admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-04-25T15:08:22.739572+00:00

Browse Source
This commit is contained in:
René Helmke 2023-04-25 17:08:25 +02:00
parent 7789dd4f8b
commit 4344218689
79 changed files with 1646 additions and 153 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2012/CVE-2012-100xx/CVE-2012-10013.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2012-10013",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-24T18:15:08.783",
"lastModified": "2023-04-24T18:15:08.783",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2012/CVE-2012-100xx/CVE-2012-10014.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2012-10014",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-24T18:15:08.867",
"lastModified": "2023-04-24T18:15:08.867",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-283xx/CVE-2022-28354.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-28354",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-24T21:15:09.110",
"lastModified": "2023-04-24T21:15:09.110",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

78
CVE-2022/CVE-2022-374xx/CVE-2022-37462.json
View File

@ -2,23 +2,91 @@
"id": "CVE-2022-37462",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-10T13:15:06.913",
"lastModified": "2023-04-10T13:37:16.020",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-04-25T13:12:59.477",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A stored Cross-Site Scripting (XSS) vulnerability in the Chat gadget in Upstream Works Agent Desktop for Cisco Finesse through 4.2.12 and 5.0 allows remote attackers to inject arbitrary web script or HTML via AttachmentId in the file-upload details."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:upstreamworks:upstream_works_on_finesse:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0",
"versionEndIncluding": "4.2.14",
"matchCriteriaId": "5F194A79-7E4F-4272-9EF1-1393D84F2CD8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:upstreamworks:upstream_works_on_finesse:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0",
"versionEndIncluding": "5.3",
"matchCriteriaId": "CFC36910-D4E0-4102-82FA-F5725AB31BC2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.campusguard.com/post/going-beyond-pen-testing-to-identify-zero-day-exploits",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.upstreamworks.com/support/notifications/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

24
CVE-2022/CVE-2022-423xx/CVE-2022-42335.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2022-42335",
"sourceIdentifier": "security@xen.org",
"published": "2023-04-25T13:15:09.643",
"lastModified": "2023-04-25T14:15:09.317",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Due to too lax a check in one of the hypervisor routines used for shadow page handling it is possible for a guest with a PCI device passed through to cause the hypervisor to access an arbitrary pointer partially under guest control."
}
],
"metrics": {},
"references": [
{
"url": "http://xenbits.xen.org/xsa/advisory-430.html",
"source": "security@xen.org"
},
{
"url": "https://xenbits.xenproject.org/xsa/advisory-430.txt",
"source": "security@xen.org"
}
]
}

55
CVE-2022/CVE-2022-458xx/CVE-2022-45837.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-45837",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-04-25T12:15:09.127",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Reflected Cross-Site Scripting (XSS) vulnerability in Denis ???????? plugin <=\u00a06.0.1 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/weixin-robot-advanced/wordpress-plugin-6-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

75
CVE-2022/CVE-2022-481xx/CVE-2022-48177.json
View File

@ -2,23 +2,88 @@
"id": "CVE-2022-48177",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-15T01:15:06.867",
"lastModified": "2023-04-15T02:25:57.407",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-25T13:14:33.873",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the adin/importModels Import Records Model field (model parameter). This vulnerability allows attackers to create malicious JavaScript that will be executed by the victim user's browser."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:x2crm:x2crm:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DE36EA03-9BF0-4ED4-AF48-5ED3F7D75187"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:x2crm:x2crm:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "471494A9-3891-4B38-93FE-9C78F3A37BC6"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/171792/X2CRM-6.6-6.9-Cross-Site-Scripting.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://sourceforge.net/projects/x2engine/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

