admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 11:07:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-23T20:00:29.583424+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-05-23 20:00:33 +00:00
parent 4089f484e0
commit 38c550563a
34 changed files with 1957 additions and 147 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
CVE-2020/CVE-2020-133xx/CVE-2020-13378.json Normal file
View File

@ -0,0 +1,84 @@
{
"id": "CVE-2020-13378",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-12T01:15:09.023",
"lastModified": "2023-05-23T19:14:56.263",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Loadbalancer.org Enterprise VA MAX through 8.3.8 has an OS Command Injection vulnerability that allows a remote authenticated attacker to execute arbitrary code."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:loadbalancer:enterprise_va_max:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.3.8",
"matchCriteriaId": "717820F5-BC57-4D5B-88A3-20381974868D"
}
]
}
]
}
],
"references": [
{
"url": "https://inf0seq.github.io/cve/2020/04/21/OS.html",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.loadbalancer.org/products/virtual/enterprise-va-max/",
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

59
CVE-2022/CVE-2022-466xx/CVE-2022-46645.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-46645",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:26.070",
"lastModified": "2023-05-10T14:38:37.273",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-23T18:57:46.280",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -34,10 +54,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:smart_campus:*:*:*:*:*:android:*:*",
"versionEndExcluding": "9.9",
"matchCriteriaId": "2E0AEA33-87D8-44FD-9465-FA895289CF86"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00815.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-15xx/CVE-2023-1596.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-1596",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-15T13:15:10.410",
"lastModified": "2023-05-15T13:26:09.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-23T18:46:32.037",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The tagDiv Composer WordPress plugin before 4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tagdiv:composer:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.0",
"matchCriteriaId": "D5317DA3-5594-4529-9DA2-190D3B9E3A77"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/cada9be9-522a-4ce8-847d-c8fff2ddcc07",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit"
]
}
]
}

52
CVE-2023/CVE-2023-18xx/CVE-2023-1835.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-1835",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-15T13:15:10.463",
"lastModified": "2023-05-15T13:26:09.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-23T18:45:51.570",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ninjaforms:ninja_forms:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.6.22",
"matchCriteriaId": "A483DE71-11CB-429C-997D-9476653F86C3"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/b5fc223c-5ec0-44b2-b2f6-b35f9942d341",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit"
]
}
]
}

55
CVE-2023/CVE-2023-18xx/CVE-2023-1837.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-1837",
"sourceIdentifier": "security@hypr.com",
"published": "2023-05-23T19:15:09.237",
"lastModified": "2023-05-23T19:15:09.237",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 (with enabled Legacy APIs)\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@hypr.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@hypr.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://www.hypr.com/security-advisories",
"source": "security@hypr.com"
}
]
}

52
CVE-2023/CVE-2023-18xx/CVE-2023-1839.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-1839",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-15T13:15:10.537",
"lastModified": "2023-05-15T13:26:09.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-23T18:43:27.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.6 does not sanitize and escape some of its setting fields, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themeisle:product_addons_\\&_fields_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "32.0.6",
"matchCriteriaId": "7CD67960-A445-4637-BEB0-4A6E7B15A2A9"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/fddc5a1c-f267-4ef4-8acf-731dbecac450",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit"
]
}
]
}

52
CVE-2023/CVE-2023-18xx/CVE-2023-1890.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-1890",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-15T13:15:10.593",
"lastModified": "2023-05-15T13:26:09.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-23T18:42:50.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Tablesome WordPress plugin before 1.0.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pauple:tablesome:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.0.9",
"matchCriteriaId": "07B0D10A-D0CF-4FCF-B4A9-FFA4A54BF01A"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/8ef64490-30cd-4e07-9b7c-64f551944f3d",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit"
]
}
]
}

52
CVE-2023/CVE-2023-19xx/CVE-2023-1915.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-1915",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-15T13:15:10.650",
"lastModified": "2023-05-15T13:26:09.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-23T18:40:29.990",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Thumbnail carousel slider WordPress plugin before 1.1.10 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting vulnerability which could be used against high privilege users such as admin."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:i13websolution:thumbnail_carousel_slider:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.1.10",
"matchCriteriaId": "4B506064-E839-4713-B823-FB00246C1F81"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/0487c3f6-1a3c-4089-a614-15138f52f69b",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit"
]
}
]
}

