admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-03T21:55:25.133293+00:00

Browse Source
This commit is contained in:
René Helmke 2023-05-03 23:55:27 +02:00
parent c0a5ebc91b
commit 3376a4e582
26 changed files with 1065 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
CVE-2017/CVE-2017-111xx/CVE-2017-11197.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2017-11197",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-03T20:15:09.083",
"lastModified": "2023-05-03T20:15:09.083",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privilege user can escalate to an administrative user via a bug within the \"add printer\" option."
}
],
"metrics": {},
"references": [
{
"url": "http://lp.cyberark.com/rs/316-CZP-275/images/ds-Viewfinity-102315-web.pdf",
"source": "cve@mitre.org"
},
{
"url": "https://www.exploit-db.com/exploits/42319",
"source": "cve@mitre.org"
}
]
}

24
CVE-2020/CVE-2020-224xx/CVE-2020-22429.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2020-22429",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-03T20:15:09.780",
"lastModified": "2023-05-03T20:15:09.780",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "redox-os v0.1.0 was discovered to contain a use-after-free bug via the gethostbyaddr() function at /src/header/netdb/mod.rs."
}
],
"metrics": {},
"references": [
{
"url": "https://burtonqin.github.io/posts/2023/04/CVE-2020-22429/",
"source": "cve@mitre.org"
},
{
"url": "https://gitlab.redox-os.org/redox-os/relibc/issues/159",
"source": "cve@mitre.org"
}
]
}

10
CVE-2022/CVE-2022-01xx/CVE-2022-0108.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-0108",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2022-02-12T00:15:07.660",
"lastModified": "2023-05-01T06:15:08.897",
"lastModified": "2023-05-03T21:15:09.783",
"vulnStatus": "Modified",
"descriptions": [
{
@ -172,6 +172,14 @@
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5396",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://www.debian.org/security/2023/dsa-5397",
"source": "chrome-cve-admin@google.com"
}
]
}

70
CVE-2022/CVE-2022-296xx/CVE-2022-29606.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2022-29606",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-20T13:15:07.437",
"lastModified": "2023-04-20T13:15:13.917",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-03T20:21:05.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ONOS 2.5.1. An intent with a large port number shows the CORRUPT state, which is misleading to a network operator. Improper handling of such port numbers causes inconsistency between intent and flow rules in the network."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opennetworking:onos:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DD1D050-BBF8-45B6-9B4E-93FC5D062414"
}
]
}
]
}
],
"references": [
{
"url": "https://wiki.onosproject.org/display/ONOS/Intent+Framework",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

59
CVE-2022/CVE-2022-391xx/CVE-2022-39161.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2022-39161",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-05-03T20:15:09.957",
"lastModified": "2023-05-03T20:15:09.957",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 235069."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/235069",
"source": "psirt@us.ibm.com"
},
{
"url": "https://https://www.ibm.com/support/pages/node/6987779",
"source": "psirt@us.ibm.com"
}
]
}

51
CVE-2023/CVE-2023-01xx/CVE-2023-0155.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2023-0155",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-05-03T21:15:16.323",
"lastModified": "2023-05-03T21:15:16.323",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled markdown"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0155.json",
"source": "cve@gitlab.com"
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/387638",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/1817250",
"source": "cve@gitlab.com"
}
]
}

51
CVE-2023/CVE-2023-04xx/CVE-2023-0485.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2023-0485",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-05-03T21:15:16.577",
"lastModified": "2023-05-03T21:15:16.577",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions starting from 13.11 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible that a project member demoted to a user role to read project updates by doing a diff with a pre-existing fork."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0485.json",
"source": "cve@gitlab.com"
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/389191",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/1837937",
"source": "cve@gitlab.com"
}
]
}

51
CVE-2023/CVE-2023-12xx/CVE-2023-1204.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2023-1204",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-05-03T21:15:16.707",
"lastModified": "2023-05-03T21:15:16.707",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user could use an unverified email as a public email and commit email by sending a specifically crafted request on user update settings."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE"
},
"exploitabilityScore": 1.6,
"impactScore": 0.0
}
]
},
"references": [
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1204.json",
"source": "cve@gitlab.com"
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/394745",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/1881598",
"source": "cve@gitlab.com"
}
]
}

