admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-06-28T22:00:31.924409+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-06-28 22:00:35 +00:00
parent 8402cc7793
commit 38560afbca
65 changed files with 45431 additions and 172 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
CVE-2021/CVE-2021-258xx/CVE-2021-25827.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2021-25827",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-28T20:15:09.397",
"lastModified": "2023-06-28T20:15:09.397",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Emby Server < 4.7.12.0 is vulnerable to a login bypass attack by setting the X-Forwarded-For header to a local IP-address."
}
],
"metrics": {},
"references": [
{
"url": "https://emby.media/community/index.php?/topic/98191-emby-server-46-released/",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/EmbySupport/security/security/advisories/GHSA-fffj-6fr6-3fgf",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/MediaBrowser/Emby/issues/3784",
"source": "cve@mitre.org"
}
]
}

20
CVE-2021/CVE-2021-258xx/CVE-2021-25828.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2021-25828",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-28T20:15:09.453",
"lastModified": "2023-06-28T20:15:09.453",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Emby Server versions < 4.6.0.50 is vulnerable to Cross Site Scripting (XSS) vulnerability via a crafted GET request to /web."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MediaBrowser/Emby/issues/3785",
"source": "cve@mitre.org"
}
]
}

10885
CVE-2022/CVE-2022-275xx/CVE-2022-27539.json
View File

File diff suppressed because it is too large Load Diff

10885
CVE-2022/CVE-2022-275xx/CVE-2022-27541.json
View File

File diff suppressed because it is too large Load Diff

14
CVE-2022/CVE-2022-286xx/CVE-2022-28690.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-28690",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2022-06-02T14:15:45.550",
"lastModified": "2022-06-10T18:43:19.757",
"lastModified": "2023-06-28T20:30:32.807",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -85,8 +85,18 @@
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-824"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",

4
CVE-2022/CVE-2022-287xx/CVE-2022-28753.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-28753",
"sourceIdentifier": "security@zoom.us",
"published": "2022-08-11T15:15:12.247",
"lastModified": "2022-08-18T17:29:06.150",
"lastModified": "2023-06-28T20:31:36.900",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -65,7 +65,7 @@
"description": [
{
"lang": "en",
"value": "CWE-863"
"value": "NVD-CWE-Other"
}
]
},

4
CVE-2022/CVE-2022-287xx/CVE-2022-28754.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-28754",
"sourceIdentifier": "security@zoom.us",
"published": "2022-08-11T15:15:12.303",
"lastModified": "2022-08-18T17:28:23.337",
"lastModified": "2023-06-28T20:31:41.617",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -65,7 +65,7 @@
"description": [
{
"lang": "en",
"value": "CWE-863"
"value": "NVD-CWE-Other"
}
]
},

4
CVE-2022/CVE-2022-287xx/CVE-2022-28775.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-28775",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2022-04-11T20:15:23.740",
"lastModified": "2022-04-21T14:39:51.117",
"lastModified": "2023-06-28T20:28:03.323",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -90,7 +90,7 @@
"description": [
{
"lang": "en",
"value": "CWE-863"
"value": "NVD-CWE-Other"
}
]
},

4
CVE-2022/CVE-2022-287xx/CVE-2022-28776.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-28776",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2022-04-11T20:15:23.810",
"lastModified": "2022-04-19T14:05:05.803",
"lastModified": "2023-06-28T20:28:44.580",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -90,7 +90,7 @@
"description": [
{
"lang": "en",
"value": "CWE-863"
"value": "NVD-CWE-Other"
}
]
},

4
CVE-2022/CVE-2022-287xx/CVE-2022-28777.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-28777",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2022-04-11T20:15:23.877",
"lastModified": "2022-04-19T12:45:09.010",
"lastModified": "2023-06-28T20:29:28.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -90,7 +90,7 @@
"description": [
{
"lang": "en",
"value": "CWE-863"
"value": "NVD-CWE-Other"
}
]
},

4
CVE-2022/CVE-2022-287xx/CVE-2022-28778.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-28778",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2022-04-11T20:15:23.937",
"lastModified": "2022-04-19T12:50:04.167",
"lastModified": "2023-06-28T20:29:38.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -90,7 +90,7 @@
"description": [
{
"lang": "en",
"value": "CWE-863"
"value": "NVD-CWE-Other"
}
]
},

4
CVE-2022/CVE-2022-287xx/CVE-2022-28782.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-28782",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2022-05-03T20:15:09.177",
"lastModified": "2022-05-11T17:29:03.117",
"lastModified": "2023-06-28T20:23:51.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -90,7 +90,7 @@
"description": [
{
"lang": "en",
"value": "CWE-863"
"value": "NVD-CWE-Other"
}
]
},

21
CVE-2022/CVE-2022-28xx/CVE-2022-2845.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-2845",
"sourceIdentifier": "security@huntr.dev",
"published": "2022-08-17T15:15:07.850",
"lastModified": "2023-05-03T12:16:04.000",
"vulnStatus": "Modified",
"lastModified": "2023-06-28T20:31:49.540",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -62,8 +62,18 @@
},
"weaknesses": [
{
"source": "security@huntr.dev",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1284"
}
]
},
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -151,7 +161,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202305-16",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2022/CVE-2022-28xx/CVE-2022-2896.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-2896",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2022-08-31T21:15:08.480",
"lastModified": "2022-09-02T23:25:31.557",
"lastModified": "2023-06-28T20:35:11.943",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -65,7 +65,7 @@
"description": [
{
"lang": "en",
"value": "CWE-787"
"value": "CWE-416"
}
]
},

