admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-12-18 03:14:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-10T00:00:24.404890+00:00

Browse Source
This commit is contained in:
René Helmke 2023-05-10 02:00:27 +02:00
parent e6c2ce6273
commit 3dec082424
12 changed files with 368 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
CVE-2023/CVE-2023-21xx/CVE-2023-2156.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-2156",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-05-09T22:15:10.133",
"lastModified": "2023-05-09T22:15:10.133",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system."
}
],
"metrics": {},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-617"
}
]
}
],
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196292",
"source": "secalert@redhat.com"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-547/",
"source": "secalert@redhat.com"
}
]
}

59
CVE-2023/CVE-2023-26xx/CVE-2023-2610.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-2610",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-05-09T22:15:10.197",
"lastModified": "2023-05-09T22:15:10.197",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"references": [
{
"url": "https://github.com/vim/vim/commit/ab9a2d884b3a4abe319606ea95a5a6d6b01cd73a",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d",
"source": "security@huntr.dev"
}
]
}

32
CVE-2023/CVE-2023-281xx/CVE-2023-28125.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-28125",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-05-09T22:15:09.720",
"lastModified": "2023-05-09T22:15:09.720",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that could allow an attacker to gain access to the server by registering to receive messages from the server and perform an authentication bypass."
}
],
"metrics": {},
"weaknesses": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://forums.ivanti.com/s/article/ZDI-CAN-17729-CVE-2023-28125-Bug-958437-ZDI-CAN-17729-Ivanti-Avalanche-InfoRail-Authentication-Bypass-Vulnerability?language=en_US",
"source": "support@hackerone.com"
}
]
}

32
CVE-2023/CVE-2023-281xx/CVE-2023-28126.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-28126",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-05-09T22:15:09.813",
"lastModified": "2023-05-09T22:15:09.813",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message."
}
],
"metrics": {},
"weaknesses": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-305"
}
]
}
],
"references": [
{
"url": "https://forums.ivanti.com/s/article/ZDI-CAN-17750-Ivanti-Avalanche-EnterpriseServer-GetSettings-Exposed-Dangerous-Method-Authentication-Bypass-Vulnerability?language=en_US",
"source": "support@hackerone.com"
}
]
}

32
CVE-2023/CVE-2023-281xx/CVE-2023-28127.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-28127",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-05-09T22:15:09.870",
"lastModified": "2023-05-09T22:15:09.870",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure."
}
],
"metrics": {},
"weaknesses": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://forums.ivanti.com/s/article/ZDI-CAN-17769-Ivanti-Avalanche-getLogFile-Directory-Traversal-Information-Disclosure?language=en_US",
"source": "support@hackerone.com"
}
]
}

32
CVE-2023/CVE-2023-281xx/CVE-2023-28128.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-28128",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-05-09T22:15:09.920",
"lastModified": "2023-05-09T22:15:09.920",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution."
}
],
"metrics": {},
"weaknesses": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://forums.ivanti.com/s/article/ZDI-CAN-17812-Ivanti-Avalanche-FileStoreConfig-Arbitrary-File-Upload-Remote-Code-Execution-Vulnerability?language=en_US",
"source": "support@hackerone.com"
}
]
}

32
CVE-2023/CVE-2023-283xx/CVE-2023-28316.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-28316",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-05-09T22:15:09.980",
"lastModified": "2023-05-09T22:15:09.980",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA. This could potentially allow an attacker to maintain access to a compromised account even after 2FA is enabled."
}
],
"metrics": {},
"weaknesses": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-384"
}
]
}
],
"references": [
{
"url": "https://hackerone.com/reports/992280",
"source": "support@hackerone.com"
}
]
}

32
CVE-2023/CVE-2023-283xx/CVE-2023-28317.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-28317",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-05-09T22:15:10.027",
"lastModified": "2023-05-09T22:15:10.027",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been discovered in Rocket.Chat, where editing messages can change the original timestamp, causing the UI to display messages in an incorrect order."
}
],
"metrics": {},
"weaknesses": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://hackerone.com/reports/1379635",
"source": "support@hackerone.com"
}
]
}

32
CVE-2023/CVE-2023-283xx/CVE-2023-28318.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-28318",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-05-09T22:15:10.083",
"lastModified": "2023-05-09T22:15:10.083",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of the Message_KeepHistory or Message_ShowDeletedStatus server configuration. This allows users to bypass the intended message deletion behavior, hiding messages and deletion notices."
}
],
"metrics": {},
"weaknesses": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://hackerone.com/reports/1379451",
"source": "support@hackerone.com"
}
]
}

24
CVE-2023/CVE-2023-314xx/CVE-2023-31478.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-31478",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-09T23:15:09.940",
"lastModified": "2023-05-09T23:15:09.940",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/gl-inet/CVE-issues/blob/main/3.215/SSID_Key_Disclosure.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.gl-inet.com",
"source": "cve@mitre.org"
}
]
}

