admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-06-27T22:00:27.807785+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-06-27 22:00:31 +00:00
parent a49083d3b8
commit 400a8832b3
53 changed files with 1223 additions and 161 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
CVE-2020/CVE-2020-184xx/CVE-2020-18404.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-18404",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-27T21:15:15.650",
"lastModified": "2023-06-27T21:15:15.650",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in espcms version P8.18101601. There is a cross site scripting (XSS) vulnerability that allows arbitrary code to be executed via the title parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/source-hunter/espcms/issues/1",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-184xx/CVE-2020-18406.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-18406",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-27T20:15:09.297",
"lastModified": "2023-06-27T20:45:06.090",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/source-hunter/cmseasy/issues/1",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-184xx/CVE-2020-18409.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-18409",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-27T21:15:15.717",
"lastModified": "2023-06-27T21:15:15.717",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery (CSRF) vulnerability was discovered in CatfishCMS 4.8.63 that would allow attackers to obtain administrator permissions via /index.php/admin/index/modifymanage.html."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/xwlrbh/Catfish/issues/5",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-184xx/CVE-2020-18410.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-18410",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-27T20:15:09.373",
"lastModified": "2023-06-27T20:45:06.090",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A stored cross site scripting (XSS) vulnerability in /index.php?admin-master-article-edit of Chaoji CMS v2.18 that allows attackers to obtain administrator privileges."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/GodEpic/chaojicms/issues/6",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-184xx/CVE-2020-18413.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-18413",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-27T20:15:09.423",
"lastModified": "2023-06-27T20:45:06.090",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Stored cross site scripting (XSS) vulnerability in /index.php?admin-master-navmenu-add of Chaoji CMS v2.18 that allows attackers to execute arbitrary code."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/GodEpic/chaojicms/issues/5",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-184xx/CVE-2020-18414.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-18414",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-27T21:15:15.763",
"lastModified": "2023-06-27T21:15:15.763",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Stored cross site scripting (XSS) vulnerability in Chaoji CMS v2.18 that allows attackers to execute arbitrary code via /index.php?admin-master-webset."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/GodEpic/chaojicms/issues/3",
"source": "cve@mitre.org"
}
]
}

20
CVE-2020/CVE-2020-184xx/CVE-2020-18416.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-18416",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-27T20:15:09.473",
"lastModified": "2023-06-27T20:45:06.090",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An cross site request forgery (CSRF) vulnerability discovered in Jymusic v2.0.0.,that allows attackers to execute arbitrary code via /admin.php?s=/addons/config.html&id=6 to modify payment information."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/dtorp06/jymusic/issues/1",
"source": "cve@mitre.org"
}
]
}

4
CVE-2020/CVE-2020-184xx/CVE-2020-18418.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-18418",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-27T19:15:09.047",
"lastModified": "2023-06-27T19:15:09.047",
"vulnStatus": "Received",
"lastModified": "2023-06-27T20:45:06.090",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

20
CVE-2020/CVE-2020-199xx/CVE-2020-19902.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2020-19902",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-27T20:15:09.520",
"lastModified": "2023-06-27T20:45:06.090",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote attacker to execute arbitrary code via the wex/cssjs.php parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/vedees/wcms/issues/3",
"source": "cve@mitre.org"
}
]
}

64
CVE-2020/CVE-2020-200xx/CVE-2020-20070.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2020-20070",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-20T15:15:10.263",
"lastModified": "2023-06-20T15:49:15.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T20:05:18.187",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability found in wkeyuan DWSurvey 1.0 allows a remote attacker to execute arbitrary code via thequltemld parameter of the qu-multi-fillblank!answers.action file."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:diaowen:dwsurvey:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51ACABD1-BE5D-48E0-9CC7-4975FD6AA75B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/wkeyuan/DWSurvey/issues/48",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

65
CVE-2020/CVE-2020-203xx/CVE-2020-20335.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2020-20335",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-20T15:15:10.307",
"lastModified": "2023-06-20T15:49:15.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T20:09:20.373",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in Antirez Kilo before commit 7709a04ae8520c5b04d261616098cebf742f5a23 allows a remote attacker to cause a denial of service via the editorUpdateRow function in kilo.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kilo_project:kilo:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2020-07-02",
"matchCriteriaId": "1D895359-DB10-442C-98EE-6A91A63D5DA6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/antirez/kilo/issues/60",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