4
CVE-2023/CVE-2023-02xx/CVE-2023-0276.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0276",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:08.653",
"lastModified": "2023-04-24T19:15:08.653",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-03xx/CVE-2023-0388.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0388",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:08.723",
"lastModified": "2023-04-24T19:15:08.723",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-04xx/CVE-2023-0418.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0418",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:08.803",
"lastModified": "2023-04-24T19:15:08.803",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-04xx/CVE-2023-0420.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0420",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:08.870",
"lastModified": "2023-04-24T19:15:08.870",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-04xx/CVE-2023-0424.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0424",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:08.953",
"lastModified": "2023-04-24T19:15:08.953",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-08xx/CVE-2023-0899.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0899",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:09.033",
"lastModified": "2023-04-24T19:15:09.033",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-10xx/CVE-2023-1020.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1020",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:09.103",
"lastModified": "2023-04-24T19:15:09.103",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-11xx/CVE-2023-1126.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1126",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:09.180",
"lastModified": "2023-04-24T19:15:09.180",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-11xx/CVE-2023-1129.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1129",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:09.267",
"lastModified": "2023-04-24T19:15:09.267",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-13xx/CVE-2023-1324.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1324",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:09.343",
"lastModified": "2023-04-24T19:15:09.343",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-14xx/CVE-2023-1414.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1414",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:09.410",
"lastModified": "2023-04-24T19:15:09.410",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-14xx/CVE-2023-1420.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1420",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:09.487",
"lastModified": "2023-04-24T19:15:09.487",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-14xx/CVE-2023-1435.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1435",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:09.560",
"lastModified": "2023-04-24T19:15:09.560",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-16xx/CVE-2023-1623.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1623",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:09.627",
"lastModified": "2023-04-24T19:15:09.627",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-16xx/CVE-2023-1624.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1624",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-04-24T19:15:09.693",
"lastModified": "2023-04-24T19:15:09.693",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-20xx/CVE-2023-2006.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2006",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-04-24T21:15:09.283",
"lastModified": "2023-04-24T21:15:09.283",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-20xx/CVE-2023-2007.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2007",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-04-24T23:15:18.877",
"lastModified": "2023-04-24T23:15:18.877",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-20xx/CVE-2023-2019.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2019",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-04-24T21:15:09.347",
"lastModified": "2023-04-24T21:15:09.347",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-226xx/CVE-2023-22665.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22665",
"sourceIdentifier": "security@apache.org",
"published": "2023-04-25T07:15:08.137",
"lastModified": "2023-04-25T07:15:08.137",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-229xx/CVE-2023-22918.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22918",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-04-24T18:15:09.027",
"lastModified": "2023-04-24T18:15:09.027",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-22xx/CVE-2023-2250.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2250",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-04-24T21:15:09.410",
"lastModified": "2023-04-24T21:15:09.410",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-22xx/CVE-2023-2257.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2257",
"sourceIdentifier": "security@devolutions.net",
"published": "2023-04-24T19:15:09.820",
"lastModified": "2023-04-24T19:15:09.820",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-22xx/CVE-2023-2258.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2258",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-04-24T21:15:09.477",
"lastModified": "2023-04-24T21:15:09.477",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-22xx/CVE-2023-2259.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2259",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-04-24T21:15:09.547",
"lastModified": "2023-04-24T21:15:09.547",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-22xx/CVE-2023-2260.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2260",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-04-24T21:15:09.613",
"lastModified": "2023-04-24T21:15:09.613",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-22xx/CVE-2023-2281.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-2281",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-04-25T14:15:09.423",
"lastModified": "2023-04-25T14:15:09.423",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "When archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display name, description, and other data about the archived team.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates/",
"source": "responsibledisclosure@mattermost.com"
}
]
}

