admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-11 16:13:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-12T21:55:23.928972+00:00

Browse Source
This commit is contained in:
René Helmke 2023-05-12 23:55:26 +02:00
parent f6fc1ca592
commit 282523633b
19 changed files with 703 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
CVE-2023/CVE-2023-10xx/CVE-2023-1096.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-1096",
"sourceIdentifier": "security-alert@netapp.com",
"published": "2023-05-12T21:15:08.990",
"lastModified": "2023-05-12T21:15:08.990",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to gain access as an admin user."
}
],
"metrics": {},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230511-0011/",
"source": "security-alert@netapp.com"
}
]
}

20
CVE-2023/CVE-2023-208xx/CVE-2023-20877.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-20877",
"sourceIdentifier": "security@vmware.com",
"published": "2023-05-12T21:15:09.043",
"lastModified": "2023-05-12T21:15:09.043",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation."
}
],
"metrics": {},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0009.html",
"source": "security@vmware.com"
}
]
}

20
CVE-2023/CVE-2023-208xx/CVE-2023-20878.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-20878",
"sourceIdentifier": "security@vmware.com",
"published": "2023-05-12T21:15:09.093",
"lastModified": "2023-05-12T21:15:09.093",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system."
}
],
"metrics": {},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0009.html",
"source": "security@vmware.com"
}
]
}

20
CVE-2023/CVE-2023-208xx/CVE-2023-20879.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-20879",
"sourceIdentifier": "security@vmware.com",
"published": "2023-05-12T21:15:09.133",
"lastModified": "2023-05-12T21:15:09.133",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system."
}
],
"metrics": {},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0009.html",
"source": "security@vmware.com"
}
]
}

20
CVE-2023/CVE-2023-208xx/CVE-2023-20880.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-20880",
"sourceIdentifier": "security@vmware.com",
"published": "2023-05-12T21:15:09.173",
"lastModified": "2023-05-12T21:15:09.173",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'."
}
],
"metrics": {},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0009.html",
"source": "security@vmware.com"
}
]
}

36
CVE-2023/CVE-2023-20xx/CVE-2023-2088.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-2088",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-05-12T21:15:09.430",
"lastModified": "2023-05-12T21:15:09.430",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality."
}
],
"metrics": {},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-440"
}
]
}
],
"references": [
{
"url": "https://bugs.launchpad.net/bugs/2004555",
"source": "secalert@redhat.com"
}
]
}

51
CVE-2023/CVE-2023-21xx/CVE-2023-2181.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2023-2181",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-05-12T21:15:09.490",
"lastModified": "2023-05-12T21:15:09.490",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 4.2
}
]
},
"references": [
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2181.json",
"source": "cve@gitlab.com"
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/407859",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/1938185",
"source": "cve@gitlab.com"
}
]
}

20
CVE-2023/CVE-2023-250xx/CVE-2023-25005.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-25005",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2023-05-12T21:15:09.220",
"lastModified": "2023-05-12T21:15:09.220",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection vulnerability."
}
],
"metrics": {},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0006",
"source": "psirt@autodesk.com"
}
]
}

20
CVE-2023/CVE-2023-250xx/CVE-2023-25006.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-25006",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2023-05-12T21:15:09.267",
"lastModified": "2023-05-12T21:15:09.267",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A malicious actor may convince a user to open a malicious USD file that may trigger a use-after-free vulnerability which could result in code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0008",
"source": "psirt@autodesk.com"
}
]
}

20
CVE-2023/CVE-2023-250xx/CVE-2023-25007.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-25007",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2023-05-12T21:15:09.307",
"lastModified": "2023-05-12T21:15:09.307",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A malicious actor may convince a user to open a malicious USD file that may trigger an uninitialized pointer which could result in code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0008",
"source": "psirt@autodesk.com"
}
]
}

20
CVE-2023/CVE-2023-250xx/CVE-2023-25008.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-25008",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2023-05-12T21:15:09.343",
"lastModified": "2023-05-12T21:15:09.343",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds read vulnerability which could result in code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0008",
"source": "psirt@autodesk.com"
}
]
}

