admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-02T22:00:28.405616+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-02 22:00:31 +00:00
parent aea6bbc39c
commit 2a5a3eb426
37 changed files with 1169 additions and 112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
CVE-2022/CVE-2022-314xx/CVE-2022-31457.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2022-31457",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-25T22:15:10.410",
"lastModified": "2023-07-26T04:24:59.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T20:47:51.970",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "RTX TRAP v1.0 allows attackers to perform a directory traversal via a crafted request sent to the endpoint /data/."
},
{
"lang": "es",
"value": "RTX TRAP v1.0 permite a los atacantes realizar un recorrido por directorios a trav\u00e9s de una solicitud manipulada enviada al endpoint \"/data/\"."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rtx_trap_project:rtx_trap:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "433D77C4-8521-4B27-BA06-6B8FA4E14ED0"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://medium.com/@rohitgautam26/cve-2022-31457-2027b7678af7",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

6
CVE-2022/CVE-2022-477xx/CVE-2022-47758.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-47758",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-27T02:15:08.973",
"lastModified": "2023-07-26T14:15:09.987",
"lastModified": "2023-08-02T20:15:10.233",
"vulnStatus": "Modified",
"descriptions": [
{
@ -79,6 +79,10 @@
"Technical Description",
"Third Party Advisory"
]
},
{
"url": "https://pwning.tech/cve-2022-47758/",
"source": "cve@mitre.org"
}
]
}

63
CVE-2023/CVE-2023-238xx/CVE-2023-23843.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23843",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-07-26T14:15:10.070",
"lastModified": "2023-07-26T19:28:30.213",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T20:50:45.300",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "psirt@solarwinds.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-697"
}
]
},
{
"source": "psirt@solarwinds.com",
"type": "Secondary",
@ -46,14 +76,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.3.0",
"matchCriteriaId": "9722CBBC-46EC-4167-8E98-AEBB8ACF74D8"
}
]
}
]
}
],
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm",
"source": "psirt@solarwinds.com"
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2023-23843",
"source": "psirt@solarwinds.com"
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-264xx/CVE-2023-26430.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26430",
"sourceIdentifier": "security@open-xchange.com",
"published": "2023-08-02T13:15:10.217",
"lastModified": "2023-08-02T13:30:30.250",
"lastModified": "2023-08-02T20:15:10.387",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -47,6 +47,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Aug/8",
"source": "security@open-xchange.com"
},
{
"url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0003.json",
"source": "security@open-xchange.com"

6
CVE-2023/CVE-2023-264xx/CVE-2023-26438.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26438",
"sourceIdentifier": "security@open-xchange.com",
"published": "2023-08-02T13:15:10.323",
"lastModified": "2023-08-02T13:30:30.250",
"lastModified": "2023-08-02T20:15:10.503",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -47,6 +47,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Aug/8",
"source": "security@open-xchange.com"
},
{
"url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0003.json",
"source": "security@open-xchange.com"

6
CVE-2023/CVE-2023-264xx/CVE-2023-26439.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26439",
"sourceIdentifier": "security@open-xchange.com",
"published": "2023-08-02T13:15:10.403",
"lastModified": "2023-08-02T13:30:30.250",
"lastModified": "2023-08-02T20:15:10.600",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -47,6 +47,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Aug/8",
"source": "security@open-xchange.com"
},
{
"url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0003.json",
"source": "security@open-xchange.com"

6
CVE-2023/CVE-2023-264xx/CVE-2023-26440.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26440",
"sourceIdentifier": "security@open-xchange.com",
"published": "2023-08-02T13:15:10.483",
"lastModified": "2023-08-02T13:30:30.250",
"lastModified": "2023-08-02T20:15:10.700",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -47,6 +47,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Aug/8",
"source": "security@open-xchange.com"
},
{
"url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0003.json",
"source": "security@open-xchange.com"

6
CVE-2023/CVE-2023-264xx/CVE-2023-26441.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26441",
"sourceIdentifier": "security@open-xchange.com",
"published": "2023-08-02T13:15:10.563",
"lastModified": "2023-08-02T13:30:30.250",
"lastModified": "2023-08-02T20:15:10.793",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -47,6 +47,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Aug/8",
"source": "security@open-xchange.com"
},
{
"url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0003.json",
"source": "security@open-xchange.com"