202
CVE-2023/CVE-2023-245xx/CVE-2023-24509.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-24509",
"sourceIdentifier": "psirt@arista.com",
"published": "2023-04-13T20:15:08.843",
"lastModified": "2023-04-14T13:06:38.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-25T14:19:44.713",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@arista.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@arista.com",
"type": "Secondary",
@ -46,10 +76,176 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.23",
"versionEndIncluding": "4.23.13m",
"matchCriteriaId": "498704F8-24D4-48C9-A5CB-4A8F7054AA49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.24.0",
"versionEndExcluding": "4.24.11m",
"matchCriteriaId": "8923F137-B1BA-49FF-A100-AD357966EE4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.25.0",
"versionEndExcluding": "4.25.10m",
"matchCriteriaId": "4D6EA8CE-BAA4-4B4D-8A9F-A65018FC6B3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.26.0",
"versionEndExcluding": "4.26.9m",
"matchCriteriaId": "659190E5-DFB0-4172-BD6F-1B9E22533CE5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.27.0",
"versionEndExcluding": "4.27.7m",
"matchCriteriaId": "20966F67-1C70-458C-A4EF-02612345DE48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.28.0",
"versionEndExcluding": "4.28.4m",
"matchCriteriaId": "1F57FAA3-518C-498C-9580-19A207C8F176"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arista:704x3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7C0C33F-72A7-41CA-A666-1CEC9F0FE02F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arista:7304x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65C6E0C9-7F81-4CE3-BD46-7939667E5969"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arista:7304x3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78FE473B-CA6E-4E8D-8DBF-676B1ECBB185"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arista:7308x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A8ABF1-ADF4-474D-B01B-8BB271E1263E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arista:7316x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73ECE6D6-12E5-4396-9C19-3B2E08E13147"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arista:7324x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8862F74-E399-41EE-A081-62D99A7C1755"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arista:7328x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F16261D-639F-4CAB-BDA6-EF3F277E663C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arista:7504r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD1F369D-93BF-4259-99F5-97FBEF79BBA5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arista:7504r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8387CCEA-F00C-4F1F-B966-ACF8B16F1D22"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arista:7508r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F35978B6-889C-47DB-971B-B2A12FF537E0"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arista:7508r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55AE2A1C-A4FD-423B-A77E-2E24C2310A6A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arista:7512r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2360E039-5F12-4210-8578-7EBDA4575A6E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arista:7512r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B0D708-B426-4CA1-BE87-08BD14B7EACE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arista:7516r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D45E5E5-7EB9-41E7-8EEE-570E6646EDDD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arista:755x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "585E3617-2B1F-4E58-853A-0E9703B91B80"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arista:758x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13B1D90C-73CC-49A2-B202-B07D96226729"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arista:7804r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A54F3D32-5A07-4791-90BF-96BD8A24C2F6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arista:7808r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F078B04-2DA0-4A4B-BB1A-408DC14CB61F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arista:7812r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B99200-EC76-404E-9900-5D1DC3B9A758"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arista:7816r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A172A49-1A0E-464B-BDDD-A8F52856D595"
}
]
}
]
}
],
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/16985-security-advisory-0082",
"source": "psirt@arista.com"
"source": "psirt@arista.com",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-253xx/CVE-2023-25346.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-25346",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-25T13:15:09.710",
"lastModified": "2023-04-25T13:15:09.710",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/10splayaSec/CVE-Disclosures/tree/main/ChurchCRM/CVE-2023-25346",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ChurchCRM/CRM",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-253xx/CVE-2023-25347.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-25347",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-25T13:15:09.753",
"lastModified": "2023-04-25T13:15:09.753",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3, allows remote attackers to inject arbitrary web script or HTML via input fields. These input fields are located in the \"Title\" Input Field in EventEditor.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/10splayaSec/CVE-Disclosures/tree/main/ChurchCRM/CVE-2023-25347",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ChurchCRM/CRM",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-253xx/CVE-2023-25348.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-25348",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-25T13:15:09.800",
"lastModified": "2023-04-25T13:15:09.800",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/10splayaSec/CVE-Disclosures/tree/main/ChurchCRM/CVE-2023-25348",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ChurchCRM/CRM",
"source": "cve@mitre.org"
}
]
}

55
CVE-2023/CVE-2023-254xx/CVE-2023-25479.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25479",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-04-25T12:15:09.253",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podlove Podlove Subscribe button plugin <=\u00a01.3.7 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/podlove-subscribe-button/wordpress-podlove-subscribe-button-plugin-1-3-7-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-254xx/CVE-2023-25490.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25490",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-04-25T12:15:09.313",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric Teubert Archivist \u2013 Custom Archive Templates plugin <=\u00a01.7.4 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/archivist-custom-archive-templates/wordpress-archivist-custom-archive-templates-plugin-1-7-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-257xx/CVE-2023-25710.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25710",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-04-25T12:15:09.367",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DIGITALBLUE Click to Call or Chat Buttons plugin <=\u00a01.4.0 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/click-to-call-or-chat-buttons/wordpress-click-to-call-or-chat-buttons-plugin-1-4-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

47
CVE-2023/CVE-2023-260xx/CVE-2023-26057.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-26057",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-25T13:15:09.847",
"lastModified": "2023-04-25T13:15:09.847",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://nokia.com",
"source": "cve@mitre.org"
},
{
"url": "https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2022-01/",
"source": "cve@mitre.org"
}
]
}

47
CVE-2023/CVE-2023-260xx/CVE-2023-26058.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-26058",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-25T13:15:09.900",
"lastModified": "2023-04-25T13:15:09.900",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://nokia.com",
"source": "cve@mitre.org"
},
{
"url": "https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2022-02/",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-260xx/CVE-2023-26059.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26059",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-24T18:15:09.090",
"lastModified": "2023-04-24T18:15:09.090",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-260xx/CVE-2023-26097.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26097",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-24T18:15:09.143",
"lastModified": "2023-04-24T18:15:09.143",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

