admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 10:42:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-31T18:00:25.961652+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-31 18:00:29 +00:00
parent ebde72643b
commit 44a3c9ad91
61 changed files with 2623 additions and 182 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
CVE-2009/CVE-2009-21xx/CVE-2009-2109.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2009-2109",
"sourceIdentifier": "cve@mitre.org",
"published": "2009-06-18T21:30:00.187",
"lastModified": "2017-09-29T01:34:43.247",
"vulnStatus": "Modified",
"lastModified": "2023-08-31T16:17:38.523",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -62,8 +62,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:daan_sprenkels:fretsweb:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA367B11-9F74-4E1D-9476-8DFB1F229ACA"
"criteria": "cpe:2.3:a:fretsweb_project:fretsweb:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5BDF39-E38E-4A3E-A96A-E052DD67E8C3"
}
]
}
@ -71,9 +71,34 @@
}
],
"references": [
{
"url": "http://osvdb.org/55166",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://osvdb.org/55196",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/35492",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.exploit-db.com/exploits/8979",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

35
CVE-2009/CVE-2009-21xx/CVE-2009-2113.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2009-2113",
"sourceIdentifier": "cve@mitre.org",
"published": "2009-06-18T21:30:00.267",
"lastModified": "2017-09-29T01:34:43.467",
"vulnStatus": "Modified",
"lastModified": "2023-08-31T16:18:17.943",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -62,8 +62,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:daan_sprenkels:fretsweb:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA367B11-9F74-4E1D-9476-8DFB1F229ACA"
"criteria": "cpe:2.3:a:fretsweb_project:fretsweb:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5BDF39-E38E-4A3E-A96A-E052DD67E8C3"
}
]
}
@ -71,6 +71,27 @@
}
],
"references": [
{
"url": "http://osvdb.org/55167",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://osvdb.org/55168",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/35492",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://sourceforge.net/forum/forum.php?forum_id=966939",
"source": "cve@mitre.org",
@ -80,7 +101,11 @@
},
{
"url": "https://www.exploit-db.com/exploits/8980",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

89
CVE-2020/CVE-2020-117xx/CVE-2020-11711.json
View File

@ -2,27 +2,104 @@
"id": "CVE-2020-11711",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T16:15:07.857",
"lastModified": "2023-08-25T17:51:53.297",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T16:50:18.123",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim's browser. This results in a stored XSS on the authentication interface of the admin panel. Moreover, an unsecured authentication form is present on the authentication interface of the SSL VPN captive portal. Users are allowed to save their credentials inside the browser. If an administrator saves his credentials through this unsecured form, these credentials could be stolen via the stored XSS on the admin panel without user interaction. Another possible exploitation would be modification of the authentication form of the admin panel into a malicious form."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.6.0",
"versionEndExcluding": "3.7.13",
"matchCriteriaId": "77B7EAEB-CE18-42D3-8D66-F96CC6CDBFEA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.8.0",
"versionEndExcluding": "3.11.0",
"matchCriteriaId": "9BC1815B-DD6E-4CFB-9C3A-FAE05FD4E07A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.1.1",
"matchCriteriaId": "90E181AB-A89E-4A11-A2AA-5E53C0074B79"
}
]
}
]
}
],
"references": [
{
"url": "https://advisories.stormshield.eu/2020-011/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://twitter.com/_ACKNAK_",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://www.digitemis.com/category/blog/actualite/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
}
]
}

8
CVE-2021/CVE-2021-248xx/CVE-2021-24831.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-24831",
"sourceIdentifier": "contact@wpscan.com",
"published": "2022-01-03T13:15:08.263",
"lastModified": "2022-02-10T15:11:31.953",
"lastModified": "2023-08-31T16:12:36.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -65,17 +65,17 @@
},
"weaknesses": [
{
"source": "contact@wpscan.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
"value": "CWE-425"
}
]
},
{
"source": "nvd@nist.gov",
"source": "contact@wpscan.com",
"type": "Secondary",
"description": [
{