51
CVE-2023/CVE-2023-12xx/CVE-2023-1265.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2023-1265",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-05-03T21:15:17.307",
"lastModified": "2023-05-03T21:15:17.307",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The condition allows for a privileged attacker, under certain conditions, to obtain session tokens from all users of a GitLab instance."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 4.0
}
]
},
"references": [
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1265.json",
"source": "cve@gitlab.com"
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/394960",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/1888690",
"source": "cve@gitlab.com"
}
]
}

51
CVE-2023/CVE-2023-18xx/CVE-2023-1836.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2023-1836",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-05-03T21:15:17.807",
"lastModified": "2023-05-03T21:15:17.807",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. When viewing an XML file in a repository in \"raw\" mode, it can be made to render as HTML if viewed under specific circumstances"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1836.json",
"source": "cve@gitlab.com"
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/404613",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/1923293",
"source": "cve@gitlab.com"
}
]
}

51
CVE-2023/CVE-2023-19xx/CVE-2023-1965.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2023-1965",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-05-03T21:15:18.220",
"lastModified": "2023-05-03T21:15:18.220",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Lack of verification on RelayState parameter allowed a maliciously crafted URL to obtain access tokens granted for 3rd party Group SAML SSO logins. This feature isn't enabled by default."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1965.json",
"source": "cve@gitlab.com"
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/406235",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/1923672",
"source": "cve@gitlab.com"
}
]
}

51
CVE-2023/CVE-2023-20xx/CVE-2023-2069.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2023-2069",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-05-03T21:15:21.590",
"lastModified": "2023-05-03T21:15:21.590",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2069.json",
"source": "cve@gitlab.com"
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/407374",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/1939987",
"source": "cve@gitlab.com"
}
]
}

54
CVE-2023/CVE-2023-22xx/CVE-2023-2258.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2258",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-04-24T21:15:09.477",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-03T20:15:13.487",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +68,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:alf:alf:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0-m4-2304",
"matchCriteriaId": "DB945ACA-B596-417D-9832-1137D9B9C640"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/alfio-event/alf.io/commit/94e2923a317452e337393789c9f3192dfc1ddac2",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/31eaf0fe-4d91-4022-aa9b-802bc6eafb8f",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit"
]
}
]
}

67
CVE-2023/CVE-2023-22xx/CVE-2023-2259.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2259",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-04-24T21:15:09.547",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-03T20:01:59.110",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -36,8 +58,18 @@
},
"weaknesses": [
{
"source": "security@huntr.dev",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
},
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +78,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:alf:alf:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0-m4-2304",
"matchCriteriaId": "DB945ACA-B596-417D-9832-1137D9B9C640"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/alfio-event/alf.io/commit/94e2923a317452e337393789c9f3192dfc1ddac2",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/e753bce0-ce82-463b-b344-2f67b39b60ff",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-247xx/CVE-2023-24744.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-24744",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-03T20:15:10.230",
"lastModified": "2023-05-03T20:15:10.230",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Rediker Software AdminPlus 6.1.91.00 allows remote attackers to run arbitrary code via the onload function within the application DOM."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/HeidiSecurities/CVEs/blob/main/CVE-2023-24744/Rediker%20-%20XSS%20(Reflected%20&%20DOM-based).md",
"source": "cve@mitre.org"
}
]
}

76
CVE-2023/CVE-2023-253xx/CVE-2023-25314.json Normal file
View File

@ -0,0 +1,76 @@
{
"id": "CVE-2023-25314",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-25T16:15:09.490",
"lastModified": "2023-05-03T20:36:34.593",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in World Wide Broadcast Network AVideo before 12.4, allows attackers to gain sensitive information via the success parameter to /user."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.4",
"matchCriteriaId": "C7827575-CC53-4298-AA70-AFD19408C79A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/WWBN/AVideo/commit/2b44dee815b208da85e1dcafa9839391c3de2655",
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

