admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-24T16:00:33.028024+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-24 16:00:36 +00:00
parent baf5387d51
commit 2f26963353
27 changed files with 1577 additions and 127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2022/CVE-2022-382xx/CVE-2022-38223.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-38223",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-08-15T11:21:43.557",
"lastModified": "2023-02-28T19:25:22.320",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-24T14:15:10.340",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -97,6 +97,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00030.html",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKESIFZMWIFMI6DRGMUYOTVKBOSEKDXZ/",
"source": "cve@mitre.org",

65
CVE-2023/CVE-2023-202xx/CVE-2023-20209.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20209",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-08-16T21:15:09.650",
"lastModified": "2023-08-17T12:53:44.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-24T14:23:42.837",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -34,10 +54,49 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.3.1",
"matchCriteriaId": "0840F942-9484-461E-8F07-5691CD8E75DC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:expressway:*:*:*",
"versionEndExcluding": "14.3.1",
"matchCriteriaId": "B55E57CE-7762-418D-B85D-19EF29429623"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-injection-X475EbTQ",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-202xx/CVE-2023-20212.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20212",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-08-18T20:15:09.773",
"lastModified": "2023-08-20T00:48:59.350",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-24T14:18:53.210",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -34,10 +54,49 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*",
"versionEndExcluding": "8.1.7.21585",
"matchCriteriaId": "57FA75E8-D452-4A42-A7D8-064C3932888A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:secure_endpoint_private_cloud:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.8.0",
"matchCriteriaId": "D10B7EE9-96DE-4761-834A-FA5C31326A23"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-FTkhqMWZ",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-209xx/CVE-2023-20965.json
View File

@ -2,31 +2,96 @@
"id": "CVE-2023-20965",
"sourceIdentifier": "security@android.com",
"published": "2023-08-14T21:15:10.320",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-24T15:09:35.493",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/0d3cb609b0851ea9e5745cc6101e57c2e5e739f2",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/88a8a98934215f591605028e200b6eca8f7cc45a",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/bd318b9772759546509f6fdb8648366099dd65ad",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-211xx/CVE-2023-21132.json
View File

@ -2,23 +2,92 @@
"id": "CVE-2023-21132",
"sourceIdentifier": "security@android.com",
"published": "2023-08-14T21:15:11.030",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-24T15:12:20.890",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:-:*:*:*:*:*:*",
"matchCriteriaId": "F3B54CC6-C4CB-4BBD-AADC-BC7A80F4F621"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/packages/modules/Permission/+/0679e4f35055729be7276536fe45fe8ec18a0453",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-211xx/CVE-2023-21133.json
View File

@ -2,23 +2,92 @@
"id": "CVE-2023-21133",
"sourceIdentifier": "security@android.com",
"published": "2023-08-14T21:15:11.107",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-24T15:12:18.377",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:-:*:*:*:*:*:*",
"matchCriteriaId": "F3B54CC6-C4CB-4BBD-AADC-BC7A80F4F621"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/packages/modules/Permission/+/0679e4f35055729be7276536fe45fe8ec18a0453",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-211xx/CVE-2023-21134.json
View File

@ -2,23 +2,92 @@
"id": "CVE-2023-21134",
"sourceIdentifier": "security@android.com",
"published": "2023-08-14T21:15:11.247",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-24T15:13:20.037",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:-:*:*:*:*:*:*",
"matchCriteriaId": "F3B54CC6-C4CB-4BBD-AADC-BC7A80F4F621"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/packages/modules/Permission/+/0679e4f35055729be7276536fe45fe8ec18a0453",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-211xx/CVE-2023-21140.json
View File

@ -2,23 +2,92 @@
"id": "CVE-2023-21140",
"sourceIdentifier": "security@android.com",
"published": "2023-08-14T21:15:11.487",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-24T15:13:02.303",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:-:*:*:*:*:*:*",
"matchCriteriaId": "F3B54CC6-C4CB-4BBD-AADC-BC7A80F4F621"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/packages/modules/Permission/+/0679e4f35055729be7276536fe45fe8ec18a0453",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-212xx/CVE-2023-21242.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-21242",
"sourceIdentifier": "security@android.com",
"published": "2023-08-14T21:15:11.733",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-24T15:38:05.187",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In isServerCertChainValid of InsecureEapNetworkHandler.java, there is a possible way to trust an imposter server due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/72e903f258b5040b8f492cf18edd124b5a1ac770",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-212xx/CVE-2023-21264.json
View File

