admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-22 08:00:28.191696+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-05-22 08:00:31 +00:00
parent ca768f5daa
commit 3a3aa0d187
4 changed files with 124 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2019/CVE-2019-251xx/CVE-2019-25137.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2019-25137",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-18T07:15:08.623",
"lastModified": "2023-05-18T12:53:07.890",
"lastModified": "2023-05-22T06:15:09.520",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Umbraco CMS 7.12.4 allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx."
"value": "Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx."
}
],
"metrics": {},
@ -16,6 +16,10 @@
"url": "https://0xdf.gitlab.io/2020/09/05/htb-remote.html",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Ickarah/CVE-2019-25137-Version-Research",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/noraj/Umbraco-RCE",
"source": "cve@mitre.org"

55
CVE-2023/CVE-2023-332xx/CVE-2023-33235.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-33235",
"sourceIdentifier": "psirt@moxa.com",
"published": "2023-05-22T06:15:11.020",
"lastModified": "2023-05-22T06:15:11.020",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrary code.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@moxa.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@moxa.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mxsecurity-command-injection-and-hardcoded-credential-vulnerabilities",
"source": "psirt@moxa.com"
}
]
}

55
CVE-2023/CVE-2023-332xx/CVE-2023-33236.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-33236",
"sourceIdentifier": "psirt@moxa.com",
"published": "2023-05-22T07:15:09.257",
"lastModified": "2023-05-22T07:15:09.257",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@moxa.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@moxa.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mxsecurity-command-injection-and-hardcoded-credential-vulnerabilities",
"source": "psirt@moxa.com"
}
]
}

22
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-05-22T06:00:30.980998+00:00
2023-05-22T08:00:28.191696+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-05-22T05:15:09.460000+00:00
2023-05-22T07:15:09.257000+00:00
```
### Last Data Feed Release
@ -29,28 +29,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
215710
215712
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `2`
* [CVE-2023-33297](CVE-2023/CVE-2023-332xx/CVE-2023-33297.json) (`2023-05-22T05:15:09.460`)
* [CVE-2023-33235](CVE-2023/CVE-2023-332xx/CVE-2023-33235.json) (`2023-05-22T06:15:11.020`)
* [CVE-2023-33236](CVE-2023/CVE-2023-332xx/CVE-2023-33236.json) (`2023-05-22T07:15:09.257`)
### CVEs modified in the last Commit
Recently modified CVEs: `8`
Recently modified CVEs: `1`
* [CVE-2021-31239](CVE-2021/CVE-2021-312xx/CVE-2021-31239.json) (`2023-05-22T04:15:09.640`)
* [CVE-2023-24805](CVE-2023/CVE-2023-248xx/CVE-2023-24805.json) (`2023-05-22T04:15:09.747`)
* [CVE-2023-2721](CVE-2023/CVE-2023-27xx/CVE-2023-2721.json) (`2023-05-22T04:15:09.867`)
* [CVE-2023-2722](CVE-2023/CVE-2023-27xx/CVE-2023-2722.json) (`2023-05-22T04:15:09.933`)
* [CVE-2023-2723](CVE-2023/CVE-2023-27xx/CVE-2023-2723.json) (`2023-05-22T04:15:10.010`)
* [CVE-2023-2724](CVE-2023/CVE-2023-27xx/CVE-2023-2724.json) (`2023-05-22T04:15:10.077`)
* [CVE-2023-2725](CVE-2023/CVE-2023-27xx/CVE-2023-2725.json) (`2023-05-22T04:15:10.197`)
* [CVE-2023-2726](CVE-2023/CVE-2023-27xx/CVE-2023-2726.json) (`2023-05-22T04:15:10.280`)
* [CVE-2019-25137](CVE-2019/CVE-2019-251xx/CVE-2019-25137.json) (`2023-05-22T06:15:09.520`)
## Download and Usage