admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-07-10T16:00:28.490233+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-07-10 16:00:32 +00:00
parent 71e793bb25
commit 3ea622e771
25 changed files with 1859 additions and 130 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
CVE-2023/CVE-2023-222xx/CVE-2023-22299.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22299",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:10.713",
"lastModified": "2023-07-06T18:15:10.687",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-10T14:27:09.983",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -46,10 +66,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:milesight:ur32l_firmware:32.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CF5F2502-0C97-4AC3-BD0A-45065C64F99B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:milesight:ur32l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "224B5936-7A7A-48E7-B0F3-754B74E4BF2D"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1712",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-223xx/CVE-2023-22306.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22306",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:10.823",
"lastModified": "2023-07-06T15:16:38.363",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-10T14:14:31.730",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -46,10 +66,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:milesight:ur32l_firmware:32.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CF5F2502-0C97-4AC3-BD0A-45065C64F99B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:milesight:ur32l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "224B5936-7A7A-48E7-B0F3-754B74E4BF2D"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1698",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

115
CVE-2023/CVE-2023-228xx/CVE-2023-22814.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22814",
"sourceIdentifier": "psirt@wdc.com",
"published": "2023-07-01T00:15:09.970",
"lastModified": "2023-07-03T01:10:10.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-10T15:25:29.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "psirt@wdc.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-290"
}
]
},
{
"source": "psirt@wdc.com",
"type": "Secondary",
@ -46,10 +76,89 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:my_cloud_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.02.104",
"versionEndExcluding": "5.26.202",
"matchCriteriaId": "6CE3AF08-E7E6-4B65-B9E5-1BBF4B7A75DE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A9EE86B-05EE-4F2E-A912-624DDCF9C41B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E783EBC-7608-4527-B1AD-9B4E7A7A108C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3034F4A-239C-4E38-9BD6-217361A7C519"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A581EBA-A1F2-4ABC-8183-29973A46FA43"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABBBDC1E-2320-4767-B669-1BB2FFB1E1C4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B78030F0-6655-4604-9D16-2FA1F3FD52FF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_mirror_g2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE090BC-C847-4DF7-9C5F-52A300845558"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF58260B-2131-402C-A9DA-67B188136DE1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB0C2FD9-4792-4DA2-9698-E53109A499EC"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:wd_cloud:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDE0337-4329-4CE3-9B0B-61BE8361E910"
}
]
}
]
}
],
"references": [
{
"url": "https://www.westerndigital.com/support/product-security/wdc-23006-my-cloud-firmware-version-5-26-202",
"source": "psirt@wdc.com"
"source": "psirt@wdc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-283xx/CVE-2023-28323.json
View File

@ -2,19 +2,95 @@
"id": "CVE-2023-28323",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-07-01T00:15:10.057",
"lastModified": "2023-07-03T01:10:10.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-10T15:55:23.607",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate privileges on the machine or be used as a stepping stone to get to other network attached machines.\r\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2022",
"matchCriteriaId": "B1F6549B-CF5D-4607-B67D-5489905A1705"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:-:*:*:*:*:*:*",
"matchCriteriaId": "46580865-5177-4E55-BDAC-73DA4B472B35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su1:*:*:*:*:*:*",
"matchCriteriaId": "E57E12B5-B789-450C-9476-6C4C151E6993"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su2:*:*:*:*:*:*",
"matchCriteriaId": "E47C65B3-56DD-4D65-8B4B-6AFFE28E94F2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su3:*:*:*:*:*:*",
"matchCriteriaId": "10D6EAB7-B14B-45E9-92B9-4FADFBBB08AF"
}
]
}
]
}
],
"references": [
{
"url": "https://forums.ivanti.com/s/article/SA-2023-06-20-CVE-2023-28323",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-291xx/CVE-2023-29147.json
View File

