admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-11 16:13:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-23T23:55:30.468203+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-23 23:55:33 +00:00
parent 0159c15507
commit 2b91db82af
6 changed files with 258 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2023/CVE-2023-322xx/CVE-2023-32202.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32202",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-08-23T22:15:07.873",
"lastModified": "2023-08-23T22:15:07.873",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Walchem Intuition 9 firmware versions prior to v4.21 are vulnerable to improper authentication. Login credentials are stored in a format that could allow an attacker to use them as-is to login and gain access to the device.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-229-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

55
CVE-2023/CVE-2023-34xx/CVE-2023-3453.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-3453",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-08-23T22:15:08.930",
"lastModified": "2023-08-23T22:15:08.930",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1188"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-01",
"source": "ics-cert@hq.dhs.gov"
}
]
}

28
CVE-2023/CVE-2023-363xx/CVE-2023-36317.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-36317",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-23T22:15:08.550",
"lastModified": "2023-08-23T22:15:08.550",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in sourcecodester Student Study Center Desk Management System 1.0 allows attackers to run arbitrary code via crafted GET request to web application URL."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/oye-ujjwal/CVE/blob/main/CVE-2023-36317",
"source": "cve@mitre.org"
},
{
"url": "https://www.sourcecodester.com",
"source": "cve@mitre.org"
},
{
"url": "https://www.sourcecodester.com/php/16298/student-study-center-desk-management-system-using-php-oop-and-mysql-db-free-source-code",
"source": "cve@mitre.org"
}
]
}

55
CVE-2023/CVE-2023-384xx/CVE-2023-38422.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-38422",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-08-23T22:15:08.693",
"lastModified": "2023-08-23T22:15:08.693",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. This could allow an attacker to download and export sensitive data.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-229-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

55
CVE-2023/CVE-2023-410xx/CVE-2023-41028.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41028",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2023-08-23T22:15:09.077",
"lastModified": "2023-08-23T22:15:09.077",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow exists in Juplink RX4-1500, a WiFi router, in versions 1.0.2 through 1.0.5. An authenticated attacker can exploit this vulnerability to achieve code execution as root.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2023/08/23/juplink-rx4-1500-stack-based-buffer-overflow-vulnerability/",
"source": "disclosures@exodusintel.com"
}
]
}

36
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-23T22:00:25.916084+00:00
2023-08-23T23:55:30.468203+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-23T21:15:09.263000+00:00
2023-08-23T22:15:09.077000+00:00
```
### Last Data Feed Release
@ -29,40 +29,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
223338
223343
```
### CVEs added in the last Commit
Recently added CVEs: `11`
Recently added CVEs: `5`
* [CVE-2022-3742](CVE-2022/CVE-2022-37xx/CVE-2022-3742.json) (`2023-08-23T20:15:08.327`)
* [CVE-2022-3743](CVE-2022/CVE-2022-37xx/CVE-2022-3743.json) (`2023-08-23T20:15:08.497`)
* [CVE-2022-3744](CVE-2022/CVE-2022-37xx/CVE-2022-3744.json) (`2023-08-23T20:15:08.577`)
* [CVE-2022-3745](CVE-2022/CVE-2022-37xx/CVE-2022-3745.json) (`2023-08-23T20:15:08.660`)
* [CVE-2022-3746](CVE-2022/CVE-2022-37xx/CVE-2022-3746.json) (`2023-08-23T20:15:08.743`)
* [CVE-2023-40025](CVE-2023/CVE-2023-400xx/CVE-2023-40025.json) (`2023-08-23T20:15:08.840`)
* [CVE-2023-40176](CVE-2023/CVE-2023-401xx/CVE-2023-40176.json) (`2023-08-23T20:15:08.927`)
* [CVE-2023-40035](CVE-2023/CVE-2023-400xx/CVE-2023-40035.json) (`2023-08-23T21:15:08.300`)
* [CVE-2023-40177](CVE-2023/CVE-2023-401xx/CVE-2023-40177.json) (`2023-08-23T21:15:08.670`)
* [CVE-2023-40178](CVE-2023/CVE-2023-401xx/CVE-2023-40178.json) (`2023-08-23T21:15:08.877`)
* [CVE-2023-40185](CVE-2023/CVE-2023-401xx/CVE-2023-40185.json) (`2023-08-23T21:15:09.063`)
* [CVE-2023-32202](CVE-2023/CVE-2023-322xx/CVE-2023-32202.json) (`2023-08-23T22:15:07.873`)
* [CVE-2023-36317](CVE-2023/CVE-2023-363xx/CVE-2023-36317.json) (`2023-08-23T22:15:08.550`)
* [CVE-2023-38422](CVE-2023/CVE-2023-384xx/CVE-2023-38422.json) (`2023-08-23T22:15:08.693`)
* [CVE-2023-3453](CVE-2023/CVE-2023-34xx/CVE-2023-3453.json) (`2023-08-23T22:15:08.930`)
* [CVE-2023-41028](CVE-2023/CVE-2023-410xx/CVE-2023-41028.json) (`2023-08-23T22:15:09.077`)
### CVEs modified in the last Commit
Recently modified CVEs: `10`
Recently modified CVEs: `0`
* [CVE-2023-40174](CVE-2023/CVE-2023-401xx/CVE-2023-40174.json) (`2023-08-23T20:11:46.780`)
* [CVE-2023-4394](CVE-2023/CVE-2023-43xx/CVE-2023-4394.json) (`2023-08-23T20:16:38.203`)
* [CVE-2023-20013](CVE-2023/CVE-2023-200xx/CVE-2023-20013.json) (`2023-08-23T20:50:51.550`)
* [CVE-2023-20017](CVE-2023/CVE-2023-200xx/CVE-2023-20017.json) (`2023-08-23T20:52:43.313`)
* [CVE-2023-20111](CVE-2023/CVE-2023-201xx/CVE-2023-20111.json) (`2023-08-23T20:54:15.467`)
* [CVE-2023-34412](CVE-2023/CVE-2023-344xx/CVE-2023-34412.json) (`2023-08-23T21:04:10.520`)
* [CVE-2023-40315](CVE-2023/CVE-2023-403xx/CVE-2023-40315.json) (`2023-08-23T21:06:43.453`)
* [CVE-2023-37379](CVE-2023/CVE-2023-373xx/CVE-2023-37379.json) (`2023-08-23T21:15:07.660`)
* [CVE-2023-39441](CVE-2023/CVE-2023-394xx/CVE-2023-39441.json) (`2023-08-23T21:15:08.003`)
* [CVE-2023-40273](CVE-2023/CVE-2023-402xx/CVE-2023-40273.json) (`2023-08-23T21:15:09.263`)
## Download and Usage