63
CVE-2020/CVE-2020-204xx/CVE-2020-20413.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2020-20413",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-20T15:15:10.350",
"lastModified": "2023-06-20T15:49:15.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T20:14:54.677",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wuzhicms:wuzhicms:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B76E69A-B2F3-4359-A7C0-046CEE2FAEEB"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/SuperSalsa20/WUZHICMS-SQL-Injection/blob/master/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

66
CVE-2020/CVE-2020-204xx/CVE-2020-20491.json
View File

@ -2,19 +2,77 @@
"id": "CVE-2020-20491",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-20T15:15:10.403",
"lastModified": "2023-06-20T15:49:15.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T20:21:31.930",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opencart:opencart:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.2.00",
"versionEndIncluding": "3.0.3.2",
"matchCriteriaId": "9000F917-5FEB-41E5-8BA6-C9E0CD546C34"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/opencart/opencart/issues/7612",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

69
CVE-2020/CVE-2020-205xx/CVE-2020-20502.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2020-20502",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-20T15:15:10.443",
"lastModified": "2023-06-20T15:49:15.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T20:36:34.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery found in yzCMS v.2.0 allows a remote attacker to execute arbitrary code via the token check function."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yzmcms:yzmcms:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E7EE46F-852A-4E5D-81CC-05BD43AE219C"
}
]
}
]
}
],
"references": [
{
"url": "http://www.yzmcms.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/yzmcms/yzmcms/issues/27",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

63
CVE-2020/CVE-2020-206xx/CVE-2020-20636.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2020-20636",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-20T15:15:10.487",
"lastModified": "2023-06-20T15:49:15.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T20:38:56.623",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability found in Joyplus-cms v.1.6.0 allows a remote attacker to access sensitive information via the id parameter of the goodbad() function."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joyplus-cms_project:joyplus-cms:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A76F9F13-189B-40D0-9B9D-620024B26AC1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/joyplus/joyplus-cms/issues/447",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}

64
CVE-2020/CVE-2020-206xx/CVE-2020-20697.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2020-20697",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-20T15:15:10.537",
"lastModified": "2023-06-20T15:49:15.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T20:46:57.530",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in khodakhah NodCMS v.3.0 allows a remote attacker to execute arbitrary code and gain access to senstivie information via a crafted script to the address parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nodcms:nodcms:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB187B4-9534-425E-8766-91D5BBC8CA78"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/khodakhah/nodcms/issues/41",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

65
CVE-2020/CVE-2020-207xx/CVE-2020-20703.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2020-20703",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-20T15:15:10.580",
"lastModified": "2023-06-20T15:49:15.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T20:54:33.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the operand parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vim:vim:8.1.2135:*:*:*:*:*:*:*",
"matchCriteriaId": "3AB267E1-74B2-451E-AFFB-DFC40046C132"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/vim/vim/issues/5041",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
]
}
]
}

26
CVE-2022/CVE-2022-14xx/CVE-2022-1441.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-1441",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-04-25T17:15:36.547",
"lastModified": "2023-05-27T04:15:20.370",
"vulnStatus": "Modified",
"lastModified": "2023-06-27T20:43:05.850",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -70,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-119"
"value": "CWE-125"
}
]
},
@ -100,6 +100,21 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
}
]
}
]
}
],
"references": [
@ -122,7 +137,10 @@
},
{
"url": "https://www.debian.org/security/2023/dsa-5411",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
}
]
}

12
CVE-2022/CVE-2022-220xx/CVE-2022-22034.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-22034",
"sourceIdentifier": "secure@microsoft.com",
"published": "2022-07-12T23:15:09.567",
"lastModified": "2023-05-17T17:15:11.720",
"vulnStatus": "Modified",
"lastModified": "2023-06-27T20:44:45.057",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -70,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-269"
"value": "CWE-416"
}
]
}
@ -250,7 +250,11 @@
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22034",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