118
CVE-2023/CVE-2023-262xx/CVE-2023-26286.json Normal file
View File

@ -0,0 +1,118 @@
{
"id": "CVE-2023-26286",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-04-26T12:15:09.803",
"lastModified": "2023-05-03T20:37:43.290",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. IBM X-Force ID: 248421."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:vios:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F61BE89-FBDE-4312-8422-86D1A9F57C9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:aix:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0402E20C-8B41-4A2A-BFF9-92EC843985F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6791504A-A48A-4ED0-94AF-4C8A3B91516F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35DF3DE0-1AE4-4B25-843F-BC08DBBFDF78"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/248421",
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
]
},
{
"url": "https://https://www.ibm.com/support/pages/node/6983236",
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

10
CVE-2023/CVE-2023-282xx/CVE-2023-28205.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-28205",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-04-10T19:15:07.237",
"lastModified": "2023-05-01T06:15:15.517",
"lastModified": "2023-05-03T21:15:18.837",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-04-10",
"cisaActionDue": "2023-05-01",
@ -172,6 +172,14 @@
"tags": [
"Release Notes"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5396",
"source": "product-security@apple.com"
},
{
"url": "https://www.debian.org/security/2023/dsa-5397",
"source": "product-security@apple.com"
}
]
}

93
CVE-2023/CVE-2023-284xx/CVE-2023-28484.json
View File

@ -2,27 +2,108 @@
"id": "CVE-2023-28484",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-24T21:15:09.180",
"lastModified": "2023-04-30T14:15:46.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-03T20:23:29.990",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.10.4",
"matchCriteriaId": "2C473D3A-61FB-43E4-B342-9B1CC622F18F"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/491",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-302xx/CVE-2023-30204.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-30204",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-03T21:15:23.643",
"lastModified": "2023-05-03T21:15:23.643",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the judge_id parameter at /php-jms/edit_judge.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/judging-management-system/SQLi-3.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-302xx/CVE-2023-30205.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-30205",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-03T21:15:24.230",
"lastModified": "2023-05-03T21:15:24.230",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in DouPHP v1.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the unique_id parameter in /admin/article.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/godd-bot/cve/issues/2",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-303xx/CVE-2023-30300.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-30300",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-03T20:15:10.327",
"lastModified": "2023-05-03T20:15:10.327",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in the component hang.wasm of WebAssembly 1.0 causes an infinite loop."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/WebAssembly/wabt/issues/2180",
"source": "cve@mitre.org"
}
]
}

6
CVE-2023/CVE-2023-314xx/CVE-2023-31484.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-31484",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-29T00:15:09.000",
"lastModified": "2023-05-01T10:39:42.517",
"lastModified": "2023-05-03T21:15:24.703",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -16,6 +16,10 @@
"url": "http://www.openwall.com/lists/oss-security/2023/04/29/1",
"source": "cve@mitre.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/3",
"source": "cve@mitre.org"
},
{
"url": "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/",
"source": "cve@mitre.org"

6
CVE-2023/CVE-2023-314xx/CVE-2023-31485.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-31485",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-29T00:15:09.043",
"lastModified": "2023-05-01T10:39:42.517",
"lastModified": "2023-05-03T21:15:25.643",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -16,6 +16,10 @@
"url": "http://www.openwall.com/lists/oss-security/2023/04/29/1",
"source": "cve@mitre.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/3",
"source": "cve@mitre.org"
},
{
"url": "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/",
"source": "cve@mitre.org"

6
CVE-2023/CVE-2023-314xx/CVE-2023-31486.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-31486",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-29T00:15:09.083",
"lastModified": "2023-05-01T10:39:42.517",
"lastModified": "2023-05-03T21:15:26.150",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -16,6 +16,10 @@
"url": "http://www.openwall.com/lists/oss-security/2023/04/29/1",
"source": "cve@mitre.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/3",
"source": "cve@mitre.org"
},
{
"url": "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/",
"source": "cve@mitre.org"