@ -2,27 +2,89 @@
"id": "CVE-2023-21264",
"sourceIdentifier": "security@android.com",
"published": "2023-08-14T21:15:11.893",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-24T15:31:45.313",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In multiple functions of mem_protect.c, there is a possible way to access hypervisor memory due to a memory access check in the wrong place. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/kernel/common/+/53625a846a7b4",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://android.googlesource.com/kernel/common/+/b35a06182451f",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-212xx/CVE-2023-21265.json
View File

@ -2,23 +2,97 @@
"id": "CVE-2023-21265",
"sourceIdentifier": "security@android.com",
"published": "2023-08-14T21:15:12.067",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-24T15:09:04.043",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In multiple locations, there are root CA certificates which need to be disabled. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F120D280-287A-474F-9DC5-CBBC4B4C7237"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.1:-:*:*:*:*:*:*",
"matchCriteriaId": "9917DB2C-0CBC-4DB6-B10E-1EEBA6D9AB66"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/system/ca-certificates/+/6065b4a4c7da9cc9ee01c2f6389575647d2724c4",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-212xx/CVE-2023-21267.json
View File

@ -2,23 +2,97 @@
"id": "CVE-2023-21267",
"sourceIdentifier": "security@android.com",
"published": "2023-08-14T21:15:12.243",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-24T14:21:51.410",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In doKeyguardLocked of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F120D280-287A-474F-9DC5-CBBC4B4C7237"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:-:*:*:*:*:*:*",
"matchCriteriaId": "F3B54CC6-C4CB-4BBD-AADC-BC7A80F4F621"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/d18d8b350756b0e89e051736c1f28744ed31e93a",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-212xx/CVE-2023-21268.json
View File

@ -2,23 +2,97 @@
"id": "CVE-2023-21268",
"sourceIdentifier": "security@android.com",
"published": "2023-08-14T21:15:12.407",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-24T15:07:49.370",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F120D280-287A-474F-9DC5-CBBC4B4C7237"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.1:-:*:*:*:*:*:*",
"matchCriteriaId": "9917DB2C-0CBC-4DB6-B10E-1EEBA6D9AB66"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/packages/providers/TelephonyProvider/+/ca4c9a19635119d95900793e7a41b820cd1d94d9",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-212xx/CVE-2023-21269.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-21269",
"sourceIdentifier": "security@android.com",
"published": "2023-08-14T21:15:12.460",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-24T15:07:31.833",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In startActivityInner of ActivityStarter.java, there is a possible way to launch an activity into PiP mode from the background due to BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/70ec64dc5a2a816d6aa324190a726a85fd749b30",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

86
CVE-2023/CVE-2023-21xx/CVE-2023-2110.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2110",
"sourceIdentifier": "info@starlabs.sg",
"published": "2023-08-19T06:15:45.613",
"lastModified": "2023-08-20T00:48:59.350",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-24T14:56:05.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
},
{
"source": "info@starlabs.sg",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "info@starlabs.sg",
"type": "Secondary",
@ -46,14 +76,62 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:obsidian:obsidian:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.8",
"matchCriteriaId": "93FE5545-2346-4865-A357-D48F001DA0C2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://obsidian.md/changelog/2023-05-03-desktop-v1.2.8/",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Release Notes"
]
},
{
"url": "https://starlabs.sg/advisories/23/23-2110/",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
]
}
]
}