4
CVE-2022/CVE-2022-227xx/CVE-2022-22715.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-22715",
"sourceIdentifier": "secure@microsoft.com",
"published": "2022-02-09T17:15:10.117",
"lastModified": "2022-05-23T17:29:19.003",
"lastModified": "2023-06-27T20:23:36.597",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -70,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-269"
"value": "CWE-191"
}
]
}

4
CVE-2022/CVE-2022-256xx/CVE-2022-25649.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-25649",
"sourceIdentifier": "audit@patchstack.com",
"published": "2022-08-05T16:15:11.493",
"lastModified": "2022-08-08T17:39:10.953",
"lastModified": "2023-06-27T20:44:35.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -65,7 +65,7 @@
"description": [
{
"lang": "en",
"value": "CWE-863"
"value": "NVD-CWE-Other"
}
]
},

4
CVE-2022/CVE-2022-258xx/CVE-2022-25817.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-25817",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2022-03-10T17:47:18.757",
"lastModified": "2022-03-16T03:37:22.437",
"lastModified": "2023-06-27T20:39:56.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -90,7 +90,7 @@
"description": [
{
"lang": "en",
"value": "CWE-287"
"value": "NVD-CWE-Other"
}
]
},

14
CVE-2022/CVE-2022-259xx/CVE-2022-25959.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-25959",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2022-04-01T23:15:14.470",
"lastModified": "2022-04-08T13:42:11.737",
"lastModified": "2023-06-27T20:40:57.613",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -85,8 +85,18 @@
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",

4
CVE-2022/CVE-2022-25xx/CVE-2022-2566.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-2566",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2022-09-23T12:15:10.103",
"lastModified": "2022-10-01T02:27:40.717",
"lastModified": "2023-06-27T20:44:29.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -65,7 +65,7 @@
"description": [
{
"lang": "en",
"value": "CWE-787"
"value": "CWE-190"
}
]
},

4
CVE-2022/CVE-2022-260xx/CVE-2022-26090.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-26090",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2022-04-11T20:15:20.897",
"lastModified": "2022-04-19T01:22:34.583",
"lastModified": "2023-06-27T20:42:45.240",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -90,7 +90,7 @@
"description": [
{
"lang": "en",
"value": "CWE-668"
"value": "NVD-CWE-Other"
}
]
},

4
CVE-2022/CVE-2022-261xx/CVE-2022-26125.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-26125",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-03-03T18:15:08.090",
"lastModified": "2022-03-09T20:15:25.863",
"lastModified": "2023-06-27T20:23:49.610",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -70,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-119"
"value": "CWE-1284"
}
]
},

4
CVE-2022/CVE-2022-261xx/CVE-2022-26127.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-26127",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-03-03T18:15:08.193",
"lastModified": "2022-03-09T20:13:29.583",
"lastModified": "2023-06-27T20:26:26.217",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -70,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-119"
"value": "CWE-1284"
}
]
},

4
CVE-2022/CVE-2022-261xx/CVE-2022-26128.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-26128",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-03-03T18:15:08.243",
"lastModified": "2022-03-09T20:17:48.750",
"lastModified": "2023-06-27T20:38:30.520",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -70,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-119"
"value": "CWE-1284"
}
]
},

8
CVE-2022/CVE-2022-26xx/CVE-2022-2639.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-2639",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-09-01T21:15:09.600",
"lastModified": "2023-01-20T13:05:07.377",
"lastModified": "2023-06-27T20:52:02.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -45,11 +45,7 @@
"description": [
{
"lang": "en",
"value": "CWE-191"
},
{
"lang": "en",
"value": "CWE-787"
"value": "CWE-681"
}
]
},

4
CVE-2022/CVE-2022-360xx/CVE-2022-36099.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-36099",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-09-08T21:15:08.167",
"lastModified": "2022-09-14T16:17:13.283",
"lastModified": "2023-06-27T20:52:09.843",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -65,7 +65,7 @@
"description": [
{
"lang": "en",
"value": "CWE-94"
"value": "CWE-116"
}
]
},

4
CVE-2022/CVE-2022-361xx/CVE-2022-36100.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-36100",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-09-08T21:15:08.237",
"lastModified": "2022-09-14T16:40:42.790",
"lastModified": "2023-06-27T20:52:21.010",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -65,7 +65,7 @@
"description": [
{
"lang": "en",
"value": "CWE-94"
"value": "CWE-116"
}
]
},

