admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-07-10T16:00:28.490233+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-07-10 16:00:32 +00:00
parent 71e793bb25
commit 3ea622e771
25 changed files with 1859 additions and 130 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
CVE-2023/CVE-2023-222xx/CVE-2023-22299.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22299", "id": "CVE-2023-22299",
"sourceIdentifier": "talos-cna@cisco.com", "sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:10.713", "published": "2023-07-06T15:15:10.713",
"lastModified": "2023-07-06T18:15:10.687", "lastModified": "2023-07-10T14:27:09.983",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{ {
"source": "talos-cna@cisco.com", "source": "talos-cna@cisco.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +66,43 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:milesight:ur32l_firmware:32.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CF5F2502-0C97-4AC3-BD0A-45065C64F99B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:milesight:ur32l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "224B5936-7A7A-48E7-B0F3-754B74E4BF2D"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1712", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1712",
"source": "talos-cna@cisco.com" "source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

59
CVE-2023/CVE-2023-223xx/CVE-2023-22306.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22306", "id": "CVE-2023-22306",
"sourceIdentifier": "talos-cna@cisco.com", "sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-06T15:15:10.823", "published": "2023-07-06T15:15:10.823",
"lastModified": "2023-07-06T15:16:38.363", "lastModified": "2023-07-10T14:14:31.730",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{ {
"source": "talos-cna@cisco.com", "source": "talos-cna@cisco.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +66,43 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:milesight:ur32l_firmware:32.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CF5F2502-0C97-4AC3-BD0A-45065C64F99B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:milesight:ur32l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "224B5936-7A7A-48E7-B0F3-754B74E4BF2D"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1698", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1698",
"source": "talos-cna@cisco.com" "source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

115
CVE-2023/CVE-2023-228xx/CVE-2023-22814.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22814", "id": "CVE-2023-22814",
"sourceIdentifier": "psirt@wdc.com", "sourceIdentifier": "psirt@wdc.com",
"published": "2023-07-01T00:15:09.970", "published": "2023-07-01T00:15:09.970",
"lastModified": "2023-07-03T01:10:10.103", "lastModified": "2023-07-10T15:25:29.167",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{ {
"source": "psirt@wdc.com", "source": "psirt@wdc.com",
"type": "Secondary", "type": "Secondary",
@ -35,6 +55,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-290"
}
]
},
{ {
"source": "psirt@wdc.com", "source": "psirt@wdc.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +76,89 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:my_cloud_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.02.104",
"versionEndExcluding": "5.26.202",
"matchCriteriaId": "6CE3AF08-E7E6-4B65-B9E5-1BBF4B7A75DE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A9EE86B-05EE-4F2E-A912-624DDCF9C41B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E783EBC-7608-4527-B1AD-9B4E7A7A108C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3034F4A-239C-4E38-9BD6-217361A7C519"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A581EBA-A1F2-4ABC-8183-29973A46FA43"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABBBDC1E-2320-4767-B669-1BB2FFB1E1C4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B78030F0-6655-4604-9D16-2FA1F3FD52FF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_mirror_g2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE090BC-C847-4DF7-9C5F-52A300845558"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF58260B-2131-402C-A9DA-67B188136DE1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB0C2FD9-4792-4DA2-9698-E53109A499EC"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:wd_cloud:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDE0337-4329-4CE3-9B0B-61BE8361E910"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.westerndigital.com/support/product-security/wdc-23006-my-cloud-firmware-version-5-26-202", "url": "https://www.westerndigital.com/support/product-security/wdc-23006-my-cloud-firmware-version-5-26-202",
"source": "psirt@wdc.com" "source": "psirt@wdc.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

84
CVE-2023/CVE-2023-283xx/CVE-2023-28323.json
View File

@ -2,19 +2,95 @@
"id": "CVE-2023-28323", "id": "CVE-2023-28323",
"sourceIdentifier": "support@hackerone.com", "sourceIdentifier": "support@hackerone.com",
"published": "2023-07-01T00:15:10.057", "published": "2023-07-01T00:15:10.057",
"lastModified": "2023-07-03T01:10:10.103", "lastModified": "2023-07-10T15:55:23.607",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate privileges on the machine or be used as a stepping stone to get to other network attached machines.\r\n" "value": "A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate privileges on the machine or be used as a stepping stone to get to other network attached machines.\r\n"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2022",
"matchCriteriaId": "B1F6549B-CF5D-4607-B67D-5489905A1705"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:-:*:*:*:*:*:*",
"matchCriteriaId": "46580865-5177-4E55-BDAC-73DA4B472B35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su1:*:*:*:*:*:*",
"matchCriteriaId": "E57E12B5-B789-450C-9476-6C4C151E6993"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su2:*:*:*:*:*:*",
"matchCriteriaId": "E47C65B3-56DD-4D65-8B4B-6AFFE28E94F2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su3:*:*:*:*:*:*",
"matchCriteriaId": "10D6EAB7-B14B-45E9-92B9-4FADFBBB08AF"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://forums.ivanti.com/s/article/SA-2023-06-20-CVE-2023-28323", "url": "https://forums.ivanti.com/s/article/SA-2023-06-20-CVE-2023-28323",
"source": "support@hackerone.com" "source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

