admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-27T02:00:30.631682+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-05-27 02:00:34 +00:00
parent 34e8d5a621
commit 36a658da1e
14 changed files with 945 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

173
CVE-2022/CVE-2022-466xx/CVE-2022-46680.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-46680",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2023-05-22T14:15:09.433",
"lastModified": "2023-05-22T16:15:51.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-27T00:54:48.257",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cybersecurity@se.com",
"type": "Secondary",
@ -46,10 +66,153 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-129-03.pdf",
"source": "cybersecurity@se.com"
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:schneider-electric:powerlogic_ion9000_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.0.0",
"matchCriteriaId": "50C920E5-0F21-4DBB-9D0E-424F8C1A9B85"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:schneider-electric:powerlogic_ion9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6718EAAA-074D-4807-AC2D-DD0A06D397FB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:schneider-electric:powerlogic_ion7400_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.0.0",
"matchCriteriaId": "E43DFCA4-7ED0-4E61-872A-ECD08659A52B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:schneider-electric:powerlogic_ion7400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F28EAA-FC60-4CE0-BD39-DFD3EB88E195"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:schneider-electric:powerlogic_pm8000_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.0.0",
"matchCriteriaId": "4A560510-3A07-4EBB-8E2D-E473EE9B59C9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:schneider-electric:powerlogic_pm8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B16A7BEC-1BED-4A61-A6C9-BF7DB13B998C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:schneider-electric:powerlogic_ion8650_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFB1251-11AE-4A77-AB68-26D6B58C8F33"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:schneider-electric:powerlogic_ion8650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC3A306-D4F4-4C2A-9D60-DD8F0826AEEC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:schneider-electric:powerlogic_ion8800_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1F09F7B-3FFE-4F3A-B79B-3C6B3B718501"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:schneider-electric:powerlogic_ion8800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46E8E79E-6DA7-4094-9622-3B91D5913493"
}
]
}
]
}
],
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-129-03.pdf",
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-237xx/CVE-2023-23759.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-23759",
"sourceIdentifier": "cve-assign@fb.com",
"published": "2023-05-18T22:15:09.597",
"lastModified": "2023-05-19T13:00:09.947",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-27T00:59:33.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely. This behavior requires the client supported cipher advertisement changing between the original ClientHello and the second ClientHello, crashing the process (impact is limited to denial of service)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-617"
}
]
},
{
"source": "cve-assign@fb.com",
"type": "Secondary",
@ -23,14 +56,39 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/facebookincubator/fizz/commit/8d3649841597bedfb6986c30431ebad0eb215265",
"source": "cve-assign@fb.com"
},
"nodes": [
{
"url": "https://www.facebook.com/security/advisories/cve-2023-23759",
"source": "cve-assign@fb.com"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:facebook:fizz:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.01.30.00",
"matchCriteriaId": "A867776B-F2FD-4862-9D5F-DFEC19C29DB5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/facebookincubator/fizz/commit/8d3649841597bedfb6986c30431ebad0eb215265",
"source": "cve-assign@fb.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.facebook.com/security/advisories/cve-2023-23759",
"source": "cve-assign@fb.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-238xx/CVE-2023-23830.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-23830",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-03T16:15:09.717",
"lastModified": "2023-05-08T13:41:15.720",
"lastModified": "2023-05-27T01:51:18.730",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -75,9 +75,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:profilepress:profilepress:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:properfraction:profilepress:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.5.5",
"matchCriteriaId": "B2F5B21D-51F6-49A3-B52A-0B55EC4F87DB"
"matchCriteriaId": "14380D47-A6B3-4466-93DD-7802DF3B3881"
}
]
}