14
CVE-2022/CVE-2022-292xx/CVE-2022-29210.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-29210",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-05-21T00:15:11.583",
"lastModified": "2022-06-03T02:33:09.360",
"lastModified": "2023-06-28T20:26:37.830",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -85,8 +85,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",

4
CVE-2022/CVE-2022-292xx/CVE-2022-29256.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-29256",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-05-25T22:15:08.307",
"lastModified": "2022-06-07T15:28:22.820",
"lastModified": "2023-06-28T20:30:14.197",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -90,7 +90,7 @@
"description": [
{
"lang": "en",
"value": "CWE-77"
"value": "CWE-78"
}
]
},

14
CVE-2022/CVE-2022-294xx/CVE-2022-29465.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-29465",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2022-08-05T22:15:11.653",
"lastModified": "2022-08-11T13:20:25.810",
"lastModified": "2023-06-28T20:30:42.897",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -62,8 +62,18 @@
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",

14
CVE-2022/CVE-2022-294xx/CVE-2022-29488.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-29488",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2022-06-02T14:15:48.470",
"lastModified": "2022-06-11T02:24:23.150",
"lastModified": "2023-06-28T20:30:36.683",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -85,8 +85,18 @@
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-824"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",

4
CVE-2022/CVE-2022-294xx/CVE-2022-29490.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-29490",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2022-09-12T21:15:10.010",
"lastModified": "2022-10-05T13:45:56.650",
"lastModified": "2023-06-28T20:35:21.053",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -65,7 +65,7 @@
"description": [
{
"lang": "en",
"value": "CWE-863"
"value": "NVD-CWE-Other"
}
]
},

14
CVE-2022/CVE-2022-295xx/CVE-2022-29503.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-29503",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2022-09-29T17:15:28.723",
"lastModified": "2022-10-03T18:43:28.050",
"lastModified": "2023-06-28T20:35:33.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -62,8 +62,18 @@
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",

14
CVE-2022/CVE-2022-295xx/CVE-2022-29520.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-29520",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2022-10-25T17:15:51.873",
"lastModified": "2022-10-26T02:08:22.360",
"lastModified": "2023-06-28T20:35:06.567",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -62,8 +62,18 @@
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",

4
CVE-2022/CVE-2022-295xx/CVE-2022-29581.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-29581",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2022-05-17T17:15:08.357",
"lastModified": "2023-04-11T18:14:25.340",
"lastModified": "2023-06-28T20:26:25.047",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -90,7 +90,7 @@
"description": [
{
"lang": "en",
"value": "CWE-416"
"value": "NVD-CWE-Other"
}
]
},

4
CVE-2022/CVE-2022-295xx/CVE-2022-29599.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-29599",
"sourceIdentifier": "security@apache.org",
"published": "2022-05-23T11:16:10.877",
"lastModified": "2022-10-28T19:10:25.557",
"lastModified": "2023-06-28T20:27:15.100",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -70,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-77"
"value": "CWE-116"
}
]
},

14
CVE-2022/CVE-2022-298xx/CVE-2022-29816.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-29816",
"sourceIdentifier": "security@jetbrains.com",
"published": "2022-04-28T10:15:08.250",
"lastModified": "2022-05-05T15:07:40.137",
"lastModified": "2023-06-28T20:40:46.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -21,19 +21,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseScore": 3.2,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"exploitabilityScore": 1.5,
"impactScore": 1.4
},
{
@ -90,7 +90,7 @@
"description": [
{
"lang": "en",
"value": "CWE-74"
"value": "CWE-79"
}
]
},

4
CVE-2022/CVE-2022-298xx/CVE-2022-29883.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-29883",
"sourceIdentifier": "productcert@siemens.com",
"published": "2022-05-20T13:15:16.430",
"lastModified": "2022-06-02T14:06:27.687",
"lastModified": "2023-06-28T20:40:35.943",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -70,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-287"
"value": "CWE-306"
}
]
},

14
CVE-2022/CVE-2022-298xx/CVE-2022-29886.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-29886",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2022-08-05T22:15:11.720",
"lastModified": "2022-08-11T13:27:43.817",
"lastModified": "2023-06-28T20:40:22.530",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -62,8 +62,18 @@
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",

148
CVE-2022/CVE-2022-29xx/CVE-2022-2961.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-2961",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-08-29T15:15:10.810",
"lastModified": "2023-02-14T13:15:11.187",
"vulnStatus": "Modified",
"lastModified": "2023-06-28T20:34:05.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -45,7 +45,7 @@
"description": [
{
"lang": "en",
"value": "CWE-416"
"value": "CWE-362"
}
]
},
@ -62,6 +62,7 @@
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -83,6 +84,7 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -96,6 +98,141 @@
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F"
}
]
}
]
}
],
"references": [
@ -109,7 +246,10 @@
},
{
"url": "https://security.netapp.com/advisory/ntap-20230214-0004/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2022/CVE-2022-29xx/CVE-2022-2962.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-2962",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-09-13T20:15:09.640",
"lastModified": "2022-09-30T18:28:51.213",
"lastModified": "2023-06-28T20:40:49.643",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -45,7 +45,7 @@
"description": [
{
"lang": "en",
"value": "CWE-787"
"value": "CWE-662"
}
]
},

