admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-26T23:55:24.823761+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-05-26 23:55:28 +00:00
parent 72e4d7380f
commit 34e8d5a621
23 changed files with 1313 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
CVE-2022/CVE-2022-06xx/CVE-2022-0637.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-0637",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-02-16T22:15:10.900",
"lastModified": "2023-02-28T14:16:29.730",
"vulnStatus": "Analyzed",
"lastModified": "2023-05-26T22:15:10.577",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "There was an open redirection vulnerability pollbot, which was used in https://pollbot.services.mozilla.com/ and https://pollbot.stage.mozaws.net/ An attacker could have redirected anyone to malicious sites."
"value": "open redirect in pollbot (pollbot.services.mozilla.com) in versions before 1.4.6"
}
],
"metrics": {
@ -66,20 +66,8 @@
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2022-0637",
"source": "security@mozilla.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://github.com/mozilla/PollBot/security/advisories/GHSA-vg27-hr3v-3cqv",
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1753838",
"source": "security@mozilla.org"
}
]
}

205
CVE-2022/CVE-2022-363xx/CVE-2022-36326.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36326",
"sourceIdentifier": "psirt@wdc.com",
"published": "2023-05-18T18:15:09.820",
"lastModified": "2023-05-18T20:16:21.423",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-26T23:30:48.790",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "psirt@wdc.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
},
{
"source": "psirt@wdc.com",
"type": "Secondary",
@ -46,14 +76,181 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:my_cloud_os_5:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.26.202",
"matchCriteriaId": "056AA1A3-F012-40A9-A351-628C905B3FEA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A9EE86B-05EE-4F2E-A912-624DDCF9C41B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E783EBC-7608-4527-B1AD-9B4E7A7A108C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3034F4A-239C-4E38-9BD6-217361A7C519"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A581EBA-A1F2-4ABC-8183-29973A46FA43"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABBBDC1E-2320-4767-B669-1BB2FFB1E1C4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B78030F0-6655-4604-9D16-2FA1F3FD52FF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_mirror_g2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE090BC-C847-4DF7-9C5F-52A300845558"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF58260B-2131-402C-A9DA-67B188136DE1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB0C2FD9-4792-4DA2-9698-E53109A499EC"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:wd_cloud:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDE0337-4329-4CE3-9B0B-61BE8361E910"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.4.0-191",
"matchCriteriaId": "D471C39A-0854-4755-9DF8-5BAABAB09619"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_home:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE2FBAB-5BA0-4F09-A76E-4A6869668810"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:sandisk_ibi_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.4.0-191",
"matchCriteriaId": "13A2FB91-CCCF-42B1-BCE1-F4962D353593"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:sandisk_ibi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "296ADA43-16BA-4444-B472-DB945FB917B2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.4.0-191",
"matchCriteriaId": "0A0368E6-53C8-4BD2-B0E8-44464B245832"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_home_duo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "124BBC79-65A2-465C-B784-D21E57E96F63"
}
]
}
]
}
],
"references": [
{
"url": "https://www.westerndigital.com/support/product-security/wdc-23003-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-9-4-0-191",
"source": "psirt@wdc.com"
"source": "psirt@wdc.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.westerndigital.com/support/product-security/wdc-23006-my-cloud-firmware-version-5-26-202",
"source": "psirt@wdc.com"
"source": "psirt@wdc.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-215xx/CVE-2023-21514.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21514",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-05-26T22:15:14.377",
"lastModified": "2023-05-26T22:15:14.377",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=01",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-215xx/CVE-2023-21515.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21515",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-05-26T22:15:14.530",
"lastModified": "2023-05-26T22:15:14.530",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=01",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-215xx/CVE-2023-21516.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21516",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-05-26T22:15:14.610",
"lastModified": "2023-05-26T22:15:14.610",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=01",
"source": "mobile.security@samsung.com"
}
]
}

68
CVE-2023/CVE-2023-235xx/CVE-2023-23556.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-23556",
"sourceIdentifier": "cve-assign@fb.com",
"published": "2023-05-18T22:15:09.487",
