admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 18:52:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-07-20T20:01:13.697501+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-07-20 20:01:17 +00:00
parent 3d6a0670f5
commit 4006adbd1c
51 changed files with 1818 additions and 159 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2010/CVE-2010-38xx/CVE-2010-3856.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2010-3856",
"sourceIdentifier": "secalert@redhat.com",
"published": "2011-01-07T19:00:17.843",
"lastModified": "2023-07-20T12:15:10.757",
"lastModified": "2023-07-20T18:15:11.027",
"vulnStatus": "Modified",
"descriptions": [
{
@ -346,6 +346,10 @@
"url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html",
"source": "secalert@redhat.com"
},
{
"url": "http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html",
"source": "secalert@redhat.com"
},
{
"url": "http://seclists.org/fulldisclosure/2010/Oct/344",
"source": "secalert@redhat.com"

6
CVE-2016/CVE-2016-100xx/CVE-2016-10009.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2016-10009",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-01-05T02:59:03.057",
"lastModified": "2023-07-20T12:15:11.010",
"lastModified": "2023-07-20T18:15:11.230",
"vulnStatus": "Modified",
"descriptions": [
{
@ -98,6 +98,10 @@
"url": "http://packetstormsecurity.com/files/140261/OpenSSH-Arbitrary-Library-Loading.html",
"source": "cve@mitre.org"
},
{
"url": "http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html",
"source": "cve@mitre.org"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/31",
"source": "cve@mitre.org"

17
CVE-2021/CVE-2021-30xx/CVE-2021-3011.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-3011",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-01-07T16:15:12.120",
"lastModified": "2021-01-20T16:03:18.423",
"lastModified": "2023-07-20T18:53:46.410",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -302,21 +302,6 @@
"criteria": "cpe:2.3:h:nxp:p5040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8432727D-A0E2-49C1-9F90-91A6F5A940CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:nxp:smartmx2_p60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "093B7A5F-CF08-4AF5-88A6-257A32631E77"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:nxp:smartmx3_p71d320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EC853C5-1F33-4F51-8AE1-8C789D5DDC3B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:nxp:smartmx3_p71d321:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF240AD3-4A04-493D-BFBC-C6652FEC0D37"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:yubico:yubikey_neo:-:*:*:*:*:*:*:*",

4
CVE-2021/CVE-2021-373xx/CVE-2021-37386.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2021-37386",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-17T17:15:09.377",
"lastModified": "2023-07-17T17:31:42.010",
"lastModified": "2023-07-20T18:15:11.387",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Furukawa 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function."
"value": "HTML Injection vulnerability was found in some ONU models allows remote high privileged authenticated user to send arbitrary HTML tags via web interface, this vulnerability can cause deny of service after device is rebooted if an invalid serial number addressed."
}
],
"metrics": {},

28
CVE-2021/CVE-2021-450xx/CVE-2021-45094.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2021-45094",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-20T18:15:11.463",
"lastModified": "2023-07-20T18:15:11.463",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Imprivata Privileged Access Management (formally Xton Privileged Access Management) 2.3.202112051108 allows XSS."
}
],
"metrics": {},
"references": [
{
"url": "https://aegis9.com.au/blog/",
"source": "cve@mitre.org"
},
{
"url": "https://www.aegis9.com.au/blog/5/",
"source": "cve@mitre.org"
},
{
"url": "https://www.imprivata.com/privileged-access-management",
"source": "cve@mitre.org"
}
]
}

14
CVE-2022/CVE-2022-01xx/CVE-2022-0140.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-0140",
"sourceIdentifier": "contact@wpscan.com",
"published": "2022-04-12T12:15:08.183",
"lastModified": "2023-02-01T15:06:47.207",
"lastModified": "2023-07-20T18:12:18.663",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -65,8 +65,18 @@
},
"weaknesses": [
{
"source": "contact@wpscan.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
},
{
"source": "contact@wpscan.com",
"type": "Secondary",
"description": [
{
"lang": "en",

18
CVE-2022/CVE-2022-01xx/CVE-2022-0164.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-0164",
"sourceIdentifier": "contact@wpscan.com",
"published": "2022-02-21T11:15:09.210",
"lastModified": "2022-02-28T20:48:50.287",
"lastModified": "2023-07-20T18:09:50.423",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -65,8 +65,22 @@
},
"weaknesses": [
{
"source": "contact@wpscan.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
},
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "contact@wpscan.com",
"type": "Secondary",
"description": [
{
"lang": "en",

6
CVE-2022/CVE-2022-03xx/CVE-2022-0345.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-0345",
"sourceIdentifier": "contact@wpscan.com",
"published": "2022-02-28T09:15:08.997",
"lastModified": "2022-03-08T16:34:32.343",
"lastModified": "2023-07-20T18:05:39.020",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -68,6 +68,10 @@
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
},
{
"lang": "en",
"value": "CWE-862"

18
CVE-2022/CVE-2022-03xx/CVE-2022-0363.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-0363",
"sourceIdentifier": "contact@wpscan.com",
"published": "2022-04-25T16:16:07.577",
"lastModified": "2022-05-03T18:56:06.870",
"lastModified": "2023-07-20T18:07:13.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -65,8 +65,22 @@
},
"weaknesses": [
{
"source": "contact@wpscan.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
},
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "contact@wpscan.com",
"type": "Secondary",
"description": [
{
"lang": "en",