62
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-05-03T20:00:24.416909+00:00
2023-05-03T21:55:25.133293+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-05-03T19:57:57.030000+00:00
2023-05-03T21:15:26.150000+00:00
```
### Last Data Feed Release
@ -29,46 +29,44 @@ Download and Changelog: [Click](releases/latest)
### Total Number of included CVEs
```plain
214005
214019
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `14`
* [CVE-2023-25826](CVE-2023/CVE-2023-258xx/CVE-2023-25826.json) (`2023-05-03T19:15:08.963`)
* [CVE-2023-25827](CVE-2023/CVE-2023-258xx/CVE-2023-25827.json) (`2023-05-03T19:15:10.297`)
* [CVE-2017-11197](CVE-2017/CVE-2017-111xx/CVE-2017-11197.json) (`2023-05-03T20:15:09.083`)
* [CVE-2020-22429](CVE-2020/CVE-2020-224xx/CVE-2020-22429.json) (`2023-05-03T20:15:09.780`)
* [CVE-2022-39161](CVE-2022/CVE-2022-391xx/CVE-2022-39161.json) (`2023-05-03T20:15:09.957`)
* [CVE-2023-0155](CVE-2023/CVE-2023-01xx/CVE-2023-0155.json) (`2023-05-03T21:15:16.323`)
* [CVE-2023-0485](CVE-2023/CVE-2023-04xx/CVE-2023-0485.json) (`2023-05-03T21:15:16.577`)
* [CVE-2023-1204](CVE-2023/CVE-2023-12xx/CVE-2023-1204.json) (`2023-05-03T21:15:16.707`)
* [CVE-2023-1265](CVE-2023/CVE-2023-12xx/CVE-2023-1265.json) (`2023-05-03T21:15:17.307`)
* [CVE-2023-1836](CVE-2023/CVE-2023-18xx/CVE-2023-1836.json) (`2023-05-03T21:15:17.807`)
* [CVE-2023-1965](CVE-2023/CVE-2023-19xx/CVE-2023-1965.json) (`2023-05-03T21:15:18.220`)
* [CVE-2023-2069](CVE-2023/CVE-2023-20xx/CVE-2023-2069.json) (`2023-05-03T21:15:21.590`)
* [CVE-2023-24744](CVE-2023/CVE-2023-247xx/CVE-2023-24744.json) (`2023-05-03T20:15:10.230`)
* [CVE-2023-30204](CVE-2023/CVE-2023-302xx/CVE-2023-30204.json) (`2023-05-03T21:15:23.643`)
* [CVE-2023-30205](CVE-2023/CVE-2023-302xx/CVE-2023-30205.json) (`2023-05-03T21:15:24.230`)
* [CVE-2023-30300](CVE-2023/CVE-2023-303xx/CVE-2023-30300.json) (`2023-05-03T20:15:10.327`)
### CVEs modified in the last Commit
Recently modified CVEs: `25`
Recently modified CVEs: `11`
* [CVE-2022-28354](CVE-2022/CVE-2022-283xx/CVE-2022-28354.json) (`2023-05-03T19:30:39.513`)
* [CVE-2022-29607](CVE-2022/CVE-2022-296xx/CVE-2022-29607.json) (`2023-05-03T19:57:57.030`)
* [CVE-2022-29608](CVE-2022/CVE-2022-296xx/CVE-2022-29608.json) (`2023-05-03T18:02:12.230`)
* [CVE-2023-0276](CVE-2023/CVE-2023-02xx/CVE-2023-0276.json) (`2023-05-03T19:26:53.357`)
* [CVE-2023-0388](CVE-2023/CVE-2023-03xx/CVE-2023-0388.json) (`2023-05-03T19:26:23.583`)
* [CVE-2023-0418](CVE-2023/CVE-2023-04xx/CVE-2023-0418.json) (`2023-05-03T19:17:58.380`)
* [CVE-2023-0420](CVE-2023/CVE-2023-04xx/CVE-2023-0420.json) (`2023-05-03T19:08:13.010`)