6
CVE-2023/CVE-2023-264xx/CVE-2023-26442.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26442",
"sourceIdentifier": "security@open-xchange.com",
"published": "2023-08-02T13:15:10.640",
"lastModified": "2023-08-02T13:30:30.250",
"lastModified": "2023-08-02T20:15:10.900",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -47,6 +47,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Aug/8",
"source": "security@open-xchange.com"
},
{
"url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0003.json",
"source": "security@open-xchange.com"

6
CVE-2023/CVE-2023-264xx/CVE-2023-26443.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26443",
"sourceIdentifier": "security@open-xchange.com",
"published": "2023-08-02T13:15:10.720",
"lastModified": "2023-08-02T13:30:30.250",
"lastModified": "2023-08-02T20:15:10.997",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -47,6 +47,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Aug/8",
"source": "security@open-xchange.com"
},
{
"url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0003.json",
"source": "security@open-xchange.com"

6
CVE-2023/CVE-2023-264xx/CVE-2023-26445.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26445",
"sourceIdentifier": "security@open-xchange.com",
"published": "2023-08-02T13:15:10.797",
"lastModified": "2023-08-02T13:30:30.250",
"lastModified": "2023-08-02T20:15:11.097",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -47,6 +47,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Aug/8",
"source": "security@open-xchange.com"
},
{
"url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0003.json",
"source": "security@open-xchange.com"

6
CVE-2023/CVE-2023-264xx/CVE-2023-26446.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26446",
"sourceIdentifier": "security@open-xchange.com",
"published": "2023-08-02T13:15:10.877",
"lastModified": "2023-08-02T13:30:30.250",
"lastModified": "2023-08-02T20:15:11.190",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -47,6 +47,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Aug/8",
"source": "security@open-xchange.com"
},
{
"url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0003.json",
"source": "security@open-xchange.com"

6
CVE-2023/CVE-2023-264xx/CVE-2023-26447.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26447",
"sourceIdentifier": "security@open-xchange.com",
"published": "2023-08-02T13:15:10.947",
"lastModified": "2023-08-02T13:30:30.250",
"lastModified": "2023-08-02T20:15:11.287",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -47,6 +47,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Aug/8",
"source": "security@open-xchange.com"
},
{
"url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0003.json",
"source": "security@open-xchange.com"

6
CVE-2023/CVE-2023-264xx/CVE-2023-26448.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26448",
"sourceIdentifier": "security@open-xchange.com",
"published": "2023-08-02T13:15:11.017",
"lastModified": "2023-08-02T13:30:30.250",
"lastModified": "2023-08-02T20:15:11.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -47,6 +47,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Aug/8",
"source": "security@open-xchange.com"
},
{
"url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0003.json",
"source": "security@open-xchange.com"

6
CVE-2023/CVE-2023-264xx/CVE-2023-26449.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26449",
"sourceIdentifier": "security@open-xchange.com",
"published": "2023-08-02T13:15:11.090",
"lastModified": "2023-08-02T13:30:30.250",
"lastModified": "2023-08-02T20:15:11.467",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -47,6 +47,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Aug/8",
"source": "security@open-xchange.com"
},
{
"url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0003.json",
"source": "security@open-xchange.com"

6
CVE-2023/CVE-2023-264xx/CVE-2023-26450.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26450",
"sourceIdentifier": "security@open-xchange.com",
"published": "2023-08-02T13:15:11.160",
"lastModified": "2023-08-02T13:30:30.250",
"lastModified": "2023-08-02T20:15:11.557",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -47,6 +47,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Aug/8",
"source": "security@open-xchange.com"
},
{
"url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0003.json",
"source": "security@open-xchange.com"

