admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-07T08:00:26.687243+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-07 08:00:30 +00:00
parent a2ecb204a7
commit 4327577e43
10 changed files with 315 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
CVE-2022/CVE-2022-475xx/CVE-2022-47522.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-47522",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-15T02:15:07.290",
"lastModified": "2023-04-28T14:27:12.360",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-07T06:15:07.573",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -48,7 +48,6 @@
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -864,6 +863,10 @@
"Third Party Advisory"
]
},
{
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:11.wifi.asc",
"source": "cve@mitre.org"
},
{
"url": "https://www.wi-fi.org/discover-wi-fi/passpoint",
"source": "cve@mitre.org",

10
CVE-2023/CVE-2023-305xx/CVE-2023-30533.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-30533",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-24T08:15:07.217",
"lastModified": "2023-05-02T18:40:51.750",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-07T07:15:07.883",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file."
"value": "SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file. In other words. 0.19.2 and earlier are affected, whereas 0.19.3 and later are unaffected."
}
],
"metrics": {
@ -72,6 +72,10 @@
"Vendor Advisory"
]
},
{
"url": "https://git.sheetjs.com/sheetjs/sheetjs/issues/2986",
"source": "cve@mitre.org"
},
{
"url": "https://git.sheetjs.com/sheetjs/sheetjs/src/branch/master/CHANGELOG.md",
"source": "cve@mitre.org",

55
CVE-2023/CVE-2023-380xx/CVE-2023-38032.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-38032",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-09-07T07:15:08.107",
"lastModified": "2023-09-07T07:15:08.107",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nASUS RT-AC86U AiProtection security- related function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7349-7f8cd-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-380xx/CVE-2023-38033.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-38033",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-09-07T07:15:08.297",
"lastModified": "2023-09-07T07:15:08.297",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7350-ded5e-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-392xx/CVE-2023-39236.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-39236",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-09-07T07:15:08.440",
"lastModified": "2023-09-07T07:15:08.440",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7351-ec8fe-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-392xx/CVE-2023-39237.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-39237",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-09-07T07:15:08.537",
"lastModified": "2023-09-07T07:15:08.537",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nASUS RT-AC86U Traffic Analyzer - Apps analysis function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7352-bad68-1.html",
"source": "twcert@cert.org.tw"
}
]
}

8
CVE-2023/CVE-2023-399xx/CVE-2023-39910.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39910",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-09T03:15:44.867",
"lastModified": "2023-08-22T22:15:11.383",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-07T07:15:08.640",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -80,6 +80,10 @@
"Third Party Advisory"
]
},
{
"url": "https://github.com/libbitcoin/libbitcoin-explorer/wiki/CVE-2023-39910",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/libbitcoin/libbitcoin-system/blob/a1b777fc51d9c04e0c7a1dec5cc746b82a6afe64/src/crypto/pseudo_random.cpp#L66C12-L78",
"source": "cve@mitre.org",

6
CVE-2023/CVE-2023-403xx/CVE-2023-40359.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-40359",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-14T17:15:10.617",
"lastModified": "2023-08-22T18:53:55.847",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-07T06:15:07.990",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor underscore), aka a pointer/overflow issue."
"value": "xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor underscore), aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain experimental feature."
}
],
"metrics": {

59
CVE-2023/CVE-2023-48xx/CVE-2023-4815.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4815",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-07T07:15:08.747",
"lastModified": "2023-09-07T07:15:08.747",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://github.com/answerdev/answer/commit/e75142a55546e01d8904f59db228422561f51666",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/4cd3eeb4-57c9-4af2-ad19-2166c9e0fd2c",
"source": "security@huntr.dev"
}
]
}

22
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-07T06:00:24.742083+00:00
2023-09-07T08:00:26.687243+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-07T04:15:10.407000+00:00
2023-09-07T07:15:08.747000+00:00
```
### Last Data Feed Release
@ -29,22 +29,28 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
224425
224430
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `5`
* [CVE-2023-38031](CVE-2023/CVE-2023-380xx/CVE-2023-38031.json) (`2023-09-07T04:15:10.273`)
* [CVE-2023-38032](CVE-2023/CVE-2023-380xx/CVE-2023-38032.json) (`2023-09-07T07:15:08.107`)
* [CVE-2023-38033](CVE-2023/CVE-2023-380xx/CVE-2023-38033.json) (`2023-09-07T07:15:08.297`)
* [CVE-2023-39236](CVE-2023/CVE-2023-392xx/CVE-2023-39236.json) (`2023-09-07T07:15:08.440`)
* [CVE-2023-39237](CVE-2023/CVE-2023-392xx/CVE-2023-39237.json) (`2023-09-07T07:15:08.537`)
* [CVE-2023-4815](CVE-2023/CVE-2023-48xx/CVE-2023-4815.json) (`2023-09-07T07:15:08.747`)
### CVEs modified in the last Commit
Recently modified CVEs: `2`
Recently modified CVEs: `4`
* [CVE-2022-41717](CVE-2022/CVE-2022-417xx/CVE-2022-41717.json) (`2023-09-07T04:15:09.720`)
* [CVE-2023-40305](CVE-2023/CVE-2023-403xx/CVE-2023-40305.json) (`2023-09-07T04:15:10.407`)
* [CVE-2022-47522](CVE-2022/CVE-2022-475xx/CVE-2022-47522.json) (`2023-09-07T06:15:07.573`)
* [CVE-2023-40359](CVE-2023/CVE-2023-403xx/CVE-2023-40359.json) (`2023-09-07T06:15:07.990`)
* [CVE-2023-30533](CVE-2023/CVE-2023-305xx/CVE-2023-30533.json) (`2023-09-07T07:15:07.883`)
* [CVE-2023-39910](CVE-2023/CVE-2023-399xx/CVE-2023-39910.json) (`2023-09-07T07:15:08.640`)
## Download and Usage