14
CVE-2022/CVE-2022-305xx/CVE-2022-30540.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-30540",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2022-06-02T14:15:53.980",
"lastModified": "2022-06-10T12:55:09.283",
"lastModified": "2023-06-28T20:40:18.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -85,8 +85,18 @@
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-824"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",

4
CVE-2022/CVE-2022-307xx/CVE-2022-30715.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-30715",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2022-06-07T18:15:12.303",
"lastModified": "2022-06-11T01:58:38.413",
"lastModified": "2023-06-28T20:37:00.590",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -90,7 +90,7 @@
"description": [
{
"lang": "en",
"value": "CWE-862"
"value": "NVD-CWE-Other"
}
]
},

4
CVE-2022/CVE-2022-307xx/CVE-2022-30730.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-30730",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2022-06-07T19:15:09.813",
"lastModified": "2022-06-14T13:51:58.327",
"lastModified": "2023-06-28T20:36:53.570",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -90,7 +90,7 @@
"description": [
{
"lang": "en",
"value": "CWE-863"
"value": "NVD-CWE-Other"
}
]
},

4
CVE-2022/CVE-2022-307xx/CVE-2022-30731.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-30731",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2022-06-07T19:15:09.867",
"lastModified": "2022-06-13T19:16:27.500",
"lastModified": "2023-06-28T20:36:29.950",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -90,7 +90,7 @@
"description": [
{
"lang": "en",
"value": "CWE-862"
"value": "NVD-CWE-Other"
}
]
},

4
CVE-2022/CVE-2022-307xx/CVE-2022-30745.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-30745",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2022-06-07T19:15:10.727",
"lastModified": "2022-06-14T15:58:06.977",
"lastModified": "2023-06-28T20:36:25.107",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -90,7 +90,7 @@
"description": [
{
"lang": "en",
"value": "CWE-863"
"value": "NVD-CWE-Other"
}
]
},

96
CVE-2022/CVE-2022-328xx/CVE-2022-32885.json
View File

@ -2,27 +2,111 @@
"id": "CVE-2022-32885",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-08T20:15:15.003",
"lastModified": "2023-06-27T23:15:09.447",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-28T20:13:21.097",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.6",
"matchCriteriaId": "5CB295E5-F980-40EC-AF3D-8D5739204C04"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.6",
"matchCriteriaId": "F5E4F87A-8003-43EB-99F7-35C82AEA4DC0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.6",
"matchCriteriaId": "B6FA9FE3-1891-405C-B191-04CAB84ADD46"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.5",
"matchCriteriaId": "F86C9DC9-3814-4254-A332-257455B6880A"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213341",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213345",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213346",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

51
CVE-2022/CVE-2022-41xx/CVE-2022-4143.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2022-4143",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-06-28T21:15:09.290",
"lastModified": "2023-06-28T21:15:09.290",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from 15.9 before 15.9.4, and from 15.10 before 15.10.1 that allows for crafted, unapproved MRs to be introduced and merged without authorization"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4143.json",
"source": "cve@gitlab.com"
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/383776",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/1767639",
"source": "cve@gitlab.com"
}
]
}

10885
CVE-2022/CVE-2022-437xx/CVE-2022-43777.json
View File

File diff suppressed because it is too large Load Diff

10885
CVE-2022/CVE-2022-437xx/CVE-2022-43778.json
View File

File diff suppressed because it is too large Load Diff

220
CVE-2023/CVE-2023-208xx/CVE-2023-20893.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20893",
"sourceIdentifier": "security@vmware.com",
"published": "2023-06-22T12:15:10.490",
"lastModified": "2023-06-22T12:51:23.447",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-28T20:54:28.657",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@vmware.com",
"type": "Secondary",
@ -34,10 +54,204 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"matchCriteriaId": "22B93342-5BD7-49A8-83E7-8B6D547F2EE5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*",
"matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*",
"matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*",
"matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*",
"matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*",
"matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*",
"matchCriteriaId": "EE486B2F-AED4-4FCE-A674-DFC25844FEFF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*",
"matchCriteriaId": "4F73AA9E-51E9-4FA0-813D-AD05FDC3EF94"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*",
"matchCriteriaId": "455DD46E-A071-476D-8914-767485E45F35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*",
"matchCriteriaId": "3A422D04-48DF-4A16-94F8-D5702CC2782D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CC974CA1-88D3-42E4-BF1F-28870F8171B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*",
"matchCriteriaId": "EFE63984-F69B-4593-9AEC-D179D6D98B08"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*",
"matchCriteriaId": "34D1F3B3-8E3F-4E4D-8EE6-2F593663B5CC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*",
"matchCriteriaId": "16F3D992-9F48-4604-9AAF-DC2D1CE98BE2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "C745A7E6-4760-48CD-B7C4-1C2C20217F21"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "A5522514-8ED9-45DB-9036-33FE40D77E7D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0014.html",
"source": "security@vmware.com"
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-215xx/CVE-2023-21512.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21512",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-06-28T21:15:09.373",
"lastModified": "2023-06-28T21:15:09.373",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-215xx/CVE-2023-21513.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21513",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-06-28T21:15:09.467",
"lastModified": "2023-06-28T21:15:09.467",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-215xx/CVE-2023-21517.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21517",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-06-28T21:15:09.557",
"lastModified": "2023-06-28T21:15:09.557",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-215xx/CVE-2023-21518.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21518",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-06-28T21:15:09.623",
"lastModified": "2023-06-28T21:15:09.623",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in SearchWidget prior to version 3.3 in China models allows untrusted applications to start arbitrary activity."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=06",
"source": "mobile.security@samsung.com"
}
]
}