75
CVE-2023/CVE-2023-291xx/CVE-2023-29147.json
View File

@ -2,23 +2,88 @@
"id": "CVE-2023-29147", "id": "CVE-2023-29147",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-30T21:15:08.920", "published": "2023-06-30T21:15:08.920",
"lastModified": "2023-07-03T01:10:10.103", "lastModified": "2023-07-10T14:06:20.730",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier." "value": "In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:malwarebytes:endpoint_detection_and_response:*:*:*:*:*:linux:*:*",
"versionEndIncluding": "1.0.11",
"matchCriteriaId": "7D95175C-B13B-4220-B3D0-9D22AD788F38"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:malwarebytes:malwarebytes:*:*:*:*:*:linux:*:*",
"versionEndIncluding": "1.0.14",
"matchCriteriaId": "8D500260-1522-4A4F-A561-DADBCF11C1D5"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://malwarebytes.com", "url": "https://malwarebytes.com",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
}, },
{ {
"url": "https://www.malwarebytes.com/secure/cves/cve-2023-29147", "url": "https://www.malwarebytes.com/secure/cves/cve-2023-29147",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

63
CVE-2023/CVE-2023-305xx/CVE-2023-30586.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-30586", "id": "CVE-2023-30586",
"sourceIdentifier": "support@hackerone.com", "sourceIdentifier": "support@hackerone.com",
"published": "2023-07-01T00:15:10.247", "published": "2023-07-01T00:15:10.247",
"lastModified": "2023-07-03T01:10:10.103", "lastModified": "2023-07-10T14:01:51.887",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine() API can be used to bypass the permission model when called with a compatible OpenSSL engine. The OpenSSL engine can, for example, disable the permission model in the host process by manipulating the process's stack memory to locate the permission model Permission::enabled_ in the host process's heap memory. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js." "value": "A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine() API can be used to bypass the permission model when called with a compatible OpenSSL engine. The OpenSSL engine can, for example, disable the permission model in the host process by manipulating the process's stack memory to locate the permission model Permission::enabled_ in the host process's heap memory. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nodejs:node.js:20.0.0:*:*:*:-:*:*:*",
"matchCriteriaId": "8BF2BBF6-205F-4F40-80E6-A65964E6BA0E"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://hackerone.com/reports/1954535", "url": "https://hackerone.com/reports/1954535",
"source": "support@hackerone.com" "source": "support@hackerone.com",
"tags": [
"Issue Tracking"
]
} }
] ]
} }

63
CVE-2023/CVE-2023-335xx/CVE-2023-33570.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-33570", "id": "CVE-2023-33570",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-28T20:15:09.540", "published": "2023-06-28T20:15:09.540",
"lastModified": "2023-06-29T15:35:43.220", "lastModified": "2023-07-10T15:53:05.990",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI)." "value": "Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI)."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webkul:bagisto:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "10E1B58E-9A7F-41BA-965C-552477A0A10A"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://siltonrenato02.medium.com/a-brief-summary-about-a-ssti-to-rce-in-bagisto-e900ac450490", "url": "https://siltonrenato02.medium.com/a-brief-summary-about-a-ssti-to-rce-in-bagisto-e900ac450490",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit"
]
} }
] ]
} }

72
CVE-2023/CVE-2023-346xx/CVE-2023-34654.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2023-34654", "id": "CVE-2023-34654",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-07-05T20:15:10.427", "published": "2023-07-05T20:15:10.427",
"lastModified": "2023-07-05T20:31:30.957", "lastModified": "2023-07-10T13:59:13.440",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS)." "value": "taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS)."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:taogogo:taocms:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.0.2",
"matchCriteriaId": "41AC2F72-2DB5-4ECF-94D4-B7BDBAC68CE5"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://gist.github.com/ae6e361b/b7f162eba1a91df3ad9dc71ec9935960", "url": "https://gist.github.com/ae6e361b/b7f162eba1a91df3ad9dc71ec9935960",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/ae6e361b/taocms-XSS", "url": "https://github.com/ae6e361b/taocms-XSS",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Product",
"Third Party Advisory"
]
} }
] ]
} }