8
CVE-2022/CVE-2022-281xx/CVE-2022-28171.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-28171",
"sourceIdentifier": "hsrc@hikvision.com",
"published": "2022-06-27T18:15:09.033",
"lastModified": "2023-02-23T17:32:08.433",
"vulnStatus": "Analyzed",
"lastModified": "2023-07-20T18:15:11.537",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -480,6 +480,10 @@
"VDB Entry"
]
},
{
"url": "http://packetstormsecurity.com/files/173653/Hikvision-Hybrid-SAN-Ds-a71024-SQL-Injection.html",
"source": "hsrc@hikvision.com"
},
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-hybrid-san-products/",
"source": "hsrc@hikvision.com",

14
CVE-2022/CVE-2022-294xx/CVE-2022-29417.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-29417",
"sourceIdentifier": "audit@patchstack.com",
"published": "2022-04-25T17:15:37.300",
"lastModified": "2022-05-03T19:55:47.230",
"lastModified": "2023-07-20T18:07:43.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -85,8 +85,18 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",

4
CVE-2022/CVE-2022-294xx/CVE-2022-29423.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-29423",
"sourceIdentifier": "audit@patchstack.com",
"published": "2022-05-06T18:15:10.713",
"lastModified": "2022-05-13T18:47:54.743",
"lastModified": "2023-07-20T18:08:55.013",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -90,7 +90,7 @@
"description": [
{
"lang": "en",
"value": "CWE-863"
"value": "NVD-CWE-Other"
}
]
},

4
CVE-2022/CVE-2022-29xx/CVE-2022-2943.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-2943",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-09-06T18:15:15.267",
"lastModified": "2022-09-13T16:16:37.460",
"lastModified": "2023-07-20T18:06:23.550",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -65,7 +65,7 @@
"description": [
{
"lang": "en",
"value": "CWE-610"
"value": "CWE-22"
}
]
},

18
CVE-2022/CVE-2022-29xx/CVE-2022-2987.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-2987",
"sourceIdentifier": "contact@wpscan.com",
"published": "2022-09-26T13:15:10.640",
"lastModified": "2022-09-28T16:17:30.420",
"lastModified": "2023-07-20T18:24:39.960",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -40,7 +40,7 @@
},
"weaknesses": [
{
"source": "contact@wpscan.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -52,6 +52,20 @@
"value": "CWE-862"
}
]
},
{
"source": "contact@wpscan.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
},
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [

7
CVE-2022/CVE-2022-36xx/CVE-2022-3606.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-3606",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-10-19T09:15:10.037",
"lastModified": "2022-10-21T20:18:54.980",
"lastModified": "2023-07-20T18:00:49.640",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -83,8 +83,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"matchCriteriaId": "108695B6-7133-4B6C-80AF-0F66880FE858"
}
]
}

14
CVE-2023/CVE-2023-12xx/CVE-2023-1258.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-1258",
"sourceIdentifier": "cybersecurity@ch.abb.com",
"published": "2023-03-31T08:15:06.397",
"lastModified": "2023-04-06T18:24:37.537",
"vulnStatus": "Analyzed",
"lastModified": "2023-07-20T18:15:11.747",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows Footprinting.This issue affects Flow-X: before 4.0."
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows Footprinting.This issue affects Flow-X: before 4.0.\n\n"
}
],
"metrics": {
@ -56,7 +56,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "cybersecurity@ch.abb.com",
"type": "Primary",
"description": [
{
@ -66,7 +66,7 @@
]
},
{
"source": "cybersecurity@ch.abb.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
@ -303,6 +303,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/173610/ABB-FlowX-4.00-Information-Disclosure.html",
"source": "cybersecurity@ch.abb.com"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A9754&LanguageCode=en&DocumentPartId=&Action=Launch",
"source": "cybersecurity@ch.abb.com",

69
CVE-2023/CVE-2023-212xx/CVE-2023-21257.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-21257",
"sourceIdentifier": "security@android.com",
"published": "2023-07-13T00:15:24.143",
"lastModified": "2023-07-13T08:32:09.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T19:46:58.023",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In updateSettingsInternalLI of InstallPackageHelper.java, there is a possible way to sideload an app in the work profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/1aec7feaf07e6d4568ca75d18158445dbeac10f6",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-07-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-212xx/CVE-2023-21260.json
View File

@ -2,19 +2,89 @@
"id": "CVE-2023-21260",
"sourceIdentifier": "security@android.com",
"published": "2023-07-13T01:15:08.667",
"lastModified": "2023-07-13T08:32:09.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T19:04:40.987",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be appeared as a system message for user confirmation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/aaos/2023-07-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-225xx/CVE-2023-22508.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-22508",
"sourceIdentifier": "security@atlassian.com",
"published": "2023-07-18T23:15:09.297",
"lastModified": "2023-07-19T12:47:21.130",
"lastModified": "2023-07-20T19:15:10.250",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 7.19.8 of Confluence Data Center & Server.\n\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction.\n\nAtlassian recommends that you upgrade your instance to latest version. If you're unable to upgrade to latest, upgrade to this fixed version: 8.2.0. See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html|https://confluence.atlassian.com/doc/confluence-release-notes-327.html]). You can download the latest version of Data Center & Server from the download center ([https://www.atlassian.com/software/confluence/download-archives|https://www.atlassian.com/software/confluence/download-archives]).\n\nThis vulnerability was discovered by a private user and reported via our Bug Bounty program."
"value": "This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 7.4.0 of Confluence Data Center & Server.\n\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction.\n\nAtlassian recommends that you upgrade your instance to latest version. If you're unable to upgrade to latest, upgrade to this fixed version: 8.2.0. See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html|https://confluence.atlassian.com/doc/confluence-release-notes-327.html]). You can download the latest version of Data Center & Server from the download center ([https://www.atlassian.com/software/confluence/download-archives|https://www.atlassian.com/software/confluence/download-archives]).\n\nThis vulnerability was discovered by a private user and reported via our Bug Bounty program."
}
],
"metrics": {