4
CVE-2022/CVE-2022-361xx/CVE-2022-36110.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-36110",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-09-09T20:15:11.263",
"lastModified": "2022-09-15T03:31:27.897",
"lastModified": "2023-06-27T20:52:26.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -65,7 +65,7 @@
"description": [
{
"lang": "en",
"value": "CWE-863"
"value": "NVD-CWE-Other"
}
]
},

4
CVE-2022/CVE-2022-361xx/CVE-2022-36113.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-36113",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-09-14T18:15:10.763",
"lastModified": "2023-01-20T17:58:15.597",
"lastModified": "2023-06-27T20:52:33.817",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -65,7 +65,7 @@
"description": [
{
"lang": "en",
"value": "CWE-22"
"value": "CWE-59"
}
]
},

8
CVE-2022/CVE-2022-369xx/CVE-2022-36960.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-36960",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2022-11-29T21:15:10.693",
"lastModified": "2022-12-01T21:16:06.653",
"lastModified": "2023-06-27T20:07:35.373",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -61,7 +61,11 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-287"
}
]
},

4
CVE-2022/CVE-2022-37xx/CVE-2022-3724.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-3724",
"sourceIdentifier": "cve@gitlab.com",
"published": "2022-12-09T18:15:19.957",
"lastModified": "2022-12-14T15:13:49.850",
"lastModified": "2023-06-27T20:44:18.853",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -61,7 +61,7 @@
"description": [
{
"lang": "en",
"value": "CWE-74"
"value": "CWE-134"
}
]
}

8
CVE-2022/CVE-2022-381xx/CVE-2022-38114.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-38114",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2022-11-23T17:15:10.167",
"lastModified": "2022-11-28T18:19:59.670",
"lastModified": "2023-06-27T20:07:13.903",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -61,7 +61,11 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-444"
},
{
"lang": "en",
"value": "CWE-79"
}
]
},

14
CVE-2022/CVE-2022-381xx/CVE-2022-38135.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-38135",
"sourceIdentifier": "audit@patchstack.com",
"published": "2022-09-12T21:15:11.057",
"lastModified": "2022-10-27T14:37:29.063",
"lastModified": "2023-06-27T20:01:39.443",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -60,8 +60,18 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",

4
CVE-2022/CVE-2022-381xx/CVE-2022-38184.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-38184",
"sourceIdentifier": "psirt@esri.com",
"published": "2022-08-16T18:15:09.277",
"lastModified": "2022-08-17T11:36:51.287",
"lastModified": "2023-06-27T20:01:50.113",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -65,7 +65,7 @@
"description": [
{
"lang": "en",
"value": "CWE-668"
"value": "NVD-CWE-Other"
}
]
},

18
CVE-2022/CVE-2022-382xx/CVE-2022-38210.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-38210",
"sourceIdentifier": "psirt@esri.com",
"published": "2022-12-29T20:15:09.997",
"lastModified": "2023-01-09T19:09:30.157",
"lastModified": "2023-06-27T20:14:52.507",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -56,8 +56,22 @@
},
"weaknesses": [
{
"source": "psirt@esri.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
},
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "psirt@esri.com",
"type": "Secondary",
"description": [
{
"lang": "en",

14
CVE-2022/CVE-2022-38xx/CVE-2022-3875.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-3875",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-12-19T11:15:10.480",
"lastModified": "2022-12-28T19:24:55.047",
"lastModified": "2023-06-27T20:14:35.760",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -56,8 +56,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",

6
CVE-2022/CVE-2022-38xx/CVE-2022-3879.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-3879",
"sourceIdentifier": "contact@wpscan.com",
"published": "2022-12-12T18:15:11.047",
"lastModified": "2022-12-15T17:46:47.517",
"lastModified": "2023-06-27T20:14:22.303",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -39,6 +39,10 @@
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
},
{
"lang": "en",
"value": "CWE-863"