11
CVE-2021/CVE-2021-420xx/CVE-2021-42013.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2021-42013",
"sourceIdentifier": "security@apache.org",
"published": "2021-10-07T16:15:09.270",
"lastModified": "2022-10-05T18:14:33.387",
"lastModified": "2023-08-31T16:13:27.437",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2021-11-03",
"cisaActionDue": "2021-11-17",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Apache HTTP Server 2.4.49 and 2.4.50 Path Traversal",
"cisaVulnerabilityName": "Apache HTTP Server Path Traversal Vulnerability",
"descriptions": [
{
"lang": "en",
@ -75,6 +75,10 @@
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
@ -240,7 +244,8 @@
"source": "security@apache.org",
"tags": [
"Exploit",
"Third Party Advisory"
"Third Party Advisory",
"VDB Entry"
]
},
{

6
CVE-2021/CVE-2021-438xx/CVE-2021-43802.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-43802",
"sourceIdentifier": "security-advisories@github.com",
"published": "2021-12-09T23:15:07.517",
"lastModified": "2021-12-15T15:03:16.897",
"lastModified": "2023-08-31T16:19:33.527",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -91,6 +91,10 @@
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},

4
CVE-2022/CVE-2022-454xx/CVE-2022-45451.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-45451",
"sourceIdentifier": "security@acronis.com",
"published": "2023-08-31T15:15:08.213",
"lastModified": "2023-08-31T15:15:08.213",
"vulnStatus": "Received",
"lastModified": "2023-08-31T17:26:00.623",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

69
CVE-2022/CVE-2022-467xx/CVE-2022-46751.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2022-46751",
"sourceIdentifier": "security@apache.org",
"published": "2023-08-21T07:15:33.740",
"lastModified": "2023-08-21T12:47:08.843",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T16:20:28.877",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2.\n\nWhen Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy files or Apache Maven POMs - it will allow downloading external document type definitions and expand any entity references contained therein when used.\n\nThis can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways.\n\nStarting with Ivy 2.5.2 DTD processing is disabled by default except when parsing Maven POMs where the default is to allow DTD processing but only to include a DTD snippet shipping with Ivy that is needed to deal with existing Maven POMs that are not valid XML files but are nevertheless accepted by Maven. Access can be be made more lenient via newly introduced system properties where needed.\n\nUsers of Ivy prior to version 2.5.2 can use Java system properties to restrict processing of external DTDs, see the section about \"JAXP Properties for External Access restrictions\" inside Oracle's \"Java API for XML Processing (JAXP) Security Guide\".\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
@ -27,22 +50,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:ivy:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.5.2",
"matchCriteriaId": "9859B6AC-BC83-4555-AA73-4568233DDA2D"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.oracle.com/en/java/javase/13/security/java-api-xml-processing-jaxp-security-guide.html#GUID-94ABC0EE-9DC8-44F0-84AD-47ADD5340477",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://gitbox.apache.org/repos/asf?p=ant-ivy.git;a=commit;h=2be17bc18b0e1d4123007d579e43ba1a4b6fab3d",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://lists.apache.org/thread/1dj60hg5nr36kjr4p1100dwjrqookps8",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://lists.apache.org/thread/9gcz4xrsn8c7o9gb377xfzvkb8jltffr",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

4
CVE-2022/CVE-2022-468xx/CVE-2022-46868.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-46868",
"sourceIdentifier": "security@acronis.com",
"published": "2023-08-31T15:15:08.343",
"lastModified": "2023-08-31T15:15:08.343",
"vulnStatus": "Received",
"lastModified": "2023-08-31T17:25:54.340",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