112
CVE-2023/CVE-2023-235xx/CVE-2023-23559.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23559",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-01-13T01:15:10.300",
"lastModified": "2023-05-03T14:15:31.700",
"vulnStatus": "Modified",
"lastModified": "2023-07-20T19:00:45.357",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -56,8 +56,94 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.1.5",
"matchCriteriaId": "D7422D87-ACC5-4F92-A672-7F7CEE06F636"
"versionStartIncluding": "2.6.35",
"versionEndExcluding": "4.14.305",
"matchCriteriaId": "61643C98-1E94-411D-9C33-E5B3EA3B2167"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.272",
"matchCriteriaId": "83C4B95C-BD08-4683-A26E-2A65333F2D15"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.231",
"matchCriteriaId": "79CA608C-BC5E-4BB5-9250-771AEC44F412"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.166",
"matchCriteriaId": "A44D9D24-661C-40D4-8735-4CEB1C7C02F2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.91",
"matchCriteriaId": "91C2E92D-CC25-4FBD-8824-56A148119D7E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.9",
"matchCriteriaId": "ED5B6045-B1D2-4E03-B194-9005A351BCAE"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:*",
"matchCriteriaId": "27227B35-932A-4035-B39F-6A455753C0D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410c:*:*:*:*:*:*:*",
"matchCriteriaId": "489D20B9-166F-423D-8C48-A23D3026E33B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:*",
"matchCriteriaId": "A4AD592C-222D-4C6F-B176-8145A1A5AFEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:*",
"matchCriteriaId": "8603654B-A8A9-4DEB-B0DD-C82E1C885749"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:*",
"matchCriteriaId": "C855C933-F271-45E6-8E85-8D7CF2EF1BE6"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
@ -67,11 +153,19 @@
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://patchwork.kernel.org/project/linux-wireless/patch/20230110173007.57110-1-szymon.heidrich@gmail.com/",
@ -84,7 +178,11 @@
},
{
"url": "https://security.netapp.com/advisory/ntap-20230302-0003/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-314xx/CVE-2023-31461.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-31461",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-20T18:15:11.917",
"lastModified": "2023-07-20T18:15:11.917",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Attackers can exploit an open API listener on SteelSeries GG 36.0.0 to create a sub-application that will be executed automatically from a controlled location, because of a path traversal vulnerability."
}
],
"metrics": {},
"references": [
{
"url": "https://steelseries.com/gg",
"source": "cve@mitre.org"
},
{
"url": "https://www.akamai.com/blog/security-research/exploit-steelseries-subapp-privilege-escalation",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-314xx/CVE-2023-31462.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-31462",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-20T18:15:11.970",
"lastModified": "2023-07-20T18:15:11.970",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in SteelSeries GG 36.0.0. An attacker can change values in an unencrypted database that is writable for all users on the computer, in order to trigger code execution with higher privileges."
}
],
"metrics": {},
"references": [
{
"url": "https://steelseries.com/gg",
"source": "cve@mitre.org"
},
{
"url": "https://www.akamai.com/blog/security-research/exploit-steelseries-subapp-privilege-escalation",
"source": "cve@mitre.org"
}
]
}

7
CVE-2023/CVE-2023-33xx/CVE-2023-3317.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3317",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-06-23T18:15:14.047",
"lastModified": "2023-07-05T14:39:38.013",
"lastModified": "2023-07-20T18:02:32.487",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -66,8 +66,9 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3",
"matchCriteriaId": "3769AA63-B0A8-4EF1-96F9-6A6A6B305A02"
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.2.15",
"matchCriteriaId": "3844A90B-940D-46C3-8D7B-9FF63F1AFC2F"
},
{
"vulnerable": true,