6
CVE-2023/CVE-2023-264xx/CVE-2023-26451.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26451",
"sourceIdentifier": "security@open-xchange.com",
"published": "2023-08-02T13:15:11.233",
"lastModified": "2023-08-02T13:30:30.250",
"lastModified": "2023-08-02T20:15:11.653",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -47,6 +47,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Aug/8",
"source": "security@open-xchange.com"
},
{
"url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0003.json",
"source": "security@open-xchange.com"

70
CVE-2023/CVE-2023-268xx/CVE-2023-26859.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-26859",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-26T14:15:10.230",
"lastModified": "2023-07-26T19:28:23.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T20:29:47.877",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability found in PrestaShop sendinblue v.4.0.15 and before allow a remote attacker to gain privileges via the ajaxOrderTracking.php component."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:brevo:brevo:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0.15",
"matchCriteriaId": "03E0428E-7233-48E7-BE81-69B138A8CA21"
}
]
}
]
}
],
"references": [
{
"url": "https://addons.prestashop.com/en/newsletter-sms/8300-sendinblue-all-in-one-marketing-tool.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://security.friendsofpresta.org/modules/2023/07/25/sendinblue.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

97
CVE-2023/CVE-2023-281xx/CVE-2023-28130.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-28130",
"sourceIdentifier": "cve@checkpoint.com",
"published": "2023-07-26T11:15:09.550",
"lastModified": "2023-08-02T18:15:09.977",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-08-02T20:45:07.220",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Local user may lead to privilege escalation using Gaia Portal hostnames page."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "cve@checkpoint.com",
"type": "Secondary",
@ -23,26 +56,68 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:checkpoint:gaia_portal:r80.40:-:*:*:*:*:*:*",
"matchCriteriaId": "1687CFDC-EB35-4929-BB2D-87DBE9045A0B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:checkpoint:gaia_portal:r81:-:*:*:*:*:*:*",
"matchCriteriaId": "6B88D624-8BB6-4E1A-861E-97DAD116156D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:checkpoint:gaia_portal:r81.10:-:*:*:*:*:*:*",
"matchCriteriaId": "1DC24950-C92B-450D-BB27-9A254B820E87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:checkpoint:gaia_portal:r81.20:-:*:*:*:*:*:*",
"matchCriteriaId": "F06AD4B7-71C0-4B8C-B55C-79F8F06338AB"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/173918/Checkpoint-Gaia-Portal-R81.10-Remote-Command-Execution.html",
"source": "cve@checkpoint.com"
"source": "cve@checkpoint.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Aug/4",
"source": "cve@checkpoint.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/43",
"source": "cve@checkpoint.com"
"source": "cve@checkpoint.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://pentests.nl/pentest-blog/cve-2023-28130-command-injection-in-check-point-gaia-portal/",
"source": "cve@checkpoint.com"
"source": "cve@checkpoint.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://support.checkpoint.com/results/sk/sk181311",
"source": "cve@checkpoint.com"
"source": "cve@checkpoint.com",
"tags": [
"Vendor Advisory"
]
}
]
}

40
CVE-2023/CVE-2023-294xx/CVE-2023-29407.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-29407",
"sourceIdentifier": "security@golang.org",
"published": "2023-08-02T20:15:11.760",
"lastModified": "2023-08-02T20:15:11.760",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero."
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@golang.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-834"
}
]
}
],
"references": [
{
"url": "https://go.dev/cl/514897",
"source": "security@golang.org"
},
{
"url": "https://go.dev/issue/61581",
"source": "security@golang.org"
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-1990",
"source": "security@golang.org"
}
]
}

40
CVE-2023/CVE-2023-294xx/CVE-2023-29408.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-29408",
"sourceIdentifier": "security@golang.org",
"published": "2023-08-02T20:15:11.857",
"lastModified": "2023-08-02T20:15:11.857",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height, and encoded size) to make the decoder decode large amounts of compressed data, consuming excessive memory and CPU."
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@golang.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://go.dev/cl/514897",
"source": "security@golang.org"
},
{
"url": "https://go.dev/issue/61582",
"source": "security@golang.org"
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-1989",
"source": "security@golang.org"
}
]
}