@ -2,23 +2,88 @@
"id": "CVE-2023-29147",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-30T21:15:08.920",
"lastModified": "2023-07-03T01:10:10.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-10T14:06:20.730",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:malwarebytes:endpoint_detection_and_response:*:*:*:*:*:linux:*:*",
"versionEndIncluding": "1.0.11",
"matchCriteriaId": "7D95175C-B13B-4220-B3D0-9D22AD788F38"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:malwarebytes:malwarebytes:*:*:*:*:*:linux:*:*",
"versionEndIncluding": "1.0.14",
"matchCriteriaId": "8D500260-1522-4A4F-A561-DADBCF11C1D5"
}
]
}
]
}
],
"references": [
{
"url": "https://malwarebytes.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.malwarebytes.com/secure/cves/cve-2023-29147",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-305xx/CVE-2023-30586.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-30586",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-07-01T00:15:10.247",
"lastModified": "2023-07-03T01:10:10.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-10T14:01:51.887",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine() API can be used to bypass the permission model when called with a compatible OpenSSL engine. The OpenSSL engine can, for example, disable the permission model in the host process by manipulating the process's stack memory to locate the permission model Permission::enabled_ in the host process's heap memory. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nodejs:node.js:20.0.0:*:*:*:-:*:*:*",
"matchCriteriaId": "8BF2BBF6-205F-4F40-80E6-A65964E6BA0E"
}
]
}
]
}
],
"references": [
{
"url": "https://hackerone.com/reports/1954535",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Issue Tracking"
]
}
]
}

63
CVE-2023/CVE-2023-335xx/CVE-2023-33570.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-33570",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-28T20:15:09.540",
"lastModified": "2023-06-29T15:35:43.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-10T15:53:05.990",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webkul:bagisto:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "10E1B58E-9A7F-41BA-965C-552477A0A10A"
}
]
}
]
}
],
"references": [
{
"url": "https://siltonrenato02.medium.com/a-brief-summary-about-a-ssti-to-rce-in-bagisto-e900ac450490",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

72
CVE-2023/CVE-2023-346xx/CVE-2023-34654.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2023-34654",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-05T20:15:10.427",
"lastModified": "2023-07-05T20:31:30.957",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-10T13:59:13.440",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:taogogo:taocms:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.0.2",
"matchCriteriaId": "41AC2F72-2DB5-4ECF-94D4-B7BDBAC68CE5"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/ae6e361b/b7f162eba1a91df3ad9dc71ec9935960",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/ae6e361b/taocms-XSS",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Product",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-347xx/CVE-2023-34736.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34736",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-28T22:15:09.450",
"lastModified": "2023-06-29T15:35:43.220",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-10T12:49:07.747",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Guantang Equipment Management System versi\u00f3n 4.12 es vulnerable a la subida arbitraria de archivos. "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:guantang_equipment_management_system_project:guantang_equipment_management_system:4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9E287782-E4D2-464F-BB56-ED71C4290BE6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/prismbreak/vulnerabilities/issues/5",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

63
CVE-2023/CVE-2023-34xx/CVE-2023-3449.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3449",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-28T18:15:16.607",
"lastModified": "2023-06-28T19:27:43.520",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-10T15:49:23.037",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,49 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibos:ibos:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F678D76-48AA-4940-833F-5567D196DB7D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/MinimoAgoni/cve/blob/main/iboa%20oa.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.232546",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.232546",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

