json) (`2023-05-19T13:00:09.947`)
* [CVE-2023-24832](CVE-2023/CVE-2023-248xx/CVE-2023-24832.json) (`2023-05-19T13:00:09.947`)
* [CVE-2023-24833](CVE-2023/CVE-2023-248xx/CVE-2023-24833.json) (`2023-05-19T13:00:09.947`)
* [CVE-2023-25933](CVE-2023/CVE-2023-259xx/CVE-2023-25933.json) (`2023-05-19T13:00:09.947`)
* [CVE-2023-28081](CVE-2023/CVE-2023-280xx/CVE-2023-28081.json) (`2023-05-19T13:00:09.947`)
* [CVE-2023-28753](CVE-2023/CVE-2023-287xx/CVE-2023-28753.json) (`2023-05-19T13:00:09.947`)
* [CVE-2023-30470](CVE-2023/CVE-2023-304xx/CVE-2023-30470.json) (`2023-05-19T13:00:09.947`)
* [CVE-2023-32680](CVE-2023/CVE-2023-326xx/CVE-2023-32680.json) (`2023-05-19T13:00:09.947`)
* [CVE-2023-2704](CVE-2023/CVE-2023-27xx/CVE-2023-2704.json) (`2023-05-19T13:00:09.947`)
* [CVE-2023-1618](CVE-2023/CVE-2023-16xx/CVE-2023-1618.json) (`2023-05-19T13:00:09.947`)
* [CVE-2023-33240](CVE-2023/CVE-2023-332xx/CVE-2023-33240.json) (`2023-05-19T13:00:09.947`)
* [CVE-2023-28045](CVE-2023/CVE-2023-280xx/CVE-2023-28045.json) (`2023-05-19T13:00:09.947`)
* [CVE-2023-2806](CVE-2023/CVE-2023-28xx/CVE-2023-2806.json) (`2023-05-19T13:00:09.947`)
* [CVE-2023-2024](CVE-2023/CVE-2023-20xx/CVE-2023-2024.json) (`2023-05-19T13:00:14.387`)
* [CVE-2023-22355](CVE-2023/CVE-2023-223xx/CVE-2023-22355.json) (`2023-05-19T13:35:58.270`)
* [CVE-2023-23313](CVE-2023/CVE-2023-233xx/CVE-2023-23313.json) (`2023-05-19T14:15:09.130`)
* [CVE-2023-24892](CVE-2023/CVE-2023-248xx/CVE-2023-24892.json) (`2023-05-19T15:09:28.003`)
* [CVE-2023-23396](CVE-2023/CVE-2023-233xx/CVE-2023-23396.json) (`2023-05-19T15:09:58.743`)
* [CVE-2023-2156](CVE-2023/CVE-2023-21xx/CVE-2023-2156.json) (`2023-05-19T15:15:08.840`)
## Download and Usage