6
CVE-2023/CVE-2023-226xx/CVE-2023-22602.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-22602",
"sourceIdentifier": "security@apache.org",
"published": "2023-01-14T10:15:09.140",
"lastModified": "2023-01-27T15:57:34.357",
"lastModified": "2023-08-31T16:16:24.610",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -51,7 +51,7 @@
"operator": "AND",
"nodes": [
{
"operator": "AND",
"operator": "OR",
"negate": false,
"cpeMatch": [
{
@ -63,7 +63,7 @@
]
},
{
"operator": "AND",
"operator": "OR",
"negate": false,
"cpeMatch": [
{

68
CVE-2023/CVE-2023-256xx/CVE-2023-25649.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25649",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2023-08-25T10:15:08.247",
"lastModified": "2023-08-25T12:47:00.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T16:22:56.523",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "psirt@zte.com.cn",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "psirt@zte.com.cn",
"type": "Secondary",
@ -46,10 +76,42 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:mf286r_firmware:cr_lvwrgbmf286rv1.0.0b04:*:*:*:*:*:*:*",
"matchCriteriaId": "501A46C7-1325-44B1-81FC-8769181A5075"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zte:mf286r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6AF5C7D2-70E8-4E1C-B712-7F9A026EAEC8"
}
]
}
]
}
],
"references": [
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032544",
"source": "psirt@zte.com.cn"
"source": "psirt@zte.com.cn",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-259xx/CVE-2023-25981.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25981",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-25T10:15:09.350",
"lastModified": "2023-08-25T12:47:00.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T16:28:52.840",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +56,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +64,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themekraft:post_form:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.8.1",
"matchCriteriaId": "3414EA1C-E426-46A4-AEB1-04A3982679F1"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/buddyforms/wordpress-buddyforms-plugin-2-8-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-288xx/CVE-2023-28801.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28801",
"sourceIdentifier": "cve@zscaler.com",
"published": "2023-08-31T14:15:08.420",
"lastModified": "2023-08-31T14:15:08.420",
"vulnStatus": "Received",
"lastModified": "2023-08-31T17:26:00.623",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

59
CVE-2023/CVE-2023-311xx/CVE-2023-31167.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-31167",
"sourceIdentifier": "security@selinc.com",
"published": "2023-08-31T16:15:08.507",
"lastModified": "2023-08-31T17:25:54.340",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Schweitzer Engineering Laboratories SEL-5036 acSELerator Bay Screen Builder Software on Windows allows Relative Path Traversal.\n\n\n\nSEL acSELerator Bay Screen Builder software is distributed by SEL-5033 SEL acSELerator RTAC, SEL-5030 Quickset, and SEL Compass. CVE-2023-31167 and was patched in the acSELerator Bay Screen Builder release available on 20230602. Please contact SEL for additional details.\n\n\nThis issue affects SEL-5036 acSELerator Bay Screen Builder Software: before 1.0.49152.778.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@selinc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@selinc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://dragos.com",
"source": "security@selinc.com"
},
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"source": "security@selinc.com"
}
]
}

59
CVE-2023/CVE-2023-311xx/CVE-2023-31168.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-31168",
"sourceIdentifier": "security@selinc.com",
"published": "2023-08-31T16:15:08.937",
"lastModified": "2023-08-31T17:25:54.340",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nAn Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\n\n\n\n\nThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@selinc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.1,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security@selinc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-829"
}
]
}
],
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"source": "security@selinc.com"
},
{
"url": "https://www.nozominetworks.com/blog/",
"source": "security@selinc.com"
}
]
}

59
CVE-2023/CVE-2023-311xx/CVE-2023-31169.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-31169",
"sourceIdentifier": "security@selinc.com",
"published": "2023-08-31T16:15:09.230",
"lastModified": "2023-08-31T17:25:54.340",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\nThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@selinc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@selinc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-176"
}
]
}
],
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"source": "security@selinc.com"
},
{
"url": "https://www.nozominetworks.com/blog/",
"source": "security@selinc.com"
}
]
}