76
CVE-2023/CVE-2023-270xx/CVE-2023-27066.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-27066",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-22T17:15:09.347",
"lastModified": "2023-05-23T13:04:43.693",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-27T01:34:58.670",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability in Site Core Experience Platform 10.2 and earlier allows authenticated remote attackers to download arbitrary files via Urlhandle."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://blogs.night-wolf.io/0-day-vulnerabilities-at-sitecore-pagedesigner",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/103/Sitecore%20Experience%20Platform%20103/Release%20Notes",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.2",
"matchCriteriaId": "6B81DCF5-B6B4-48CF-9081-A5F148936AAF"
}
]
}
]
}
],
"references": [
{
"url": "https://blogs.night-wolf.io/0-day-vulnerabilities-at-sitecore-pagedesigner",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/103/Sitecore%20Experience%20Platform%20103/Release%20Notes",
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

76
CVE-2023/CVE-2023-270xx/CVE-2023-27067.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-27067",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-22T19:15:09.960",
"lastModified": "2023-05-23T13:04:43.693",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-27T01:43:42.960",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability in Sitecore Experience Platform through 10.2 allows remote attackers to download arbitrary files via crafted command to download.aspx"
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://blogs.night-wolf.io/0-day-vulnerabilities-at-sitecore-pagedesigner",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/103/Sitecore%20Experience%20Platform%20103/Release%20Notes",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.2",
"matchCriteriaId": "6B81DCF5-B6B4-48CF-9081-A5F148936AAF"
}
]
}
]
}
],
"references": [
{
"url": "https://blogs.night-wolf.io/0-day-vulnerabilities-at-sitecore-pagedesigner",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/103/Sitecore%20Experience%20Platform%20103/Release%20Notes",
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

83
CVE-2023/CVE-2023-27xx/CVE-2023-2790.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2790",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-18T13:15:09.603",
"lastModified": "2023-05-18T18:04:44.523",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-27T01:14:11.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,59 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://drive.google.com/file/d/1RITXRvKele5aW42YFk0JeQHCq2B63lUj/view?usp=share_link",
"source": "cna@vuldb.com"
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:n200re_firmware:9.3.5u.6255_b20211224:*:*:*:*:*:*:*",
"matchCriteriaId": "7E5F585D-F142-4DBF-B375-E4FBCD8807C5"
}
]
},
{
"url": "https://vuldb.com/?ctiid.229374",
"source": "cna@vuldb.com"
},
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"url": "https://vuldb.com/?id.229374",
"source": "cna@vuldb.com"
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:n200re:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF7FF59-DB13-4FEA-A81C-124048BF1676"
}
]
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1RITXRvKele5aW42YFk0JeQHCq2B63lUj/view?usp=share_link",
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.229374",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.229374",
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

138
CVE-2023/CVE-2023-283xx/CVE-2023-28386.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28386",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-05-22T20:15:10.250",
"lastModified": "2023-05-23T13:04:43.693",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-27T01:59:16.440",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -36,7 +56,7 @@
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,16 +64,118 @@
"value": "CWE-345"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
}
],
"references": [
"configurations": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01",
"source": "ics-cert@hq.dhs.gov"
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:snapone:orvc:*:*:*:*:*:pro:*:*",
"versionEndExcluding": "7.3.0",
"matchCriteriaId": "415E3C3D-6B2F-4095-B7F1-E3F777E01172"
}
]
},
{
"url": "https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf",
"source": "ics-cert@hq.dhs.gov"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:control4:ca-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "910274AB-35AF-428C-84D7-36774DEB59D8"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:control4:ca-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "852189C9-7720-468D-BCE0-28DFC051AEDC"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:control4:ea-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C61FA2AE-A962-4D60-BBCF-751FDB5215B9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:control4:ea-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6310809-0890-4113-837C-0074706B4E6B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:control4:ea-5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7ADAAF7-9B0B-4002-8158-FC6B0EAB6055"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:snapone:an-110-rt-2l1w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B50505-B496-4172-813E-CA174EE2D4DF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:snapone:an-110-rt-2l1w-wifi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04744281-B935-4272-8582-85C6162881F8"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:snapone:an-310-rt-4l2w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCD83E46-F84F-49F8-9601-ABC03292E0F6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:snapone:ovrc-300-pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5B44DFB-CC8D-4342-907B-D34F9EAB5CEB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:snapone:pakedge_rk-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2982D38-80BF-4041-9F59-D26C152D24D9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:snapone:pakedge_rt-3100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "061055F0-D742-4227-ADC2-1793979F9463"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:snapone:pakedge_wr-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF7BD251-BB2F-4C49-8B1E-8EB26580DFDB"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01",
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf",
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Release Notes"
]
}
]
}