64
CVE-2023/CVE-2023-20xx/CVE-2023-2009.json
View File

@ -2,18 +2,41 @@
"id": "CVE-2023-2009",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-15T13:15:10.817",
"lastModified": "2023-05-15T13:26:09.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-23T18:21:56.943",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin through 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -21,12 +44,43 @@
"value": "CWE-79"
}
]
},
{
"source": "contact@wpscan.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pretty_url_project:pretty_url:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.5.4",
"matchCriteriaId": "8C96DB7B-1B32-470E-8C8F-A89EEE7BCC81"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/f7988a18-ba9d-4ead-82c8-30ea8223846f",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit"
]
}
]
}

52
CVE-2023/CVE-2023-21xx/CVE-2023-2179.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-2179",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-15T13:15:10.870",
"lastModified": "2023-05-15T13:26:09.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-23T18:18:59.863",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WooCommerce Order Status Change Notifier WordPress plugin through 1.1.0 does not have authorisation and CSRF when updating status orders via an AJAX action available to any authenticated users, which could allow low privilege users such as subscriber to update arbitrary order status, making them paid without actually paying for them for example"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -27,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:woocommerce:woocommerce_order_status_change_notifier:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.1.0",
"matchCriteriaId": "186BCFC3-4AF0-425B-B316-F61CCA234DC9"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/fbc56973-4225-4f44-8c38-d488e57cd551",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit"
]
}
]
}

52
CVE-2023/CVE-2023-21xx/CVE-2023-2180.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-2180",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-15T13:15:10.927",
"lastModified": "2023-05-15T13:26:09.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-23T18:17:01.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrary files, as well as perform PHAR unserialization (assuming they can upload a file on the server)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kiwiz_invoices_certification_\\&_pdf_system_project:kiwiz_invoices_certification_\\&_pdf_system:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.1.3",
"matchCriteriaId": "DEBDBB94-3761-4715-995B-AF35218C7C29"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/4d3b90d8-8a6d-4b72-8bc7-21f861259a1b",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit"
]
}
]
}

73
CVE-2023/CVE-2023-231xx/CVE-2023-23169.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-23169",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-12T11:15:12.727",
"lastModified": "2023-05-12T14:21:57.583",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-23T19:59:08.250",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Synapsoft pdfocus 1.17 is vulnerable to local file inclusion and server-side request forgery Directory Traversal."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:synapsoft:pdfocus:1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C3AE4174-95B8-4691-BC56-9C3A50B5A9A8"
}
]
}
]
}
],
"references": [
{
"url": "http://support.synapsoft.co.kr:50000/skin/try_pdfocus/index.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/S4nshine/CVE-2023-23169",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-236xx/CVE-2023-23657.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23657",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-16T10:15:09.350",
"lastModified": "2023-05-16T10:46:36.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-23T18:54:10.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webfwd:mail_subscribe_list:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.1.9",
"matchCriteriaId": "5259437D-A521-4286-B1E0-D3D59673211F"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mail-subscribe-list/wordpress-mail-subscribe-list-plugin-2-1-9-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-236xx/CVE-2023-23673.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23673",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-16T09:15:09.313",
"lastModified": "2023-05-16T10:46:36.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-23T18:55:45.033",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themeist:i_recommend_this:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.8.3",
"matchCriteriaId": "86E6E7CD-0414-4E22-8A81-EDFAAB307F54"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/i-recommend-this/wordpress-i-recommend-this-plugin-3-8-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-236xx/CVE-2023-23676.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23676",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-16T09:15:09.720",
"lastModified": "2023-05-16T10:46:36.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-23T18:54:45.910",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:file_gallery_project:file_gallery:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.8.5.4",
"matchCriteriaId": "FF250CA4-7840-4427-A8D8-417D173A9237"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/file-gallery/wordpress-file-gallery-plugin-1-8-5-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-236xx/CVE-2023-23682.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23682",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-15T13:15:10.707",
"lastModified": "2023-05-15T13:26:09.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-23T18:39:41.410",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:duplicator:ezp_maintenance_mode:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.1",
"matchCriteriaId": "042D76F9-A67E-491B-9347-9EA9E9F566B8"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/easy-pie-maintenance-mode/wordpress-ezp-maintenance-mode-plugin-1-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Exploit"
]
}
]
}