47
CVE-2023/CVE-2023-260xx/CVE-2023-26098.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-26098",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-25T12:15:09.427",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. An attacker may upload a crafted file to execute arbitrary code."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://excellium-services.com/cert-xlm-advisory/CVE-2023-26098",
"source": "cve@mitre.org"
},
{
"url": "https://www.telindus.lu/fr/produits/apsal",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-260xx/CVE-2023-26099.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26099",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-24T18:15:09.200",
"lastModified": "2023-04-24T18:15:09.200",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

24
CVE-2023/CVE-2023-268xx/CVE-2023-26839.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-26839",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-25T13:15:09.947",
"lastModified": "2023-04-25T13:15:09.947",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to edit information for existing people on the site."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/10splayaSec/CVE-Disclosures/tree/main/ChurchCRM/CVE-2023-26839",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ChurchCRM/CRM",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-268xx/CVE-2023-26840.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-26840",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-25T13:15:09.987",
"lastModified": "2023-04-25T13:15:09.987",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to set a person to a user and set that user to be an Administrator."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/10splayaSec/CVE-Disclosures/tree/main/ChurchCRM/CVE-2023-26840",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ChurchCRM/CRM",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-268xx/CVE-2023-26841.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-26841",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-25T13:15:10.027",
"lastModified": "2023-04-25T13:15:10.027",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to change any user's password except for the user that is currently logged in."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/10splayaSec/CVE-Disclosures/tree/main/ChurchCRM/CVE-2023-26841",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ChurchCRM/CRM",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-268xx/CVE-2023-26843.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-26843",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-25T13:15:10.063",
"lastModified": "2023-04-25T13:15:10.063",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/10splayaSec/CVE-Disclosures/tree/main/ChurchCRM/CVE-2023-26843",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ChurchCRM/CRM",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-268xx/CVE-2023-26865.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26865",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-24T18:15:09.253",
"lastModified": "2023-04-24T18:15:09.253",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-276xx/CVE-2023-27619.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-27619",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-04-25T12:15:09.480",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes Regina Lite theme <=\u00a02.0.7 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/regina-lite/wordpress-regina-lite-theme-2-0-7-reflected-cross-site-scripting-xss?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

119
CVE-2023/CVE-2023-277xx/CVE-2023-27747.json
View File

@ -2,31 +2,136 @@
"id": "CVE-2023-27747",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-13T20:15:16.157",
"lastModified": "2023-04-14T13:06:38.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-25T13:42:56.447",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authentication in its web server. This vulnerability allows attackers to access sensitive information such as configurations and recordings."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:blackvue:dr750-2ch_lte_firmware:1.012_2022.10.26:*:*:*:*:*:*:*",
"matchCriteriaId": "B52FB9F3-AB7B-4227-A2AE-1D646F2DFEB1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:blackvue:dr750-2ch_lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46E5CB84-04EB-4971-A887-42F114BAAEDD"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:blackvue:dr750-2ch_ir_lte_firmware:1.012_2022.10.26:*:*:*:*:*:*:*",
"matchCriteriaId": "124BB4E3-698A-4228-BBFE-6953F1B9A9C5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:blackvue:dr750-2ch_ir_lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D929A81-C40D-40BB-980C-C197CA1AFF31"
}
]
}
]
}
],
"references": [
{
"url": "https://blackvue.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/eyJhb/blackvue-cve-2022",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/eyJhb/blackvue-cve-2023",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://shop.blackvue.com/product/dr750-2ch-ir-lte/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

119
CVE-2023/CVE-2023-277xx/CVE-2023-27748.json
View File

@ -2,31 +2,136 @@
"id": "CVE-2023-27748",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-13T20:15:16.470",
"lastModified": "2023-04-14T13:06:38.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-25T13:38:10.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity check for uploaded firmware. This can allow attackers to upload crafted firmware which contains backdoors and enables arbitrary code execution."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:blackvue:dr750-2ch_lte_firmware:1.012_2022.10.26:*:*:*:*:*:*:*",
"matchCriteriaId": "B52FB9F3-AB7B-4227-A2AE-1D646F2DFEB1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:blackvue:dr750-2ch_lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46E5CB84-04EB-4971-A887-42F114BAAEDD"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:blackvue:dr750-2ch_ir_lte_firmware:1.012_2022.10.26:*:*:*:*:*:*:*",
"matchCriteriaId": "124BB4E3-698A-4228-BBFE-6953F1B9A9C5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:blackvue:dr750-2ch_ir_lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D929A81-C40D-40BB-980C-C197CA1AFF31"
}
]
}
]
}
],
"references": [
{
"url": "https://blackvue.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/eyJhb/blackvue-cve-2022",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/eyJhb/blackvue-cve-2023",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://shop.blackvue.com/product/dr750-2ch-ir-lte/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