70
CVE-2023/CVE-2023-359xx/CVE-2023-35938.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35938",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-29T20:15:09.923",
"lastModified": "2023-06-29T23:57:54.363",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-10T13:26:11.097",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,22 +66,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enalean:tuleap:*:*:*:*:community:*:*:*",
"versionEndExcluding": "14.9.99.63",
"matchCriteriaId": "37FD2AC0-3BFA-4755-8696-D2E36ECABC51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "14.10-1",
"matchCriteriaId": "20547F0A-68CB-46A2-A86E-C74C95E3E953"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Enalean/tuleap/commit/a108186e7538676c4bf6e615f793f3b787a09b91",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-rq42-cv6q-3m9q",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=a108186e7538676c4bf6e615f793f3b787a09b91",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://tuleap.net/plugins/tracker/?aid=32278",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-359xx/CVE-2023-35947.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35947",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-30T21:15:09.147",
"lastModified": "2023-07-03T01:10:10.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-10T14:13:21.220",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +66,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.6.2",
"matchCriteriaId": "625A3013-4C8A-46A0-9559-A01BDB4C23CB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0",
"versionEndExcluding": "8.2",
"matchCriteriaId": "AFC239C5-E6F3-4AF6-A7CE-ACCCA46F5080"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/gradle/gradle/commit/1096b309520a8c315e3b6109a6526de4eabcb879",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/gradle/gradle/commit/2e5c34d57d0c0b7f0e8b039a192b91e5c8249d91",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/gradle/gradle/security/advisories/GHSA-84mw-qh6q-v842",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-35xx/CVE-2023-3521.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3521",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-07-06T02:15:09.510",
"lastModified": "2023-07-06T11:55:38.310",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-10T14:01:36.510",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +68,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.5.4",
"matchCriteriaId": "FD927918-5473-4C93-876B-CD900A091403"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/fossbilling/fossbilling/commit/5eb516d4ebcb764db1b2edf9c8d0539e76ebde52",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/76a3441d-7f75-4a8d-a7a0-95a7f5456eb0",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-361xx/CVE-2023-36144.json
View File

@ -2,23 +2,93 @@
"id": "CVE-2023-36144",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-30T23:15:10.223",
"lastModified": "2023-07-03T01:10:10.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-10T14:28:07.137",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intelbras:sg_2404_mr_firmware:1.00.54:*:*:*:*:*:*:*",
"matchCriteriaId": "14756311-AB06-4EC0-B73E-C68F9E5DF2B5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intelbras:sg_2404_mr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3EDC560-366C-46A2-AE4A-34FB9C7A5FE1"
}
]
}
]
}
],
"references": [
{
"url": "http://intelbras.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/leonardobg/CVE-2023-36144",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

66
CVE-2023/CVE-2023-361xx/CVE-2023-36183.json
View File

@ -2,19 +2,77 @@
"id": "CVE-2023-36183",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-03T21:15:09.663",
"lastModified": "2023-07-05T13:00:47.037",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-10T14:23:07.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before allows a remote to execute arbitrary code and obtain sensitive information via a crafted file to the readimg function."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openimageio:openimageio:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.4.12.0",
"matchCriteriaId": "EA4D909F-30A5-434F-82EC-A0106990F50B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/OpenImageIO/oiio/issues/3871",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-362xx/CVE-2023-36291.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-36291",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-03T21:15:09.883",
"lastModified": "2023-07-05T13:00:47.037",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-10T13:28:09.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Maxsite CMS v.108.7 allows a remote attacker to execute arbitrary code via the f_content parameter in the admin/page_new file."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:maxsite:maxsite_cms:108.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E10ADD5B-D7C6-47E1-8BA0-39C385259F8A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/maxsite/cms/issues/500",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

101
CVE-2023/CVE-2023-364xx/CVE-2023-36468.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36468",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-29T21:15:09.703",
"lastModified": "2023-06-29T23:57:54.363",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-10T14:02:57.473",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,7 +56,7 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,24 +64,91 @@
"value": "CWE-459"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-459"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0",
"versionEndExcluding": "14.10.7",
"matchCriteriaId": "B8D99155-5444-4CA2-A1C1-0CF39D27B41C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "99329652-2907-4903-AAB1-1038F225C020"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "88E41345-F81E-401A-BD67-66AF4B3925D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.1:-:*:*:*:*:*:*",
"matchCriteriaId": "5D121BDB-D7C5-4B79-A904-3C4A76F38E6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "67322CAC-1F17-4453-BC7F-4262E436E307"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/commit/15a6f845d8206b0ae97f37aa092ca43d4f9d6e59",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2g5c-228j-p52x",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8q9q-r9v2-644m",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-20594",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
}
]
}