83
CVE-2023/CVE-2023-341xx/CVE-2023-34125.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-34125",
"sourceIdentifier": "PSIRT@sonicwall.com",
"published": "2023-07-13T01:15:08.783",
"lastModified": "2023-07-13T08:32:09.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T19:43:44.623",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "PSIRT@sonicwall.com",
"type": "Secondary",
@ -23,14 +56,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:analytics:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.5.0.4-r7",
"matchCriteriaId": "A5BFA6B7-2070-4FCA-B27C-5ED1047B1101"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.3.2",
"matchCriteriaId": "02CDB54F-B795-42B3-A406-22D7E4A03ACB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:-:*:*:*:*:*:*",
"matchCriteriaId": "2E8493ED-1A01-4FAA-9608-4481DDD0D69B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "89A96771-621F-4D0D-B667-0A99F5F76789"
}
]
}
]
}
],
"references": [
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010",
"source": "PSIRT@sonicwall.com"
"source": "PSIRT@sonicwall.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.sonicwall.com/support/notices/230710150218060",
"source": "PSIRT@sonicwall.com"
"source": "PSIRT@sonicwall.com",
"tags": [
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-341xx/CVE-2023-34129.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-34129",
"sourceIdentifier": "PSIRT@sonicwall.com",
"published": "2023-07-13T02:15:09.303",
"lastModified": "2023-07-13T08:32:09.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T19:14:47.987",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extract arbitrary files using Zip Slip method to any location on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "PSIRT@sonicwall.com",
"type": "Secondary",
@ -23,14 +56,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:analytics:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.5.0.4-r7",
"matchCriteriaId": "A5BFA6B7-2070-4FCA-B27C-5ED1047B1101"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.3.2",
"matchCriteriaId": "02CDB54F-B795-42B3-A406-22D7E4A03ACB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:-:*:*:*:*:*:*",
"matchCriteriaId": "2E8493ED-1A01-4FAA-9608-4481DDD0D69B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "89A96771-621F-4D0D-B667-0A99F5F76789"
}
]
}
]
}
],
"references": [
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010",
"source": "PSIRT@sonicwall.com"
"source": "PSIRT@sonicwall.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.sonicwall.com/support/notices/230710150218060",
"source": "PSIRT@sonicwall.com"
"source": "PSIRT@sonicwall.com",
"tags": [
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-341xx/CVE-2023-34130.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-34130",
"sourceIdentifier": "PSIRT@sonicwall.com",
"published": "2023-07-13T02:15:09.363",
"lastModified": "2023-07-13T08:32:09.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T19:18:02.093",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-327"
}
]
},
{
"source": "PSIRT@sonicwall.com",
"type": "Secondary",
@ -23,14 +56,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:analytics:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.5.0.4-r7",
"matchCriteriaId": "A5BFA6B7-2070-4FCA-B27C-5ED1047B1101"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.3.2",
"matchCriteriaId": "02CDB54F-B795-42B3-A406-22D7E4A03ACB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:-:*:*:*:*:*:*",
"matchCriteriaId": "2E8493ED-1A01-4FAA-9608-4481DDD0D69B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "89A96771-621F-4D0D-B667-0A99F5F76789"
}
]
}
]
}
],
"references": [
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010",
"source": "PSIRT@sonicwall.com"
"source": "PSIRT@sonicwall.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.sonicwall.com/support/notices/230710150218060",
"source": "PSIRT@sonicwall.com"
"source": "PSIRT@sonicwall.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-356xx/CVE-2023-35691.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-35691",
"sourceIdentifier": "security@android.com",
"published": "2023-07-13T00:15:24.457",
"lastModified": "2023-07-13T08:32:09.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T18:54:48.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with System execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-07-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-356xx/CVE-2023-35693.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-35693",
"sourceIdentifier": "security@android.com",
"published": "2023-07-13T00:15:24.503",
"lastModified": "2023-07-13T08:32:09.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T18:43:04.370",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In incfs_kill_sb of fs/incfs/vfs.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/kernel/common/+/8ff940b3513cb",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/pixel/2023-07-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-356xx/CVE-2023-35694.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-35694",
"sourceIdentifier": "security@android.com",
"published": "2023-07-13T00:15:24.550",
"lastModified": "2023-07-13T08:32:09.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T19:00:19.483",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In DMPixelLogger_ProcessDmCommand of DMPixelLogger.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-07-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

12
CVE-2023/CVE-2023-358xx/CVE-2023-35885.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35885",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-20T20:15:09.687",
"lastModified": "2023-06-28T02:06:38.247",
"vulnStatus": "Analyzed",
"lastModified": "2023-07-20T19:15:10.367",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -66,12 +66,20 @@
}
],
"references": [
{
"url": "https://github.com/datackmy/FallingSkies-CVE-2023-35885",
"source": "cve@mitre.org"
},
{
"url": "https://www.cloudpanel.io/docs/v2/changelog/",
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.datack.my/fallingskies-cloudpanel-0-day/",
"source": "cve@mitre.org"
}
]
}

123
CVE-2023/CVE-2023-35xx/CVE-2023-3596.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3596",
"sourceIdentifier": "PSIRT@rockwellautomation.com",
"published": "2023-07-12T13:15:09.947",
"lastModified": "2023-07-12T13:56:22.010",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T19:51:44.103",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary",
@ -46,10 +76,97 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:1756-en4tr_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB4EB5E2-9FB4-419E-B23A-458436E61121"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:rockwellautomation:1756-en4tr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898EE953-E0EF-4B52-8EA0-41AAD8B5CCF3"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:1756-en4trk_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF09D94-1AE1-4449-8ECA-0A5B1F5019C9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:rockwellautomation:1756-en4trk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE4EFEA-79D9-4903-8272-49756A014BD4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:rockwellautomation:1756-en4trxt_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12EE978F-DECE-4572-93AE-026D3EDC5878"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:rockwellautomation:1756-en4trxt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E45471FA-99BF-4F57-BFC8-224BB9576670"
}
]
}
]
}
],
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010",
"source": "PSIRT@rockwellautomation.com"
"source": "PSIRT@rockwellautomation.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-362xx/CVE-2023-36266.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-36266",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-12T16:15:12.953",
"lastModified": "2023-07-12T17:58:12.737",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T19:59:06.357",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Keeper Password Manager for Desktop version 16.10.2, and the KeeperFill Browser Extensions version 16.5.4, allows local attackers to gain sensitive information via plaintext password storage in memory after the user is already logged in, and may persist after logout."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:keepersecurity:keeper:16.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "926BB625-5C6C-484D-BB1E-638225F913E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:keepersecurity:keeperfill:16.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "422DDA75-B6A7-4B7D-AB44-C6388255327E"
}
]
}
]
}
],
"references": [
{
"url": "https://harkenzo.tlstickle.com/2023-06-12-Keeper-Password-Dumping/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