* [CVE-2023-0424](CVE-2023/CVE-2023-04xx/CVE-2023-0424.json) (`2023-05-03T19:08:32.230`)
* [CVE-2023-1414](CVE-2023/CVE-2023-14xx/CVE-2023-1414.json) (`2023-05-03T19:06:04.720`)
* [CVE-2023-1623](CVE-2023/CVE-2023-16xx/CVE-2023-1623.json) (`2023-05-03T19:10:02.387`)
* [CVE-2023-2260](CVE-2023/CVE-2023-22xx/CVE-2023-2260.json) (`2023-05-03T19:52:26.697`)
* [CVE-2023-23830](CVE-2023/CVE-2023-238xx/CVE-2023-23830.json) (`2023-05-03T19:07:24.620`)
* [CVE-2023-23875](CVE-2023/CVE-2023-238xx/CVE-2023-23875.json) (`2023-05-03T19:07:24.620`)
* [CVE-2023-23881](CVE-2023/CVE-2023-238xx/CVE-2023-23881.json) (`2023-05-03T19:07:24.620`)
* [CVE-2023-2417](CVE-2023/CVE-2023-24xx/CVE-2023-2417.json) (`2023-05-03T18:15:48.950`)
* [CVE-2023-24821](CVE-2023/CVE-2023-248xx/CVE-2023-24821.json) (`2023-05-03T18:16:36.500`)
* [CVE-2023-24822](CVE-2023/CVE-2023-248xx/CVE-2023-24822.json) (`2023-05-03T18:37:31.537`)
* [CVE-2023-24823](CVE-2023/CVE-2023-248xx/CVE-2023-24823.json) (`2023-05-03T18:41:20.233`)
* [CVE-2023-25967](CVE-2023/CVE-2023-259xx/CVE-2023-25967.json) (`2023-05-03T19:07:24.620`)
* [CVE-2023-26017](CVE-2023/CVE-2023-260xx/CVE-2023-26017.json) (`2023-05-03T19:07:24.620`)
* [CVE-2023-26494](CVE-2023/CVE-2023-264xx/CVE-2023-26494.json) (`2023-05-03T18:59:28.997`)
* [CVE-2023-27849](CVE-2023/CVE-2023-278xx/CVE-2023-27849.json) (`2023-05-03T18:49:02.067`)
* [CVE-2023-29197](CVE-2023/CVE-2023-291xx/CVE-2023-29197.json) (`2023-05-03T18:12:55.620`)
* [CVE-2023-29566](CVE-2023/CVE-2023-295xx/CVE-2023-29566.json) (`2023-05-03T19:45:48.853`)
* [CVE-2023-30544](CVE-2023/CVE-2023-305xx/CVE-2023-30544.json) (`2023-05-03T18:52:51.757`)
* [CVE-2022-0108](CVE-2022/CVE-2022-01xx/CVE-2022-0108.json) (`2023-05-03T21:15:09.783`)
* [CVE-2022-29606](CVE-2022/CVE-2022-296xx/CVE-2022-29606.json) (`2023-05-03T20:21:05.007`)
* [CVE-2023-2258](CVE-2023/CVE-2023-22xx/CVE-2023-2258.json) (`2023-05-03T20:15:13.487`)
* [CVE-2023-2259](CVE-2023/CVE-2023-22xx/CVE-2023-2259.json) (`2023-05-03T20:01:59.110`)
* [CVE-2023-25314](CVE-2023/CVE-2023-253xx/CVE-2023-25314.json) (`2023-05-03T20:36:34.593`)
* [CVE-2023-26286](CVE-2023/CVE-2023-262xx/CVE-2023-26286.json) (`2023-05-03T20:37:43.290`)
* [CVE-2023-28205](CVE-2023/CVE-2023-282xx/CVE-2023-28205.json) (`2023-05-03T21:15:18.837`)
* [CVE-2023-28484](CVE-2023/CVE-2023-284xx/CVE-2023-28484.json) (`2023-05-03T20:23:29.990`)
* [CVE-2023-31484](CVE-2023/CVE-2023-314xx/CVE-2023-31484.json) (`2023-05-03T21:15:24.703`)
* [CVE-2023-31485](CVE-2023/CVE-2023-314xx/CVE-2023-31485.json) (`2023-05-03T21:15:25.643`)
* [CVE-2023-31486](CVE-2023/CVE-2023-314xx/CVE-2023-31486.json) (`2023-05-03T21:15:26.150`)
## Download and Usage