4
CVE-2023/CVE-2023-225xx/CVE-2023-22593.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22593",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-06-27T19:15:09.187",
"lastModified": "2023-06-27T19:15:09.187",
"vulnStatus": "Received",
"lastModified": "2023-06-27T20:45:06.090",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-234xx/CVE-2023-23468.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23468",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-06-27T19:15:09.293",
"lastModified": "2023-06-27T19:15:09.293",
"vulnStatus": "Received",
"lastModified": "2023-06-27T20:45:06.090",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-250xx/CVE-2023-25004.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25004",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2023-06-27T19:15:09.383",
"lastModified": "2023-06-27T19:15:09.383",
"vulnStatus": "Received",
"lastModified": "2023-06-27T20:45:06.090",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

47
CVE-2023/CVE-2023-274xx/CVE-2023-27429.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27429",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-21T14:15:09.690",
"lastModified": "2023-06-21T15:14:56.427",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T20:54:54.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:automattic:jetpack_crm:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "5.5.0",
"matchCriteriaId": "FAAFC1A9-08C4-43CE-A191-9F7657709FBB"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/zero-bs-crm/wordpress-jetpack-crm-clients-leads-invoices-billing-email-marketing-automation-plugin-5-4-4-cross-site-scripting-xss?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-274xx/CVE-2023-27439.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27439",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-21T13:15:09.910",
"lastModified": "2023-06-21T15:14:56.427",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T20:54:24.717",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:new_adman_project:new_adman:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.6.8",
"matchCriteriaId": "2FC4851E-0CDD-4180-A014-BB55C496316B"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/new-adman/wordpress-new-adman-plugin-1-6-8-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-290xx/CVE-2023-29068.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29068",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2023-06-27T19:15:09.457",
"lastModified": "2023-06-27T19:15:09.457",
"vulnStatus": "Received",
"lastModified": "2023-06-27T20:45:06.090",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

59
CVE-2023/CVE-2023-309xx/CVE-2023-30993.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-30993",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-06-27T20:15:09.620",
"lastModified": "2023-06-27T20:45:06.090",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 could allow an attacker with a valid API key for one tenant to access data from another tenant's account. IBM X-Force ID: 254136."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254136",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/6995221",
"source": "psirt@us.ibm.com"
}
]
}

73
CVE-2023/CVE-2023-325xx/CVE-2023-32538.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-32538",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-19T05:15:09.553",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T20:50:08.593",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32273 and CVE-2023-32201."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fujielectric:tellus:4.0.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30687838-02B8-43D9-AE6F-BD508BC2B3AF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fujielectric:tellus_lite:4.0.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3375800A-B58B-4D4E-A68A-BE8D9CACDBAB"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU98818508/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Release Notes"
]
}
]
}

73
CVE-2023/CVE-2023-325xx/CVE-2023-32542.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-32542",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-19T05:15:09.593",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T20:49:23.610",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fujielectric:tellus:4.0.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30687838-02B8-43D9-AE6F-BD508BC2B3AF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fujielectric:tellus_lite:4.0.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3375800A-B58B-4D4E-A68A-BE8D9CACDBAB"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU98818508/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Release Notes"
]
}
]
}

55
CVE-2023/CVE-2023-34xx/CVE-2023-3436.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-3436",
"sourceIdentifier": "xpdf@xpdfreader.com",
"published": "2023-06-27T21:15:16.047",
"lastModified": "2023-06-27T21:15:16.047",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Xpdf 4.04 will deadlock on a PDF object stream whose \"Length\" field is itself in another object stream.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "xpdf@xpdfreader.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "xpdf@xpdfreader.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-833"
}
]
}
],
"references": [
{
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42618",
"source": "xpdf@xpdfreader.com"
}
]
}

59
CVE-2023/CVE-2023-364xx/CVE-2023-36463.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-36463",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-27T20:15:09.727",
"lastModified": "2023-06-27T20:45:06.090",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Meldekarten generator is an open source project to create a program, running locally in the browser without the need for an internet-connection, to create, store and print registration cards for volunteers. All text fields on the webpage are vulnerable to XSS attacks. The user input isn't (fully) sanitized after submission. This issue has been addressed in commit `77e04f4af` which is included in the `1.0.0b1.1.2` release. Users are advised to upgrade. There are no known workarounds for this vulnerability. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/jucktnich/meldekarten-generator/commit/77e04f4af85a6d0b08e616d40eaa81877a108c96",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/jucktnich/meldekarten-generator/security/advisories/GHSA-f2gp-85cr-vgj7",
"source": "security-advisories@github.com"
}
]
}