64
CVE-2023/CVE-2023-347xx/CVE-2023-34736.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34736", "id": "CVE-2023-34736",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-28T22:15:09.450", "published": "2023-06-28T22:15:09.450",
"lastModified": "2023-06-29T15:35:43.220", "lastModified": "2023-07-10T12:49:07.747",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -14,11 +14,67 @@
"value": "Guantang Equipment Management System versi\u00f3n 4.12 es vulnerable a la subida arbitraria de archivos. " "value": "Guantang Equipment Management System versi\u00f3n 4.12 es vulnerable a la subida arbitraria de archivos. "
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:guantang_equipment_management_system_project:guantang_equipment_management_system:4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9E287782-E4D2-464F-BB56-ED71C4290BE6"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/prismbreak/vulnerabilities/issues/5", "url": "https://github.com/prismbreak/vulnerabilities/issues/5",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
} }
] ]
} }

63
CVE-2023/CVE-2023-34xx/CVE-2023-3449.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3449", "id": "CVE-2023-3449",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-28T18:15:16.607", "published": "2023-06-28T18:15:16.607",
"lastModified": "2023-06-28T19:27:43.520", "lastModified": "2023-07-10T15:49:23.037",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -11,6 +11,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
@ -71,18 +93,49 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibos:ibos:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F678D76-48AA-4940-833F-5567D196DB7D"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/MinimoAgoni/cve/blob/main/iboa%20oa.md", "url": "https://github.com/MinimoAgoni/cve/blob/main/iboa%20oa.md",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.232546", "url": "https://vuldb.com/?ctiid.232546",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?id.232546", "url": "https://vuldb.com/?id.232546",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
} }
] ]
} }

70
CVE-2023/CVE-2023-359xx/CVE-2023-35938.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35938", "id": "CVE-2023-35938",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-29T20:15:09.923", "published": "2023-06-29T20:15:09.923",
"lastModified": "2023-06-29T23:57:54.363", "lastModified": "2023-07-10T13:26:11.097",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -46,22 +66,60 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enalean:tuleap:*:*:*:*:community:*:*:*",
"versionEndExcluding": "14.9.99.63",
"matchCriteriaId": "37FD2AC0-3BFA-4755-8696-D2E36ECABC51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "14.10-1",
"matchCriteriaId": "20547F0A-68CB-46A2-A86E-C74C95E3E953"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/Enalean/tuleap/commit/a108186e7538676c4bf6e615f793f3b787a09b91", "url": "https://github.com/Enalean/tuleap/commit/a108186e7538676c4bf6e615f793f3b787a09b91",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-rq42-cv6q-3m9q", "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-rq42-cv6q-3m9q",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}, },
{ {
"url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=a108186e7538676c4bf6e615f793f3b787a09b91", "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=a108186e7538676c4bf6e615f793f3b787a09b91",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://tuleap.net/plugins/tracker/?aid=32278", "url": "https://tuleap.net/plugins/tracker/?aid=32278",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
} }
] ]
} }

64
CVE-2023/CVE-2023-359xx/CVE-2023-35947.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35947", "id": "CVE-2023-35947",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-30T21:15:09.147", "published": "2023-06-30T21:15:09.147",
"lastModified": "2023-07-03T01:10:10.103", "lastModified": "2023-07-10T14:13:21.220",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -46,18 +66,52 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.6.2",
"matchCriteriaId": "625A3013-4C8A-46A0-9559-A01BDB4C23CB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0",
"versionEndExcluding": "8.2",
"matchCriteriaId": "AFC239C5-E6F3-4AF6-A7CE-ACCCA46F5080"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/gradle/gradle/commit/1096b309520a8c315e3b6109a6526de4eabcb879", "url": "https://github.com/gradle/gradle/commit/1096b309520a8c315e3b6109a6526de4eabcb879",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/gradle/gradle/commit/2e5c34d57d0c0b7f0e8b039a192b91e5c8249d91", "url": "https://github.com/gradle/gradle/commit/2e5c34d57d0c0b7f0e8b039a192b91e5c8249d91",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/gradle/gradle/security/advisories/GHSA-84mw-qh6q-v842", "url": "https://github.com/gradle/gradle/security/advisories/GHSA-84mw-qh6q-v842",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