51
CVE-2023/CVE-2023-22xx/CVE-2023-2232.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2023-2232",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-06-28T21:15:09.707",
"lastModified": "2023-06-28T21:15:09.707",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2232.json",
"source": "cve@gitlab.com"
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/408352",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/1934802",
"source": "cve@gitlab.com"
}
]
}

6
CVE-2023/CVE-2023-22xx/CVE-2023-2235.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2235",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-05-01T13:15:44.713",
"lastModified": "2023-06-09T08:15:10.990",
"lastModified": "2023-06-28T21:15:09.777",
"vulnStatus": "Modified",
"descriptions": [
{
@ -120,10 +120,6 @@
"tags": [
"Patch"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230609-0002/",
"source": "cve-coordination@google.com"
}
]
}

70
CVE-2023/CVE-2023-300xx/CVE-2023-30082.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-30082",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-14T20:15:09.453",
"lastModified": "2023-06-21T19:15:09.570",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-28T20:31:58.943",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A denial of service attack might be launched against the server if an unusually lengthy password (more than 10000000 characters) is supplied using the osTicket application. This can cause the website to go down or stop responding. When a long password is entered, this procedure will consume all available CPU and memory."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1284"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enhancesoft:osticket:1.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "77B993F5-E270-471F-8FE3-B8B110FBC08E"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.manavparekh.com/2023/06/cve-2023-30082.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/manavparekh/CVEs/blob/main/CVE-2023-30082/Steps%20to%20reproduce.txt",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-30xx/CVE-2023-3090.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-3090",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-06-28T20:15:09.693",
"lastModified": "2023-06-28T20:15:09.693",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if\u00a0CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e",
"source": "cve-coordination@google.com"
},
{
"url": "https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e",
"source": "cve-coordination@google.com"
}
]
}

68
CVE-2023/CVE-2023-318xx/CVE-2023-31867.json
View File

@ -2,23 +2,81 @@
"id": "CVE-2023-31867",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-22T12:15:11.920",
"lastModified": "2023-06-22T12:51:15.117",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-28T21:01:58.960",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sage:x3:12.14.0.50-0:*:*:*:*:*:*:*",
"matchCriteriaId": "E02F0A76-5C3C-4F96-B67E-E6BED5F39C57"
}
]
}
]
}
],
"references": [
{
"url": "http://sage.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/Digitemis/Advisory/blob/main/CVE-2023-31867.txt",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

44
CVE-2023/CVE-2023-31xx/CVE-2023-3138.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2023-3138",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-06-28T21:15:10.247",
"lastModified": "2023-06-28T21:15:10.247",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption."
}
],
"metrics": {},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-3138",
"source": "secalert@redhat.com"
},
{
"url": "https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.x.org/archives/xorg-announce/2023-June/003406.html",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.x.org/archives/xorg-announce/2023-June/003407.html",
"source": "secalert@redhat.com"
}
]
}

43
CVE-2023/CVE-2023-322xx/CVE-2023-32222.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-32222",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2023-06-28T21:15:09.877",
"lastModified": "2023-06-28T21:15:09.877",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "D-Link DSL-G256DG version vBZ_1.00.27 web management interface allows authentication bypass via an unspecified method."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"source": "cna@cyber.gov.il"
}
]
}

43
CVE-2023/CVE-2023-322xx/CVE-2023-32223.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-32223",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2023-06-28T21:15:09.940",
"lastModified": "2023-06-28T21:15:09.940",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "D-Link DSL-224 firmware version 3.0.10 allows post authentication command execution via an unspecified method."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"source": "cna@cyber.gov.il"
}
]
}

55
CVE-2023/CVE-2023-322xx/CVE-2023-32224.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32224",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2023-06-28T21:15:10.000",
"lastModified": "2023-06-28T21:15:10.000",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction of Excessive Authentication Attempts"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"source": "cna@cyber.gov.il"
}
]
}

59
CVE-2023/CVE-2023-32xx/CVE-2023-3243.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-3243",
"sourceIdentifier": "psirt@honeywell.com",
"published": "2023-06-28T21:15:10.310",
"lastModified": "2023-06-28T21:15:10.310",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** \n** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash\nand utilize it to create new sessions. The hash is also a poorly salted MD5\nhash, which could result in a successful brute force password attack.\u00a0Recommended fix: Upgrade to a supported product such\nas Alerton\nACM.] Out of an abundance of caution, this CVE ID is being assigned to \nbetter serve our customers and ensure all who are still running this product understand \nthat the product is end of life and should be removed or upgraded.\u00a0\n\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@honeywell.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "psirt@honeywell.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-290"
},
{
"lang": "en",
"value": "CWE-326"
}
]
}
],
"references": [
{
"url": "https://www.honeywell.com/us/en/product-security",
"source": "psirt@honeywell.com"
}
]
}