59
CVE-2023/CVE-2023-311xx/CVE-2023-31170.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-31170",
"sourceIdentifier": "security@selinc.com",
"published": "2023-08-31T16:15:09.313",
"lastModified": "2023-08-31T17:25:54.340",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nAn Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\n\n\nThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@selinc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.5,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security@selinc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-829"
}
]
}
],
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"source": "security@selinc.com"
},
{
"url": "https://www.nozominetworks.com/blog/",
"source": "security@selinc.com"
}
]
}

59
CVE-2023/CVE-2023-311xx/CVE-2023-31171.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-31171",
"sourceIdentifier": "security@selinc.com",
"published": "2023-08-31T16:15:09.403",
"lastModified": "2023-08-31T17:25:54.340",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\nThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@selinc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.5,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security@selinc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"source": "security@selinc.com"
},
{
"url": "https://www.nozominetworks.com/blog/",
"source": "security@selinc.com"
}
]
}

59
CVE-2023/CVE-2023-311xx/CVE-2023-31172.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-31172",
"sourceIdentifier": "security@selinc.com",
"published": "2023-08-31T16:15:09.487",
"lastModified": "2023-08-31T17:25:54.340",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nAn Incomplete Filtering of Special Elements vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\nThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@selinc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.5,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security@selinc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-791"
}
]
}
],
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"source": "security@selinc.com"
},
{
"url": "https://www.nozominetworks.com/blog/",
"source": "security@selinc.com"
}
]
}

59
CVE-2023/CVE-2023-311xx/CVE-2023-31173.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-31173",
"sourceIdentifier": "security@selinc.com",
"published": "2023-08-31T16:15:09.567",
"lastModified": "2023-08-31T17:25:54.340",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Use of Hard-coded Credentials vulnerability in Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator on Windows allows Authentication Bypass.\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\nThis issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@selinc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@selinc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"source": "security@selinc.com"
},
{
"url": "https://www.nozominetworks.com/blog/",
"source": "security@selinc.com"
}
]
}

59
CVE-2023/CVE-2023-311xx/CVE-2023-31174.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-31174",
"sourceIdentifier": "security@selinc.com",
"published": "2023-08-31T16:15:09.827",
"lastModified": "2023-08-31T17:25:54.340",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nA Cross-Site Request Forgery (CSRF) vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\nThis issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@selinc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security@selinc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"source": "security@selinc.com"
},
{
"url": "https://www.nozominetworks.com/blog/",
"source": "security@selinc.com"
}
]
}

59
CVE-2023/CVE-2023-311xx/CVE-2023-31175.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-31175",
"sourceIdentifier": "security@selinc.com",
"published": "2023-08-31T16:15:09.923",
"lastModified": "2023-08-31T17:25:54.340",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nAn Execution with Unnecessary Privileges vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run system commands with the highest level privilege on the system.\n\n\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\nThis issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@selinc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@selinc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-250"
}
]
}
],
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"source": "security@selinc.com"
},
{
"url": "https://www.nozominetworks.com/blog/",
"source": "security@selinc.com"
}
]
}