86
CVE-2023/CVE-2023-23xx/CVE-2023-2318.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2318",
"sourceIdentifier": "info@starlabs.sg",
"published": "2023-08-19T06:15:46.883",
"lastModified": "2023-08-20T00:48:59.350",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-24T14:36:07.020",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
},
{
"source": "info@starlabs.sg",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "info@starlabs.sg",
"type": "Secondary",
@ -46,14 +76,62 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:marktext:marktext:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.17.1",
"matchCriteriaId": "AB68239C-90DB-4BD3-AF7E-5A79E97A7093"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/marktext/marktext/issues/3618",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://starlabs.sg/advisories/23/23-2318/",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-391xx/CVE-2023-39125.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-39125",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-18T00:15:10.663",
"lastModified": "2023-08-18T12:43:51.207",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-24T15:48:32.707",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "NTSC-CRT 2.2.1 has an integer overflow and out-of-bounds write in loadBMP in bmp_rw.c because a file's width, height, and BPP are not validated. NOTE: the vendor's perspective is \"this main application was not intended to be a well tested program, it's just something to demonstrate it works and for the user to see how to integrate it into their own programs.\""
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
},
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ntsc-crt_project:ntsc-crt:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "652D880C-E9E8-4254-91C4-FB3F20D7272B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/LMP88959/NTSC-CRT/issues/32",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-401xx/CVE-2023-40168.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40168",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-17T20:15:11.190",
"lastModified": "2023-08-18T12:43:51.207",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-24T15:04:49.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,22 +66,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:turbowarp:turbowarp_desktop:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.8.0",
"matchCriteriaId": "DC0B20C6-3805-4C2E-B055-322AB6EABD32"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/TurboWarp/desktop/commit/55e07e99b59db334d75e8f46792a1569ab0884a6",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/TurboWarp/desktop/commit/a62dbd7a28b41857e3b6f32443fda0527d493267",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/TurboWarp/desktop/commit/f0f82aaf6cc8170e9da8b36953c98bfe533c019f",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/TurboWarp/desktop/security/advisories/GHSA-wg4p-vj7h-q82q",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-401xx/CVE-2023-40171.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40171",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-17T22:15:10.087",
"lastModified": "2023-08-18T12:43:51.207",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-24T15:11:33.620",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,22 +66,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netflix:dispatch:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20230817",
"matchCriteriaId": "1A158924-2CED-411F-878E-DE1756AF2F0D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Netflix/dispatch/commit/b1942a4319f0de820d86b84a58ebc85398b97c70",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/Netflix/dispatch/pull/3695",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/Netflix/dispatch/releases/tag/latest",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/Netflix/dispatch/security/advisories/GHSA-fv3x-67q3-6pg7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-403xx/CVE-2023-40371.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-40371",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-08-24T14:15:10.803",
"lastModified": "2023-08-24T14:15:10.803",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. IBM X-Force ID: 263476."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263476",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7028420",
"source": "psirt@us.ibm.com"
}
]
}

20
CVE-2023/CVE-2023-408xx/CVE-2023-40874.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40874",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-24T15:15:07.480",
"lastModified": "2023-08-24T15:15:07.480",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_add.php via the votename and voteitem1 parameters."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/DiliLearngent/BugReport/blob/main/php/DedeCMS/xss1.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-408xx/CVE-2023-40875.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40875",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-24T15:15:07.580",
"lastModified": "2023-08-24T15:15:07.580",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_edit.php via the votename and votenote parameters."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/DiliLearngent/BugReport/blob/main/php/DedeCMS/xss2.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-408xx/CVE-2023-40876.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40876",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-24T15:15:07.637",
"lastModified": "2023-08-24T15:15:07.637",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_add.php via the title parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/DiliLearngent/BugReport/blob/main/php/DedeCMS/xss3.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-408xx/CVE-2023-40877.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40877",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-24T15:15:07.690",
"lastModified": "2023-08-24T15:15:07.690",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_edit.php via the title parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/DiliLearngent/BugReport/blob/main/php/DedeCMS/xss4.md",
"source": "cve@mitre.org"
}
]
}

69
CVE-2023/CVE-2023-42xx/CVE-2023-4204.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4204",
"sourceIdentifier": "psirt@moxa.com",
"published": "2023-08-16T16:15:11.573",
"lastModified": "2023-08-16T19:04:32.000",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-24T15:50:59.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "psirt@moxa.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
},
{
"source": "psirt@moxa.com",
"type": "Secondary",
@ -46,10 +76,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:moxa:nport_iaw5000a-i\\/o_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.2",
"matchCriteriaId": "EF7FDC83-CC7F-49B5-A135-492D9C1B0774"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:moxa:nport_iaw5000a-i\\/o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05C5103C-9CCC-4262-AD7B-E24F3FF1F8C3"
}
]
}
]
}
],
"references": [
{
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230304-nport-iaw5000a-i-o-series-hardcoded-credential-vulnerability",
"source": "psirt@moxa.com"
"source": "psirt@moxa.com",
"tags": [
"Vendor Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-44xx/CVE-2023-4415.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4415",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-08-18T16:15:11.163",
"lastModified": "2023-08-18T16:39:17.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-24T14:11:23.707",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,57 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ruijienetworks:rg-ew1200g_firmware:07161417_r483:*:*:*:*:*:*:*",
"matchCriteriaId": "45325646-AD3E-4BB6-9289-0FC948CBA1F2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ruijienetworks:rg-ew1200g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9756E019-4269-467F-8842-6A8957E0358B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/blakespire/repoforcve/tree/main/RG-EW1200G-logic",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.237518",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.237518",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
}
]
}