20
CVE-2023/CVE-2023-335xx/CVE-2023-33570.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-33570",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-28T20:15:09.540",
"lastModified": "2023-06-28T20:15:09.540",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI)."
}
],
"metrics": {},
"references": [
{
"url": "https://siltonrenato02.medium.com/a-brief-summary-about-a-ssti-to-rce-in-bagisto-e900ac450490",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-335xx/CVE-2023-33592.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-33592",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-28T20:15:09.593",
"lastModified": "2023-06-28T20:15:09.593",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/DARSHANAGUPTA10/CVE/blob/main/CVE-2023-33592",
"source": "cve@mitre.org"
},
{
"url": "https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html",
"source": "cve@mitre.org"
}
]
}

32
CVE-2023/CVE-2023-33xx/CVE-2023-3355.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-3355",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-06-28T21:15:10.383",
"lastModified": "2023-06-28T21:15:10.383",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference flaw was found in the Linux kernel's drivers/gpu/drm/msm/msm_gem_submit.c code in the submit_lookup_cmds function, which fails because it lacks a check of the return value of kmalloc(). This issue allows a local user to crash the system."
}
],
"metrics": {},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d839f0811a31322c087a859c2b181e2383daa7be",
"source": "secalert@redhat.com"
}
]
}

67
CVE-2023/CVE-2023-33xx/CVE-2023-3389.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-3389",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-06-28T20:15:09.773",
"lastModified": "2023-06-28T20:15:09.773",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit 4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and\u00a00e388fce7aec40992eadee654193cad345d62663 for 5.15 stable.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=4716c73b188566865bdd79c3a6709696a224ac04",
"source": "cve-coordination@google.com"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=0e388fce7aec40992eadee654193cad345d62663",
"source": "cve-coordination@google.com"
},
{
"url": "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663",
"source": "cve-coordination@google.com"
},
{
"url": "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04",
"source": "cve-coordination@google.com"
}
]
}

59
CVE-2023/CVE-2023-33xx/CVE-2023-3390.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-3390",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-06-28T21:15:10.447",
"lastModified": "2023-06-28T21:15:10.447",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit\u00a01240eb93f0616b21c675416516ff3d74798fdc97."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97",
"source": "cve-coordination@google.com"
},
{
"url": "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97",
"source": "cve-coordination@google.com"
}
]
}

73
CVE-2023/CVE-2023-344xx/CVE-2023-34449.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34449",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-14T21:15:09.790",
"lastModified": "2023-06-14T21:27:19.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-28T20:46:30.513",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,26 +70,65 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:parity:ink\\!:*:*:*:*:*:rust:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.2.1",
"matchCriteriaId": "9A457DD0-00EE-42F1-97E4-16089A57EAD5"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.rs/ink_env/4.2.0/ink_env/call/struct.CallBuilder.html#method.delegate",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://docs.rs/ink_env/4.2.0/ink_env/fn.invoke_contract_delegate.html",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/paritytech/ink/commit/f1407ee9f87e5f64d467a22d26ee88f61db7f3db",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/paritytech/ink/pull/1450",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/paritytech/ink/security/advisories/GHSA-853p-5678-hv8f",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-346xx/CVE-2023-34650.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-34650",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-28T21:15:10.067",
"lastModified": "2023-06-28T21:15:10.067",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "PHPgurukl Small CRM v.1.0 is vulnerable to Cross Site Scripting (XSS)."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ckalnarayan/Common-Vulnerabilities-and-Exposures/blob/main/CVE-2023-34650",
"source": "cve@mitre.org"
},
{
"url": "https://phpgurukul.com/small-crm-php/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-346xx/CVE-2023-34651.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-34651",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-28T21:15:10.117",
"lastModified": "2023-06-28T21:15:10.117",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "PHPgurukl Hospital Management System v.1.0 is vulnerable to Cross Site Scripting (XSS)."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ckalnarayan/Common-Vulnerabilities-and-Exposures/blob/main/CVE-2023-34651",
"source": "cve@mitre.org"
},
{
"url": "https://phpgurukul.com/hospital-management-system-in-php/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-346xx/CVE-2023-34652.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-34652",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-28T21:15:10.167",
"lastModified": "2023-06-28T21:15:10.167",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS) via Add New Course."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ckalnarayan/Common-Vulnerabilities-and-Exposures/blob/main/CVE-2023-34652",
"source": "cve@mitre.org"
},
{
"url": "https://phpgurukul.com/hostel-management-system/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-347xx/CVE-2023-34761.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-34761",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-28T20:15:09.647",
"lastModified": "2023-06-28T20:15:09.647",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated attacker within BLE proximity can remotely connect to a 7-Eleven LED Message Cup, Hello Cup 1.3.1 for Android, and bypass the application's client-side chat censor filter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/actuator/7-Eleven-Bluetooth-Smart-Cup-Jailbreak",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/actuator/cve/blob/main/CVE-2023-34761",
"source": "cve@mitre.org"
}
]
}

36
CVE-2023/CVE-2023-34xx/CVE-2023-3439.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-3439",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2023-06-28T21:15:10.517",
"lastModified": "2023-06-28T21:15:10.517",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device's relevant resource when a netcard detaches. However, a running routine may be unaware of this and cause the use-after-free of the mdev->addrs object, potentially leading to a denial of service."
}
],
"metrics": {},
"weaknesses": [
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217915",
"source": "patrick@puiterwijk.org"
},
{
"url": "https://github.com/torvalds/linux/commit/b561275d633bcd8e0e8055ab86f1a13df75a0269",
"source": "patrick@puiterwijk.org"
}
]
}