44
CVE-2023/CVE-2023-294xx/CVE-2023-29409.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2023-29409",
"sourceIdentifier": "security@golang.org",
"published": "2023-08-02T20:15:11.940",
"lastModified": "2023-08-02T20:15:11.940",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable."
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@golang.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://go.dev/cl/515257",
"source": "security@golang.org"
},
{
"url": "https://go.dev/issue/61460",
"source": "security@golang.org"
},
{
"url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ",
"source": "security@golang.org"
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-1987",
"source": "security@golang.org"
}
]
}

63
CVE-2023/CVE-2023-332xx/CVE-2023-33224.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33224",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-07-26T14:15:10.340",
"lastModified": "2023-07-26T19:28:23.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T20:52:12.910",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "psirt@solarwinds.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "psirt@solarwinds.com",
"type": "Secondary",
@ -46,14 +76,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.3.0",
"matchCriteriaId": "9722CBBC-46EC-4167-8E98-AEBB8ACF74D8"
}
]
}
]
}
],
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm",
"source": "psirt@solarwinds.com"
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2023-33224",
"source": "psirt@solarwinds.com"
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
]
}
]
}

28
CVE-2023/CVE-2023-360xx/CVE-2023-36081.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-36081",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-02T20:15:12.027",
"lastModified": "2023-08-02T20:15:12.027",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in GatesAIr Flexiva FM Transmitter/Exciter v.FAX 150W allows a remote attacker to execute arbitrary code via a crafted script to the web application dashboard."
}
],
"metrics": {},
"references": [
{
"url": "http://flexiva.com",
"source": "cve@mitre.org"
},
{
"url": "http://gatesair.com",
"source": "cve@mitre.org"
},
{
"url": "https://strik3r.gitbook.io/strik3r-blog/security-research/cves-pocs/cve-2023-36081",
"source": "cve@mitre.org"
}
]
}

47
CVE-2023/CVE-2023-378xx/CVE-2023-37894.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37894",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-27T15:15:09.813",
"lastModified": "2023-07-27T16:52:09.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T21:58:09.203",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:radiustheme:variation_images_gallery_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.3.4",
"matchCriteriaId": "EA933531-CE70-4D8A-984F-8D5FD1747A0E"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woo-product-variation-gallery/wordpress-variation-images-gallery-for-woocommerce-plugin-2-3-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-379xx/CVE-2023-37970.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37970",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-27T15:15:10.353",
"lastModified": "2023-07-27T16:52:09.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T21:58:00.547",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mf_gig_calendar_project:mf_gig_calendar:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.2.1",
"matchCriteriaId": "A989C31E-A60C-4319-A6B7-90C3406F8622"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mf-gig-calendar/wordpress-mf-gig-calendar-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-379xx/CVE-2023-37975.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37975",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-27T15:15:10.657",
"lastModified": "2023-07-27T16:52:09.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T21:57:49.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +56,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +64,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:variation_swatches_for_woocommerce_project:variation_swatches_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.3.8",
"matchCriteriaId": "C286227A-D989-4EB1-AA1C-3EBEDDF6FF4E"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woo-product-variation-swatches/wordpress-variation-swatches-for-woocommerce-plugin-2-3-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-379xx/CVE-2023-37976.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37976",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-27T15:15:10.900",
"lastModified": "2023-07-27T16:52:09.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T21:57:37.680",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:radioforge:radio_forge_muses_player_with_skins:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.5",
"matchCriteriaId": "50BDBDB2-3BEB-429F-A9BE-4C6FA3282470"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/radio-forge/wordpress-radio-forge-muses-player-with-skins-plugin-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-379xx/CVE-2023-37980.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37980",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-27T14:15:09.670",
"lastModified": "2023-07-27T16:52:09.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T21:59:02.330",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:custom_field_for_wp_job_manager_project:custom_field_for_wp_job_manager:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.2",
"matchCriteriaId": "48A981FF-3252-4ACA-94FE-2543605E74A9"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/custom-field-for-wp-job-manager/wordpress-custom-field-for-wp-job-manager-plugin-1-1-cross-site-scripting-xss?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-379xx/CVE-2023-37981.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37981",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-27T14:15:09.800",
"lastModified": "2023-07-27T16:52:09.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T21:58:54.003",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpkube:authors_list:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.0.3",
"matchCriteriaId": "FBB491CA-C994-4346-B3F6-4DCB15849CFE"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/authors-list/wordpress-authors-list-plugin-2-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-379xx/CVE-2023-37993.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37993",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-27T14:15:09.890",
"lastModified": "2023-07-27T16:52:09.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T21:58:42.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:maennchen1:wpshopgermany_it-recht_kanzlei:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.8",
"matchCriteriaId": "52870F3E-C8C8-4FFF-BBAA-CC237C06AD35"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wpshopgermany-it-recht-kanzlei/wordpress-wpshopgermany-it-recht-kanzlei-plugin-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-385xx/CVE-2023-38512.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-38512",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-27T14:15:09.970",
"lastModified": "2023-07-27T16:52:09.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T21:58:20.263",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Wpstream WpStream \u2013 Live Streaming, Video on Demand, Pay Per View plugin <=\u00a04.5.4 versions."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin para WordPress WpStream \u2013 Live Streaming, Video on Demand, Pay Per View de WpStream en versiones anteriores a la 4.5.4 inclusive. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpstream:wpstream:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.5.5",
"matchCriteriaId": "5B504B12-0160-4739-99E3-4CECDF4CC9F6"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wpstream/wordpress-wpstream-live-streaming-video-on-demand-pay-per-view-plugin-4-5-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