"lastModified": "2023-05-19T13:00:09.947",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-26T23:32:28.163",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by a malicious attacker to execute arbitrary code due to an out-of-bound write. Note that this bug is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "cve-assign@fb.com",
"type": "Secondary",
@ -23,14 +56,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:facebook:hermes:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023-02-02",
"matchCriteriaId": "E0B18E12-1694-49FF-881C-4BC5A8C847D7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/facebook/hermes/commit/a6dcafe6ded8e61658b40f5699878cd19a481f80",
"source": "cve-assign@fb.com"
"source": "cve-assign@fb.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.facebook.com/security/advisories/cve-2023-23556",
"source": "cve-assign@fb.com"
"source": "cve-assign@fb.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-248xx/CVE-2023-24832.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-24832",
"sourceIdentifier": "cve-assign@fb.com",
"published": "2023-05-18T22:15:09.650",
"lastModified": "2023-05-19T13:00:09.947",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-26T23:29:06.290",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf0e5a62b27fdd8b01f103e198708 could have been used by an attacker to crash an Hermes runtime where the EnableHermesInternal config option was set to true. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
},
{
"source": "cve-assign@fb.com",
"type": "Secondary",
@ -23,14 +56,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:facebook:hermes:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023-01-31",
"matchCriteriaId": "B9CFBF04-A11B-41F8-90FC-A22210504373"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/facebook/hermes/commit/5cae9f72975cf0e5a62b27fdd8b01f103e198708",
"source": "cve-assign@fb.com"
"source": "cve-assign@fb.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.facebook.com/security/advisories/cve-2023-24832",
"source": "cve-assign@fb.com"
"source": "cve-assign@fb.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-248xx/CVE-2023-24833.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-24833",
"sourceIdentifier": "cve-assign@fb.com",
"published": "2023-05-18T22:15:09.700",
"lastModified": "2023-05-19T13:00:09.947",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-26T23:27:05.690",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free in BigIntPrimitive addition in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by an attacker to leak raw data from Hermes VM\u2019s heap. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "cve-assign@fb.com",
"type": "Secondary",
@ -23,14 +56,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:facebook:hermes:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023-02-02",
"matchCriteriaId": "E0B18E12-1694-49FF-881C-4BC5A8C847D7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/facebook/hermes/commit/a6dcafe6ded8e61658b40f5699878cd19a481f80",
"source": "cve-assign@fb.com"
"source": "cve-assign@fb.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.facebook.com/security/advisories/cve-2023-24833",
"source": "cve-assign@fb.com"
"source": "cve-assign@fb.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-254xx/CVE-2023-25447.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25447",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-22T15:15:09.373",
"lastModified": "2023-05-22T16:15:51.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-26T23:34:39.147",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:inkthemes:colorway:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.2.3",
"matchCriteriaId": "7A8B7E76-D719-49B4-BF13-797F2B9AA35A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/colorway/wordpress-colorway-theme-4-2-3-csrf-leading-to-arbitrary-plugin-activation?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-254xx/CVE-2023-25448.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25448",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-22T15:15:09.460",
"lastModified": "2023-05-22T16:15:51.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-26T23:36:53.053",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:archivist_project:archivist:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.7.4",
"matchCriteriaId": "5D92AE0B-31E1-4C4E-87E3-ACEA381899B0"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/archivist-custom-archive-templates/wordpress-archivist-custom-archive-templates-plugin-1-7-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-273xx/CVE-2023-27311.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-27311",
"sourceIdentifier": "security-alert@netapp.com",
"published": "2023-05-26T22:15:14.680",
"lastModified": "2023-05-26T22:15:14.680",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "NetApp Blue XP Connector versions prior to 3.9.25 expose information via a directory listing. A new Connector architecture resolves this issue - obtaining the fix requires redeploying a fresh Connector."
}
],
"metrics": {},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230525-0001/",
"source": "security-alert@netapp.com"
}
]
}

32
CVE-2023/CVE-2023-28xx/CVE-2023-2898.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-2898",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-05-26T22:15:14.727",
"lastModified": "2023-05-26T22:15:14.727",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem."