64
CVE-2023/CVE-2023-320xx/CVE-2023-32078.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32078",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-24T22:15:10.267",
"lastModified": "2023-08-25T03:55:07.777",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T17:59:30.080",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +66,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gravitl:netmaker:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.17.1",
"matchCriteriaId": "D271FC17-56AA-4851-846B-D7D174EBFB45"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gravitl:netmaker:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.18.0",
"versionEndIncluding": "0.18.5",
"matchCriteriaId": "249015D8-1590-4B85-A3F7-6F5F360CF0AD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/gravitl/netmaker/commit/b3be57c65bf0bbfab43b66853c8e3637a43e2839",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/gravitl/netmaker/pull/2158",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/gravitl/netmaker/security/advisories/GHSA-256m-j5qw-38f4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-325xx/CVE-2023-32584.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32584",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-25T09:15:08.670",
"lastModified": "2023-08-25T12:47:00.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T16:06:41.640",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ebecas:ebecas:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.1.3",
"matchCriteriaId": "1B3A3705-5DD8-44E0-9C6E-C3EA42773151"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ebecas/wordpress-ebecas-plugin-3-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-325xx/CVE-2023-32591.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32591",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-25T09:15:08.757",
"lastModified": "2023-08-25T12:47:00.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T16:08:43.313",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cloudprimero:dbargain:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.0.0",
"matchCriteriaId": "1C01CFEA-7135-4007-AB04-CDAB52AB7E32"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/d-bargain/wordpress-dbargain-plugin-3-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-338xx/CVE-2023-33833.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33833",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-08-31T13:15:42.310",
"lastModified": "2023-08-31T13:15:42.310",
"vulnStatus": "Received",
"lastModified": "2023-08-31T17:26:00.623",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-338xx/CVE-2023-33834.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33834",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-08-31T14:15:08.563",
"lastModified": "2023-08-31T14:15:08.563",
"vulnStatus": "Received",
"lastModified": "2023-08-31T17:26:00.623",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-338xx/CVE-2023-33835.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33835",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-08-31T14:15:08.657",
"lastModified": "2023-08-31T14:15:08.657",
"vulnStatus": "Received",
"lastModified": "2023-08-31T17:26:00.623",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

59
CVE-2023/CVE-2023-343xx/CVE-2023-34391.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-34391",
"sourceIdentifier": "security@selinc.com",
"published": "2023-08-31T16:15:10.017",
"lastModified": "2023-08-31T17:25:54.340",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths.\n\nSee Instruction Manual Appendix A [Cybersecurity] tag dated 20230522 for more details.\n \nThis issue affects SEL-5033 AcSELerator RTAC Software: before 1.35.151.21000.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@selinc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@selinc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-277"
}
]
}
],
"references": [
{
"url": "https://dragos.com",
"source": "security@selinc.com"
},
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"source": "security@selinc.com"
}
]
}

59
CVE-2023/CVE-2023-343xx/CVE-2023-34392.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-34392",
"sourceIdentifier": "security@selinc.com",
"published": "2023-08-31T16:15:10.123",
"lastModified": "2023-08-31T17:25:54.340",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nA Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator.\n\n\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\nThis issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@selinc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@selinc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"source": "security@selinc.com"
},
{
"url": "https://www.nozominetworks.com/blog/",
"source": "security@selinc.com"
}
]
}

68
CVE-2023/CVE-2023-34xx/CVE-2023-3406.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3406",
"sourceIdentifier": "security@m-files.com",
"published": "2023-08-25T09:15:08.850",
"lastModified": "2023-08-25T12:47:00.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T16:26:04.573",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@m-files.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "security@m-files.com",
"type": "Secondary",
@ -46,10 +76,42 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:m-files:classic_web:*:*:*:*:lts:*:*:*",
"versionEndExcluding": "23.2",
"matchCriteriaId": "89B60851-49D1-40DA-A600-658BCC986BF6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:m-files:classic_web:*:*:*:*:-:*:*:*",
"versionEndExcluding": "23.6.12695.3",
"matchCriteriaId": "CE7A65F9-84AD-47E9-8C64-3585D5855FEA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:m-files:classic_web:23.2:-:*:*:lts:*:*:*",
"matchCriteriaId": "4E66A68C-65E6-48E9-97DD-621B4B73D975"
}
]
}
]
}
],
"references": [
{
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3406",
"source": "security@m-files.com"
"source": "security@m-files.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-34xx/CVE-2023-3425.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3425",
"sourceIdentifier": "security@m-files.com",
"published": "2023-08-25T09:15:08.937",
"lastModified": "2023-08-25T12:47:00.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T16:24:47.390",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security@m-files.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "security@m-files.com",
"type": "Secondary",
@ -46,10 +76,42 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:m-files:classic_web:*:*:*:*:lts:*:*:*",
"versionEndExcluding": "23.2",
"matchCriteriaId": "89B60851-49D1-40DA-A600-658BCC986BF6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:m-files:classic_web:*:*:*:*:-:*:*:*",
"versionEndExcluding": "23.6.12695.3",
"matchCriteriaId": "CE7A65F9-84AD-47E9-8C64-3585D5855FEA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:m-files:classic_web:23.2:-:*:*:lts:*:*:*",
"matchCriteriaId": "4E66A68C-65E6-48E9-97DD-621B4B73D975"
}
]
}
]
}
],
"references": [
{
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3425",
"source": "security@m-files.com"
"source": "security@m-files.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-392xx/CVE-2023-39287.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-39287",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T22:15:10.153",
"lastModified": "2023-08-26T04:05:04.350",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T17:34:40.143",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-88"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mitel:mivoice_connect:*:*:*:*:*:*:*:*",
"versionEndIncluding": "22.24.5800.0",
"matchCriteriaId": "2BDF8E2B-24A8-4ED5-B3B0-DEFED448CBCC"
}
]
}
]
}
],
"references": [
{
"url": "https://www.mitel.com/support/security-advisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0010",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