77
CVE-2023/CVE-2023-36xx/CVE-2023-3600.json
View File

@ -2,23 +2,90 @@
"id": "CVE-2023-3600",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-07-12T14:15:10.143",
"lastModified": "2023-07-12T15:17:45.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T19:46:21.273",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2 and Firefox ESR < 115.0.2."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.0.2",
"matchCriteriaId": "35531B50-AB55-4A7B-BD06-552A1B9AF861"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.0.2",
"matchCriteriaId": "9896CC90-D9A1-4C8C-A4FD-43E916A1AB91"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1839703",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-26/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-371xx/CVE-2023-37164.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-37164",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-20T19:15:10.460",
"lastModified": "2023-07-20T19:15:10.460",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Diafan CMS v6.0 was discovered to contain a reflected cross-site scripting via the cat_id parameter at /shop/?module=shop&action=search."
}
],
"metrics": {},
"references": [
{
"url": "https://www.exploit-db.com/exploits/51529",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-371xx/CVE-2023-37165.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-37165",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-20T19:15:10.530",
"lastModified": "2023-07-20T19:15:10.530",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Millhouse-Project v1.414 was discovered to contain a remote code execution (RCE) vulnerability via the component /add_post_sql.php."
}
],
"metrics": {},
"references": [
{
"url": "https://www.exploit-db.com/exploits/51450",
"source": "cve@mitre.org"
}
]
}

71
CVE-2023/CVE-2023-374xx/CVE-2023-37455.json
View File

@ -2,23 +2,84 @@
"id": "CVE-2023-37455",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-07-12T14:15:09.947",
"lastModified": "2023-07-12T15:17:45.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T19:16:40.667",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS < 115."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "115",
"matchCriteriaId": "B9F4FD70-6D6F-4191-8210-CB22BF774E08"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1786934",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-25/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

109
CVE-2023/CVE-2023-375xx/CVE-2023-37560.json
View File

@ -2,23 +2,122 @@
"id": "CVE-2023-37560",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-07-13T02:15:09.417",
"lastModified": "2023-07-13T08:32:09.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T19:28:00.590",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wrh-300wh-h_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.12",
"matchCriteriaId": "218EB4DC-76CF-4940-AB33-EE1CF9D224DF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wrh-300wh-h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "079F2DC5-840A-4201-B46C-F9339968D256"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:elecom:wtc-300hwh_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.09",
"matchCriteriaId": "EA8A3899-88B3-49C3-8383-06BADB7789AF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:elecom:wtc-300hwh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A647D35F-778D-418E-9B7A-332EEA313EAC"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN05223215/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-376xx/CVE-2023-37600.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-37600",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-20T19:15:10.597",
"lastModified": "2023-07-20T19:15:10.597",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /api?path=profile."
}
],
"metrics": {},
"references": [
{
"url": "https://packetstormsecurity.com/files/173143/Office-Suite-Premium-10.9.1.42602-Cross-Site-Scripting.html",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-376xx/CVE-2023-37601.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-37601",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-20T19:15:10.663",
"lastModified": "2023-07-20T19:15:10.663",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Office Suite Premium v10.9.1.42602 was discovered to contain a local file inclusion (LFI) vulnerability via the component /etc/hosts."
}
],
"metrics": {},
"references": [
{
"url": "https://packetstormsecurity.com/files/173146/Office-Suite-Premium-10.9.1.42602-Local-File-Inclusion.html",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-376xx/CVE-2023-37602.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-37602",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-20T19:15:10.727",
"lastModified": "2023-07-20T19:15:10.727",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability in the component /workplace#!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file."
}
],
"metrics": {},
"references": [
{
"url": "https://www.exploit-db.com/exploits/51564",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-376xx/CVE-2023-37629.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37629",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-12T17:15:08.777",
"lastModified": "2023-07-20T02:06:08.907",
"vulnStatus": "Analyzed",
"lastModified": "2023-07-20T18:15:12.037",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -64,6 +64,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/173656/Online-Piggery-Management-System-1.0-Shell-Upload.html",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/1337kid/Piggery_CMS_multiple_vulns_PoC/tree/main/CVE-2023-37629",
"source": "cve@mitre.org",

32
CVE-2023/CVE-2023-377xx/CVE-2023-37728.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-37728",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-20T18:15:12.110",
"lastModified": "2023-07-20T18:15:12.110",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Icewarp Icearp v10.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability."
}
],
"metrics": {},
"references": [
{
"url": "http://icearp.com",
"source": "cve@mitre.org"
},
{
"url": "http://icewarp.com",
"source": "cve@mitre.org"
},
{
"url": "http://mail.ziyan.com/webmail/?color=%22%3E%3Cimg%20src%20onerror=%22alert(0)%22%3E%3C%22%27",
"source": "cve@mitre.org"
},
{
"url": "https://medium.com/@ayush.engr29/cve-2023-37728-6dfb7586311",
"source": "cve@mitre.org"
}
]
}