}
],
"metrics": {},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://lore.kernel.org/linux-f2fs-devel/20230522124203.3838360-1-chao@kernel.org/",
"source": "secalert@redhat.com"
}
]
}

71
CVE-2023/CVE-2023-311xx/CVE-2023-31128.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-31128",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-26T22:15:14.797",
"lastModified": "2023-05-26T22:15:14.797",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "NextCloud Cookbook is a recipe library app. Prior to commit a46d9855 on the `master` branch and commit 489bb744 on the `main-0.9.x` branch, the `pull-checks.yml` workflow is vulnerable to command injection attacks because of using an untrusted `github.head_ref` field. The `github.head_ref` value is an attacker-controlled value. Assigning the value to `zzz\";echo${IFS}\"hello\";#` can lead to command injection. Since the permission is not restricted, the attacker has a write-access to the repository. This issue is fixed in commit a46d9855 on the `master` branch and commit 489bb744 on the `main-0.9.x` branch. There is no risk for the user of the app within the NextCloud server. This only affects the main repository and possible forks of it. Those who have forked the NextCloud Cookbook repository should make sure their forks are on the latest version to prevent code injection attacks and similar."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/cookbook/blob/a14d6ffc4d45e1447556f68606129dfd6c1505cf/.github/workflows/pull-checks.yml#L67",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nextcloud/cookbook/commit/489bb744",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nextcloud/cookbook/commit/a46d98559e2c64292da9ffb06138cccc2e50ae1b",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nextcloud/cookbook/security/advisories/GHSA-c5pc-mf2f-xq8h",
"source": "security-advisories@github.com"
},
{
"url": "https://securitylab.github.com/research/github-actions-untrusted-input/",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-323xx/CVE-2023-32307.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-32307",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-26T23:15:10.127",
"lastModified": "2023-05-26T23:15:10.127",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification.\nReferring to [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), several other potential heap-over-flow and integer-overflow in stun_parse_attr_error_code and stun_parse_attr_uint32 were found because the lack of attributes length check when Sofia-SIP handles STUN packets. The previous patch of [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54) fixed the vulnerability when attr_type did not match the enum value, but there are also vulnerabilities in the handling of other valid cases. The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. These issue have been addressed in version 1.13.15. Users are advised to upgrade."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
},
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"references": [
{
"url": "https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-rm4c-ccvf-ff9c",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-323xx/CVE-2023-32311.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32311",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-26T23:15:16.507",
"lastModified": "2023-05-26T23:15:16.507",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "CloudExplorer Lite is an open source cloud management platform. In CloudExplorer Lite prior to version 1.1.0 users organization/workspace permissions are not properly checked. This allows users to add themselves to any organization. This vulnerability has been fixed in v1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-hxjq-g9qv-pwq5",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-323xx/CVE-2023-32315.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32315",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-26T23:15:16.643",