48
CVE-2023/CVE-2023-401xx/CVE-2023-40164.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40164",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-25T21:15:08.687",
"lastModified": "2023-08-26T04:05:04.350",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-08-31T17:33:09.500",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,10 +66,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:notepad-plus-plus:notepad\\+\\+:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.5.6",
"matchCriteriaId": "51C2BF99-30E2-4BFC-B6BE-DBB33C6C6FEF"
}
]
}
]
}
],
"references": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

48
CVE-2023/CVE-2023-401xx/CVE-2023-40166.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40166",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-25T21:15:08.777",
"lastModified": "2023-08-26T04:05:04.350",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-08-31T16:33:53.880",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,10 +70,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:notepad-plus-plus:notepad\\+\\+:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.5.6",
"matchCriteriaId": "51C2BF99-30E2-4BFC-B6BE-DBB33C6C6FEF"
}
]
}
]
}
],
"references": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-405xx/CVE-2023-40530.json
View File

@ -2,27 +2,95 @@
"id": "CVE-2023-40530",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-08-25T04:15:10.487",
"lastModified": "2023-08-25T12:47:05.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T16:29:12.807",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:skylark:skylark:*:*:*:*:*:android:*:*",
"versionEndIncluding": "6.2.13",
"matchCriteriaId": "65D64431-C69E-4E42-B08C-BB42C8390EE8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:skylark:skylark:*:*:*:*:*:iphone_os:*:*",
"versionEndIncluding": "6.2.13",
"matchCriteriaId": "647ECF75-22BB-47AC-9428-12E2035BC448"
}
]
}
]
}
],
"references": [
{
"url": "https://apps.apple.com/jp/app/%E3%81%99%E3%81%8B%E3%81%84%E3%82%89%E3%83%BC%E3%81%8F%E3%82%A2%E3%83%97%E3%83%AA/id906930478",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
]
},
{
"url": "https://jvn.jp/en/jp/JVN03447226/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://play.google.com/store/apps/details?id=jp.co.skylark.app.gusto",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
]
}
]
}

52
CVE-2023/CVE-2023-405xx/CVE-2023-40579.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40579",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-25T20:15:08.800",
"lastModified": "2023-08-26T04:05:04.350",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T17:39:36.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +66,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openfga:openfga:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.1",
"matchCriteriaId": "F9CDEDFB-61F8-47CD-A145-A6137F4D4367"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/openfga/openfga/releases/tag/v1.3.1",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/openfga/openfga/security/advisories/GHSA-jcf2-mxr2-gmqp",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-405xx/CVE-2023-40580.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40580",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-25T20:15:08.913",
"lastModified": "2023-08-26T04:05:04.350",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T17:38:54.047",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,18 +76,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:stellar:freighter:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.3.1",
"matchCriteriaId": "3846CA30-6154-4221-BDA9-6E4B9CF3837E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/stellar/freighter/commit/81f78ba008c41ce631a3d0f9e4449f4bbd90baee",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/stellar/freighter/pull/948",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/stellar/freighter/security/advisories/GHSA-vqr6-hwg2-775w",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-405xx/CVE-2023-40599.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-40599",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-08-25T03:15:08.997",
"lastModified": "2023-08-25T03:55:07.777",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T16:09:14.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Regular expression Denial-of-Service (ReDoS) exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated attacker to cause a denial-of-service condition. Affected add-ons are as follows: call/call.js, prefcodeadv/search.cgi, estimate/estimate.js, search/search.js, suggest/suggest.js, and coupon/coupon.js."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:synck_graphica:mailform_pro_cgi:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.3.1.3",
"matchCriteriaId": "15C14A02-5B9C-428D-95E0-3CF24E6F37F7"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN86484824/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.synck.com/blogs/news/newsroom/detail_1691668841.html",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

