admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-06T23:55:24.864778+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-06 23:55:28 +00:00
parent 9e175794e0
commit 3f0e4d6d84
19 changed files with 914 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
CVE-2022/CVE-2022-331xx/CVE-2022-33160.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2022-33160",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-06T22:15:11.523",
"lastModified": "2023-10-06T22:23:04.467",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228568."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-757"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228568",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7047071",
"source": "psirt@us.ibm.com"
}
]
}

4
CVE-2022/CVE-2022-343xx/CVE-2022-34355.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34355",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-06T21:15:10.743",
"lastModified": "2023-10-06T21:15:10.743",
"vulnStatus": "Received",
"lastModified": "2023-10-06T22:23:04.467",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

85
CVE-2023/CVE-2023-18xx/CVE-2023-1832.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-1832",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-04T14:15:10.370",
"lastModified": "2023-10-04T14:16:47.647",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T22:29:49.610",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected customer/tenant."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla de control de acceso inadecuado en Candlepin. Un atacante puede crear datos pertenecientes a otro customer/tenant, lo que puede provocar una p\u00e9rdida de confidencialidad y disponibilidad para el customer/tenant afectado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -34,14 +58,67 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:candlepinproject:candlepin:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.3.7-3",
"matchCriteriaId": "C33DD1CD-FA42-497A-9992-5CC9C549AEB2"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "848C92A9-0677-442B-8D52-A448F2019903"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-1832",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184364",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-366xx/CVE-2023-36618.json
View File

@ -2,27 +2,95 @@
"id": "CVE-2023-36618",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-04T21:15:09.857",
"lastModified": "2023-10-05T00:48:59.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T22:32:14.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of OS commands as root user by low-privileged authenticated users."
},
{
"lang": "es",
"value": "Atos Unify OpenScape Session Border Controller hasta V10 R3.01.03 permite la ejecuci\u00f3n de comandos del sistema operativo como usuario root por parte de usuarios autenticados con pocos privilegios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:unify:session_border_controller:10_r3.01.03:*:*:*:*:*:*:*",
"matchCriteriaId": "039C490F-8300-4C42-B28C-58477DDB5FC1"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://networks.unify.com/security/advisories/OBSO-2307-01.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://packetstormsecurity.com/files/174704/Atos-Unify-OpenScape-Code-Execution-Missing-Authentication.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://sec-consult.com/vulnerability-lab/advisory/authenticated-remote-code-execution-missing-authentication-atos-unify-openscape/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-366xx/CVE-2023-36619.json
View File

@ -2,27 +2,95 @@
"id": "CVE-2023-36619",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-04T21:15:09.907",
"lastModified": "2023-10-05T00:48:59.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T22:32:37.880",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of administrative scripts by unauthenticated users."
},
{
"lang": "es",
"value": "Atos Unify OpenScape Session Border Controller hasta V10 R3.01.03 permite la ejecuci\u00f3n de scripts administrativos por parte de usuarios no autenticados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:unify:session_border_controller:10_r3.01.03:*:*:*:*:*:*:*",
"matchCriteriaId": "039C490F-8300-4C42-B28C-58477DDB5FC1"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://networks.unify.com/security/advisories/OBSO-2307-01.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://packetstormsecurity.com/files/174704/Atos-Unify-OpenScape-Code-Execution-Missing-Authentication.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://sec-consult.com/vulnerability-lab/advisory/authenticated-remote-code-execution-missing-authentication-atos-unify-openscape/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-37xx/CVE-2023-3725.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3725",
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"published": "2023-10-06T21:15:10.853",
"lastModified": "2023-10-06T21:15:10.853",
"vulnStatus": "Received",
"lastModified": "2023-10-06T22:23:04.467",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

53
CVE-2023/CVE-2023-387xx/CVE-2023-38703.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38703",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-06T14:15:12.020",
"lastModified": "2023-10-06T15:25:02.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T22:30:43.150",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +66,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:teluu:pjsip:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.13.1",
"matchCriteriaId": "18445C5E-4DC0-4E50-8E25-1CE15925AAC1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pjsip/pjproject/commit/6dc9b8c181aff39845f02b4626e0812820d4ef0d",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-f76w-fh7c-pc66",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

107
CVE-2023/CVE-2023-391xx/CVE-2023-39191.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-39191",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-04T19:15:10.210",
"lastModified": "2023-10-04T19:53:11.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T22:30:30.320",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla de validaci\u00f3n de entrada incorrecta en el subsistema eBPF del kernel de Linux. El problema se debe a una falta de validaci\u00f3n adecuada de los punteros din\u00e1micos dentro de los programas eBPF proporcionados por el usuario antes de ejecutarlos. Esto puede permitir que un atacante con privilegios CAP_BPF escale privilegios y ejecute c\u00f3digo arbitrario en el contexto del kernel."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -34,18 +58,91 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3",
"matchCriteriaId": "3769AA63-B0A8-4EF1-96F9-6A6A6B305A02"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-39191",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2226783",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-19399/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