88
CVE-2023/CVE-2023-37xx/CVE-2023-3791.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-3791",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-20T18:15:12.353",
"lastModified": "2023-07-20T18:15:12.353",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in IBOS OA 4.5.5 and classified as critical. Affected by this issue is the function actionExport of the file ?r=contact/default/export of the component Personal Office Address Book. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-235058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/zry-wyj/cve/blob/main/ibos.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.235058",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.235058",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-37xx/CVE-2023-3792.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-3792",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-20T19:15:10.923",
"lastModified": "2023-07-20T19:15:10.923",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Beijing Netcon NS-ASG 6.3. It has been classified as problematic. This affects an unknown part of the file /admin/test_status.php. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-425"
}
]
}
],
"references": [
{
"url": "https://github.com/CYN521/cve/blob/main/NS-ASG.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.235059",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.235059",
"source": "cna@vuldb.com"
}
]
}

47
CVE-2023/CVE-2023-380xx/CVE-2023-38069.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38069",
"sourceIdentifier": "security@jetbrains.com",
"published": "2023-07-12T13:15:09.810",
"lastModified": "2023-07-12T13:56:22.010",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T18:25:36.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "security@jetbrains.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.1.4",
"matchCriteriaId": "1088B47A-C294-4BDA-9BEE-33FA9339D4E0"
}
]
}
]
}
],
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "security@jetbrains.com"
"source": "security@jetbrains.com",
"tags": [
"Vendor Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-383xx/CVE-2023-38334.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-38334",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-20T18:15:12.170",
"lastModified": "2023-07-20T18:15:12.170",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for locking classes within Omnis libraries: it should be no longer possible to delete, view, change, copy, rename, duplicate, or print a locked class. Due to implementation issues, locked classes in Omnis libraries can be unlocked, and thus further analyzed and modified by Omnis Studio. This allows for further analyzing and also deleting, viewing, changing, copying, renaming, duplicating, or printing previously locked Omnis classes. This violates the expected behavior of an \"irreversible operation.\""
}
],
"metrics": {},
"references": [
{
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-006.txt",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-383xx/CVE-2023-38335.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-38335",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-20T18:15:12.227",
"lastModified": "2023-07-20T18:15:12.227",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries \"always private\" - this is supposed to be an irreversible operation. However, due to implementation issues, \"always private\" Omnis libraries can be opened by the Omnis Studio browser by bypassing specific checks. This violates the expected behavior of an \"irreversible operation\"."
}
],
"metrics": {},
"references": [
{
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-005.txt",
"source": "cve@mitre.org"
}
]
}

6
CVE-2023/CVE-2023-384xx/CVE-2023-38408.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-38408",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-20T03:15:10.170",
"lastModified": "2023-07-20T15:15:11.707",
"lastModified": "2023-07-20T18:15:12.287",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -12,6 +12,10 @@
],
"metrics": {},
"references": [
{
"url": "http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html",
"source": "cve@mitre.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/20/1",
"source": "cve@mitre.org"

60
CVE-2023/CVE-2023-385xx/CVE-2023-38523.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2023-38523",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-20T19:15:10.793",
"lastModified": "2023-07-20T19:15:10.793",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory, without authentication, exposing sensitive information such as the command history and screenshot of the file being processed. This affects N-Series N1115 Wallplate Video Encoder before 1.15.61, N-Series N1x22A Video Encoder/Decoder before 1.15.61, N-Series N1x33A Video Encoder/Decoder before 1.15.61, N-Series N1x33 Video Encoder/Decoder before 1.15.61, N-Series N2x35 Video Encoder/Decoder before 1.15.61, N-Series N2x35A Video Encoder/Decoder before 1.15.61, N-Series N2xx2 Video Encoder/Decoder before 1.15.61, N-Series N2xx2A Video Encoder/Decoder before 1.15.61, N-Series N3000 Video Encoder/Decoder before 2.12.105, and N-Series N4321 Audio Transceiver before 1.00.06."
}
],
"metrics": {},
"references": [
{
"url": "https://help.harmanpro.com/n1115-svsi-firmware",
"source": "cve@mitre.org"
},
{
"url": "https://help.harmanpro.com/n1x22a-updater",
"source": "cve@mitre.org"
},
{
"url": "https://help.harmanpro.com/n1x33-updater",
"source": "cve@mitre.org"
},
{
"url": "https://help.harmanpro.com/n1x33a-updater",
"source": "cve@mitre.org"
},
{
"url": "https://help.harmanpro.com/n2x35-updater-hotfix",
"source": "cve@mitre.org"
},
{
"url": "https://help.harmanpro.com/n2x35a-updater-hotfix",
"source": "cve@mitre.org"
},
{
"url": "https://help.harmanpro.com/n2xx2-updater-hotfix",
"source": "cve@mitre.org"
},
{
"url": "https://help.harmanpro.com/n2xx2a-updater",
"source": "cve@mitre.org"
},
{
"url": "https://help.harmanpro.com/n3k-updater-hotfix",
"source": "cve@mitre.org"
},
{
"url": "https://help.harmanpro.com/svsi-n4321-firmware",
"source": "cve@mitre.org"
},
{
"url": "https://wiki.notveg.ninja/blog/CVE-2023-38523/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-386xx/CVE-2023-38617.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-38617",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-20T19:15:10.867",
"lastModified": "2023-07-20T19:15:10.867",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the filter parameter at /api?path=files."
}
],
"metrics": {},
"references": [
{
"url": "https://packetstormsecurity.com/files/173143/Office-Suite-Premium-10.9.1.42602-Cross-Site-Scripting.html",
"source": "cve@mitre.org"
}
]
}