47
CVE-2023/CVE-2023-237xx/CVE-2023-23703.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23703",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-16T10:15:09.407",
"lastModified": "2023-05-16T10:46:36.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-23T18:53:27.673",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tychesoftwares:arconix_shortcodes:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.1.7",
"matchCriteriaId": "EB998F36-4C3B-4D6F-AC0F-A4B1FCE1B0FD"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/arconix-shortcodes/wordpress-arconix-shortcodes-plugin-2-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-237xx/CVE-2023-23709.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23709",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-16T10:15:09.467",
"lastModified": "2023-05-16T10:46:36.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-23T18:53:01.447",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpjam_basic_project:wpjam_basic:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "6.2.1.1",
"matchCriteriaId": "A99B3ACB-1D56-4F8B-85DF-F8C99938F06A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wpjam-basic/wordpress-wpjam-basic-plugin-6-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-237xx/CVE-2023-23720.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23720",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-16T10:15:09.530",
"lastModified": "2023-05-16T10:46:36.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-23T18:52:10.690",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:skeepers:verified_reviews_\\(avis_verifies\\):*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.3.13",
"matchCriteriaId": "666CE769-833F-4A08-9BE3-A31D08C5B208"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/netreviews/wordpress-verified-reviews-avis-verifies-plugin-2-3-12-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-25xx/CVE-2023-2515.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2515",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-05-12T09:15:10.373",
"lastModified": "2023-05-12T14:21:57.583",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-23T19:53:59.490",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -46,10 +76,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.1.8",
"matchCriteriaId": "6DF5031B-328F-437D-8B96-BDED19E417FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndExcluding": "7.7.4",
"matchCriteriaId": "1FA172F4-5BE3-45B2-BB2C-B05F2446923F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.8.0",
"versionEndExcluding": "7.8.3",
"matchCriteriaId": "53D5D9CC-6065-43C9-A17C-9DBB30447F3D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.9.0",
"versionEndExcluding": "7.9.2",
"matchCriteriaId": "FBCD0E6A-14E1-41E9-A215-822115B4622E"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-26xx/CVE-2023-2644.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2644",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-11T07:15:08.480",
"lastModified": "2023-05-11T13:36:25.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-23T19:00:42.333",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -61,7 +83,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -69,16 +91,51 @@
"value": "CWE-428"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-428"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:digitalpersona_fpsensor_project:digitalpersona_fpsensor:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BE06811-9453-4BAA-9FF8-1BE60B9BA28A"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.228773",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.228773",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-298xx/CVE-2023-29861.json
View File

@ -2,23 +2,94 @@
"id": "CVE-2023-29861",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-15T15:15:11.513",
"lastModified": "2023-05-15T15:20:32.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-23T18:12:44.910",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue found in FLIR-DVTEL version not specified allows a remote attacker to execute arbitrary code via a crafted request to the management page of the device."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:flir:dvtel_camera_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4B2A5A9-B46E-4D67-933C-1B1796B6712E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:flir:dvtel_camera:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36F6946B-CD6B-4622-AC02-6B5160999BA9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Duke1410/CVE/blob/main/CVE-2023-29861",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://woolly-espadrille-ed5.notion.site/The-FLIR-DVTEL-camera-device-has-a-logic-flaw-vulnerability-363a2158e372440b80a2be739271c6f3",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-298xx/CVE-2023-29862.json
View File

@ -2,23 +2,94 @@
"id": "CVE-2023-29862",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-15T13:15:10.773",
"lastModified": "2023-05-15T13:26:09.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-23T18:22:53.290",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue found in Agasio-Camera device version not specified allows a remote attacker to execute arbitrary code via the check and authLevel parameters."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:agasio_camera_project:agasio_camera_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2439A26-22F1-4C9F-8E29-4478AB5BC2D1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:agasio_camera_project:agasio_camera:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3895B75B-DC93-41D9-9AAF-87155168E231"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Duke1410/CVE/blob/main/CVE-2023-29862",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://woolly-espadrille-ed5.notion.site/Agasio-Camera-device-has-a-logic-flaw-vulnerability-d4514e7217c54dd7ac62582b6664aa66",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