20
CVE-2023/CVE-2023-250xx/CVE-2023-25009.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-25009",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2023-05-12T21:15:09.383",
"lastModified": "2023-05-12T21:15:09.383",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds write vulnerability which could result in code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0008",
"source": "psirt@autodesk.com"
}
]
}

68
CVE-2023/CVE-2023-287xx/CVE-2023-28762.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28762", "id": "CVE-2023-28762",
"sourceIdentifier": "cna@sap.com", "sourceIdentifier": "cna@sap.com",
"published": "2023-05-09T01:15:08.777", "published": "2023-05-09T01:15:08.777",
"lastModified": "2023-05-09T12:46:35.530", "lastModified": "2023-05-12T20:45:12.103",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{ {
"source": "cna@sap.com", "source": "cna@sap.com",
"type": "Secondary", "type": "Secondary",
@ -36,8 +56,18 @@
}, },
"weaknesses": [ "weaknesses": [
{ {
"source": "cna@sap.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cna@sap.com",
"type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -46,14 +76,42 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:420:*:*:*:*:*:*:*",
"matchCriteriaId": "38BA0DF9-D893-4AF9-923E-E47EA5C02C52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:430:*:*:*:*:*:*:*",
"matchCriteriaId": "85CBCF48-5478-4EE5-8F69-6E59EFDB707D"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://launchpad.support.sap.com/#/notes/3307833", "url": "https://launchpad.support.sap.com/#/notes/3307833",
"source": "cna@sap.com" "source": "cna@sap.com",
"tags": [
"Permissions Required"
]
}, },
{ {
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com" "source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

55
CVE-2023/CVE-2023-287xx/CVE-2023-28764.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28764", "id": "CVE-2023-28764",
"sourceIdentifier": "cna@sap.com", "sourceIdentifier": "cna@sap.com",
"published": "2023-05-09T01:15:08.863", "published": "2023-05-09T01:15:08.863",
"lastModified": "2023-05-09T12:46:35.530", "lastModified": "2023-05-12T20:44:32.040",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
},
{ {
"source": "cna@sap.com", "source": "cna@sap.com",
"type": "Secondary", "type": "Secondary",
@ -46,14 +66,35 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:businessobjects:4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4B943822-5002-4FA8-81C1-2174B519E060"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:businessobjects:4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "ACFEFCB6-E0BF-4D9A-837C-1FF8635EA3FB"
}
]
}
]
}
],
"references": [ "references": [
{
"url": "https://i7p.wdf.sap.corp/sap/support/notes/3302595",
"source": "cna@sap.com"
},
{ {
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com" "source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

120
CVE-2023/CVE-2023-291xx/CVE-2023-29188.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29188", "id": "CVE-2023-29188",
"sourceIdentifier": "cna@sap.com", "sourceIdentifier": "cna@sap.com",
"published": "2023-05-09T01:15:08.943", "published": "2023-05-09T01:15:08.943",
"lastModified": "2023-05-09T12:46:35.530", "lastModified": "2023-05-12T20:38:28.087",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{ {
"source": "cna@sap.com", "source": "cna@sap.com",
"type": "Secondary", "type": "Secondary",
@ -46,14 +66,100 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.01:*:*:*:*:*:*:*",
"matchCriteriaId": "314EA6B5-D3E3-4559-A34A-51A6BB4F3E12"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.31:*:*:*:*:*:*:*",
"matchCriteriaId": "470B27E7-C245-43B3-9ED0-545A06158114"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.46:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA5DC54-236B-4832-AA79-6EC111EFFBF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.47:*:*:*:*:*:*:*",
"matchCriteriaId": "4056C921-05B8-4465-96CD-429B520AA6B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.48:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CBB62D-FDA3-4A23-9175-B9171EA9CE7D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1440F085-EB15-4910-8AB8-C72E67B8B39E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:8.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D60B19-8578-40AF-9A09-5D6EB8D2DB40"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:s4fnd:1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "3A88FFDD-4967-4E81-8E44-3F4A7BCCE943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:s4fnd:102:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA8EA38-C0D1-4EB0-93D5-DEBA8446E685"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:s4fnd:103:*:*:*:*:*:*:*",
"matchCriteriaId": "43ED5850-580C-40F2-ABCD-CCA33B63D4CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:s4fnd:104:*:*:*:*:*:*:*",
"matchCriteriaId": "104C4099-341D-4796-8425-D61A44FB7839"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:s4fnd:105:*:*:*:*:*:*:*",
"matchCriteriaId": "66A663D3-247D-497E-8CE3-4D21E4A43C99"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:s4fnd:106:*:*:*:*:*:*:*",
"matchCriteriaId": "09C81075-4864-47A7-9851-DD46EE9B2E78"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:s4fnd:107:*:*:*:*:*:*:*",
"matchCriteriaId": "54AD7034-006C-4698-BF4F-D3584D88EC77"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:sapscore:129:*:*:*:*:*:*:*",
"matchCriteriaId": "4ACAA9A2-5CD6-4C6B-829B-CB534FADFAD2"
}
]
}
]
}
],
"references": [ "references": [
{
"url": "https://i7p.wdf.sap.corp/sap/support/notes/3315979",
"source": "cna@sap.com"
},
{ {
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com" "source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