56
CVE-2023/CVE-2023-35xx/CVE-2023-3521.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3521", "id": "CVE-2023-3521",
"sourceIdentifier": "security@huntr.dev", "sourceIdentifier": "security@huntr.dev",
"published": "2023-07-06T02:15:09.510", "published": "2023-07-06T02:15:09.510",
"lastModified": "2023-07-06T11:55:38.310", "lastModified": "2023-07-10T14:01:36.510",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -11,6 +11,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "security@huntr.dev", "source": "security@huntr.dev",
@ -46,14 +68,40 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.5.4",
"matchCriteriaId": "FD927918-5473-4C93-876B-CD900A091403"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/fossbilling/fossbilling/commit/5eb516d4ebcb764db1b2edf9c8d0539e76ebde52", "url": "https://github.com/fossbilling/fossbilling/commit/5eb516d4ebcb764db1b2edf9c8d0539e76ebde52",
"source": "security@huntr.dev" "source": "security@huntr.dev",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://huntr.dev/bounties/76a3441d-7f75-4a8d-a7a0-95a7f5456eb0", "url": "https://huntr.dev/bounties/76a3441d-7f75-4a8d-a7a0-95a7f5456eb0",
"source": "security@huntr.dev" "source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
} }
] ]
} }

80
CVE-2023/CVE-2023-361xx/CVE-2023-36144.json
View File

@ -2,23 +2,93 @@
"id": "CVE-2023-36144", "id": "CVE-2023-36144",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-30T23:15:10.223", "published": "2023-06-30T23:15:10.223",
"lastModified": "2023-07-03T01:10:10.103", "lastModified": "2023-07-10T14:28:07.137",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration." "value": "An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intelbras:sg_2404_mr_firmware:1.00.54:*:*:*:*:*:*:*",
"matchCriteriaId": "14756311-AB06-4EC0-B73E-C68F9E5DF2B5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intelbras:sg_2404_mr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3EDC560-366C-46A2-AE4A-34FB9C7A5FE1"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://intelbras.com", "url": "http://intelbras.com",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
}, },
{ {
"url": "https://github.com/leonardobg/CVE-2023-36144", "url": "https://github.com/leonardobg/CVE-2023-36144",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit"
]
} }
] ]
} }

66
CVE-2023/CVE-2023-361xx/CVE-2023-36183.json
View File

@ -2,19 +2,77 @@
"id": "CVE-2023-36183", "id": "CVE-2023-36183",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-07-03T21:15:09.663", "published": "2023-07-03T21:15:09.663",
"lastModified": "2023-07-05T13:00:47.037", "lastModified": "2023-07-10T14:23:07.587",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before allows a remote to execute arbitrary code and obtain sensitive information via a crafted file to the readimg function." "value": "Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before allows a remote to execute arbitrary code and obtain sensitive information via a crafted file to the readimg function."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openimageio:openimageio:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.4.12.0",
"matchCriteriaId": "EA4D909F-30A5-434F-82EC-A0106990F50B"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/OpenImageIO/oiio/issues/3871", "url": "https://github.com/OpenImageIO/oiio/issues/3871",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
} }
] ]
} }

64
CVE-2023/CVE-2023-362xx/CVE-2023-36291.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-36291", "id": "CVE-2023-36291",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-07-03T21:15:09.883", "published": "2023-07-03T21:15:09.883",
"lastModified": "2023-07-05T13:00:47.037", "lastModified": "2023-07-10T13:28:09.077",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Cross Site Scripting vulnerability in Maxsite CMS v.108.7 allows a remote attacker to execute arbitrary code via the f_content parameter in the admin/page_new file." "value": "Cross Site Scripting vulnerability in Maxsite CMS v.108.7 allows a remote attacker to execute arbitrary code via the f_content parameter in the admin/page_new file."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:maxsite:maxsite_cms:108.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E10ADD5B-D7C6-47E1-8BA0-39C385259F8A"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/maxsite/cms/issues/500", "url": "https://github.com/maxsite/cms/issues/500",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
} }
] ]
} }

101
CVE-2023/CVE-2023-364xx/CVE-2023-36468.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36468", "id": "CVE-2023-36468",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-29T21:15:09.703", "published": "2023-06-29T21:15:09.703",
"lastModified": "2023-06-29T23:57:54.363", "lastModified": "2023-07-10T14:02:57.473",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -36,7 +56,7 @@
}, },
"weaknesses": [ "weaknesses": [
{ {
"source": "security-advisories@github.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"description": [ "description": [
{ {
@ -44,24 +64,91 @@
"value": "CWE-459" "value": "CWE-459"
} }
] ]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-459"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0",
"versionEndExcluding": "14.10.7",
"matchCriteriaId": "B8D99155-5444-4CA2-A1C1-0CF39D27B41C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "99329652-2907-4903-AAB1-1038F225C020"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "88E41345-F81E-401A-BD67-66AF4B3925D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.1:-:*:*:*:*:*:*",
"matchCriteriaId": "5D121BDB-D7C5-4B79-A904-3C4A76F38E6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "67322CAC-1F17-4453-BC7F-4262E436E307"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/15a6f845d8206b0ae97f37aa092ca43d4f9d6e59", "url": "https://github.com/xwiki/xwiki-platform/commit/15a6f845d8206b0ae97f37aa092ca43d4f9d6e59",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2g5c-228j-p52x", "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2g5c-228j-p52x",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8q9q-r9v2-644m", "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8q9q-r9v2-644m",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
]
}, },
{ {
"url": "https://jira.xwiki.org/browse/XWIKI-20594", "url": "https://jira.xwiki.org/browse/XWIKI-20594",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