76
CVE-2023/CVE-2023-406xx/CVE-2023-40684.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-40684",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-04T14:15:10.957",
"lastModified": "2023-10-04T14:16:47.647",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T22:30:06.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 264019."
},
{
"lang": "es",
"value": "IBM Content Navigator 3.0.11, 3.0.13 y 3.0.14 con IBM Daeja ViewOne Virtual es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 264019."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +80,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:content_navigator:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C5624402-755C-4440-942C-3E7188A86858"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:content_navigator:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9E85CE89-DFC4-464D-9236-56ECC11AC5FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:content_navigator:3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5DD72272-C2DB-4357-99A6-0D3D8C0A1E93"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/264019",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://https://www.ibm.com/support/pages/node/7046226",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
]
}
]
}

86
CVE-2023/CVE-2023-432xx/CVE-2023-43284.json
View File

@ -2,23 +2,99 @@
"id": "CVE-2023-43284",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-05T20:15:13.117",
"lastModified": "2023-10-05T23:14:04.503",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T22:30:50.923",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 firmware version 100A53DBR-Retail allows a remote attacker to execute arbitrary code."
},
{
"lang": "es",
"value": "Un problema en la versi\u00f3n de firmware 100A53DBR-Retail del router D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 permite a un atacante remoto ejecutar c\u00f3digo arbitrario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-846_firmware:100a53dbr:*:*:*:*:*:*:*",
"matchCriteriaId": "F4EEA9B9-62A2-4BEA-A671-66D029EB7A79"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-846:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77723994-0E2A-4A90-B2C6-5B262CBBAFA1"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MateusTesser/CVE-2023-43284",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://youtu.be/Y8osw_xU6-0",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-440xx/CVE-2023-44061.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-44061",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-06T23:15:11.060",
"lastModified": "2023-10-06T23:15:11.060",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "File Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to execute arbitrary code via the upload function in the edit profile component."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/soundarkutty/File-upload-Restriction-bypass/blob/main/poc.md",
"source": "cve@mitre.org"
}
]
}

68
CVE-2023/CVE-2023-440xx/CVE-2023-44075.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-44075",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-04T20:15:10.347",
"lastModified": "2023-10-05T00:48:59.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T22:31:17.653",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Small CRM in PHP v.3.0 allows a remote attacker to execute arbitrary code via a crafted payload to the Address parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) en Small CRM en PHP v.3.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en el par\u00e1metro Direcci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:small_crm_project:small_crm:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F51675DD-9B72-44A9-AE72-24AF1B6BA813"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/TheKongV/CVE/blob/main/CVE-2023-44075",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-442xx/CVE-2023-44209.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-44209",
"sourceIdentifier": "security@acronis.com",
"published": "2023-10-04T20:15:10.397",
"lastModified": "2023-10-05T00:48:59.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T22:31:38.830",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29051."
},
{
"lang": "es",
"value": "Escalada de privilegios locales debido a un manejo inadecuado de enlaces blandos. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilaci\u00f3n 29051."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@acronis.com",
@ -35,6 +61,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-610"
}
]
},
{
"source": "security@acronis.com",
"type": "Secondary",
@ -46,10 +82,52 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:agent:c22.02:*:*:*:*:*:*:*",
"matchCriteriaId": "75E90E3E-B1BB-4B57-8A86-B8155D22F27D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-2119",
"source": "security@acronis.com"
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
]
}
]
}

87
CVE-2023/CVE-2023-442xx/CVE-2023-44210.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44210",
"sourceIdentifier": "security@acronis.com",
"published": "2023-10-04T20:15:10.463",
"lastModified": "2023-10-05T22:15:12.287",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-06T22:31:59.547",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "security@acronis.com",
@ -39,6 +61,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security@acronis.com",
"type": "Secondary",
@ -50,14 +82,61 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:agent:c22.03:*:*:*:*:*:*:*",
"matchCriteriaId": "172B8B30-B8CB-4988-81D1-6105811B13C5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/SEC-5528",
"source": "security@acronis.com"
"source": "security@acronis.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://security-advisory.acronis.com/advisories/SEC-2159",
"source": "security@acronis.com"
"source": "security@acronis.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-448xx/CVE-2023-44860.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-44860",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-06T23:15:11.120",
"lastModified": "2023-10-06T23:15:11.120",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker to cause a denial of service via the authorization component in the HTTP request."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/adhikara13/CVE/blob/main/netis_N3/Improper%20Authentication%20Mechanism%20Leading%20to%20Denial-of-Service%20(DoS).md",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-453xx/CVE-2023-45311.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45311",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-06T21:15:10.940",
"lastModified": "2023-10-06T21:15:10.940",
"vulnStatus": "Received",
"lastModified": "2023-10-06T22:23:04.467",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