4
CVE-2023/CVE-2023-278xx/CVE-2023-27848.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27848",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-24T18:15:09.357",
"lastModified": "2023-04-24T18:15:09.357",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-278xx/CVE-2023-27849.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27849",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-24T18:15:09.400",
"lastModified": "2023-04-24T18:15:09.400",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-279xx/CVE-2023-27990.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27990",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-04-24T18:15:09.440",
"lastModified": "2023-04-24T18:15:09.440",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-279xx/CVE-2023-27991.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27991",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-04-24T18:15:09.497",
"lastModified": "2023-04-24T18:15:09.497",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-284xx/CVE-2023-28484.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28484",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-24T21:15:09.180",
"lastModified": "2023-04-24T21:15:09.180",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-287xx/CVE-2023-28771.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28771",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-04-25T02:15:08.743",
"lastModified": "2023-04-25T02:15:08.743",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

64
CVE-2023/CVE-2023-290xx/CVE-2023-29018.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29018",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-14T19:15:09.187",
"lastModified": "2023-04-14T22:45:15.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-25T14:25:04.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +76,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:openfeature:*:*:*:*:*:kubernetes:*:*",
"versionEndExcluding": "0.2.32",
"matchCriteriaId": "9EDFB403-3FD6-4AE9-8F27-076A2AA98232"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/open-feature/open-feature-operator/releases/tag/v0.2.32",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/open-feature/open-feature-operator/security/advisories/GHSA-cwf6-xj49-wp83",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-291xx/CVE-2023-29194.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29194",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-14T19:15:09.273",
"lastModified": "2023-04-14T22:45:15.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-25T14:33:00.543",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,18 +80,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:vitess:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.1",
"matchCriteriaId": "1D98CFEE-5298-48D6-8FAE-ED4E137D1741"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/vitessio/vitess/commit/adf10196760ad0b3991a7aa7a8580a544e6ddf88",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/vitessio/vitess/commits/v0.16.1/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/vitessio/vitess/security/advisories/GHSA-735r-hv67-g38f",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-294xx/CVE-2023-29469.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29469",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-24T21:15:09.230",
"lastModified": "2023-04-24T21:15:09.230",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

70
CVE-2023/CVE-2023-295xx/CVE-2023-29529.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29529",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-14T19:15:09.400",
"lastModified": "2023-04-14T22:45:15.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-04-25T14:06:24.803",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,18 +76,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:matrix:javascript_sdk:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "24.1.0",
"matchCriteriaId": "F434D632-322B-4A24-A585-53A983E63A6A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/matrix-org/matrix-js-sdk/releases/tag/v24.1.0",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-6g67-q39g-r79q",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/matrix-org/matrix-spec-proposals/pull/3401",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
]
}
]
}

4
CVE-2023/CVE-2023-295xx/CVE-2023-29530.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29530",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-24T20:15:08.823",
"lastModified": "2023-04-24T20:15:08.823",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-295xx/CVE-2023-29566.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29566",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-24T18:15:09.550",
"lastModified": "2023-04-24T18:15:09.550",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

24
CVE-2023/CVE-2023-297xx/CVE-2023-29779.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-29779",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-25T14:15:09.383",
"lastModified": "2023-04-25T14:15:09.383",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Sengled Dimmer Switch V0.0.9 contains a denial of service (DOS) vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes. After receiving the malicious command, the device will keep reporting its status and finally drain its battery after receiving the 'Set_short_poll_interval' command."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/iot-sec23/IoT-CVE/blob/main/Sengled%20Dimmer%20Switch%20Vulnerability%20Report.pdf",
"source": "cve@mitre.org"
},
{
"url": "https://us.sengled.com/",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-297xx/CVE-2023-29780.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29780",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-24T19:15:09.767",
"lastModified": "2023-04-24T19:15:09.767",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-304xx/CVE-2023-30406.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30406",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-24T22:15:09.627",
"lastModified": "2023-04-24T22:15:09.627",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-304xx/CVE-2023-30408.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30408",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-24T22:15:09.677",
"lastModified": "2023-04-24T22:15:09.677",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-304xx/CVE-2023-30410.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30410",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-24T22:15:09.743",
"lastModified": "2023-04-24T22:15:09.743",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-304xx/CVE-2023-30414.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30414",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-24T22:15:09.807",
"lastModified": "2023-04-24T22:15:09.807",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