77
CVE-2023/CVE-2023-284xx/CVE-2023-28467.json
View File

@ -2,23 +2,84 @@
"id": "CVE-2023-28467",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-22T19:15:10.017",
"lastModified": "2023-05-23T13:04:43.693",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-27T01:49:32.293",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In MyBB before 1.8.34, there is XSS in the User CP module via the user email field."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/mybb/mybb/security/advisories/GHSA-3q8x-9fh2-v646",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"url": "https://mybb.com",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.8.34",
"matchCriteriaId": "D7F6C2C7-3E6F-4861-B774-EAA1912EDA23"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/mybb/mybb/security/advisories/GHSA-3q8x-9fh2-v646",
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Third Party Advisory"
]
},
{
"url": "https://mybb.com",
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

95
CVE-2023/CVE-2023-287xx/CVE-2023-28709.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-28709",
"sourceIdentifier": "security@apache.org",
"published": "2023-05-22T11:15:09.423",
"lastModified": "2023-05-22T15:15:09.530",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-27T00:46:23.903",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount\u00a0could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters\u00a0in the query string, the limit for uploaded request parts could be\u00a0bypassed with the potential for a denial of service to occur.\n\n\n\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
@ -23,14 +46,70 @@
]
}
],
"references": [
"configurations": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/05/22/1",
"source": "security@apache.org"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.5.85",
"versionEndIncluding": "8.5.87",
"matchCriteriaId": "7280B285-9594-4E06-BDAF-AF7731FAEC5B"
},
{
"url": "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j",
"source": "security@apache.org"
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.71",
"versionEndIncluding": "9.0.73",
"matchCriteriaId": "47B26F88-1764-45E5-A053-BF5B848074AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.1.5",
"versionEndIncluding": "10.1.7",
"matchCriteriaId": "CC9BAE63-AF35-4BB3-900C-C56653716362"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "2AAD52CE-94F5-4F98-A027-9A7E68818CB6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*",
"matchCriteriaId": "F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*",
"matchCriteriaId": "03A171AF-2EC8-4422-912C-547CDB58CAAA"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/05/22/1",
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j",
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-310xx/CVE-2023-31058.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-31058",
"sourceIdentifier": "security@apache.org",
"published": "2023-05-22T13:15:09.843",
"lastModified": "2023-05-22T16:15:09.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-27T00:48:58.773",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the\n'autoDeserialize' option filtering by adding\u00a0blanks. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick\u00a0\n\n https://github.com/apache/inlong/pull/7674 https://github.com/apache/inlong/pull/7674 to solve it.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
@ -23,10 +46,32 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://lists.apache.org/thread/bkcgbn9l61croxfyspf7xd42qb189s3z",
"source": "security@apache.org"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:inlong:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.4.0",
"versionEndIncluding": "1.6.0",
"matchCriteriaId": "4A7AAC7B-2146-46D9-8FD9-DA2B5903BB6E"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/bkcgbn9l61croxfyspf7xd42qb189s3z",
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-314xx/CVE-2023-31453.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-31453",
"sourceIdentifier": "security@apache.org",
"published": "2023-05-22T14:15:09.643",
"lastModified": "2023-05-22T16:15:51.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-27T01:20:20.410",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The\u00a0attacker can delete others' subscriptions, even if they are not the owner\nof the deleted subscription.\u00a0Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.\n\n[1] \n\n https://github.com/apache/inlong/pull/7949 https://github.com/apache/inlong/pull/7949 \n\n\n\n\n\n\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
@ -23,10 +46,33 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://lists.apache.org/thread/9nz8o2skgc5230w276h4w92j0zstnl06",
"source": "security@apache.org"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:inlong:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.2.0",
"versionEndIncluding": "1.6.0",
"matchCriteriaId": "F5885ADE-6494-4EB2-BCCA-27499935E80C"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/9nz8o2skgc5230w276h4w92j0zstnl06",
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-314xx/CVE-2023-31454.json
View File