80
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-07-20T18:00:44.981141+00:00
2023-07-20T20:01:13.697501+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-07-20T17:58:24.967000+00:00
2023-07-20T19:59:06.357000+00:00
```
### Last Data Feed Release
@ -29,49 +29,59 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
220741
220756
```
### CVEs added in the last Commit
Recently added CVEs: `5`
Recently added CVEs: `15`
* [CVE-2023-3788](CVE-2023/CVE-2023-37xx/CVE-2023-3788.json) (`2023-07-20T16:15:12.527`)
* [CVE-2023-3789](CVE-2023/CVE-2023-37xx/CVE-2023-3789.json) (`2023-07-20T16:15:12.620`)
* [CVE-2023-38203](CVE-2023/CVE-2023-382xx/CVE-2023-38203.json) (`2023-07-20T16:15:12.180`)
* [CVE-2023-37471](CVE-2023/CVE-2023-374xx/CVE-2023-37471.json) (`2023-07-20T17:15:10.917`)
* [CVE-2023-3790](CVE-2023/CVE-2023-37xx/CVE-2023-3790.json) (`2023-07-20T17:15:11.027`)
* [CVE-2021-45094](CVE-2021/CVE-2021-450xx/CVE-2021-45094.json) (`2023-07-20T18:15:11.463`)
* [CVE-2023-31461](CVE-2023/CVE-2023-314xx/CVE-2023-31461.json) (`2023-07-20T18:15:11.917`)
* [CVE-2023-31462](CVE-2023/CVE-2023-314xx/CVE-2023-31462.json) (`2023-07-20T18:15:11.970`)
* [CVE-2023-37728](CVE-2023/CVE-2023-377xx/CVE-2023-37728.json) (`2023-07-20T18:15:12.110`)
* [CVE-2023-38334](CVE-2023/CVE-2023-383xx/CVE-2023-38334.json) (`2023-07-20T18:15:12.170`)
* [CVE-2023-38335](CVE-2023/CVE-2023-383xx/CVE-2023-38335.json) (`2023-07-20T18:15:12.227`)
* [CVE-2023-3791](CVE-2023/CVE-2023-37xx/CVE-2023-3791.json) (`2023-07-20T18:15:12.353`)
* [CVE-2023-37164](CVE-2023/CVE-2023-371xx/CVE-2023-37164.json) (`2023-07-20T19:15:10.460`)
* [CVE-2023-37165](CVE-2023/CVE-2023-371xx/CVE-2023-37165.json) (`2023-07-20T19:15:10.530`)
* [CVE-2023-37600](CVE-2023/CVE-2023-376xx/CVE-2023-37600.json) (`2023-07-20T19:15:10.597`)
* [CVE-2023-37601](CVE-2023/CVE-2023-376xx/CVE-2023-37601.json) (`2023-07-20T19:15:10.663`)
* [CVE-2023-37602](CVE-2023/CVE-2023-376xx/CVE-2023-37602.json) (`2023-07-20T19:15:10.727`)
* [CVE-2023-38523](CVE-2023/CVE-2023-385xx/CVE-2023-38523.json) (`2023-07-20T19:15:10.793`)
* [CVE-2023-38617](CVE-2023/CVE-2023-386xx/CVE-2023-38617.json) (`2023-07-20T19:15:10.867`)
* [CVE-2023-3792](CVE-2023/CVE-2023-37xx/CVE-2023-3792.json) (`2023-07-20T19:15:10.923`)
### CVEs modified in the last Commit
Recently modified CVEs: `38`
Recently modified CVEs: `35`
* [CVE-2023-32483](CVE-2023/CVE-2023-324xx/CVE-2023-32483.json) (`2023-07-20T16:45:55.920`)
* [CVE-2023-32446](CVE-2023/CVE-2023-324xx/CVE-2023-32446.json) (`2023-07-20T16:45:55.920`)
* [CVE-2023-32447](CVE-2023/CVE-2023-324xx/CVE-2023-32447.json) (`2023-07-20T16:45:55.920`)
* [CVE-2023-32455](CVE-2023/CVE-2023-324xx/CVE-2023-32455.json) (`2023-07-20T16:45:55.920`)
* [CVE-2023-3786](CVE-2023/CVE-2023-37xx/CVE-2023-3786.json) (`2023-07-20T16:45:55.920`)
* [CVE-2023-32265](CVE-2023/CVE-2023-322xx/CVE-2023-32265.json) (`2023-07-20T16:45:55.920`)
* [CVE-2023-32476](CVE-2023/CVE-2023-324xx/CVE-2023-32476.json) (`2023-07-20T16:45:55.920`)
* [CVE-2023-34966](CVE-2023/CVE-2023-349xx/CVE-2023-34966.json) (`2023-07-20T16:45:55.920`)
* [CVE-2023-34967](CVE-2023/CVE-2023-349xx/CVE-2023-34967.json) (`2023-07-20T16:45:55.920`)
* [CVE-2023-34968](CVE-2023/CVE-2023-349xx/CVE-2023-34968.json) (`2023-07-20T16:45:55.920`)
* [CVE-2023-3347](CVE-2023/CVE-2023-33xx/CVE-2023-3347.json) (`2023-07-20T16:45:55.920`)
* [CVE-2023-3787](CVE-2023/CVE-2023-37xx/CVE-2023-3787.json) (`2023-07-20T16:45:55.920`)