"lastModified": "2023-05-26T23:15:16.643",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isn\u2019t available for a specific release, or isn\u2019t quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/igniterealtime/Openfire/security/advisories/GHSA-gw42-f939-fhvm",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-323xx/CVE-2023-32316.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32316",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-26T23:15:16.727",
"lastModified": "2023-05-26T23:15:16.727",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "CloudExplorer Lite is an open source cloud management tool. In affected versions users can add themselves to any organization in CloudExplorer Lite. This is due to a missing permission check on the user profile. It is recommended to upgrade the version to v1.1.0. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-cp3j-437h-4vwj",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-323xx/CVE-2023-32317.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-32317",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-26T23:15:16.950",
"lastModified": "2023-05-26T23:15:16.950",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the MOSS cheat checker functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted Tar file. Both \"Base File Tar\" and \"Additional file archive\" can be fed with Tar files that contain paths outside their target directories (e.g., `../../../../tmp/tarslipped2.sh`). When the MOSS cheat checker is started the files inside of the archives are expanded to the attacker-chosen locations. This issue may lead to arbitrary file write within the scope of the running process. This issue has been addressed in version 2.11.0. Users are advised to upgrade."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/autolab/Autolab/commit/410a9228ee265f80692334d75eb2c3b4dac6f9e5",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/autolab/Autolab/security/advisories/GHSA-h8g5-vhm4-wx6g",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-323xx/CVE-2023-32319.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-32319",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-26T23:15:17.493",
"lastModified": "2023-05-26T23:15:17.493",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud server is an open source personal cloud implementation. Missing brute-force protection on the WebDAV endpoints via the basic auth header allowed to brute-force user credentials when the provided user name was not an email address. Users from version 24.0.0 onward are affected. This issue has been addressed in releases 24.0.11, 25.0.5 and 26.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mr7q-xf62-fw54",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nextcloud/server/pull/37227",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-323xx/CVE-2023-32321.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32321",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-26T23:15:18.010",
"lastModified": "2023-05-26T23:15:18.010",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "CKAN is an open-source data management system for powering data hubs and data portals. Multiple vulnerabilities have been discovered in Ckan which may lead to remote code execution. An arbitrary file write in `resource_create` and `package_update` actions, using the `ResourceUploader` object. Also reachable via `package_create`, `package_revise`, and `package_patch` via calls to `package_update`. Remote code execution via unsafe pickle loading, via Beaker's session store when configured to use the file session store backend. Potential DOS due to lack of a length check on the resource id. Information disclosure: A user with permission to create a resource can access any other resource on the system if they know the id, even if they don't have access to it. Resource overwrite: A user with permission to create a resource can overwrite any resource if they know the id, even if they don't have access to it. A user with permissions to create or edit a dataset can upload a resource with a specially crafted id to write the uploaded file in an arbitrary location. This can be leveraged to Remote Code Execution via Beaker's insecure pickle loading. All the above listed vulnerabilities have been fixed in CKAN 2.9.9 and CKAN 2.10.1. Users are advised to upgrade. There are no known workarounds for these issues."