10
CVE-2023/CVE-2023-322xx/CVE-2023-32233.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-32233",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-08T20:15:20.267",
"lastModified": "2023-05-09T12:47:05.663",
"lastModified": "2023-05-09T23:15:10.027",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -12,6 +12,10 @@
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196105",
"source": "cve@mitre.org"
},
{
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c1592a89942e9678f7d9c8030efa777c0d57edab",
"source": "cve@mitre.org"
@ -20,6 +24,10 @@
"url": "https://github.com/torvalds/linux/commit/c1592a89942e9678f7d9c8030efa777c0d57edab",
"source": "cve@mitre.org"
},
{
"url": "https://news.ycombinator.com/item?id=35879660",
"source": "cve@mitre.org"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/05/08/4",
"source": "cve@mitre.org"

68
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-05-09T21:55:44.778583+00:00
2023-05-10T00:00:24.404890+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-05-09T21:15:11.717000+00:00
2023-05-09T23:15:10.027000+00:00
```
### Last Data Feed Release
@ -29,66 +29,30 @@ Download and Changelog: [Click](releases/latest)
### Total Number of included CVEs
```plain
214650
214660
```
### CVEs added in the last Commit
Recently added CVEs: `13`
Recently added CVEs: `10`
* [CVE-2021-46754](CVE-2021/CVE-2021-467xx/CVE-2021-46754.json) (`2023-05-09T20:15:12.103`)
* [CVE-2021-46755](CVE-2021/CVE-2021-467xx/CVE-2021-46755.json) (`2023-05-09T20:15:12.157`)
* [CVE-2021-46756](CVE-2021/CVE-2021-467xx/CVE-2021-46756.json) (`2023-05-09T20:15:12.200`)
* [CVE-2021-46759](CVE-2021/CVE-2021-467xx/CVE-2021-46759.json) (`2023-05-09T20:15:12.240`)
* [CVE-2021-46760](CVE-2021/CVE-2021-467xx/CVE-2021-46760.json) (`2023-05-09T20:15:12.283`)
* [CVE-2021-46765](CVE-2021/CVE-2021-467xx/CVE-2021-46765.json) (`2023-05-09T20:15:12.327`)
* [CVE-2021-46773](CVE-2021/CVE-2021-467xx/CVE-2021-46773.json) (`2023-05-09T20:15:12.370`)
* [CVE-2021-46792](CVE-2021/CVE-2021-467xx/CVE-2021-46792.json) (`2023-05-09T20:15:12.413`)
* [CVE-2021-46794](CVE-2021/CVE-2021-467xx/CVE-2021-46794.json) (`2023-05-09T20:15:12.463`)
* [CVE-2023-25831](CVE-2023/CVE-2023-258xx/CVE-2023-25831.json) (`2023-05-09T21:15:11.513`)
* [CVE-2023-25832](CVE-2023/CVE-2023-258xx/CVE-2023-25832.json) (`2023-05-09T21:15:11.590`)
* [CVE-2023-30056](CVE-2023/CVE-2023-300xx/CVE-2023-30056.json) (`2023-05-09T21:15:11.673`)
* [CVE-2023-30057](CVE-2023/CVE-2023-300xx/CVE-2023-30057.json) (`2023-05-09T21:15:11.717`)
* [CVE-2023-2156](CVE-2023/CVE-2023-21xx/CVE-2023-2156.json) (`2023-05-09T22:15:10.133`)
* [CVE-2023-2610](CVE-2023/CVE-2023-26xx/CVE-2023-2610.json) (`2023-05-09T22:15:10.197`)
* [CVE-2023-28125](CVE-2023/CVE-2023-281xx/CVE-2023-28125.json) (`2023-05-09T22:15:09.720`)
* [CVE-2023-28126](CVE-2023/CVE-2023-281xx/CVE-2023-28126.json) (`2023-05-09T22:15:09.813`)
* [CVE-2023-28127](CVE-2023/CVE-2023-281xx/CVE-2023-28127.json) (`2023-05-09T22:15:09.870`)
* [CVE-2023-28128](CVE-2023/CVE-2023-281xx/CVE-2023-28128.json) (`2023-05-09T22:15:09.920`)
* [CVE-2023-28316](CVE-2023/CVE-2023-283xx/CVE-2023-28316.json) (`2023-05-09T22:15:09.980`)
* [CVE-2023-28317](CVE-2023/CVE-2023-283xx/CVE-2023-28317.json) (`2023-05-09T22:15:10.027`)
* [CVE-2023-28318](CVE-2023/CVE-2023-283xx/CVE-2023-28318.json) (`2023-05-09T22:15:10.083`)