@ -2,18 +2,41 @@
"id": "CVE-2023-31454",
"sourceIdentifier": "security@apache.org",
"published": "2023-05-22T14:15:09.697",
"lastModified": "2023-05-22T16:15:51.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-27T01:26:39.903",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0.\u00a0\n\nThe attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.[1]\n\n https://github.com/apache/inlong/pull/7947 https://github.com/apache/inlong/pull/7947 \n\n\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -21,12 +44,45 @@
"value": "CWE-732"
}
]
},
{
"source": "security@apache.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"references": [
"configurations": [
{
"url": "https://lists.apache.org/thread/nqt1tr6pbq8q4b033d7sg5gltx5pmjgl",
"source": "security@apache.org"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:inlong:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.2.0",
"versionEndIncluding": "1.6.0",
"matchCriteriaId": "F5885ADE-6494-4EB2-BCCA-27499935E80C"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/nqt1tr6pbq8q4b033d7sg5gltx5pmjgl",
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-323xx/CVE-2023-32325.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-32325",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-27T00:15:09.600",
"lastModified": "2023-05-27T00:15:09.600",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "PostHog-js is a library to interface with the PostHog analytics tool. Versions prior to 1.57.2 have the potential for cross-site scripting. Problem has been patched in 1.57.2. Users are advised to upgrade. Users unable to upgrade should ensure that their Content Security Policy is in place."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/PostHog/posthog-js/commit/67e07eb8bb271a3a6f4aa251382e4d25abb385a0",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/PostHog/posthog-js/security/advisories/GHSA-8775-5hwv-wr6v",
"source": "security-advisories@github.com"
}
]
}