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/ckan/ckan/security/advisories/GHSA-446m-hmmm-hm8m",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-326xx/CVE-2023-32676.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-32676",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-26T23:15:18.647",
"lastModified": "2023-05-26T23:15:18.647",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the Install assessment functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted Tar file. Using the install assessment functionality an attacker can feed a Tar file that contain files with paths pointing outside of the target directory (e.g., `../../../../tmp/tarslipped1.sh`). When the Install assessment form is submitted the files inside of the archives are expanded to the attacker-chosen locations. This issue has been addressed in version 2.11.0. Users are advised to upgrade."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/autolab/Autolab/commit/14f508484a8323eceb0cf3a128573b43eabbc80d",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/autolab/Autolab/security/advisories/GHSA-x9hj-r9q4-832c",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-331xx/CVE-2023-33199.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-33199",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-26T23:15:18.960",
"lastModified": "2023-05-26T23:15:18.960",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the `intoto/v0.0.2` type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal. This has been fixed in v1.2.0 of Rekor. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-617"
}
]
}
],
"references": [
{
"url": "https://github.com/sigstore/rekor/commit/140c5add105179e5ffd9e3e114fd1b6b93aebbd4",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/sigstore/rekor/security/advisories/GHSA-frqx-jfcm-6jjr",
"source": "security-advisories@github.com"
}
]
}

65
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-05-26T22:00:25.944471+00:00
2023-05-26T23:55:24.823761+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-05-26T21:15:21.030000+00:00
2023-05-26T23:36:53.053000+00:00
```
### Last Data Feed Release
@ -29,52 +29,41 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
216125
216140
```
### CVEs added in the last Commit
Recently added CVEs: `18`
Recently added CVEs: `15`
* [CVE-2023-33197](CVE-2023/CVE-2023-331xx/CVE-2023-33197.json) (`2023-05-26T20:15:48.600`)
* [CVE-2023-33247](CVE-2023/CVE-2023-332xx/CVE-2023-33247.json) (`2023-05-26T20:15:49.360`)
* [CVE-2023-33255](CVE-2023/CVE-2023-332xx/CVE-2023-33255.json) (`2023-05-26T20:15:49.577`)
* [CVE-2023-28319](CVE-2023/CVE-2023-283xx/CVE-2023-28319.json) (`2023-05-26T21:15:10.020`)
* [CVE-2023-28320](CVE-2023/CVE-2023-283xx/CVE-2023-28320.json) (`2023-05-26T21:15:15.937`)
* [CVE-2023-28321](CVE-2023/CVE-2023-283xx/CVE-2023-28321.json) (`2023-05-26T21:15:16.020`)
* [CVE-2023-28322](CVE-2023/CVE-2023-283xx/CVE-2023-28322.json) (`2023-05-26T21:15:16.153`)
* [CVE-2023-2825](CVE-2023/CVE-2023-28xx/CVE-2023-2825.json) (`2023-05-26T21:15:16.740`)
* [CVE-2023-2854](CVE-2023/CVE-2023-28xx/CVE-2023-2854.json) (`2023-05-26T21:15:17.643`)
* [CVE-2023-2855](CVE-2023/CVE-2023-28xx/CVE-2023-2855.json) (`2023-05-26T21:15:17.757`)
* [CVE-2023-2856](CVE-2023/CVE-2023-28xx/CVE-2023-2856.json) (`2023-05-26T21:15:17.913`)
* [CVE-2023-2857](CVE-2023/CVE-2023-28xx/CVE-2023-2857.json) (`2023-05-26T21:15:18.273`)
* [CVE-2023-2858](CVE-2023/CVE-2023-28xx/CVE-2023-2858.json) (`2023-05-26T21:15:18.633`)