48
CVE-2023/CVE-2023-392xx/CVE-2023-39261.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39261",
"sourceIdentifier": "security@jetbrains.com",
"published": "2023-07-26T13:15:10.233",
"lastModified": "2023-07-26T19:28:30.213",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T20:34:41.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security@jetbrains.com",
"type": "Secondary",
@ -46,10 +66,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.2",
"matchCriteriaId": "63238C74-6EBB-4E76-8E63-962B62AF3E73"
}
]
}
]
}
],
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "security@jetbrains.com"
"source": "security@jetbrains.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-39xx/CVE-2023-3969.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3969",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-27T12:15:09.963",
"lastModified": "2023-07-27T13:49:26.900",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T21:59:38.673",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -61,7 +83,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -69,20 +91,59 @@
"value": "CWE-79"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gzscripts:availability_booking_calendar_php:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6333A17C-8A1A-4D1F-AFBD-586228E49917"
}
]
}
]
}
],
"references": [
{
"url": "https://seclists.org/fulldisclosure/2023/Jul/51",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.235568",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.235568",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-39xx/CVE-2023-3970.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3970",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-27T12:15:10.537",
"lastModified": "2023-07-27T13:49:26.900",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-02T21:59:20.540",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gzscripts:availability_booking_calendar_php:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6333A17C-8A1A-4D1F-AFBD-586228E49917"
}
]
}
]
}
],
"references": [
{
"url": "https://seclists.org/fulldisclosure/2023/Jul/51",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.235569",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.235569",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

40
CVE-2023/CVE-2023-39xx/CVE-2023-3978.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-3978",
"sourceIdentifier": "security@golang.org",
"published": "2023-08-02T20:15:12.097",
"lastModified": "2023-08-02T20:15:12.097",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack."
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@golang.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://go.dev/cl/514896",
"source": "security@golang.org"
},
{
"url": "https://go.dev/issue/61615",
"source": "security@golang.org"
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-1988",
"source": "security@golang.org"
}
]
}