60
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-24T14:00:36.171355+00:00
2023-08-24T16:00:33.028024+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-24T13:51:00.467000+00:00
2023-08-24T15:50:59.857000+00:00
```
### Last Data Feed Release
@ -29,43 +29,45 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
223361
223366
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `5`
* [CVE-2023-32510](CVE-2023/CVE-2023-325xx/CVE-2023-32510.json) (`2023-08-24T12:15:07.740`)
* [CVE-2023-32511](CVE-2023/CVE-2023-325xx/CVE-2023-32511.json) (`2023-08-24T12:15:07.903`)
* [CVE-2023-32516](CVE-2023/CVE-2023-325xx/CVE-2023-32516.json) (`2023-08-24T12:15:07.990`)
* [CVE-2023-34040](CVE-2023/CVE-2023-340xx/CVE-2023-34040.json) (`2023-08-24T13:15:07.453`)
* [CVE-2023-40371](CVE-2023/CVE-2023-403xx/CVE-2023-40371.json) (`2023-08-24T14:15:10.803`)
* [CVE-2023-40874](CVE-2023/CVE-2023-408xx/CVE-2023-40874.json) (`2023-08-24T15:15:07.480`)
* [CVE-2023-40875](CVE-2023/CVE-2023-408xx/CVE-2023-40875.json) (`2023-08-24T15:15:07.580`)
* [CVE-2023-40876](CVE-2023/CVE-2023-408xx/CVE-2023-40876.json) (`2023-08-24T15:15:07.637`)
* [CVE-2023-40877](CVE-2023/CVE-2023-408xx/CVE-2023-40877.json) (`2023-08-24T15:15:07.690`)
### CVEs modified in the last Commit
Recently modified CVEs: `20`
Recently modified CVEs: `21`
* [CVE-2021-33503](CVE-2021/CVE-2021-335xx/CVE-2021-33503.json) (`2023-08-24T13:42:23.033`)
* [CVE-2023-32559](CVE-2023/CVE-2023-325xx/CVE-2023-32559.json) (`2023-08-24T12:55:22.900`)
* [CVE-2023-40572](CVE-2023/CVE-2023-405xx/CVE-2023-40572.json) (`2023-08-24T12:55:22.900`)
* [CVE-2023-40573](CVE-2023/CVE-2023-405xx/CVE-2023-40573.json) (`2023-08-24T12:55:22.900`)
* [CVE-2023-4227](CVE-2023/CVE-2023-42xx/CVE-2023-4227.json) (`2023-08-24T12:55:22.900`)
* [CVE-2023-3704](CVE-2023/CVE-2023-37xx/CVE-2023-3704.json) (`2023-08-24T12:55:22.900`)
* [CVE-2023-4228](CVE-2023/CVE-2023-42xx/CVE-2023-4228.json) (`2023-08-24T12:55:22.900`)
* [CVE-2023-4229](CVE-2023/CVE-2023-42xx/CVE-2023-4229.json) (`2023-08-24T12:55:22.900`)
* [CVE-2023-4230](CVE-2023/CVE-2023-42xx/CVE-2023-4230.json) (`2023-08-24T12:55:22.900`)
* [CVE-2023-4511](CVE-2023/CVE-2023-45xx/CVE-2023-4511.json) (`2023-08-24T12:55:22.900`)
* [CVE-2023-4512](CVE-2023/CVE-2023-45xx/CVE-2023-4512.json) (`2023-08-24T12:55:22.900`)
* [CVE-2023-4513](CVE-2023/CVE-2023-45xx/CVE-2023-4513.json) (`2023-08-24T12:55:22.900`)
* [CVE-2023-3705](CVE-2023/CVE-2023-37xx/CVE-2023-3705.json) (`2023-08-24T12:55:22.900`)
* [CVE-2023-4436](CVE-2023/CVE-2023-44xx/CVE-2023-4436.json) (`2023-08-24T12:57:52.717`)