87
CVE-2023/CVE-2023-303xx/CVE-2023-30330.json Normal file
View File

@ -0,0 +1,87 @@
{
"id": "CVE-2023-30330",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-12T01:15:09.903",
"lastModified": "2023-05-23T19:17:36.410",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SoftExpert (SE) Excellence Suite 2.x versions before 2.1.3 is vulnerable to Local File Inclusion in the function /se/v42300/generic/gn_defaultframe/2.0/defaultframe_filter.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:softexpert:excellence_suite:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0",
"versionEndExcluding": "2.1.3",
"matchCriteriaId": "7B487560-94C8-4675-9187-6104A6C1016B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Filiplain/LFI-to-RCE-SE-Suite-2.0",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.exploit-db.com/exploits/51404",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

64
CVE-2023/CVE-2023-315xx/CVE-2023-31572.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-31572",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-16T14:15:09.540",
"lastModified": "2023-05-16T20:04:03.627",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-23T18:51:16.873",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator password and escalate privileges via a crafted request."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bludit:bludit:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F65D3B2E-5F44-498D-B79F-B283D08898F5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/bludit/2023/Bludit-v4.0.0-Release-candidate-2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-315xx/CVE-2023-31576.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-31576",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-16T14:15:09.603",
"lastModified": "2023-05-16T20:04:03.627",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-23T18:50:15.687",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:s9y:serendipity:2.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "79F75A97-EBF1-4767-B1F9-68F1ED7AA58B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/s9y/2023/Serendipity-2.4-beta-1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-316xx/CVE-2023-31607.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-31607",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-15T15:15:11.573",
"lastModified": "2023-05-15T15:20:32.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-23T18:05:16.233",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in the __libc_malloc component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openlinksw:virtuoso:7.2.9:*:*:*:open_source:*:*:*",
"matchCriteriaId": "75FD7F91-D201-4286-8F97-D2D1C7C9D4C3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/openlink/virtuoso-opensource/issues/1120",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
]
}
]
}

65
CVE-2023/CVE-2023-316xx/CVE-2023-31608.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-31608",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-15T15:15:11.623",
"lastModified": "2023-05-15T15:20:32.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-23T18:05:02.027",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in the artm_div_int component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openlinksw:virtuoso:7.2.9:*:*:*:open_source:*:*:*",
"matchCriteriaId": "75FD7F91-D201-4286-8F97-D2D1C7C9D4C3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/openlink/virtuoso-opensource/issues/1123",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
]
}
]
}

65
CVE-2023/CVE-2023-316xx/CVE-2023-31609.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-31609",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-15T15:15:11.673",
"lastModified": "2023-05-15T15:20:32.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-23T18:04:43.933",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in the dfe_unit_col_loci component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openlinksw:virtuoso:7.2.9:*:*:*:open_source:*:*:*",
"matchCriteriaId": "75FD7F91-D201-4286-8F97-D2D1C7C9D4C3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/openlink/virtuoso-opensource/issues/1126",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
]
}
]
}

65
CVE-2023/CVE-2023-316xx/CVE-2023-31610.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-31610",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-15T15:15:11.720",
"lastModified": "2023-05-15T15:20:32.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-23T18:04:27.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in the _IO_default_xsputn component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openlinksw:virtuoso:7.2.9:*:*:*:open_source:*:*:*",
"matchCriteriaId": "75FD7F91-D201-4286-8F97-D2D1C7C9D4C3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/openlink/virtuoso-opensource/issues/1118",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
]
}
]
}

76
CVE-2023/CVE-2023-319xx/CVE-2023-31986.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-31986",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-15T12:15:09.787",
"lastModified": "2023-05-15T12:54:28.597",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-23T18:48:17.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the setWAN function in /bin/webs without any limitations."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:edimax:br-6428ns_firmware:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2C9DF5-576D-4CDF-A7E3-356FDE0B1A9F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:edimax:br-6428ns:v4:*:*:*:*:*:*:*",
"matchCriteriaId": "A2693C87-4F33-430F-83D7-CC8286E37534"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Erebua/CVE/blob/main/N300_BR-6428nS%20V4/4/Readme.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-320xx/CVE-2023-32059.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32059",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-11T22:15:11.803",
"lastModified": "2023-05-11T22:15:11.803",
"vulnStatus": "Received",
"lastModified": "2023-05-23T19:07:14.350",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +76,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vyper_project:vyper:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.3.8",
"matchCriteriaId": "BD6E3906-C87B-4245-9871-27CD85C32EEF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/vyperlang/vyper/commit/c3e68c302aa6e1429946473769dd1232145822ac",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-ph9x-4vc9-m39g",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