93
CVE-2023/CVE-2023-364xx/CVE-2023-36469.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36469", "id": "CVE-2023-36469",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-29T21:15:09.773", "published": "2023-06-29T21:15:09.773",
"lastModified": "2023-06-29T23:57:54.363", "lastModified": "2023-07-10T14:03:26.597",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -46,26 +66,85 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.6",
"versionEndExcluding": "14.10.6",
"matchCriteriaId": "877A02C7-D633-47CD-B004-2D038628C86C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "99329652-2907-4903-AAB1-1038F225C020"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "88E41345-F81E-401A-BD67-66AF4B3925D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.1:-:*:*:*:*:*:*",
"matchCriteriaId": "5D121BDB-D7C5-4B79-A904-3C4A76F38E6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "67322CAC-1F17-4453-BC7F-4262E436E307"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/217e5bb7a657f2991b154a16ef4d5ae9c29ad39c", "url": "https://github.com/xwiki/xwiki-platform/commit/217e5bb7a657f2991b154a16ef4d5ae9c29ad39c",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/217e5bb7a657f2991b154a16ef4d5ae9c29ad39c#diff-7221a548809fa2ba34348556f4b5bd436463c559ebdf691197932ee7ce4478ca", "url": "https://github.com/xwiki/xwiki-platform/commit/217e5bb7a657f2991b154a16ef4d5ae9c29ad39c#diff-7221a548809fa2ba34348556f4b5bd436463c559ebdf691197932ee7ce4478ca",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/217e5bb7a657f2991b154a16ef4d5ae9c29ad39c#diff-b261c6eac3108c3e6e734054c28a78f59d3439ab72fe8582dadf87670a0d15a4", "url": "https://github.com/xwiki/xwiki-platform/commit/217e5bb7a657f2991b154a16ef4d5ae9c29ad39c#diff-b261c6eac3108c3e6e734054c28a78f59d3439ab72fe8582dadf87670a0d15a4",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-94pf-92hw-2hjc", "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-94pf-92hw-2hjc",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
]
}, },
{ {
"url": "https://jira.xwiki.org/browse/XWIKI-20610", "url": "https://jira.xwiki.org/browse/XWIKI-20610",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

93
CVE-2023/CVE-2023-364xx/CVE-2023-36470.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36470", "id": "CVE-2023-36470",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-29T21:15:09.843", "published": "2023-06-29T21:15:09.843",
"lastModified": "2023-06-29T23:57:54.363", "lastModified": "2023-07-10T14:03:50.947",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -46,26 +66,85 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "14.10.6",
"matchCriteriaId": "2F623A8C-A945-45DD-8530-332BF6950A94"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "99329652-2907-4903-AAB1-1038F225C020"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "88E41345-F81E-401A-BD67-66AF4B3925D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.1:-:*:*:*:*:*:*",
"matchCriteriaId": "5D121BDB-D7C5-4B79-A904-3C4A76F38E6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:15.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "67322CAC-1F17-4453-BC7F-4262E436E307"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/46b542854978e9caa687a5c2b8817b8b17877d94", "url": "https://github.com/xwiki/xwiki-platform/commit/46b542854978e9caa687a5c2b8817b8b17877d94",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/79418dd92ca11941b46987ef881bf50424898ff4", "url": "https://github.com/xwiki/xwiki-platform/commit/79418dd92ca11941b46987ef881bf50424898ff4",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7", "url": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fm68-j7ww-h9xf", "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fm68-j7ww-h9xf",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
]
}, },
{ {
"url": "https://jira.xwiki.org/browse/XWIKI-20524", "url": "https://jira.xwiki.org/browse/XWIKI-20524",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