47
CVE-2023/CVE-2023-350xx/CVE-2023-35093.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35093",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-22T12:15:12.060",
"lastModified": "2023-06-22T12:51:15.117",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-28T20:56:38.603",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:stylemixthemes:masterstudy_lms:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.0.8",
"matchCriteriaId": "1ED6A6BA-84ED-4258-8D38-8F8E6163CF4F"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/masterstudy-lms-learning-management-system/wordpress-masterstudy-lms-plugin-3-0-7-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

109
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-06-28T20:00:31.860615+00:00
2023-06-28T22:00:31.924409+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-06-28T19:56:41.047000+00:00
2023-06-28T21:15:10.517000+00:00
```
### Last Data Feed Release
@ -29,69 +29,68 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
218817
218841
```
### CVEs added in the last Commit
Recently added CVEs: `78`
Recently added CVEs: `24`
* [CVE-2023-21201](CVE-2023/CVE-2023-212xx/CVE-2023-21201.json) (`2023-06-28T18:15:15.617`)
* [CVE-2023-21202](CVE-2023/CVE-2023-212xx/CVE-2023-21202.json) (`2023-06-28T18:15:15.660`)
* [CVE-2023-21203](CVE-2023/CVE-2023-212xx/CVE-2023-21203.json) (`2023-06-28T18:15:15.703`)
* [CVE-2023-21204](CVE-2023/CVE-2023-212xx/CVE-2023-21204.json) (`2023-06-28T18:15:15.743`)
* [CVE-2023-21205](CVE-2023/CVE-2023-212xx/CVE-2023-21205.json) (`2023-06-28T18:15:15.783`)
* [CVE-2023-21206](CVE-2023/CVE-2023-212xx/CVE-2023-21206.json) (`2023-06-28T18:15:15.827`)
* [CVE-2023-21207](CVE-2023/CVE-2023-212xx/CVE-2023-21207.json) (`2023-06-28T18:15:15.873`)
* [CVE-2023-21208](CVE-2023/CVE-2023-212xx/CVE-2023-21208.json) (`2023-06-28T18:15:15.913`)
* [CVE-2023-21209](CVE-2023/CVE-2023-212xx/CVE-2023-21209.json) (`2023-06-28T18:15:15.953`)
* [CVE-2023-21210](CVE-2023/CVE-2023-212xx/CVE-2023-21210.json) (`2023-06-28T18:15:15.997`)
* [CVE-2023-21211](CVE-2023/CVE-2023-212xx/CVE-2023-21211.json) (`2023-06-28T18:15:16.037`)
* [CVE-2023-21212](CVE-2023/CVE-2023-212xx/CVE-2023-21212.json) (`2023-06-28T18:15:16.080`)
* [CVE-2023-21213](CVE-2023/CVE-2023-212xx/CVE-2023-21213.json) (`2023-06-28T18:15:16.123`)
* [CVE-2023-21214](CVE-2023/CVE-2023-212xx/CVE-2023-21214.json) (`2023-06-28T18:15:16.167`)
* [CVE-2023-21219](CVE-2023/CVE-2023-212xx/CVE-2023-21219.json) (`2023-06-28T18:15:16.210`)
* [CVE-2023-21220](CVE-2023/CVE-2023-212xx/CVE-2023-21220.json) (`2023-06-28T18:15:16.250`)
* [CVE-2023-21222](CVE-2023/CVE-2023-212xx/CVE-2023-21222.json) (`2023-06-28T18:15:16.297`)
* [CVE-2023-21223](CVE-2023/CVE-2023-212xx/CVE-2023-21223.json) (`2023-06-28T18:15:16.340`)
* [CVE-2023-21224](CVE-2023/CVE-2023-212xx/CVE-2023-21224.json) (`2023-06-28T18:15:16.383`)
* [CVE-2023-21225](CVE-2023/CVE-2023-212xx/CVE-2023-21225.json) (`2023-06-28T18:15:16.427`)
* [CVE-2023-21226](CVE-2023/CVE-2023-212xx/CVE-2023-21226.json) (`2023-06-28T18:15:16.470`)
* [CVE-2023-21236](CVE-2023/CVE-2023-212xx/CVE-2023-21236.json) (`2023-06-28T18:15:16.517`)
* [CVE-2023-21237](CVE-2023/CVE-2023-212xx/CVE-2023-21237.json) (`2023-06-28T18:15:16.560`)
* [CVE-2023-3449](CVE-2023/CVE-2023-34xx/CVE-2023-3449.json) (`2023-06-28T18:15:16.607`)
* [CVE-2023-3450](CVE-2023/CVE-2023-34xx/CVE-2023-3450.json) (`2023-06-28T18:15:16.677`)