95
CVE-2023/CVE-2023-327xx/CVE-2023-32700.json
View File

@ -2,31 +2,112 @@
"id": "CVE-2023-32700",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-20T18:15:09.370",
"lastModified": "2023-05-22T10:56:56.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-23T18:10:24.263",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:luatex_project:luatex:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.04",
"versionEndExcluding": "1.16.2",
"matchCriteriaId": "0CC436A6-682A-42AD-8A48-9DE9DC45DAF4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:miktex:miktex:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.9.6300",
"versionEndExcluding": "23.5",
"matchCriteriaId": "7F1F072F-1CC4-4C21-822E-19B37F47DEB0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tug:tex_live:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2017",
"versionEndExcluding": "2023",
"matchCriteriaId": "E388AE22-25C9-4F24-90A6-7E5C42EFC224"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/TeX-Live/texlive-source/releases/tag/build-svn66984",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/tags/1.17.0",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://tug.org/pipermail/tex-live/2023-May/049188.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://tug.org/~mseven/luatex.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

58
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-05-23T18:00:31.140445+00:00
2023-05-23T20:00:29.583424+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-05-23T17:41:07.897000+00:00
2023-05-23T19:59:08.250000+00:00
```
### Last Data Feed Release
@ -29,41 +29,45 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
215859
215860
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `1`
* [CVE-2023-25474](CVE-2023/CVE-2023-254xx/CVE-2023-25474.json) (`2023-05-23T16:15:21.577`)
* [CVE-2023-1209](CVE-2023/CVE-2023-12xx/CVE-2023-1209.json) (`2023-05-23T17:15:08.950`)
* [CVE-2023-1837](CVE-2023/CVE-2023-18xx/CVE-2023-1837.json) (`2023-05-23T19:15:09.237`)
### CVEs modified in the last Commit
Recently modified CVEs: `20`
Recently modified CVEs: `32`
* [CVE-2022-41687](CVE-2022/CVE-2022-416xx/CVE-2022-41687.json) (`2023-05-23T16:01:47.040`)
* [CVE-2022-46813](CVE-2022/CVE-2022-468xx/CVE-2022-46813.json) (`2023-05-23T17:29:27.427`)
* [CVE-2023-0600](CVE-2023/CVE-2023-06xx/CVE-2023-0600.json) (`2023-05-23T16:00:49.437`)
* [CVE-2023-22809](CVE-2023/CVE-2023-228xx/CVE-2023-22809.json) (`2023-05-23T16:15:21.390`)
* [CVE-2023-0361](CVE-2023/CVE-2023-03xx/CVE-2023-0361.json) (`2023-05-23T17:22:55.810`)
* [CVE-2023-32573](CVE-2023/CVE-2023-325xx/CVE-2023-32573.json) (`2023-05-23T17:24:32.613`)
* [CVE-2023-0644](CVE-2023/CVE-2023-06xx/CVE-2023-0644.json) (`2023-05-23T17:25:31.977`)
* [CVE-2023-0761](CVE-2023/CVE-2023-07xx/CVE-2023-0761.json) (`2023-05-23T17:26:14.353`)
* [CVE-2023-26011](CVE-2023/CVE-2023-260xx/CVE-2023-26011.json) (`2023-05-23T17:29:27.427`)
* [CVE-2023-26014](CVE-2023/CVE-2023-260xx/CVE-2023-26014.json) (`2023-05-23T17:29:27.427`)
* [CVE-2023-33599](CVE-2023/CVE-2023-335xx/CVE-2023-33599.json) (`2023-05-23T17:29:27.427`)