20
CVE-2023/CVE-2023-304xx/CVE-2023-30417.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-30417",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-25T13:15:10.103",
"lastModified": "2023-04-25T13:15:10.103",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot up to v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title of a private message."
}
],
"metrics": {},
"references": [
{
"url": "https://gitee.com/pear-admin/Pear-Admin-Boot/issues/I6SXHX",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-306xx/CVE-2023-30623.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30623",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-24T22:15:09.870",
"lastModified": "2023-04-24T22:15:09.870",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-306xx/CVE-2023-30626.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30626",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-24T21:15:09.687",
"lastModified": "2023-04-24T21:15:09.687",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-306xx/CVE-2023-30627.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30627",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-24T21:15:09.760",
"lastModified": "2023-04-24T21:15:09.760",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-306xx/CVE-2023-30628.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30628",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-24T22:15:09.953",
"lastModified": "2023-04-24T22:15:09.953",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-306xx/CVE-2023-30629.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30629",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-24T22:15:10.030",
"lastModified": "2023-04-24T22:15:10.030",
"vulnStatus": "Received",
"lastModified": "2023-04-25T12:52:57.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

92
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD in 2 hour periods.
### Last repository update
```plain
2023-04-25T12:00:23.850731+00:00
2023-04-25T15:08:22.739572+00:00
```
### Most recent CVE modification timestamp synchronized with NVD
```plain
2023-04-25T07:15:08.137000+00:00
2023-04-25T14:33:00.543000+00:00
```
### Last Data Feed release
@ -23,13 +23,13 @@ Repository synchronizes with the NVD in 2 hour periods.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-datafeeds/releases/latest)
```plain
2023-04-24T14:57:08.783619+00:00
2023-04-25T12:50:37.412340+00:00
```
### Total numbers of included CVEs
```plain
213477
213496
```
### CVEs added in the last commit
@ -40,8 +40,86 @@ Recently added CVEs: `0`
### CVEs modified in the last commit
Recently modified CVEs: `0`
Recently modified CVEs: `78`
* CVE-2012-10013 (*2023-04-25T12:52:57.877*)
* CVE-2012-10014 (*2023-04-25T12:52:57.877*)
* CVE-2022-28354 (*2023-04-25T12:52:57.877*)
* CVE-2022-37462 (*2023-04-25T13:12:59.477*)
* CVE-2022-42335 (*2023-04-25T14:15:09.317*)
* CVE-2022-45837 (*2023-04-25T12:52:57.877*)
* CVE-2022-48177 (*2023-04-25T13:14:33.873*)
* CVE-2023-0276 (*2023-04-25T12:52:57.877*)
* CVE-2023-0388 (*2023-04-25T12:52:57.877*)
* CVE-2023-0418 (*2023-04-25T12:52:57.877*)
* CVE-2023-0420 (*2023-04-25T12:52:57.877*)
* CVE-2023-0424 (*2023-04-25T12:52:57.877*)
* CVE-2023-0899 (*2023-04-25T12:52:57.877*)