95
CVE-2023/CVE-2023-364xx/CVE-2023-36471.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36471", "id": "CVE-2023-36471",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-29T20:15:10.003", "published": "2023-06-29T20:15:10.003",
"lastModified": "2023-06-29T23:57:54.363", "lastModified": "2023-07-10T14:02:32.227",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -36,8 +56,18 @@
}, },
"weaknesses": [ "weaknesses": [
{ {
"source": "security-advisories@github.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -46,18 +76,71 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:commons:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.6",
"versionEndExcluding": "14.10.6",
"matchCriteriaId": "28D2C022-6760-4865-B087-19EB62B226A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:commons:15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B5E0E97B-07B7-43D5-BF0B-A20F41AB1B5B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:commons:15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3686A321-60C2-4BCE-8D0B-32F56D1D2C63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:commons:15.1:-:*:*:*:*:*:*",
"matchCriteriaId": "0E3494D6-09D1-426B-BC58-5B11F2371645"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:commons:15.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C4FFC387-3B28-4875-819C-B0847083CD55"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/xwiki/xwiki-commons/commit/99484d48e899a68a1b6e33d457825b776c6fe8c3", "url": "https://github.com/xwiki/xwiki-commons/commit/99484d48e899a68a1b6e33d457825b776c6fe8c3",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-6pqf-c99p-758v", "url": "https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-6pqf-c99p-758v",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
]
}, },
{ {
"url": "https://jira.xwiki.org/browse/XCOMMONS-2634", "url": "https://jira.xwiki.org/browse/XCOMMONS-2634",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

263
CVE-2023/CVE-2023-365xx/CVE-2023-36539.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-36539", "id": "CVE-2023-36539",
"sourceIdentifier": "security@zoom.us", "sourceIdentifier": "security@zoom.us",
"published": "2023-06-30T03:15:09.747", "published": "2023-06-30T03:15:09.747",
"lastModified": "2023-06-30T12:59:54.343", "lastModified": "2023-07-10T13:29:00.263",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "\nExposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.\n\n" "value": "\nExposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.\n\n"
},
{
"lang": "es",
"value": "La exposici\u00f3n de informaci\u00f3n destinada a ser cifrada por algunos clientes Zoom puede dar lugar a la divulgaci\u00f3n de informaci\u00f3n sensible."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{ {
"source": "security@zoom.us", "source": "security@zoom.us",
"type": "Secondary", "type": "Secondary",
@ -34,10 +58,243 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-326"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:5.15.0:*:*:*:*:android:*:*",
"matchCriteriaId": "B19B33AC-0C62-48B8-974F-EBB94700432E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:5.15.0:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "64EC33E5-F6E4-4845-B181-52DEC0E707BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:5.15.0:*:*:*:*:macos:*:*",
"matchCriteriaId": "F566F4A2-7A6F-4ECC-BD73-1F63AE4030B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:5.15.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "E3E84645-EF69-4A61-B946-5DEEDD27A85E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:rooms:5.15.0:*:*:*:*:ipad_os:*:*",
"matchCriteriaId": "1735FAF3-E7B4-4615-92AD-5BA3399F6D55"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:rooms:5.15.0:*:*:*:*:macos:*:*",
"matchCriteriaId": "2FFA4C37-4EFB-42F5-98BE-811F413113F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:rooms:5.15.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "ABB880FF-8853-45AE-818A-23CECB48E030"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84A39B46-A23B-4194-BDBF-16C337ADD1D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:android:*:*",
"matchCriteriaId": "A47C1AC4-3092-41BE-8BB3-BABCD2ADC350"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "F6FC3EA3-DAD3-4D9E-8EF3-5CAC1A54EE45"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "502FC5A5-08CE-464F-A39E-FB16476F7B02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:macos:*:*",
"matchCriteriaId": "8AB43228-B469-46D9-BE1E-F7BCCC777F34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "36AA507D-1B5D-42A3-A0BD-0D5FAA6AE3AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:zoom:5.15.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "E7777FBA-8B77-430F-8B64-AFB14E517179"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zoom:poly_ccx_700_firmware:5.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EEC1BF64-379E-4623-9F5F-EC37D9AE8928"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zoom:poly_ccx_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27D5E538-97CB-4F05-B8FC-AC6497425E78"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zoom:poly_ccx_600_firmware:5.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E12A046-159E-4E45-954F-57A0C43938F4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zoom:poly_ccx_600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A85D6BC1-E736-487F-8C02-C54B49F7C8B2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zoom:yealink_vp59_firmware:5.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE053959-5DE3-4954-8FD5-7D15FA77BC77"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zoom:yealink_vp59:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C661E9DF-1D17-408A-95D9-DE5D941EC93B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zoom:yealink_mp54_firmware:5.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A33909C-EB63-4234-A2B5-6F6D39EB8ACB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zoom:yealink_mp54:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F942425-D356-47BA-95A6-61E1FD5029F4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zoom:yealink_mp56_firmware:5.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "31C96F0F-E282-427B-92C7-225252952F3E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zoom:yealink_mp56:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5097727-AE57-436F-B7EF-E93BD96B2E23"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/", "url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us" "source": "security@zoom.us",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