65
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-02T20:00:31.057053+00:00
2023-08-02T22:00:28.405616+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-02T19:50:56.147000+00:00
2023-08-02T21:59:38.673000+00:00
```
### Last Data Feed Release
@ -29,44 +29,49 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
221475
221480
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `5`
* [CVE-2023-29407](CVE-2023/CVE-2023-294xx/CVE-2023-29407.json) (`2023-08-02T20:15:11.760`)
* [CVE-2023-29408](CVE-2023/CVE-2023-294xx/CVE-2023-29408.json) (`2023-08-02T20:15:11.857`)
* [CVE-2023-29409](CVE-2023/CVE-2023-294xx/CVE-2023-29409.json) (`2023-08-02T20:15:11.940`)
* [CVE-2023-36081](CVE-2023/CVE-2023-360xx/CVE-2023-36081.json) (`2023-08-02T20:15:12.027`)
* [CVE-2023-3978](CVE-2023/CVE-2023-39xx/CVE-2023-3978.json) (`2023-08-02T20:15:12.097`)
### CVEs modified in the last Commit
Recently modified CVEs: `40`
Recently modified CVEs: `31`
* [CVE-2014-4872](CVE-2014/CVE-2014-48xx/CVE-2014-4872.json) (`2023-08-02T19:00:25.903`)
* [CVE-2014-8270](CVE-2014/CVE-2014-82xx/CVE-2014-8270.json) (`2023-08-02T19:00:29.757`)
* [CVE-2021-39820](CVE-2021/CVE-2021-398xx/CVE-2021-39820.json) (`2023-08-02T18:32:39.680`)
* [CVE-2022-4909](CVE-2022/CVE-2022-49xx/CVE-2022-4909.json) (`2023-08-02T18:25:50.143`)
* [CVE-2022-24767](CVE-2022/CVE-2022-247xx/CVE-2022-24767.json) (`2023-08-02T19:28:28.173`)
* [CVE-2023-28130](CVE-2023/CVE-2023-281xx/CVE-2023-28130.json) (`2023-08-02T18:15:09.977`)
* [CVE-2023-3782](CVE-2023/CVE-2023-37xx/CVE-2023-3782.json) (`2023-08-02T18:31:47.947`)
* [CVE-2023-35941](CVE-2023/CVE-2023-359xx/CVE-2023-35941.json) (`2023-08-02T18:34:33.230`)
* [CVE-2023-35942](CVE-2023/CVE-2023-359xx/CVE-2023-35942.json) (`2023-08-02T18:36:02.047`)
* [CVE-2023-21405](CVE-2023/CVE-2023-214xx/CVE-2023-21405.json) (`2023-08-02T18:43:09.213`)
* [CVE-2023-35943](CVE-2023/CVE-2023-359xx/CVE-2023-35943.json) (`2023-08-02T18:47:03.400`)
* [CVE-2023-34189](CVE-2023/CVE-2023-341xx/CVE-2023-34189.json) (`2023-08-02T18:51:03.527`)
* [CVE-2023-35929](CVE-2023/CVE-2023-359xx/CVE-2023-35929.json) (`2023-08-02T18:54:38.123`)
* [CVE-2023-34235](CVE-2023/CVE-2023-342xx/CVE-2023-34235.json) (`2023-08-02T19:02:29.150`)
* [CVE-2023-38499](CVE-2023/CVE-2023-384xx/CVE-2023-38499.json) (`2023-08-02T19:11:12.320`)
* [CVE-2023-32232](CVE-2023/CVE-2023-322xx/CVE-2023-32232.json) (`2023-08-02T19:12:35.040`)
* [CVE-2023-38500](CVE-2023/CVE-2023-385xx/CVE-2023-38500.json) (`2023-08-02T19:14:48.317`)
* [CVE-2023-32231](CVE-2023/CVE-2023-322xx/CVE-2023-32231.json) (`2023-08-02T19:17:06.810`)
* [CVE-2023-3384](CVE-2023/CVE-2023-33xx/CVE-2023-3384.json) (`2023-08-02T19:17:31.647`)
* [CVE-2023-22743](CVE-2023/CVE-2023-227xx/CVE-2023-22743.json) (`2023-08-02T19:27:45.450`)