56
CVE-2023/CVE-2023-311xx/CVE-2023-31180.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31180", "id": "CVE-2023-31180",
"sourceIdentifier": "cna@cyber.gov.il", "sourceIdentifier": "cna@cyber.gov.il",
"published": "2023-05-08T21:15:12.013", "published": "2023-05-08T21:15:12.013",
"lastModified": "2023-05-09T12:47:05.663", "lastModified": "2023-05-12T20:30:45.287",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "cna@cyber.gov.il", "source": "cna@cyber.gov.il",
"type": "Secondary", "type": "Secondary",
@ -35,6 +55,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{ {
"source": "cna@cyber.gov.il", "source": "cna@cyber.gov.il",
"type": "Secondary", "type": "Secondary",
@ -46,10 +76,30 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wjjsoft:innokb:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2241A2D8-7CD1-45DF-A8D2-331920FA8AF1"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.gov.il/en/Departments/faq/cve_advisories", "url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"source": "cna@cyber.gov.il" "source": "cna@cyber.gov.il",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

56
CVE-2023/CVE-2023-311xx/CVE-2023-31181.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31181", "id": "CVE-2023-31181",
"sourceIdentifier": "cna@cyber.gov.il", "sourceIdentifier": "cna@cyber.gov.il",
"published": "2023-05-08T21:15:12.080", "published": "2023-05-08T21:15:12.080",
"lastModified": "2023-05-09T12:47:05.663", "lastModified": "2023-05-12T20:30:35.667",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{ {
"source": "cna@cyber.gov.il", "source": "cna@cyber.gov.il",
"type": "Secondary", "type": "Secondary",
@ -35,6 +55,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{ {
"source": "cna@cyber.gov.il", "source": "cna@cyber.gov.il",
"type": "Secondary", "type": "Secondary",
@ -46,10 +76,30 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wjjsoft:innokb:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2241A2D8-7CD1-45DF-A8D2-331920FA8AF1"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.gov.il/en/Departments/faq/cve_advisories", "url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"source": "cna@cyber.gov.il" "source": "cna@cyber.gov.il",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

63
CVE-2023/CVE-2023-323xx/CVE-2023-32303.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-32303",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-12T21:15:09.560",
"lastModified": "2023-05-12T21:15:09.560",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Planet is software that provides satellite data. The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but before version 2.0.1, its permissions allowed the user's group and non-group to read the file as well. This issue was patched in version 2.0.1. As a workaround, set the secret file permissions to only user read/write by hand.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.0,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"references": [
{
"url": "https://github.com/planetlabs/planet-client-python/commit/d71415a83119c5e89d7b80d5f940d162376ee3b7",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/planetlabs/planet-client-python/releases/tag/2.0.1",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/planetlabs/planet-client-python/security/advisories/GHSA-j5fj-rfh6-qj85",
"source": "security-advisories@github.com"
}
]
}