* CVE-2023-1020 (*2023-04-25T12:52:57.877*)
* CVE-2023-1126 (*2023-04-25T12:52:57.877*)
* CVE-2023-1129 (*2023-04-25T12:52:57.877*)
* CVE-2023-1324 (*2023-04-25T12:52:57.877*)
* CVE-2023-1414 (*2023-04-25T12:52:57.877*)
* CVE-2023-1420 (*2023-04-25T12:52:57.877*)
* CVE-2023-1435 (*2023-04-25T12:52:57.877*)
* CVE-2023-1623 (*2023-04-25T12:52:57.877*)
* CVE-2023-1624 (*2023-04-25T12:52:57.877*)
* CVE-2023-2006 (*2023-04-25T12:52:57.877*)
* CVE-2023-2007 (*2023-04-25T12:52:57.877*)
* CVE-2023-2019 (*2023-04-25T12:52:57.877*)
* CVE-2023-2250 (*2023-04-25T12:52:57.877*)
* CVE-2023-2257 (*2023-04-25T12:52:57.877*)
* CVE-2023-2258 (*2023-04-25T12:52:57.877*)
* CVE-2023-2259 (*2023-04-25T12:52:57.877*)
* CVE-2023-2260 (*2023-04-25T12:52:57.877*)
* CVE-2023-22665 (*2023-04-25T12:52:57.877*)
* CVE-2023-2281 (*2023-04-25T14:15:09.423*)
* CVE-2023-22918 (*2023-04-25T12:52:57.877*)
* CVE-2023-24509 (*2023-04-25T14:19:44.713*)
* CVE-2023-25346 (*2023-04-25T13:15:09.710*)
* CVE-2023-25347 (*2023-04-25T13:15:09.753*)
* CVE-2023-25348 (*2023-04-25T13:15:09.800*)
* CVE-2023-25479 (*2023-04-25T12:52:57.877*)
* CVE-2023-25490 (*2023-04-25T12:52:57.877*)
* CVE-2023-25710 (*2023-04-25T12:52:57.877*)
* CVE-2023-26057 (*2023-04-25T13:15:09.847*)
* CVE-2023-26058 (*2023-04-25T13:15:09.900*)
* CVE-2023-26059 (*2023-04-25T12:52:57.877*)
* CVE-2023-26097 (*2023-04-25T12:52:57.877*)
* CVE-2023-26098 (*2023-04-25T12:52:57.877*)
* CVE-2023-26099 (*2023-04-25T12:52:57.877*)
* CVE-2023-26839 (*2023-04-25T13:15:09.947*)
* CVE-2023-26840 (*2023-04-25T13:15:09.987*)
* CVE-2023-26841 (*2023-04-25T13:15:10.027*)
* CVE-2023-26843 (*2023-04-25T13:15:10.063*)
* CVE-2023-26865 (*2023-04-25T12:52:57.877*)
* CVE-2023-27619 (*2023-04-25T12:52:57.877*)
* CVE-2023-27747 (*2023-04-25T13:42:56.447*)
* CVE-2023-27748 (*2023-04-25T13:38:10.467*)
* CVE-2023-27848 (*2023-04-25T12:52:57.877*)
* CVE-2023-27849 (*2023-04-25T12:52:57.877*)
* CVE-2023-27990 (*2023-04-25T12:52:57.877*)
* CVE-2023-27991 (*2023-04-25T12:52:57.877*)
* CVE-2023-28484 (*2023-04-25T12:52:57.877*)
* CVE-2023-28771 (*2023-04-25T12:52:57.877*)
* CVE-2023-29018 (*2023-04-25T14:25:04.857*)
* CVE-2023-29194 (*2023-04-25T14:33:00.543*)
* CVE-2023-29469 (*2023-04-25T12:52:57.877*)
* CVE-2023-29529 (*2023-04-25T14:06:24.803*)
* CVE-2023-29530 (*2023-04-25T12:52:57.877*)
* CVE-2023-29566 (*2023-04-25T12:52:57.877*)
* CVE-2023-29779 (*2023-04-25T14:15:09.383*)
* CVE-2023-29780 (*2023-04-25T12:52:57.877*)
* CVE-2023-30406 (*2023-04-25T12:52:57.877*)
* CVE-2023-30408 (*2023-04-25T12:52:57.877*)
* CVE-2023-30410 (*2023-04-25T12:52:57.877*)
* CVE-2023-30414 (*2023-04-25T12:52:57.877*)
* CVE-2023-30417 (*2023-04-25T13:15:10.103*)
* CVE-2023-30623 (*2023-04-25T12:52:57.877*)
* CVE-2023-30626 (*2023-04-25T12:52:57.877*)
* CVE-2023-30627 (*2023-04-25T12:52:57.877*)
* CVE-2023-30628 (*2023-04-25T12:52:57.877*)
* CVE-2023-30629 (*2023-04-25T12:52:57.877*)
## Download and Usage
@ -113,8 +191,8 @@ We mask (`xx`) the last two digits to create easily navigable folders that hold
│ │ ├── CVE-1999-0002.json
│ │ └── [...]
│ ├── CVE-1999-01xx
│ │ ├── CVE-1999-0101.json
│ │ └── [...]
│ │ ├── CVE-1999-0101.json
│ │ └── [...]
│ └── [...]
├── CVE-2000
│ ├── CVE-2000-00xx