47
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-05-26T23:55:24.823761+00:00
2023-05-27T02:00:30.631682+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-05-26T23:36:53.053000+00:00
2023-05-27T01:59:16.440000+00:00
```
### Last Data Feed Release
@ -23,47 +23,38 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2023-05-26T00:00:13.554083+00:00
2023-05-27T00:00:13.547927+00:00
```
### Total Number of included CVEs
```plain
216140
216141
```
### CVEs added in the last Commit
Recently added CVEs: `15`
Recently added CVEs: `1`
* [CVE-2023-21514](CVE-2023/CVE-2023-215xx/CVE-2023-21514.json) (`2023-05-26T22:15:14.377`)
* [CVE-2023-21515](CVE-2023/CVE-2023-215xx/CVE-2023-21515.json) (`2023-05-26T22:15:14.530`)
* [CVE-2023-21516](CVE-2023/CVE-2023-215xx/CVE-2023-21516.json) (`2023-05-26T22:15:14.610`)
* [CVE-2023-27311](CVE-2023/CVE-2023-273xx/CVE-2023-27311.json) (`2023-05-26T22:15:14.680`)
* [CVE-2023-2898](CVE-2023/CVE-2023-28xx/CVE-2023-2898.json) (`2023-05-26T22:15:14.727`)
* [CVE-2023-31128](CVE-2023/CVE-2023-311xx/CVE-2023-31128.json) (`2023-05-26T22:15:14.797`)
* [CVE-2023-32307](CVE-2023/CVE-2023-323xx/CVE-2023-32307.json) (`2023-05-26T23:15:10.127`)
* [CVE-2023-32311](CVE-2023/CVE-2023-323xx/CVE-2023-32311.json) (`2023-05-26T23:15:16.507`)
* [CVE-2023-32315](CVE-2023/CVE-2023-323xx/CVE-2023-32315.json) (`2023-05-26T23:15:16.643`)
* [CVE-2023-32316](CVE-2023/CVE-2023-323xx/CVE-2023-32316.json) (`2023-05-26T23:15:16.727`)
* [CVE-2023-32317](CVE-2023/CVE-2023-323xx/CVE-2023-32317.json) (`2023-05-26T23:15:16.950`)
* [CVE-2023-32319](CVE-2023/CVE-2023-323xx/CVE-2023-32319.json) (`2023-05-26T23:15:17.493`)
* [CVE-2023-32321](CVE-2023/CVE-2023-323xx/CVE-2023-32321.json) (`2023-05-26T23:15:18.010`)
* [CVE-2023-32676](CVE-2023/CVE-2023-326xx/CVE-2023-32676.json) (`2023-05-26T23:15:18.647`)
* [CVE-2023-33199](CVE-2023/CVE-2023-331xx/CVE-2023-33199.json) (`2023-05-26T23:15:18.960`)
* [CVE-2023-32325](CVE-2023/CVE-2023-323xx/CVE-2023-32325.json) (`2023-05-27T00:15:09.600`)
### CVEs modified in the last Commit
Recently modified CVEs: `7`
Recently modified CVEs: `12`
* [CVE-2022-0637](CVE-2022/CVE-2022-06xx/CVE-2022-0637.json) (`2023-05-26T22:15:10.577`)
* [CVE-2022-36326](CVE-2022/CVE-2022-363xx/CVE-2022-36326.json) (`2023-05-26T23:30:48.790`)
* [CVE-2023-24833](CVE-2023/CVE-2023-248xx/CVE-2023-24833.json) (`2023-05-26T23:27:05.690`)
* [CVE-2023-24832](CVE-2023/CVE-2023-248xx/CVE-2023-24832.json) (`2023-05-26T23:29:06.290`)
* [CVE-2023-23556](CVE-2023/CVE-2023-235xx/CVE-2023-23556.json) (`2023-05-26T23:32:28.163`)
* [CVE-2023-25447](CVE-2023/CVE-2023-254xx/CVE-2023-25447.json) (`2023-05-26T23:34:39.147`)
* [CVE-2023-25448](CVE-2023/CVE-2023-254xx/CVE-2023-25448.json) (`2023-05-26T23:36:53.053`)
* [CVE-2022-46680](CVE-2022/CVE-2022-466xx/CVE-2022-46680.json) (`2023-05-27T00:54:48.257`)
* [CVE-2023-28709](CVE-2023/CVE-2023-287xx/CVE-2023-28709.json) (`2023-05-27T00:46:23.903`)
* [CVE-2023-31058](CVE-2023/CVE-2023-310xx/CVE-2023-31058.json) (`2023-05-27T00:48:58.773`)
* [CVE-2023-23759](CVE-2023/CVE-2023-237xx/CVE-2023-23759.json) (`2023-05-27T00:59:33.827`)
* [CVE-2023-2790](CVE-2023/CVE-2023-27xx/CVE-2023-2790.json) (`2023-05-27T01:14:11.647`)
* [CVE-2023-31453](CVE-2023/CVE-2023-314xx/CVE-2023-31453.json) (`2023-05-27T01:20:20.410`)
* [CVE-2023-31454](CVE-2023/CVE-2023-314xx/CVE-2023-31454.json) (`2023-05-27T01:26:39.903`)
* [CVE-2023-27066](CVE-2023/CVE-2023-270xx/CVE-2023-27066.json) (`2023-05-27T01:34:58.670`)
* [CVE-2023-27067](CVE-2023/CVE-2023-270xx/CVE-2023-27067.json) (`2023-05-27T01:43:42.960`)
* [CVE-2023-28467](CVE-2023/CVE-2023-284xx/CVE-2023-28467.json) (`2023-05-27T01:49:32.293`)
* [CVE-2023-23830](CVE-2023/CVE-2023-238xx/CVE-2023-23830.json) (`2023-05-27T01:51:18.730`)
* [CVE-2023-28386](CVE-2023/CVE-2023-283xx/CVE-2023-28386.json) (`2023-05-27T01:59:16.440`)
## Download and Usage