88
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-06-27T20:00:29.951267+00:00
2023-06-27T22:00:27.807785+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-06-27T19:59:39.177000+00:00
2023-06-27T21:15:16.047000+00:00
```
### Last Data Feed Release
@ -29,61 +29,55 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
218683
218694
```
### CVEs added in the last Commit
Recently added CVEs: `17`
Recently added CVEs: `11`
* [CVE-2020-18418](CVE-2020/CVE-2020-184xx/CVE-2020-18418.json) (`2023-06-27T19:15:09.047`)
* [CVE-2022-34352](CVE-2022/CVE-2022-343xx/CVE-2022-34352.json) (`2023-06-27T18:15:11.993`)
* [CVE-2023-26273](CVE-2023/CVE-2023-262xx/CVE-2023-26273.json) (`2023-06-27T18:15:12.640`)
* [CVE-2023-26274](CVE-2023/CVE-2023-262xx/CVE-2023-26274.json) (`2023-06-27T18:15:12.717`)
* [CVE-2023-26276](CVE-2023/CVE-2023-262xx/CVE-2023-26276.json) (`2023-06-27T18:15:12.783`)
* [CVE-2023-28857](CVE-2023/CVE-2023-288xx/CVE-2023-28857.json) (`2023-06-27T18:15:13.120`)
* [CVE-2023-33566](CVE-2023/CVE-2023-335xx/CVE-2023-33566.json) (`2023-06-27T18:15:13.463`)
* [CVE-2023-33567](CVE-2023/CVE-2023-335xx/CVE-2023-33567.json) (`2023-06-27T18:15:13.510`)
* [CVE-2023-34835](CVE-2023/CVE-2023-348xx/CVE-2023-34835.json) (`2023-06-27T18:15:13.557`)
* [CVE-2023-34836](CVE-2023/CVE-2023-348xx/CVE-2023-34836.json) (`2023-06-27T18:15:13.603`)
* [CVE-2023-34837](CVE-2023/CVE-2023-348xx/CVE-2023-34837.json) (`2023-06-27T18:15:13.653`)
* [CVE-2023-34838](CVE-2023/CVE-2023-348xx/CVE-2023-34838.json) (`2023-06-27T18:15:13.700`)
* [CVE-2023-34839](CVE-2023/CVE-2023-348xx/CVE-2023-34839.json) (`2023-06-27T18:15:13.747`)
* [CVE-2023-22593](CVE-2023/CVE-2023-225xx/CVE-2023-22593.json) (`2023-06-27T19:15:09.187`)
* [CVE-2023-23468](CVE-2023/CVE-2023-234xx/CVE-2023-23468.json) (`2023-06-27T19:15:09.293`)
* [CVE-2023-25004](CVE-2023/CVE-2023-250xx/CVE-2023-25004.json) (`2023-06-27T19:15:09.383`)
* [CVE-2023-29068](CVE-2023/CVE-2023-290xx/CVE-2023-29068.json) (`2023-06-27T19:15:09.457`)
* [CVE-2020-18406](CVE-2020/CVE-2020-184xx/CVE-2020-18406.json) (`2023-06-27T20:15:09.297`)
* [CVE-2020-18410](CVE-2020/CVE-2020-184xx/CVE-2020-18410.json) (`2023-06-27T20:15:09.373`)
* [CVE-2020-18413](CVE-2020/CVE-2020-184xx/CVE-2020-18413.json) (`2023-06-27T20:15:09.423`)
* [CVE-2020-18416](CVE-2020/CVE-2020-184xx/CVE-2020-18416.json) (`2023-06-27T20:15:09.473`)
* [CVE-2020-19902](CVE-2020/CVE-2020-199xx/CVE-2020-19902.json) (`2023-06-27T20:15:09.520`)
* [CVE-2020-18404](CVE-2020/CVE-2020-184xx/CVE-2020-18404.json) (`2023-06-27T21:15:15.650`)