93
CVE-2023/CVE-2023-364xx/CVE-2023-36469.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36469",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-29T21:15:09.773",
"lastModified": "2023-06-29T23:57:54.363",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-10T14:03:26.597",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,26 +66,85 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.6",
"versionEndExcluding": "14.10.6",
"matchCriteriaId": "877A02C7-D633-47CD-B004-2D038628C86C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "99329652-2907-4903-AAB1-1038F225C020"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "88E41345-F81E-401A-BD67-66AF4B3925D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.1:-:*:*:*:*:*:*",
"matchCriteriaId": "5D121BDB-D7C5-4B79-A904-3C4A76F38E6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "67322CAC-1F17-4453-BC7F-4262E436E307"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/commit/217e5bb7a657f2991b154a16ef4d5ae9c29ad39c",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/217e5bb7a657f2991b154a16ef4d5ae9c29ad39c#diff-7221a548809fa2ba34348556f4b5bd436463c559ebdf691197932ee7ce4478ca",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/217e5bb7a657f2991b154a16ef4d5ae9c29ad39c#diff-b261c6eac3108c3e6e734054c28a78f59d3439ab72fe8582dadf87670a0d15a4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-94pf-92hw-2hjc",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-20610",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
}
]
}

93
CVE-2023/CVE-2023-364xx/CVE-2023-36470.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36470",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-29T21:15:09.843",
"lastModified": "2023-06-29T23:57:54.363",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-10T14:03:50.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,26 +66,85 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "14.10.6",
"matchCriteriaId": "2F623A8C-A945-45DD-8530-332BF6950A94"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "99329652-2907-4903-AAB1-1038F225C020"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "88E41345-F81E-401A-BD67-66AF4B3925D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.1:-:*:*:*:*:*:*",
"matchCriteriaId": "5D121BDB-D7C5-4B79-A904-3C4A76F38E6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "67322CAC-1F17-4453-BC7F-4262E436E307"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/commit/46b542854978e9caa687a5c2b8817b8b17877d94",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/79418dd92ca11941b46987ef881bf50424898ff4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fm68-j7ww-h9xf",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-20524",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
}
]
}

95
CVE-2023/CVE-2023-364xx/CVE-2023-36471.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36471",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-29T20:15:10.003",
"lastModified": "2023-06-29T23:57:54.363",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-10T14:02:32.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,18 +76,71 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:commons:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.6",
"versionEndExcluding": "14.10.6",
"matchCriteriaId": "28D2C022-6760-4865-B087-19EB62B226A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:commons:15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B5E0E97B-07B7-43D5-BF0B-A20F41AB1B5B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:commons:15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3686A321-60C2-4BCE-8D0B-32F56D1D2C63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:commons:15.1:-:*:*:*:*:*:*",
"matchCriteriaId": "0E3494D6-09D1-426B-BC58-5B11F2371645"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:commons:15.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C4FFC387-3B28-4875-819C-B0847083CD55"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki/xwiki-commons/commit/99484d48e899a68a1b6e33d457825b776c6fe8c3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-6pqf-c99p-758v",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
]
},
{
"url": "https://jira.xwiki.org/browse/XCOMMONS-2634",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
}
]
}