62
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-05-12T20:00:24.653357+00:00 2023-05-12T21:55:23.928972+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-05-12T19:57:42.243000+00:00 2023-05-12T21:15:09.560000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,53 +29,37 @@ Download and Changelog: [Click](releases/latest)
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
215164 215177
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `7` Recently added CVEs: `13`
* [CVE-2023-2457](CVE-2023/CVE-2023-24xx/CVE-2023-2457.json) (`2023-05-12T18:15:09.530`) * [CVE-2023-1096](CVE-2023/CVE-2023-10xx/CVE-2023-1096.json) (`2023-05-12T21:15:08.990`)
* [CVE-2023-2458](CVE-2023/CVE-2023-24xx/CVE-2023-2458.json) (`2023-05-12T18:15:09.573`) * [CVE-2023-20877](CVE-2023/CVE-2023-208xx/CVE-2023-20877.json) (`2023-05-12T21:15:09.043`)
* [CVE-2023-25927](CVE-2023/CVE-2023-259xx/CVE-2023-25927.json) (`2023-05-12T18:15:09.450`) * [CVE-2023-20878](CVE-2023/CVE-2023-208xx/CVE-2023-20878.json) (`2023-05-12T21:15:09.093`)
* [CVE-2023-27863](CVE-2023/CVE-2023-278xx/CVE-2023-27863.json) (`2023-05-12T19:15:08.827`) * [CVE-2023-20879](CVE-2023/CVE-2023-208xx/CVE-2023-20879.json) (`2023-05-12T21:15:09.133`)
* [CVE-2023-30247](CVE-2023/CVE-2023-302xx/CVE-2023-30247.json) (`2023-05-12T19:15:08.907`) * [CVE-2023-2088](CVE-2023/CVE-2023-20xx/CVE-2023-2088.json) (`2023-05-12T21:15:09.430`)
* [CVE-2023-32305](CVE-2023/CVE-2023-323xx/CVE-2023-32305.json) (`2023-05-12T19:15:08.953`) * [CVE-2023-20880](CVE-2023/CVE-2023-208xx/CVE-2023-20880.json) (`2023-05-12T21:15:09.173`)
* [CVE-2023-32306](CVE-2023/CVE-2023-323xx/CVE-2023-32306.json) (`2023-05-12T19:15:09.023`) * [CVE-2023-2181](CVE-2023/CVE-2023-21xx/CVE-2023-2181.json) (`2023-05-12T21:15:09.490`)
* [CVE-2023-25005](CVE-2023/CVE-2023-250xx/CVE-2023-25005.json) (`2023-05-12T21:15:09.220`)
* [CVE-2023-25006](CVE-2023/CVE-2023-250xx/CVE-2023-25006.json) (`2023-05-12T21:15:09.267`)
* [CVE-2023-25007](CVE-2023/CVE-2023-250xx/CVE-2023-25007.json) (`2023-05-12T21:15:09.307`)
* [CVE-2023-25008](CVE-2023/CVE-2023-250xx/CVE-2023-25008.json) (`2023-05-12T21:15:09.343`)
* [CVE-2023-25009](CVE-2023/CVE-2023-250xx/CVE-2023-25009.json) (`2023-05-12T21:15:09.383`)
* [CVE-2023-32303](CVE-2023/CVE-2023-323xx/CVE-2023-32303.json) (`2023-05-12T21:15:09.560`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `27` Recently modified CVEs: `5`
* [CVE-2022-40504](CVE-2022/CVE-2022-405xx/CVE-2022-40504.json) (`2023-05-12T18:23:13.213`) * [CVE-2023-28762](CVE-2023/CVE-2023-287xx/CVE-2023-28762.json) (`2023-05-12T20:45:12.103`)
* [CVE-2023-0948](CVE-2023/CVE-2023-09xx/CVE-2023-0948.json) (`2023-05-12T18:39:44.400`) * [CVE-2023-28764](CVE-2023/CVE-2023-287xx/CVE-2023-28764.json) (`2023-05-12T20:44:32.040`)