* [CVE-2023-4413](CVE-2023/CVE-2023-44xx/CVE-2023-4413.json) (`2023-08-24T13:30:56.523`)
* [CVE-2023-27520](CVE-2023/CVE-2023-275xx/CVE-2023-27520.json) (`2023-08-24T13:33:15.207`)
* [CVE-2023-23572](CVE-2023/CVE-2023-235xx/CVE-2023-23572.json) (`2023-08-24T13:33:32.147`)
* [CVE-2023-27522](CVE-2023/CVE-2023-275xx/CVE-2023-27522.json) (`2023-08-24T13:42:30.817`)
* [CVE-2023-25399](CVE-2023/CVE-2023-253xx/CVE-2023-25399.json) (`2023-08-24T13:42:37.750`)
* [CVE-2023-4414](CVE-2023/CVE-2023-44xx/CVE-2023-4414.json) (`2023-08-24T13:51:00.467`)
* [CVE-2022-38223](CVE-2022/CVE-2022-382xx/CVE-2022-38223.json) (`2023-08-24T14:15:10.340`)
* [CVE-2023-4415](CVE-2023/CVE-2023-44xx/CVE-2023-4415.json) (`2023-08-24T14:11:23.707`)
* [CVE-2023-20212](CVE-2023/CVE-2023-202xx/CVE-2023-20212.json) (`2023-08-24T14:18:53.210`)
* [CVE-2023-21267](CVE-2023/CVE-2023-212xx/CVE-2023-21267.json) (`2023-08-24T14:21:51.410`)
* [CVE-2023-20209](CVE-2023/CVE-2023-202xx/CVE-2023-20209.json) (`2023-08-24T14:23:42.837`)
* [CVE-2023-2318](CVE-2023/CVE-2023-23xx/CVE-2023-2318.json) (`2023-08-24T14:36:07.020`)
* [CVE-2023-2110](CVE-2023/CVE-2023-21xx/CVE-2023-2110.json) (`2023-08-24T14:56:05.247`)
* [CVE-2023-40168](CVE-2023/CVE-2023-401xx/CVE-2023-40168.json) (`2023-08-24T15:04:49.430`)
* [CVE-2023-21269](CVE-2023/CVE-2023-212xx/CVE-2023-21269.json) (`2023-08-24T15:07:31.833`)
* [CVE-2023-21268](CVE-2023/CVE-2023-212xx/CVE-2023-21268.json) (`2023-08-24T15:07:49.370`)
* [CVE-2023-21265](CVE-2023/CVE-2023-212xx/CVE-2023-21265.json) (`2023-08-24T15:09:04.043`)
* [CVE-2023-20965](CVE-2023/CVE-2023-209xx/CVE-2023-20965.json) (`2023-08-24T15:09:35.493`)
* [CVE-2023-40171](CVE-2023/CVE-2023-401xx/CVE-2023-40171.json) (`2023-08-24T15:11:33.620`)
* [CVE-2023-21133](CVE-2023/CVE-2023-211xx/CVE-2023-21133.json) (`2023-08-24T15:12:18.377`)
* [CVE-2023-21132](CVE-2023/CVE-2023-211xx/CVE-2023-21132.json) (`2023-08-24T15:12:20.890`)
* [CVE-2023-21140](CVE-2023/CVE-2023-211xx/CVE-2023-21140.json) (`2023-08-24T15:13:02.303`)
* [CVE-2023-21134](CVE-2023/CVE-2023-211xx/CVE-2023-21134.json) (`2023-08-24T15:13:20.037`)
* [CVE-2023-21264](CVE-2023/CVE-2023-212xx/CVE-2023-21264.json) (`2023-08-24T15:31:45.313`)
* [CVE-2023-21242](CVE-2023/CVE-2023-212xx/CVE-2023-21242.json) (`2023-08-24T15:38:05.187`)
* [CVE-2023-39125](CVE-2023/CVE-2023-391xx/CVE-2023-39125.json) (`2023-08-24T15:48:32.707`)
* [CVE-2023-4204](CVE-2023/CVE-2023-42xx/CVE-2023-4204.json) (`2023-08-24T15:50:59.857`)
## Download and Usage