* [CVE-2021-25827](CVE-2021/CVE-2021-258xx/CVE-2021-25827.json) (`2023-06-28T20:15:09.397`)
* [CVE-2021-25828](CVE-2021/CVE-2021-258xx/CVE-2021-25828.json) (`2023-06-28T20:15:09.453`)
* [CVE-2022-4143](CVE-2022/CVE-2022-41xx/CVE-2022-4143.json) (`2023-06-28T21:15:09.290`)
* [CVE-2023-33570](CVE-2023/CVE-2023-335xx/CVE-2023-33570.json) (`2023-06-28T20:15:09.540`)
* [CVE-2023-33592](CVE-2023/CVE-2023-335xx/CVE-2023-33592.json) (`2023-06-28T20:15:09.593`)
* [CVE-2023-34761](CVE-2023/CVE-2023-347xx/CVE-2023-34761.json) (`2023-06-28T20:15:09.647`)
* [CVE-2023-3090](CVE-2023/CVE-2023-30xx/CVE-2023-3090.json) (`2023-06-28T20:15:09.693`)
* [CVE-2023-3389](CVE-2023/CVE-2023-33xx/CVE-2023-3389.json) (`2023-06-28T20:15:09.773`)
* [CVE-2023-21512](CVE-2023/CVE-2023-215xx/CVE-2023-21512.json) (`2023-06-28T21:15:09.373`)
* [CVE-2023-21513](CVE-2023/CVE-2023-215xx/CVE-2023-21513.json) (`2023-06-28T21:15:09.467`)
* [CVE-2023-21517](CVE-2023/CVE-2023-215xx/CVE-2023-21517.json) (`2023-06-28T21:15:09.557`)
* [CVE-2023-21518](CVE-2023/CVE-2023-215xx/CVE-2023-21518.json) (`2023-06-28T21:15:09.623`)
* [CVE-2023-2232](CVE-2023/CVE-2023-22xx/CVE-2023-2232.json) (`2023-06-28T21:15:09.707`)
* [CVE-2023-32222](CVE-2023/CVE-2023-322xx/CVE-2023-32222.json) (`2023-06-28T21:15:09.877`)
* [CVE-2023-32223](CVE-2023/CVE-2023-322xx/CVE-2023-32223.json) (`2023-06-28T21:15:09.940`)
* [CVE-2023-32224](CVE-2023/CVE-2023-322xx/CVE-2023-32224.json) (`2023-06-28T21:15:10.000`)
* [CVE-2023-34650](CVE-2023/CVE-2023-346xx/CVE-2023-34650.json) (`2023-06-28T21:15:10.067`)
* [CVE-2023-34651](CVE-2023/CVE-2023-346xx/CVE-2023-34651.json) (`2023-06-28T21:15:10.117`)
* [CVE-2023-34652](CVE-2023/CVE-2023-346xx/CVE-2023-34652.json) (`2023-06-28T21:15:10.167`)
* [CVE-2023-3138](CVE-2023/CVE-2023-31xx/CVE-2023-3138.json) (`2023-06-28T21:15:10.247`)
* [CVE-2023-3243](CVE-2023/CVE-2023-32xx/CVE-2023-3243.json) (`2023-06-28T21:15:10.310`)
* [CVE-2023-3355](CVE-2023/CVE-2023-33xx/CVE-2023-3355.json) (`2023-06-28T21:15:10.383`)
* [CVE-2023-3390](CVE-2023/CVE-2023-33xx/CVE-2023-3390.json) (`2023-06-28T21:15:10.447`)
* [CVE-2023-3439](CVE-2023/CVE-2023-34xx/CVE-2023-3439.json) (`2023-06-28T21:15:10.517`)
### CVEs modified in the last Commit
Recently modified CVEs: `46`
Recently modified CVEs: `40`
* [CVE-2023-20991](CVE-2023/CVE-2023-209xx/CVE-2023-20991.json) (`2023-06-28T18:15:13.057`)
* [CVE-2023-20992](CVE-2023/CVE-2023-209xx/CVE-2023-20992.json) (`2023-06-28T18:15:13.120`)
* [CVE-2023-21027](CVE-2023/CVE-2023-210xx/CVE-2023-21027.json) (`2023-06-28T18:15:13.180`)
* [CVE-2023-21031](CVE-2023/CVE-2023-210xx/CVE-2023-21031.json) (`2023-06-28T18:15:13.243`)
* [CVE-2023-32276](CVE-2023/CVE-2023-322xx/CVE-2023-32276.json) (`2023-06-28T18:18:33.447`)
* [CVE-2023-32273](CVE-2023/CVE-2023-322xx/CVE-2023-32273.json) (`2023-06-28T18:24:33.010`)
* [CVE-2023-26965](CVE-2023/CVE-2023-269xx/CVE-2023-26965.json) (`2023-06-28T18:31:25.697`)
* [CVE-2023-35852](CVE-2023/CVE-2023-358xx/CVE-2023-35852.json) (`2023-06-28T18:44:55.743`)
* [CVE-2023-35853](CVE-2023/CVE-2023-358xx/CVE-2023-35853.json) (`2023-06-28T18:45:02.593`)
* [CVE-2023-0009](CVE-2023/CVE-2023-00xx/CVE-2023-0009.json) (`2023-06-28T18:46:33.293`)
* [CVE-2023-36367](CVE-2023/CVE-2023-363xx/CVE-2023-36367.json) (`2023-06-28T18:49:20.373`)
* [CVE-2023-25435](CVE-2023/CVE-2023-254xx/CVE-2023-25435.json) (`2023-06-28T18:51:37.170`)
* [CVE-2023-2976](CVE-2023/CVE-2023-29xx/CVE-2023-2976.json) (`2023-06-28T18:56:30.560`)