* [CVE-2023-2879](CVE-2023/CVE-2023-28xx/CVE-2023-2879.json) (`2023-05-26T21:15:19.000`)
* [CVE-2023-33185](CVE-2023/CVE-2023-331xx/CVE-2023-33185.json) (`2023-05-26T21:15:20.527`)
* [CVE-2023-33187](CVE-2023/CVE-2023-331xx/CVE-2023-33187.json) (`2023-05-26T21:15:20.693`)
* [CVE-2023-33194](CVE-2023/CVE-2023-331xx/CVE-2023-33194.json) (`2023-05-26T21:15:20.890`)
* [CVE-2023-33196](CVE-2023/CVE-2023-331xx/CVE-2023-33196.json) (`2023-05-26T21:15:21.030`)
* [CVE-2023-21514](CVE-2023/CVE-2023-215xx/CVE-2023-21514.json) (`2023-05-26T22:15:14.377`)
* [CVE-2023-21515](CVE-2023/CVE-2023-215xx/CVE-2023-21515.json) (`2023-05-26T22:15:14.530`)
* [CVE-2023-21516](CVE-2023/CVE-2023-215xx/CVE-2023-21516.json) (`2023-05-26T22:15:14.610`)
* [CVE-2023-27311](CVE-2023/CVE-2023-273xx/CVE-2023-27311.json) (`2023-05-26T22:15:14.680`)
* [CVE-2023-2898](CVE-2023/CVE-2023-28xx/CVE-2023-2898.json) (`2023-05-26T22:15:14.727`)
* [CVE-2023-31128](CVE-2023/CVE-2023-311xx/CVE-2023-31128.json) (`2023-05-26T22:15:14.797`)
* [CVE-2023-32307](CVE-2023/CVE-2023-323xx/CVE-2023-32307.json) (`2023-05-26T23:15:10.127`)
* [CVE-2023-32311](CVE-2023/CVE-2023-323xx/CVE-2023-32311.json) (`2023-05-26T23:15:16.507`)
* [CVE-2023-32315](CVE-2023/CVE-2023-323xx/CVE-2023-32315.json) (`2023-05-26T23:15:16.643`)
* [CVE-2023-32316](CVE-2023/CVE-2023-323xx/CVE-2023-32316.json) (`2023-05-26T23:15:16.727`)
* [CVE-2023-32317](CVE-2023/CVE-2023-323xx/CVE-2023-32317.json) (`2023-05-26T23:15:16.950`)
* [CVE-2023-32319](CVE-2023/CVE-2023-323xx/CVE-2023-32319.json) (`2023-05-26T23:15:17.493`)
* [CVE-2023-32321](CVE-2023/CVE-2023-323xx/CVE-2023-32321.json) (`2023-05-26T23:15:18.010`)
* [CVE-2023-32676](CVE-2023/CVE-2023-326xx/CVE-2023-32676.json) (`2023-05-26T23:15:18.647`)
* [CVE-2023-33199](CVE-2023/CVE-2023-331xx/CVE-2023-33199.json) (`2023-05-26T23:15:18.960`)
### CVEs modified in the last Commit
Recently modified CVEs: `15`
Recently modified CVEs: `7`
* [CVE-2020-24736](CVE-2020/CVE-2020-247xx/CVE-2020-24736.json) (`2023-05-26T20:15:11.133`)
* [CVE-2022-4744](CVE-2022/CVE-2022-47xx/CVE-2022-4744.json) (`2023-05-26T20:15:28.007`)
* [CVE-2023-0620](CVE-2023/CVE-2023-06xx/CVE-2023-0620.json) (`2023-05-26T20:15:30.023`)
* [CVE-2023-0665](CVE-2023/CVE-2023-06xx/CVE-2023-0665.json) (`2023-05-26T20:15:31.533`)
* [CVE-2023-1670](CVE-2023/CVE-2023-16xx/CVE-2023-1670.json) (`2023-05-26T20:15:32.360`)
* [CVE-2023-20862](CVE-2023/CVE-2023-208xx/CVE-2023-20862.json) (`2023-05-26T20:15:32.853`)
* [CVE-2023-24534](CVE-2023/CVE-2023-245xx/CVE-2023-24534.json) (`2023-05-26T20:15:33.887`)
* [CVE-2023-24536](CVE-2023/CVE-2023-245xx/CVE-2023-24536.json) (`2023-05-26T20:15:35.443`)
* [CVE-2023-25000](CVE-2023/CVE-2023-250xx/CVE-2023-25000.json) (`2023-05-26T20:15:36.290`)
* [CVE-2023-26048](CVE-2023/CVE-2023-260xx/CVE-2023-26048.json) (`2023-05-26T20:15:37.117`)
* [CVE-2023-26049](CVE-2023/CVE-2023-260xx/CVE-2023-26049.json) (`2023-05-26T20:15:38.627`)
* [CVE-2023-28755](CVE-2023/CVE-2023-287xx/CVE-2023-28755.json) (`2023-05-26T20:15:39.817`)
* [CVE-2023-28756](CVE-2023/CVE-2023-287xx/CVE-2023-28756.json) (`2023-05-26T20:15:41.057`)
* [CVE-2023-29323](CVE-2023/CVE-2023-293xx/CVE-2023-29323.json) (`2023-05-26T20:15:41.603`)
* [CVE-2023-30549](CVE-2023/CVE-2023-305xx/CVE-2023-30549.json) (`2023-05-26T21:15:19.493`)
* [CVE-2022-0637](CVE-2022/CVE-2022-06xx/CVE-2022-0637.json) (`2023-05-26T22:15:10.577`)
* [CVE-2022-36326](CVE-2022/CVE-2022-363xx/CVE-2022-36326.json) (`2023-05-26T23:30:48.790`)
* [CVE-2023-24833](CVE-2023/CVE-2023-248xx/CVE-2023-24833.json) (`2023-05-26T23:27:05.690`)
* [CVE-2023-24832](CVE-2023/CVE-2023-248xx/CVE-2023-24832.json) (`2023-05-26T23:29:06.290`)
* [CVE-2023-23556](CVE-2023/CVE-2023-235xx/CVE-2023-23556.json) (`2023-05-26T23:32:28.163`)
* [CVE-2023-25447](CVE-2023/CVE-2023-254xx/CVE-2023-25447.json) (`2023-05-26T23:34:39.147`)
* [CVE-2023-25448](CVE-2023/CVE-2023-254xx/CVE-2023-25448.json) (`2023-05-26T23:36:53.053`)
## Download and Usage