263
CVE-2023/CVE-2023-365xx/CVE-2023-36539.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-36539",
"sourceIdentifier": "security@zoom.us",
"published": "2023-06-30T03:15:09.747",
"lastModified": "2023-06-30T12:59:54.343",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-10T13:29:00.263",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nExposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.\n\n"
},
{
"lang": "es",
"value": "La exposici\u00f3n de informaci\u00f3n destinada a ser cifrada por algunos clientes Zoom puede dar lugar a la divulgaci\u00f3n de informaci\u00f3n sensible."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security@zoom.us",
"type": "Secondary",
@ -34,10 +58,243 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-326"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:5.15.0:*:*:*:*:android:*:*",
"matchCriteriaId": "B19B33AC-0C62-48B8-974F-EBB94700432E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:5.15.0:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "64EC33E5-F6E4-4845-B181-52DEC0E707BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:5.15.0:*:*:*:*:macos:*:*",
"matchCriteriaId": "F566F4A2-7A6F-4ECC-BD73-1F63AE4030B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:5.15.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "E3E84645-EF69-4A61-B946-5DEEDD27A85E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:rooms:5.15.0:*:*:*:*:ipad_os:*:*",
"matchCriteriaId": "1735FAF3-E7B4-4615-92AD-5BA3399F6D55"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:rooms:5.15.0:*:*:*:*:macos:*:*",
"matchCriteriaId": "2FFA4C37-4EFB-42F5-98BE-811F413113F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:rooms:5.15.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "ABB880FF-8853-45AE-818A-23CECB48E030"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84A39B46-A23B-4194-BDBF-16C337ADD1D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:android:*:*",
"matchCriteriaId": "A47C1AC4-3092-41BE-8BB3-BABCD2ADC350"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "F6FC3EA3-DAD3-4D9E-8EF3-5CAC1A54EE45"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "502FC5A5-08CE-464F-A39E-FB16476F7B02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:macos:*:*",
"matchCriteriaId": "8AB43228-B469-46D9-BE1E-F7BCCC777F34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "36AA507D-1B5D-42A3-A0BD-0D5FAA6AE3AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:5.15.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "E7777FBA-8B77-430F-8B64-AFB14E517179"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zoom:poly_ccx_700_firmware:5.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EEC1BF64-379E-4623-9F5F-EC37D9AE8928"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zoom:poly_ccx_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27D5E538-97CB-4F05-B8FC-AC6497425E78"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zoom:poly_ccx_600_firmware:5.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E12A046-159E-4E45-954F-57A0C43938F4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zoom:poly_ccx_600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A85D6BC1-E736-487F-8C02-C54B49F7C8B2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zoom:yealink_vp59_firmware:5.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE053959-5DE3-4954-8FD5-7D15FA77BC77"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zoom:yealink_vp59:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C661E9DF-1D17-408A-95D9-DE5D941EC93B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zoom:yealink_mp54_firmware:5.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A33909C-EB63-4234-A2B5-6F6D39EB8ACB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zoom:yealink_mp54:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F942425-D356-47BA-95A6-61E1FD5029F4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zoom:yealink_mp56_firmware:5.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "31C96F0F-E282-427B-92C7-225252952F3E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zoom:yealink_mp56:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5097727-AE57-436F-B7EF-E93BD96B2E23"
}
]
}
]
}
],
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
]
}
]
}

106
CVE-2023/CVE-2023-369xx/CVE-2023-36934.json
View File

@ -2,23 +2,119 @@
"id": "CVE-2023-36934",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-05T16:15:09.793",
"lastModified": "2023-07-05T16:25:41.353",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-10T13:49:29.260",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.11",
"matchCriteriaId": "76A63B2D-2869-403B-9D84-36CFA25695EA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0.0",
"versionEndExcluding": "13.0.9",
"matchCriteriaId": "00D12F3B-6B4C-4345-9C5B-C6B8AC4B5663"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.1.0",
"versionEndExcluding": "13.1.7",
"matchCriteriaId": "2262AEC2-85FB-4964-B6F5-7B3E61CF88FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0.0",
"versionEndExcluding": "14.0.7",
"matchCriteriaId": "8606528F-0884-43BE-9CE2-AB1E8FA68819"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.1.0",
"versionEndExcluding": "14.1.8",
"matchCriteriaId": "4E7A0668-64EF-46D0-B556-A734DFD4D81B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0.0",
"versionEndExcluding": "15.0.4",
"matchCriteriaId": "ED0819C8-6309-4221-9D5F-32098F6314F3"
}
]
}
]
}
],
"references": [
{
"url": "https://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Third Party Advisory"
]
},
{
"url": "https://www.progress.com/moveit",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