* [CVE-2020-18409](CVE-2020/CVE-2020-184xx/CVE-2020-18409.json) (`2023-06-27T21:15:15.717`)
* [CVE-2020-18414](CVE-2020/CVE-2020-184xx/CVE-2020-18414.json) (`2023-06-27T21:15:15.763`)
* [CVE-2023-30993](CVE-2023/CVE-2023-309xx/CVE-2023-30993.json) (`2023-06-27T20:15:09.620`)
* [CVE-2023-36463](CVE-2023/CVE-2023-364xx/CVE-2023-36463.json) (`2023-06-27T20:15:09.727`)
* [CVE-2023-3436](CVE-2023/CVE-2023-34xx/CVE-2023-3436.json) (`2023-06-27T21:15:16.047`)
### CVEs modified in the last Commit
Recently modified CVEs: `128`
Recently modified CVEs: `41`
* [CVE-2023-28288](CVE-2023/CVE-2023-282xx/CVE-2023-28288.json) (`2023-06-27T18:15:12.940`)
* [CVE-2023-28293](CVE-2023/CVE-2023-282xx/CVE-2023-28293.json) (`2023-06-27T18:15:13.020`)
* [CVE-2023-2724](CVE-2023/CVE-2023-27xx/CVE-2023-2724.json) (`2023-06-27T18:15:13.197`)
* [CVE-2023-30198](CVE-2023/CVE-2023-301xx/CVE-2023-30198.json) (`2023-06-27T18:15:13.287`)
* [CVE-2023-33137](CVE-2023/CVE-2023-331xx/CVE-2023-33137.json) (`2023-06-27T18:15:13.380`)
* [CVE-2023-33495](CVE-2023/CVE-2023-334xx/CVE-2023-33495.json) (`2023-06-27T18:19:44.590`)
* [CVE-2023-34596](CVE-2023/CVE-2023-345xx/CVE-2023-34596.json) (`2023-06-27T18:23:44.610`)
* [CVE-2023-34597](CVE-2023/CVE-2023-345xx/CVE-2023-34597.json) (`2023-06-27T18:31:10.617`)
* [CVE-2023-3340](CVE-2023/CVE-2023-33xx/CVE-2023-3340.json) (`2023-06-27T18:31:12.860`)
* [CVE-2023-34600](CVE-2023/CVE-2023-346xx/CVE-2023-34600.json) (`2023-06-27T18:32:14.227`)
* [CVE-2023-34541](CVE-2023/CVE-2023-345xx/CVE-2023-34541.json) (`2023-06-27T18:34:05.143`)
* [CVE-2023-32339](CVE-2023/CVE-2023-323xx/CVE-2023-32339.json) (`2023-06-27T18:34:43.840`)
* [CVE-2023-34098](CVE-2023/CVE-2023-340xx/CVE-2023-34098.json) (`2023-06-27T18:34:43.840`)
* [CVE-2023-34099](CVE-2023/CVE-2023-340xx/CVE-2023-34099.json) (`2023-06-27T18:34:43.840`)
* [CVE-2023-34240](CVE-2023/CVE-2023-342xx/CVE-2023-34240.json) (`2023-06-27T18:34:43.840`)
* [CVE-2023-34830](CVE-2023/CVE-2023-348xx/CVE-2023-34830.json) (`2023-06-27T18:34:43.840`)
* [CVE-2023-35799](CVE-2023/CVE-2023-357xx/CVE-2023-35799.json) (`2023-06-27T18:34:43.840`)
* [CVE-2023-35800](CVE-2023/CVE-2023-358xx/CVE-2023-35800.json) (`2023-06-27T18:34:43.840`)
* [CVE-2023-31239](CVE-2023/CVE-2023-312xx/CVE-2023-31239.json) (`2023-06-27T18:35:46.850`)
* [CVE-2023-30759](CVE-2023/CVE-2023-307xx/CVE-2023-30759.json) (`2023-06-27T18:36:55.627`)
* [CVE-2023-35857](CVE-2023/CVE-2023-358xx/CVE-2023-35857.json) (`2023-06-27T18:37:38.063`)
* [CVE-2023-32465](CVE-2023/CVE-2023-324xx/CVE-2023-32465.json) (`2023-06-27T18:39:23.987`)