* [CVE-2023-31478](CVE-2023/CVE-2023-314xx/CVE-2023-31478.json) (`2023-05-09T23:15:09.940`)
### CVEs modified in the last Commit
Recently modified CVEs: `34`
Recently modified CVEs: `1`
* [CVE-2018-25085](CVE-2018/CVE-2018-250xx/CVE-2018-25085.json) (`2023-05-09T21:08:40.580`)
* [CVE-2021-26354](CVE-2021/CVE-2021-263xx/CVE-2021-26354.json) (`2023-05-09T20:27:45.710`)
* [CVE-2021-26356](CVE-2021/CVE-2021-263xx/CVE-2021-26356.json) (`2023-05-09T20:27:45.710`)
* [CVE-2021-26365](CVE-2021/CVE-2021-263xx/CVE-2021-26365.json) (`2023-05-09T20:27:45.710`)
* [CVE-2021-26371](CVE-2021/CVE-2021-263xx/CVE-2021-26371.json) (`2023-05-09T20:27:45.710`)
* [CVE-2021-26379](CVE-2021/CVE-2021-263xx/CVE-2021-26379.json) (`2023-05-09T20:27:45.710`)
* [CVE-2021-26397](CVE-2021/CVE-2021-263xx/CVE-2021-26397.json) (`2023-05-09T20:27:45.710`)
* [CVE-2021-26406](CVE-2021/CVE-2021-264xx/CVE-2021-26406.json) (`2023-05-09T20:27:45.710`)
* [CVE-2021-46749](CVE-2021/CVE-2021-467xx/CVE-2021-46749.json) (`2023-05-09T20:27:45.710`)
* [CVE-2021-46753](CVE-2021/CVE-2021-467xx/CVE-2021-46753.json) (`2023-05-09T20:27:45.710`)
* [CVE-2021-46762](CVE-2021/CVE-2021-467xx/CVE-2021-46762.json) (`2023-05-09T20:27:45.710`)
* [CVE-2021-46763](CVE-2021/CVE-2021-467xx/CVE-2021-46763.json) (`2023-05-09T20:27:45.710`)
* [CVE-2021-46764](CVE-2021/CVE-2021-467xx/CVE-2021-46764.json) (`2023-05-09T20:27:45.710`)
* [CVE-2021-46769](CVE-2021/CVE-2021-467xx/CVE-2021-46769.json) (`2023-05-09T20:27:45.710`)
* [CVE-2021-46775](CVE-2021/CVE-2021-467xx/CVE-2021-46775.json) (`2023-05-09T20:27:45.710`)
* [CVE-2022-23818](CVE-2022/CVE-2022-238xx/CVE-2022-23818.json) (`2023-05-09T20:27:45.710`)
* [CVE-2022-4376](CVE-2022/CVE-2022-43xx/CVE-2022-4376.json) (`2023-05-09T20:57:13.993`)
* [CVE-2022-48186](CVE-2022/CVE-2022-481xx/CVE-2022-48186.json) (`2023-05-09T20:16:38.417`)
* [CVE-2023-0756](CVE-2023/CVE-2023-07xx/CVE-2023-0756.json) (`2023-05-09T20:55:39.123`)
* [CVE-2023-0805](CVE-2023/CVE-2023-08xx/CVE-2023-0805.json) (`2023-05-09T20:54:24.150`)
* [CVE-2023-0896](CVE-2023/CVE-2023-08xx/CVE-2023-0896.json) (`2023-05-09T20:30:04.677`)
* [CVE-2023-1178](CVE-2023/CVE-2023-11xx/CVE-2023-1178.json) (`2023-05-09T20:53:30.140`)
* [CVE-2023-1204](CVE-2023/CVE-2023-12xx/CVE-2023-1204.json) (`2023-05-09T20:40:07.673`)
* [CVE-2023-1265](CVE-2023/CVE-2023-12xx/CVE-2023-1265.json) (`2023-05-09T20:37:57.913`)
* [CVE-2023-1836](CVE-2023/CVE-2023-18xx/CVE-2023-1836.json) (`2023-05-09T20:12:36.977`)
* [CVE-2023-1965](CVE-2023/CVE-2023-19xx/CVE-2023-1965.json) (`2023-05-09T20:36:14.007`)
* [CVE-2023-1968](CVE-2023/CVE-2023-19xx/CVE-2023-1968.json) (`2023-05-09T20:06:54.500`)
* [CVE-2023-20520](CVE-2023/CVE-2023-205xx/CVE-2023-20520.json) (`2023-05-09T20:27:45.710`)
* [CVE-2023-20524](CVE-2023/CVE-2023-205xx/CVE-2023-20524.json) (`2023-05-09T20:27:45.710`)
* [CVE-2023-2182](CVE-2023/CVE-2023-21xx/CVE-2023-2182.json) (`2023-05-09T20:47:13.967`)
* [CVE-2023-22637](CVE-2023/CVE-2023-226xx/CVE-2023-22637.json) (`2023-05-09T20:45:27.123`)
* [CVE-2023-25495](CVE-2023/CVE-2023-254xx/CVE-2023-25495.json) (`2023-05-09T20:36:34.067`)
* [CVE-2023-29778](CVE-2023/CVE-2023-297xx/CVE-2023-29778.json) (`2023-05-09T21:00:51.857`)
* [CVE-2023-31433](CVE-2023/CVE-2023-314xx/CVE-2023-31433.json) (`2023-05-09T20:46:59.023`)
* [CVE-2023-32233](CVE-2023/CVE-2023-322xx/CVE-2023-32233.json) (`2023-05-09T23:15:10.027`)
## Download and Usage