* [CVE-2023-30429](CVE-2023/CVE-2023-304xx/CVE-2023-30429.json) (`2023-07-20T16:47:49.747`)
* [CVE-2023-31007](CVE-2023/CVE-2023-310xx/CVE-2023-31007.json) (`2023-07-20T16:53:07.193`)
* [CVE-2023-25606](CVE-2023/CVE-2023-256xx/CVE-2023-25606.json) (`2023-07-20T17:05:20.230`)
* [CVE-2023-3106](CVE-2023/CVE-2023-31xx/CVE-2023-3106.json) (`2023-07-20T17:11:02.397`)
* [CVE-2023-35908](CVE-2023/CVE-2023-359xx/CVE-2023-35908.json) (`2023-07-20T17:14:37.213`)
* [CVE-2023-3618](CVE-2023/CVE-2023-36xx/CVE-2023-3618.json) (`2023-07-20T17:16:44.123`)
* [CVE-2023-38046](CVE-2023/CVE-2023-380xx/CVE-2023-38046.json) (`2023-07-20T17:24:37.857`)
* [CVE-2023-36543](CVE-2023/CVE-2023-365xx/CVE-2023-36543.json) (`2023-07-20T17:31:19.070`)
* [CVE-2023-37627](CVE-2023/CVE-2023-376xx/CVE-2023-37627.json) (`2023-07-20T17:34:32.177`)
* [CVE-2023-37579](CVE-2023/CVE-2023-375xx/CVE-2023-37579.json) (`2023-07-20T17:37:20.790`)
* [CVE-2023-21400](CVE-2023/CVE-2023-214xx/CVE-2023-21400.json) (`2023-07-20T17:44:06.260`)
* [CVE-2023-21399](CVE-2023/CVE-2023-213xx/CVE-2023-21399.json) (`2023-07-20T17:44:44.537`)
* [CVE-2023-21262](CVE-2023/CVE-2023-212xx/CVE-2023-21262.json) (`2023-07-20T17:47:41.280`)
* [CVE-2022-0164](CVE-2022/CVE-2022-01xx/CVE-2022-0164.json) (`2023-07-20T18:09:50.423`)
* [CVE-2022-0140](CVE-2022/CVE-2022-01xx/CVE-2022-0140.json) (`2023-07-20T18:12:18.663`)
* [CVE-2022-28171](CVE-2022/CVE-2022-281xx/CVE-2022-28171.json) (`2023-07-20T18:15:11.537`)
* [CVE-2022-2987](CVE-2022/CVE-2022-29xx/CVE-2022-2987.json) (`2023-07-20T18:24:39.960`)
* [CVE-2023-3317](CVE-2023/CVE-2023-33xx/CVE-2023-3317.json) (`2023-07-20T18:02:32.487`)
* [CVE-2023-1258](CVE-2023/CVE-2023-12xx/CVE-2023-1258.json) (`2023-07-20T18:15:11.747`)
* [CVE-2023-37629](CVE-2023/CVE-2023-376xx/CVE-2023-37629.json) (`2023-07-20T18:15:12.037`)
* [CVE-2023-38408](CVE-2023/CVE-2023-384xx/CVE-2023-38408.json) (`2023-07-20T18:15:12.287`)
* [CVE-2023-38069](CVE-2023/CVE-2023-380xx/CVE-2023-38069.json) (`2023-07-20T18:25:36.067`)
* [CVE-2023-35693](CVE-2023/CVE-2023-356xx/CVE-2023-35693.json) (`2023-07-20T18:43:04.370`)
* [CVE-2023-35691](CVE-2023/CVE-2023-356xx/CVE-2023-35691.json) (`2023-07-20T18:54:48.517`)
* [CVE-2023-35694](CVE-2023/CVE-2023-356xx/CVE-2023-35694.json) (`2023-07-20T19:00:19.483`)
* [CVE-2023-23559](CVE-2023/CVE-2023-235xx/CVE-2023-23559.json) (`2023-07-20T19:00:45.357`)
* [CVE-2023-21260](CVE-2023/CVE-2023-212xx/CVE-2023-21260.json) (`2023-07-20T19:04:40.987`)
* [CVE-2023-34129](CVE-2023/CVE-2023-341xx/CVE-2023-34129.json) (`2023-07-20T19:14:47.987`)
* [CVE-2023-22508](CVE-2023/CVE-2023-225xx/CVE-2023-22508.json) (`2023-07-20T19:15:10.250`)
* [CVE-2023-35885](CVE-2023/CVE-2023-358xx/CVE-2023-35885.json) (`2023-07-20T19:15:10.367`)
* [CVE-2023-37455](CVE-2023/CVE-2023-374xx/CVE-2023-37455.json) (`2023-07-20T19:16:40.667`)
* [CVE-2023-34130](CVE-2023/CVE-2023-341xx/CVE-2023-34130.json) (`2023-07-20T19:18:02.093`)
* [CVE-2023-37560](CVE-2023/CVE-2023-375xx/CVE-2023-37560.json) (`2023-07-20T19:28:00.590`)
* [CVE-2023-34125](CVE-2023/CVE-2023-341xx/CVE-2023-34125.json) (`2023-07-20T19:43:44.623`)
* [CVE-2023-3600](CVE-2023/CVE-2023-36xx/CVE-2023-3600.json) (`2023-07-20T19:46:21.273`)
* [CVE-2023-21257](CVE-2023/CVE-2023-212xx/CVE-2023-21257.json) (`2023-07-20T19:46:58.023`)
* [CVE-2023-3596](CVE-2023/CVE-2023-35xx/CVE-2023-3596.json) (`2023-07-20T19:51:44.103`)
* [CVE-2023-36266](CVE-2023/CVE-2023-362xx/CVE-2023-36266.json) (`2023-07-20T19:59:06.357`)
## Download and Usage