69
CVE-2023/CVE-2023-369xx/CVE-2023-36968.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-36968",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-06T14:15:10.750",
"lastModified": "2023-07-06T14:27:16.667",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-10T14:05:33.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection vulnerability detected in Food Ordering System v1.0 allows attackers to run commands on the database by sending crafted SQL queries to the ID parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:food_ordering_system_project:food_ordering_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4677C1-6FF5-4B2F-A407-DFDE34F458EA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/haxxorsid/food-ordering-system",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://okankurtulus.com.tr/2023/06/21/food-ordering-system-v1-0-authenticated-sql-injection/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-372xx/CVE-2023-37288.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-37288",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-07-10T02:15:45.607",
"lastModified": "2023-07-10T02:15:45.607",
"lastModified": "2023-07-10T07:15:08.733",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes."
"value": "SmartBPM.NET component has a vulnerability of path traversal within its file download function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files."
}
],
"metrics": {

48
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-07-10T06:00:36.316829+00:00
2023-07-10T16:00:28.490233+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-07-10T02:32:11.797000+00:00
2023-07-10T15:55:23.607000+00:00
```
### Last Data Feed Release
@ -34,30 +34,38 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `0`
* [CVE-2023-37286](CVE-2023/CVE-2023-372xx/CVE-2023-37286.json) (`2023-07-10T02:15:45.237`)
* [CVE-2023-37287](CVE-2023/CVE-2023-372xx/CVE-2023-37287.json) (`2023-07-10T02:15:45.543`)
* [CVE-2023-37288](CVE-2023/CVE-2023-372xx/CVE-2023-37288.json) (`2023-07-10T02:15:45.607`)
### CVEs modified in the last Commit
Recently modified CVEs: `13`
Recently modified CVEs: `24`
* [CVE-2023-20760](CVE-2023/CVE-2023-207xx/CVE-2023-20760.json) (`2023-07-10T02:24:34.707`)
* [CVE-2023-20759](CVE-2023/CVE-2023-207xx/CVE-2023-20759.json) (`2023-07-10T02:24:49.917`)
* [CVE-2023-20758](CVE-2023/CVE-2023-207xx/CVE-2023-20758.json) (`2023-07-10T02:25:02.297`)
* [CVE-2023-20757](CVE-2023/CVE-2023-207xx/CVE-2023-20757.json) (`2023-07-10T02:25:11.430`)
* [CVE-2023-20768](CVE-2023/CVE-2023-207xx/CVE-2023-20768.json) (`2023-07-10T02:25:56.200`)
* [CVE-2023-20767](CVE-2023/CVE-2023-207xx/CVE-2023-20767.json) (`2023-07-10T02:26:12.273`)
* [CVE-2023-20766](CVE-2023/CVE-2023-207xx/CVE-2023-20766.json) (`2023-07-10T02:29:15.053`)