106
CVE-2023/CVE-2023-369xx/CVE-2023-36934.json
View File

@ -2,23 +2,119 @@
"id": "CVE-2023-36934", "id": "CVE-2023-36934",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-07-05T16:15:09.793", "published": "2023-07-05T16:15:09.793",
"lastModified": "2023-07-05T16:25:41.353", "lastModified": "2023-07-10T13:49:29.260",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content." "value": "In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.11",
"matchCriteriaId": "76A63B2D-2869-403B-9D84-36CFA25695EA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0.0",
"versionEndExcluding": "13.0.9",
"matchCriteriaId": "00D12F3B-6B4C-4345-9C5B-C6B8AC4B5663"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.1.0",
"versionEndExcluding": "13.1.7",
"matchCriteriaId": "2262AEC2-85FB-4964-B6F5-7B3E61CF88FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0.0",
"versionEndExcluding": "14.0.7",
"matchCriteriaId": "8606528F-0884-43BE-9CE2-AB1E8FA68819"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.1.0",
"versionEndExcluding": "14.1.8",
"matchCriteriaId": "4E7A0668-64EF-46D0-B556-A734DFD4D81B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0.0",
"versionEndExcluding": "15.0.4",
"matchCriteriaId": "ED0819C8-6309-4221-9D5F-32098F6314F3"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023", "url": "https://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.progress.com/moveit", "url": "https://www.progress.com/moveit",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
} }
] ]
} }

69
CVE-2023/CVE-2023-369xx/CVE-2023-36968.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-36968", "id": "CVE-2023-36968",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-07-06T14:15:10.750", "published": "2023-07-06T14:15:10.750",
"lastModified": "2023-07-06T14:27:16.667", "lastModified": "2023-07-10T14:05:33.737",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A SQL Injection vulnerability detected in Food Ordering System v1.0 allows attackers to run commands on the database by sending crafted SQL queries to the ID parameter." "value": "A SQL Injection vulnerability detected in Food Ordering System v1.0 allows attackers to run commands on the database by sending crafted SQL queries to the ID parameter."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:food_ordering_system_project:food_ordering_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4677C1-6FF5-4B2F-A407-DFDE34F458EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/haxxorsid/food-ordering-system", "url": "https://github.com/haxxorsid/food-ordering-system",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
}, },
{ {
"url": "https://okankurtulus.com.tr/2023/06/21/food-ordering-system-v1-0-authenticated-sql-injection/", "url": "https://okankurtulus.com.tr/2023/06/21/food-ordering-system-v1-0-authenticated-sql-injection/",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

4
CVE-2023/CVE-2023-372xx/CVE-2023-37288.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-37288", "id": "CVE-2023-37288",
"sourceIdentifier": "twcert@cert.org.tw", "sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-07-10T02:15:45.607", "published": "2023-07-10T02:15:45.607",
"lastModified": "2023-07-10T02:15:45.607", "lastModified": "2023-07-10T07:15:08.733",
"vulnStatus": "Received", "vulnStatus": "Received",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes." "value": "SmartBPM.NET component has a vulnerability of path traversal within its file download function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files."
} }
], ],
"metrics": { "metrics": {