* [CVE-2023-33617](CVE-2023/CVE-2023-336xx/CVE-2023-33617.json) (`2023-05-23T17:29:27.427`)
* [CVE-2023-32668](CVE-2023/CVE-2023-326xx/CVE-2023-32668.json) (`2023-05-23T17:31:45.217`)
* [CVE-2023-0762](CVE-2023/CVE-2023-07xx/CVE-2023-0762.json) (`2023-05-23T17:33:28.403`)
* [CVE-2023-0763](CVE-2023/CVE-2023-07xx/CVE-2023-0763.json) (`2023-05-23T17:33:54.027`)
* [CVE-2023-0812](CVE-2023/CVE-2023-08xx/CVE-2023-0812.json) (`2023-05-23T17:34:40.603`)
* [CVE-2023-0892](CVE-2023/CVE-2023-08xx/CVE-2023-0892.json) (`2023-05-23T17:36:58.950`)
* [CVE-2023-1019](CVE-2023/CVE-2023-10xx/CVE-2023-1019.json) (`2023-05-23T17:37:30.257`)
* [CVE-2023-1207](CVE-2023/CVE-2023-12xx/CVE-2023-1207.json) (`2023-05-23T17:40:40.700`)
* [CVE-2023-1549](CVE-2023/CVE-2023-15xx/CVE-2023-1549.json) (`2023-05-23T17:41:07.897`)
* [CVE-2023-29861](CVE-2023/CVE-2023-298xx/CVE-2023-29861.json) (`2023-05-23T18:12:44.910`)
* [CVE-2023-2180](CVE-2023/CVE-2023-21xx/CVE-2023-2180.json) (`2023-05-23T18:17:01.457`)
* [CVE-2023-2179](CVE-2023/CVE-2023-21xx/CVE-2023-2179.json) (`2023-05-23T18:18:59.863`)
* [CVE-2023-2009](CVE-2023/CVE-2023-20xx/CVE-2023-2009.json) (`2023-05-23T18:21:56.943`)
* [CVE-2023-29862](CVE-2023/CVE-2023-298xx/CVE-2023-29862.json) (`2023-05-23T18:22:53.290`)
* [CVE-2023-23682](CVE-2023/CVE-2023-236xx/CVE-2023-23682.json) (`2023-05-23T18:39:41.410`)
* [CVE-2023-1915](CVE-2023/CVE-2023-19xx/CVE-2023-1915.json) (`2023-05-23T18:40:29.990`)
* [CVE-2023-1890](CVE-2023/CVE-2023-18xx/CVE-2023-1890.json) (`2023-05-23T18:42:50.847`)
* [CVE-2023-1839](CVE-2023/CVE-2023-18xx/CVE-2023-1839.json) (`2023-05-23T18:43:27.077`)
* [CVE-2023-1835](CVE-2023/CVE-2023-18xx/CVE-2023-1835.json) (`2023-05-23T18:45:51.570`)
* [CVE-2023-1596](CVE-2023/CVE-2023-15xx/CVE-2023-1596.json) (`2023-05-23T18:46:32.037`)
* [CVE-2023-31986](CVE-2023/CVE-2023-319xx/CVE-2023-31986.json) (`2023-05-23T18:48:17.007`)
* [CVE-2023-31576](CVE-2023/CVE-2023-315xx/CVE-2023-31576.json) (`2023-05-23T18:50:15.687`)
* [CVE-2023-31572](CVE-2023/CVE-2023-315xx/CVE-2023-31572.json) (`2023-05-23T18:51:16.873`)
* [CVE-2023-23720](CVE-2023/CVE-2023-237xx/CVE-2023-23720.json) (`2023-05-23T18:52:10.690`)
* [CVE-2023-23709](CVE-2023/CVE-2023-237xx/CVE-2023-23709.json) (`2023-05-23T18:53:01.447`)
* [CVE-2023-23703](CVE-2023/CVE-2023-237xx/CVE-2023-23703.json) (`2023-05-23T18:53:27.673`)
* [CVE-2023-23657](CVE-2023/CVE-2023-236xx/CVE-2023-23657.json) (`2023-05-23T18:54:10.007`)
* [CVE-2023-23676](CVE-2023/CVE-2023-236xx/CVE-2023-23676.json) (`2023-05-23T18:54:45.910`)
* [CVE-2023-23673](CVE-2023/CVE-2023-236xx/CVE-2023-23673.json) (`2023-05-23T18:55:45.033`)
* [CVE-2023-2644](CVE-2023/CVE-2023-26xx/CVE-2023-2644.json) (`2023-05-23T19:00:42.333`)
* [CVE-2023-32059](CVE-2023/CVE-2023-320xx/CVE-2023-32059.json) (`2023-05-23T19:07:14.350`)
* [CVE-2023-30330](CVE-2023/CVE-2023-303xx/CVE-2023-30330.json) (`2023-05-23T19:17:36.410`)
* [CVE-2023-2515](CVE-2023/CVE-2023-25xx/CVE-2023-2515.json) (`2023-05-23T19:53:59.490`)
* [CVE-2023-23169](CVE-2023/CVE-2023-231xx/CVE-2023-23169.json) (`2023-05-23T19:59:08.250`)
## Download and Usage