* [CVE-2023-20761](CVE-2023/CVE-2023-207xx/CVE-2023-20761.json) (`2023-07-10T02:29:23.667`)
* [CVE-2023-20775](CVE-2023/CVE-2023-207xx/CVE-2023-20775.json) (`2023-07-10T02:30:23.110`)
* [CVE-2023-20774](CVE-2023/CVE-2023-207xx/CVE-2023-20774.json) (`2023-07-10T02:31:05.343`)
* [CVE-2023-20773](CVE-2023/CVE-2023-207xx/CVE-2023-20773.json) (`2023-07-10T02:31:28.903`)
* [CVE-2023-20772](CVE-2023/CVE-2023-207xx/CVE-2023-20772.json) (`2023-07-10T02:31:43.217`)
* [CVE-2023-20771](CVE-2023/CVE-2023-207xx/CVE-2023-20771.json) (`2023-07-10T02:32:11.797`)
* [CVE-2023-37288](CVE-2023/CVE-2023-372xx/CVE-2023-37288.json) (`2023-07-10T07:15:08.733`)
* [CVE-2023-34736](CVE-2023/CVE-2023-347xx/CVE-2023-34736.json) (`2023-07-10T12:49:07.747`)
* [CVE-2023-35938](CVE-2023/CVE-2023-359xx/CVE-2023-35938.json) (`2023-07-10T13:26:11.097`)
* [CVE-2023-36291](CVE-2023/CVE-2023-362xx/CVE-2023-36291.json) (`2023-07-10T13:28:09.077`)
* [CVE-2023-36539](CVE-2023/CVE-2023-365xx/CVE-2023-36539.json) (`2023-07-10T13:29:00.263`)
* [CVE-2023-36934](CVE-2023/CVE-2023-369xx/CVE-2023-36934.json) (`2023-07-10T13:49:29.260`)
* [CVE-2023-34654](CVE-2023/CVE-2023-346xx/CVE-2023-34654.json) (`2023-07-10T13:59:13.440`)
* [CVE-2023-3521](CVE-2023/CVE-2023-35xx/CVE-2023-3521.json) (`2023-07-10T14:01:36.510`)
* [CVE-2023-30586](CVE-2023/CVE-2023-305xx/CVE-2023-30586.json) (`2023-07-10T14:01:51.887`)
* [CVE-2023-36471](CVE-2023/CVE-2023-364xx/CVE-2023-36471.json) (`2023-07-10T14:02:32.227`)
* [CVE-2023-36468](CVE-2023/CVE-2023-364xx/CVE-2023-36468.json) (`2023-07-10T14:02:57.473`)
* [CVE-2023-36469](CVE-2023/CVE-2023-364xx/CVE-2023-36469.json) (`2023-07-10T14:03:26.597`)
* [CVE-2023-36470](CVE-2023/CVE-2023-364xx/CVE-2023-36470.json) (`2023-07-10T14:03:50.947`)
* [CVE-2023-36968](CVE-2023/CVE-2023-369xx/CVE-2023-36968.json) (`2023-07-10T14:05:33.737`)
* [CVE-2023-29147](CVE-2023/CVE-2023-291xx/CVE-2023-29147.json) (`2023-07-10T14:06:20.730`)
* [CVE-2023-35947](CVE-2023/CVE-2023-359xx/CVE-2023-35947.json) (`2023-07-10T14:13:21.220`)
* [CVE-2023-22306](CVE-2023/CVE-2023-223xx/CVE-2023-22306.json) (`2023-07-10T14:14:31.730`)
* [CVE-2023-36183](CVE-2023/CVE-2023-361xx/CVE-2023-36183.json) (`2023-07-10T14:23:07.587`)
* [CVE-2023-22299](CVE-2023/CVE-2023-222xx/CVE-2023-22299.json) (`2023-07-10T14:27:09.983`)
* [CVE-2023-36144](CVE-2023/CVE-2023-361xx/CVE-2023-36144.json) (`2023-07-10T14:28:07.137`)
* [CVE-2023-22814](CVE-2023/CVE-2023-228xx/CVE-2023-22814.json) (`2023-07-10T15:25:29.167`)
* [CVE-2023-3449](CVE-2023/CVE-2023-34xx/CVE-2023-3449.json) (`2023-07-10T15:49:23.037`)
* [CVE-2023-33570](CVE-2023/CVE-2023-335xx/CVE-2023-33570.json) (`2023-07-10T15:53:05.990`)
* [CVE-2023-28323](CVE-2023/CVE-2023-283xx/CVE-2023-28323.json) (`2023-07-10T15:55:23.607`)
## Download and Usage