48
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-07-10T06:00:36.316829+00:00 2023-07-10T16:00:28.490233+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-07-10T02:32:11.797000+00:00 2023-07-10T15:55:23.607000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -34,30 +34,38 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `3` Recently added CVEs: `0`
* [CVE-2023-37286](CVE-2023/CVE-2023-372xx/CVE-2023-37286.json) (`2023-07-10T02:15:45.237`)
* [CVE-2023-37287](CVE-2023/CVE-2023-372xx/CVE-2023-37287.json) (`2023-07-10T02:15:45.543`)
* [CVE-2023-37288](CVE-2023/CVE-2023-372xx/CVE-2023-37288.json) (`2023-07-10T02:15:45.607`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `13` Recently modified CVEs: `24`
* [CVE-2023-20760](CVE-2023/CVE-2023-207xx/CVE-2023-20760.json) (`2023-07-10T02:24:34.707`) * [CVE-2023-37288](CVE-2023/CVE-2023-372xx/CVE-2023-37288.json) (`2023-07-10T07:15:08.733`)
* [CVE-2023-20759](CVE-2023/CVE-2023-207xx/CVE-2023-20759.json) (`2023-07-10T02:24:49.917`) * [CVE-2023-34736](CVE-2023/CVE-2023-347xx/CVE-2023-34736.json) (`2023-07-10T12:49:07.747`)
* [CVE-2023-20758](CVE-2023/CVE-2023-207xx/CVE-2023-20758.json) (`2023-07-10T02:25:02.297`) * [CVE-2023-35938](CVE-2023/CVE-2023-359xx/CVE-2023-35938.json) (`2023-07-10T13:26:11.097`)
* [CVE-2023-20757](CVE-2023/CVE-2023-207xx/CVE-2023-20757.json) (`2023-07-10T02:25:11.430`) * [CVE-2023-36291](CVE-2023/CVE-2023-362xx/CVE-2023-36291.json) (`2023-07-10T13:28:09.077`)
* [CVE-2023-20768](CVE-2023/CVE-2023-207xx/CVE-2023-20768.json) (`2023-07-10T02:25:56.200`) * [CVE-2023-36539](CVE-2023/CVE-2023-365xx/CVE-2023-36539.json) (`2023-07-10T13:29:00.263`)
* [CVE-2023-20767](CVE-2023/CVE-2023-207xx/CVE-2023-20767.json) (`2023-07-10T02:26:12.273`) * [CVE-2023-36934](CVE-2023/CVE-2023-369xx/CVE-2023-36934.json) (`2023-07-10T13:49:29.260`)
* [CVE-2023-20766](CVE-2023/CVE-2023-207xx/CVE-2023-20766.json) (`2023-07-10T02:29:15.053`) * [CVE-2023-34654](CVE-2023/CVE-2023-346xx/CVE-2023-34654.json) (`2023-07-10T13:59:13.440`)
* [CVE-2023-20761](CVE-2023/CVE-2023-207xx/CVE-2023-20761.json) (`2023-07-10T02:29:23.667`) * [CVE-2023-3521](CVE-2023/CVE-2023-35xx/CVE-2023-3521.json) (`2023-07-10T14:01:36.510`)
* [CVE-2023-20775](CVE-2023/CVE-2023-207xx/CVE-2023-20775.json) (`2023-07-10T02:30:23.110`) * [CVE-2023-30586](CVE-2023/CVE-2023-305xx/CVE-2023-30586.json) (`2023-07-10T14:01:51.887`)
* [CVE-2023-20774](CVE-2023/CVE-2023-207xx/CVE-2023-20774.json) (`2023-07-10T02:31:05.343`) * [CVE-2023-36471](CVE-2023/CVE-2023-364xx/CVE-2023-36471.json) (`2023-07-10T14:02:32.227`)
* [CVE-2023-20773](CVE-2023/CVE-2023-207xx/CVE-2023-20773.json) (`2023-07-10T02:31:28.903`) * [CVE-2023-36468](CVE-2023/CVE-2023-364xx/CVE-2023-36468.json) (`2023-07-10T14:02:57.473`)
* [CVE-2023-20772](CVE-2023/CVE-2023-207xx/CVE-2023-20772.json) (`2023-07-10T02:31:43.217`) * [CVE-2023-36469](CVE-2023/CVE-2023-364xx/CVE-2023-36469.json) (`2023-07-10T14:03:26.597`)
* [CVE-2023-20771](CVE-2023/CVE-2023-207xx/CVE-2023-20771.json) (`2023-07-10T02:32:11.797`) * [CVE-2023-36470](CVE-2023/CVE-2023-364xx/CVE-2023-36470.json) (`2023-07-10T14:03:50.947`)
* [CVE-2023-36968](CVE-2023/CVE-2023-369xx/CVE-2023-36968.json) (`2023-07-10T14:05:33.737`)
* [CVE-2023-29147](CVE-2023/CVE-2023-291xx/CVE-2023-29147.json) (`2023-07-10T14:06:20.730`)
* [CVE-2023-35947](CVE-2023/CVE-2023-359xx/CVE-2023-35947.json) (`2023-07-10T14:13:21.220`)
* [CVE-2023-22306](CVE-2023/CVE-2023-223xx/CVE-2023-22306.json) (`2023-07-10T14:14:31.730`)
* [CVE-2023-36183](CVE-2023/CVE-2023-361xx/CVE-2023-36183.json) (`2023-07-10T14:23:07.587`)
* [CVE-2023-22299](CVE-2023/CVE-2023-222xx/CVE-2023-22299.json) (`2023-07-10T14:27:09.983`)
* [CVE-2023-36144](CVE-2023/CVE-2023-361xx/CVE-2023-36144.json) (`2023-07-10T14:28:07.137`)
* [CVE-2023-22814](CVE-2023/CVE-2023-228xx/CVE-2023-22814.json) (`2023-07-10T15:25:29.167`)
* [CVE-2023-3449](CVE-2023/CVE-2023-34xx/CVE-2023-3449.json) (`2023-07-10T15:49:23.037`)
* [CVE-2023-33570](CVE-2023/CVE-2023-335xx/CVE-2023-33570.json) (`2023-07-10T15:53:05.990`)
* [CVE-2023-28323](CVE-2023/CVE-2023-283xx/CVE-2023-28323.json) (`2023-07-10T15:55:23.607`)
## Download and Usage ## Download and Usage