* [CVE-2023-3036](CVE-2023/CVE-2023-30xx/CVE-2023-3036.json) (`2023-06-27T18:40:38.283`)
* [CVE-2023-2673](CVE-2023/CVE-2023-26xx/CVE-2023-2673.json) (`2023-06-27T18:41:28.450`)
* [CVE-2023-35095](CVE-2023/CVE-2023-350xx/CVE-2023-35095.json) (`2023-06-27T19:51:44.547`)
* [CVE-2022-22715](CVE-2022/CVE-2022-227xx/CVE-2022-22715.json) (`2023-06-27T20:23:36.597`)
* [CVE-2022-26125](CVE-2022/CVE-2022-261xx/CVE-2022-26125.json) (`2023-06-27T20:23:49.610`)
* [CVE-2022-26127](CVE-2022/CVE-2022-261xx/CVE-2022-26127.json) (`2023-06-27T20:26:26.217`)
* [CVE-2022-26128](CVE-2022/CVE-2022-261xx/CVE-2022-26128.json) (`2023-06-27T20:38:30.520`)
* [CVE-2022-25817](CVE-2022/CVE-2022-258xx/CVE-2022-25817.json) (`2023-06-27T20:39:56.397`)
* [CVE-2022-25959](CVE-2022/CVE-2022-259xx/CVE-2022-25959.json) (`2023-06-27T20:40:57.613`)
* [CVE-2022-26090](CVE-2022/CVE-2022-260xx/CVE-2022-26090.json) (`2023-06-27T20:42:45.240`)
* [CVE-2022-1441](CVE-2022/CVE-2022-14xx/CVE-2022-1441.json) (`2023-06-27T20:43:05.850`)
* [CVE-2022-3724](CVE-2022/CVE-2022-37xx/CVE-2022-3724.json) (`2023-06-27T20:44:18.853`)
* [CVE-2022-2566](CVE-2022/CVE-2022-25xx/CVE-2022-2566.json) (`2023-06-27T20:44:29.407`)
* [CVE-2022-25649](CVE-2022/CVE-2022-256xx/CVE-2022-25649.json) (`2023-06-27T20:44:35.397`)
* [CVE-2022-22034](CVE-2022/CVE-2022-220xx/CVE-2022-22034.json) (`2023-06-27T20:44:45.057`)
* [CVE-2022-2639](CVE-2022/CVE-2022-26xx/CVE-2022-2639.json) (`2023-06-27T20:52:02.907`)
* [CVE-2022-36099](CVE-2022/CVE-2022-360xx/CVE-2022-36099.json) (`2023-06-27T20:52:09.843`)
* [CVE-2022-36100](CVE-2022/CVE-2022-361xx/CVE-2022-36100.json) (`2023-06-27T20:52:21.010`)
* [CVE-2022-36110](CVE-2022/CVE-2022-361xx/CVE-2022-36110.json) (`2023-06-27T20:52:26.647`)
* [CVE-2022-36113](CVE-2022/CVE-2022-361xx/CVE-2022-36113.json) (`2023-06-27T20:52:33.817`)
* [CVE-2023-22593](CVE-2023/CVE-2023-225xx/CVE-2023-22593.json) (`2023-06-27T20:45:06.090`)
* [CVE-2023-23468](CVE-2023/CVE-2023-234xx/CVE-2023-23468.json) (`2023-06-27T20:45:06.090`)
* [CVE-2023-25004](CVE-2023/CVE-2023-250xx/CVE-2023-25004.json) (`2023-06-27T20:45:06.090`)
* [CVE-2023-29068](CVE-2023/CVE-2023-290xx/CVE-2023-29068.json) (`2023-06-27T20:45:06.090`)
* [CVE-2023-32542](CVE-2023/CVE-2023-325xx/CVE-2023-32542.json) (`2023-06-27T20:49:23.610`)
* [CVE-2023-32538](CVE-2023/CVE-2023-325xx/CVE-2023-32538.json) (`2023-06-27T20:50:08.593`)
* [CVE-2023-27439](CVE-2023/CVE-2023-274xx/CVE-2023-27439.json) (`2023-06-27T20:54:24.717`)
* [CVE-2023-27429](CVE-2023/CVE-2023-274xx/CVE-2023-27429.json) (`2023-06-27T20:54:54.337`)
## Download and Usage