* [CVE-2023-1522](CVE-2023/CVE-2023-15xx/CVE-2023-1522.json) (`2023-08-02T19:32:36.860`)
* [CVE-2023-38496](CVE-2023/CVE-2023-384xx/CVE-2023-38496.json) (`2023-08-02T19:32:49.440`)
* [CVE-2023-3947](CVE-2023/CVE-2023-39xx/CVE-2023-3947.json) (`2023-08-02T19:37:12.583`)
* [CVE-2023-3945](CVE-2023/CVE-2023-39xx/CVE-2023-3945.json) (`2023-08-02T19:41:11.373`)
* [CVE-2023-38501](CVE-2023/CVE-2023-385xx/CVE-2023-38501.json) (`2023-08-02T19:50:56.147`)
* [CVE-2023-26441](CVE-2023/CVE-2023-264xx/CVE-2023-26441.json) (`2023-08-02T20:15:10.793`)
* [CVE-2023-26442](CVE-2023/CVE-2023-264xx/CVE-2023-26442.json) (`2023-08-02T20:15:10.900`)
* [CVE-2023-26443](CVE-2023/CVE-2023-264xx/CVE-2023-26443.json) (`2023-08-02T20:15:10.997`)
* [CVE-2023-26445](CVE-2023/CVE-2023-264xx/CVE-2023-26445.json) (`2023-08-02T20:15:11.097`)
* [CVE-2023-26446](CVE-2023/CVE-2023-264xx/CVE-2023-26446.json) (`2023-08-02T20:15:11.190`)
* [CVE-2023-26447](CVE-2023/CVE-2023-264xx/CVE-2023-26447.json) (`2023-08-02T20:15:11.287`)
* [CVE-2023-26448](CVE-2023/CVE-2023-264xx/CVE-2023-26448.json) (`2023-08-02T20:15:11.377`)
* [CVE-2023-26449](CVE-2023/CVE-2023-264xx/CVE-2023-26449.json) (`2023-08-02T20:15:11.467`)
* [CVE-2023-26450](CVE-2023/CVE-2023-264xx/CVE-2023-26450.json) (`2023-08-02T20:15:11.557`)
* [CVE-2023-26451](CVE-2023/CVE-2023-264xx/CVE-2023-26451.json) (`2023-08-02T20:15:11.653`)
* [CVE-2023-26859](CVE-2023/CVE-2023-268xx/CVE-2023-26859.json) (`2023-08-02T20:29:47.877`)
* [CVE-2023-39261](CVE-2023/CVE-2023-392xx/CVE-2023-39261.json) (`2023-08-02T20:34:41.557`)
* [CVE-2023-28130](CVE-2023/CVE-2023-281xx/CVE-2023-28130.json) (`2023-08-02T20:45:07.220`)
* [CVE-2023-23843](CVE-2023/CVE-2023-238xx/CVE-2023-23843.json) (`2023-08-02T20:50:45.300`)
* [CVE-2023-33224](CVE-2023/CVE-2023-332xx/CVE-2023-33224.json) (`2023-08-02T20:52:12.910`)
* [CVE-2023-37976](CVE-2023/CVE-2023-379xx/CVE-2023-37976.json) (`2023-08-02T21:57:37.680`)
* [CVE-2023-37975](CVE-2023/CVE-2023-379xx/CVE-2023-37975.json) (`2023-08-02T21:57:49.327`)
* [CVE-2023-37970](CVE-2023/CVE-2023-379xx/CVE-2023-37970.json) (`2023-08-02T21:58:00.547`)
* [CVE-2023-37894](CVE-2023/CVE-2023-378xx/CVE-2023-37894.json) (`2023-08-02T21:58:09.203`)
* [CVE-2023-38512](CVE-2023/CVE-2023-385xx/CVE-2023-38512.json) (`2023-08-02T21:58:20.263`)
* [CVE-2023-37993](CVE-2023/CVE-2023-379xx/CVE-2023-37993.json) (`2023-08-02T21:58:42.467`)
* [CVE-2023-37981](CVE-2023/CVE-2023-379xx/CVE-2023-37981.json) (`2023-08-02T21:58:54.003`)
* [CVE-2023-37980](CVE-2023/CVE-2023-379xx/CVE-2023-37980.json) (`2023-08-02T21:59:02.330`)
* [CVE-2023-3970](CVE-2023/CVE-2023-39xx/CVE-2023-3970.json) (`2023-08-02T21:59:20.540`)
* [CVE-2023-3969](CVE-2023/CVE-2023-39xx/CVE-2023-3969.json) (`2023-08-02T21:59:38.673`)
## Download and Usage