* [CVE-2023-36366](CVE-2023/CVE-2023-363xx/CVE-2023-36366.json) (`2023-06-28T19:02:10.183`)
* [CVE-2023-36365](CVE-2023/CVE-2023-363xx/CVE-2023-36365.json) (`2023-06-28T19:02:23.943`)
* [CVE-2023-36364](CVE-2023/CVE-2023-363xx/CVE-2023-36364.json) (`2023-06-28T19:02:50.977`)
* [CVE-2023-2819](CVE-2023/CVE-2023-28xx/CVE-2023-2819.json) (`2023-06-28T19:10:20.890`)
* [CVE-2023-3040](CVE-2023/CVE-2023-30xx/CVE-2023-3040.json) (`2023-06-28T19:16:52.077`)
* [CVE-2023-25368](CVE-2023/CVE-2023-253xx/CVE-2023-25368.json) (`2023-06-28T19:24:19.010`)
* [CVE-2023-2820](CVE-2023/CVE-2023-28xx/CVE-2023-2820.json) (`2023-06-28T19:26:01.313`)
* [CVE-2023-27866](CVE-2023/CVE-2023-278xx/CVE-2023-27866.json) (`2023-06-28T19:27:43.520`)
* [CVE-2023-2625](CVE-2023/CVE-2023-26xx/CVE-2023-2625.json) (`2023-06-28T19:27:43.520`)
* [CVE-2023-25369](CVE-2023/CVE-2023-253xx/CVE-2023-25369.json) (`2023-06-28T19:29:18.020`)
* [CVE-2023-26062](CVE-2023/CVE-2023-260xx/CVE-2023-26062.json) (`2023-06-28T19:35:18.573`)
* [CVE-2023-34927](CVE-2023/CVE-2023-349xx/CVE-2023-34927.json) (`2023-06-28T19:56:41.047`)
* [CVE-2022-29488](CVE-2022/CVE-2022-294xx/CVE-2022-29488.json) (`2023-06-28T20:30:36.683`)
* [CVE-2022-29465](CVE-2022/CVE-2022-294xx/CVE-2022-29465.json) (`2023-06-28T20:30:42.897`)
* [CVE-2022-28753](CVE-2022/CVE-2022-287xx/CVE-2022-28753.json) (`2023-06-28T20:31:36.900`)
* [CVE-2022-28754](CVE-2022/CVE-2022-287xx/CVE-2022-28754.json) (`2023-06-28T20:31:41.617`)
* [CVE-2022-2845](CVE-2022/CVE-2022-28xx/CVE-2022-2845.json) (`2023-06-28T20:31:49.540`)
* [CVE-2022-2961](CVE-2022/CVE-2022-29xx/CVE-2022-2961.json) (`2023-06-28T20:34:05.737`)
* [CVE-2022-29520](CVE-2022/CVE-2022-295xx/CVE-2022-29520.json) (`2023-06-28T20:35:06.567`)
* [CVE-2022-2896](CVE-2022/CVE-2022-28xx/CVE-2022-2896.json) (`2023-06-28T20:35:11.943`)
* [CVE-2022-29490](CVE-2022/CVE-2022-294xx/CVE-2022-29490.json) (`2023-06-28T20:35:21.053`)
* [CVE-2022-29503](CVE-2022/CVE-2022-295xx/CVE-2022-29503.json) (`2023-06-28T20:35:33.727`)
* [CVE-2022-30745](CVE-2022/CVE-2022-307xx/CVE-2022-30745.json) (`2023-06-28T20:36:25.107`)
* [CVE-2022-30731](CVE-2022/CVE-2022-307xx/CVE-2022-30731.json) (`2023-06-28T20:36:29.950`)
* [CVE-2022-30730](CVE-2022/CVE-2022-307xx/CVE-2022-30730.json) (`2023-06-28T20:36:53.570`)
* [CVE-2022-30715](CVE-2022/CVE-2022-307xx/CVE-2022-30715.json) (`2023-06-28T20:37:00.590`)
* [CVE-2022-30540](CVE-2022/CVE-2022-305xx/CVE-2022-30540.json) (`2023-06-28T20:40:18.737`)
* [CVE-2022-29886](CVE-2022/CVE-2022-298xx/CVE-2022-29886.json) (`2023-06-28T20:40:22.530`)
* [CVE-2022-29883](CVE-2022/CVE-2022-298xx/CVE-2022-29883.json) (`2023-06-28T20:40:35.943`)
* [CVE-2022-29816](CVE-2022/CVE-2022-298xx/CVE-2022-29816.json) (`2023-06-28T20:40:46.247`)
* [CVE-2022-2962](CVE-2022/CVE-2022-29xx/CVE-2022-2962.json) (`2023-06-28T20:40:49.643`)
* [CVE-2023-30082](CVE-2023/CVE-2023-300xx/CVE-2023-30082.json) (`2023-06-28T20:31:58.943`)
* [CVE-2023-34449](CVE-2023/CVE-2023-344xx/CVE-2023-34449.json) (`2023-06-28T20:46:30.513`)
* [CVE-2023-20893](CVE-2023/CVE-2023-208xx/CVE-2023-20893.json) (`2023-06-28T20:54:28.657`)
* [CVE-2023-35093](CVE-2023/CVE-2023-350xx/CVE-2023-35093.json) (`2023-06-28T20:56:38.603`)
* [CVE-2023-31867](CVE-2023/CVE-2023-318xx/CVE-2023-31867.json) (`2023-06-28T21:01:58.960`)
* [CVE-2023-2235](CVE-2023/CVE-2023-22xx/CVE-2023-2235.json) (`2023-06-28T21:15:09.777`)
## Download and Usage