* [CVE-2023-1094](CVE-2023/CVE-2023-10xx/CVE-2023-1094.json) (`2023-05-12T19:16:33.580`) * [CVE-2023-29188](CVE-2023/CVE-2023-291xx/CVE-2023-29188.json) (`2023-05-12T20:38:28.087`)
* [CVE-2023-1979](CVE-2023/CVE-2023-19xx/CVE-2023-1979.json) (`2023-05-12T18:44:46.457`) * [CVE-2023-31180](CVE-2023/CVE-2023-311xx/CVE-2023-31180.json) (`2023-05-12T20:30:45.287`)
* [CVE-2023-21666](CVE-2023/CVE-2023-216xx/CVE-2023-21666.json) (`2023-05-12T18:22:35.247`) * [CVE-2023-31181](CVE-2023/CVE-2023-311xx/CVE-2023-31181.json) (`2023-05-12T20:30:35.667`)
* [CVE-2023-22784](CVE-2023/CVE-2023-227xx/CVE-2023-22784.json) (`2023-05-12T18:34:16.503`)
* [CVE-2023-22785](CVE-2023/CVE-2023-227xx/CVE-2023-22785.json) (`2023-05-12T18:29:12.533`)
* [CVE-2023-22786](CVE-2023/CVE-2023-227xx/CVE-2023-22786.json) (`2023-05-12T18:25:20.053`)
* [CVE-2023-2573](CVE-2023/CVE-2023-25xx/CVE-2023-2573.json) (`2023-05-12T18:15:09.617`)
* [CVE-2023-2574](CVE-2023/CVE-2023-25xx/CVE-2023-2574.json) (`2023-05-12T18:15:09.703`)
* [CVE-2023-2575](CVE-2023/CVE-2023-25xx/CVE-2023-2575.json) (`2023-05-12T18:15:09.827`)
* [CVE-2023-27929](CVE-2023/CVE-2023-279xx/CVE-2023-27929.json) (`2023-05-12T18:52:07.350`)
* [CVE-2023-27931](CVE-2023/CVE-2023-279xx/CVE-2023-27931.json) (`2023-05-12T19:10:07.780`)
* [CVE-2023-27943](CVE-2023/CVE-2023-279xx/CVE-2023-27943.json) (`2023-05-12T19:05:15.243`)
* [CVE-2023-27953](CVE-2023/CVE-2023-279xx/CVE-2023-27953.json) (`2023-05-12T18:47:57.807`)
* [CVE-2023-27954](CVE-2023/CVE-2023-279xx/CVE-2023-27954.json) (`2023-05-12T18:55:06.177`)
* [CVE-2023-27955](CVE-2023/CVE-2023-279xx/CVE-2023-27955.json) (`2023-05-12T19:23:18.690`)
* [CVE-2023-27957](CVE-2023/CVE-2023-279xx/CVE-2023-27957.json) (`2023-05-12T19:15:24.030`)
* [CVE-2023-27959](CVE-2023/CVE-2023-279xx/CVE-2023-27959.json) (`2023-05-12T19:22:37.343`)
* [CVE-2023-27967](CVE-2023/CVE-2023-279xx/CVE-2023-27967.json) (`2023-05-12T19:46:50.930`)
* [CVE-2023-27968](CVE-2023/CVE-2023-279xx/CVE-2023-27968.json) (`2023-05-12T19:47:30.860`)
* [CVE-2023-29693](CVE-2023/CVE-2023-296xx/CVE-2023-29693.json) (`2023-05-12T19:39:08.083`)
* [CVE-2023-29696](CVE-2023/CVE-2023-296xx/CVE-2023-29696.json) (`2023-05-12T19:39:04.933`)
* [CVE-2023-30787](CVE-2023/CVE-2023-307xx/CVE-2023-30787.json) (`2023-05-12T19:57:42.243`)
* [CVE-2023-30788](CVE-2023/CVE-2023-307xx/CVE-2023-30788.json) (`2023-05-12T19:57:33.550`)
* [CVE-2023-30789](CVE-2023/CVE-2023-307xx/CVE-2023-30789.json) (`2023-05-12T19:57:22.307`)
* [CVE-2023-30790](CVE-2023/CVE-2023-307xx/CVE-2023-30790.json) (`2023-05-12T19:57:12.793`)
## Download and Usage ## Download and Usage