24
CVE-2023/CVE-2023-453xx/CVE-2023-45322.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-45322",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-06T22:15:11.660",
"lastModified": "2023-10-06T22:23:04.467",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "** DISPUTED ** libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\""
}
],
"metrics": {},
"references": [
{
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344",
"source": "cve@mitre.org"
},
{
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-54xx/CVE-2023-5452.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5452",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-10-06T20:15:11.380",
"lastModified": "2023-10-06T20:15:11.380",
"vulnStatus": "Received",
"lastModified": "2023-10-06T22:23:04.467",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

32
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-10-06T22:00:24.832169+00:00
2023-10-06T23:55:24.864778+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-10-06T21:15:10.940000+00:00
2023-10-06T23:15:11.120000+00:00
```
### Last Data Feed Release
@ -29,25 +29,37 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
227149
227153
```
### CVEs added in the last Commit
Recently added CVEs: `4`
* [CVE-2022-34355](CVE-2022/CVE-2022-343xx/CVE-2022-34355.json) (`2023-10-06T21:15:10.743`)
* [CVE-2023-5452](CVE-2023/CVE-2023-54xx/CVE-2023-5452.json) (`2023-10-06T20:15:11.380`)
* [CVE-2023-3725](CVE-2023/CVE-2023-37xx/CVE-2023-3725.json) (`2023-10-06T21:15:10.853`)
* [CVE-2023-45311](CVE-2023/CVE-2023-453xx/CVE-2023-45311.json) (`2023-10-06T21:15:10.940`)
* [CVE-2022-33160](CVE-2022/CVE-2022-331xx/CVE-2022-33160.json) (`2023-10-06T22:15:11.523`)
* [CVE-2023-45322](CVE-2023/CVE-2023-453xx/CVE-2023-45322.json) (`2023-10-06T22:15:11.660`)
* [CVE-2023-44061](CVE-2023/CVE-2023-440xx/CVE-2023-44061.json) (`2023-10-06T23:15:11.060`)
* [CVE-2023-44860](CVE-2023/CVE-2023-448xx/CVE-2023-44860.json) (`2023-10-06T23:15:11.120`)
### CVEs modified in the last Commit
Recently modified CVEs: `2`
Recently modified CVEs: `14`
* [CVE-2023-40607](CVE-2023/CVE-2023-406xx/CVE-2023-40607.json) (`2023-10-06T20:36:59.623`)
* [CVE-2023-29235](CVE-2023/CVE-2023-292xx/CVE-2023-29235.json) (`2023-10-06T20:37:10.940`)
* [CVE-2022-34355](CVE-2022/CVE-2022-343xx/CVE-2022-34355.json) (`2023-10-06T22:23:04.467`)
* [CVE-2023-5452](CVE-2023/CVE-2023-54xx/CVE-2023-5452.json) (`2023-10-06T22:23:04.467`)
* [CVE-2023-3725](CVE-2023/CVE-2023-37xx/CVE-2023-3725.json) (`2023-10-06T22:23:04.467`)
* [CVE-2023-45311](CVE-2023/CVE-2023-453xx/CVE-2023-45311.json) (`2023-10-06T22:23:04.467`)
* [CVE-2023-1832](CVE-2023/CVE-2023-18xx/CVE-2023-1832.json) (`2023-10-06T22:29:49.610`)
* [CVE-2023-40684](CVE-2023/CVE-2023-406xx/CVE-2023-40684.json) (`2023-10-06T22:30:06.407`)
* [CVE-2023-39191](CVE-2023/CVE-2023-391xx/CVE-2023-39191.json) (`2023-10-06T22:30:30.320`)
* [CVE-2023-38703](CVE-2023/CVE-2023-387xx/CVE-2023-38703.json) (`2023-10-06T22:30:43.150`)
* [CVE-2023-43284](CVE-2023/CVE-2023-432xx/CVE-2023-43284.json) (`2023-10-06T22:30:50.923`)
* [CVE-2023-44075](CVE-2023/CVE-2023-440xx/CVE-2023-44075.json) (`2023-10-06T22:31:17.653`)
* [CVE-2023-44209](CVE-2023/CVE-2023-442xx/CVE-2023-44209.json) (`2023-10-06T22:31:38.830`)
* [CVE-2023-44210](CVE-2023/CVE-2023-442xx/CVE-2023-44210.json) (`2023-10-06T22:31:59.547`)
* [CVE-2023-36618](CVE-2023/CVE-2023-366xx/CVE-2023-36618.json) (`2023-10-06T22:32:14.727`)
* [CVE-2023-36619](CVE-2023/CVE-2023-366xx/CVE-2023-36619.json) (`2023-10-06T22:32:37.880`)
## Download and Usage