82
CVE-2023/CVE-2023-407xx/CVE-2023-40735.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40735",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-21T12:15:09.410",
"lastModified": "2023-08-22T19:16:39.883",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T16:11:01.507",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -46,30 +76,66 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:butterfly-button:butterfly_button:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2023-08-21",
"matchCriteriaId": "4B0845C2-B07A-4C73-A0EB-76E77A417689"
}
]
}
]
}
],
"references": [
{
"url": "https://butterfly-button.web.app/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/TheButterflyButton",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/TheButterflySDK",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/VULSecLabs/Vulnerabilities/blob/main/CVE/CVE-2023-40735.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.butterfly-button.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.vulsec.org/advisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-407xx/CVE-2023-40796.json
View File

@ -2,19 +2,86 @@
"id": "CVE-2023-40796",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T16:15:08.323",
"lastModified": "2023-08-25T17:51:53.297",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T16:55:05.220",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Phicomm k2 v22.6.529.216 is vulnerable to command injection."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:phicomm:k2_firmware:22.6.529.216:*:*:*:*:*:*:*",
"matchCriteriaId": "B9A896E1-465F-4B16-9380-80A7541AA8FF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:phicomm:k2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26A205A0-3616-4CD9-A7B8-FEA63742ABE9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/lst-oss/Vulnerability/tree/main/Phicomm/k2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

119
CVE-2023/CVE-2023-410xx/CVE-2023-41080.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-41080",
"sourceIdentifier": "security@apache.org",
"published": "2023-08-25T21:15:09.397",
"lastModified": "2023-08-26T04:05:04.350",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T17:05:13.283",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.\n\nThe vulnerability is limited to the ROOT (default) web application."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
@ -23,10 +46,98 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.5.0",
"versionEndIncluding": "8.5.92",
"matchCriteriaId": "4E14DEB4-D0F9-4316-83B0-B13205D581F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndIncluding": "9.0.79",
"matchCriteriaId": "E256A714-F263-4BC6-A272-447A70654A39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.1.0",
"versionEndIncluding": "10.1.12",
"matchCriteriaId": "64015C04-EE24-4549-B4C9-E7DA3786EBE9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*",
"matchCriteriaId": "D1AA7FF6-E8E7-4BF6-983E-0A99B0183008"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*",
"matchCriteriaId": "57088BDD-A136-45EF-A8A1-2EBF79CEC2CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "2AAD52CE-94F5-4F98-A027-9A7E68818CB6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*",
"matchCriteriaId": "F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*",
"matchCriteriaId": "03A171AF-2EC8-4422-912C-547CDB58CAAA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*",
"matchCriteriaId": "538E68C4-0BA4-495F-AEF8-4EF6EE7963CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*",
"matchCriteriaId": "49350A6E-5E1D-45B2-A874-3B8601B3ADCC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*",
"matchCriteriaId": "5F50942F-DF54-46C0-8371-9A476DD3EEA3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*",
"matchCriteriaId": "D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*",
"matchCriteriaId": "98792138-DD56-42DF-9612-3BDC65EEC117"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-411xx/CVE-2023-41167.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-41167",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T14:15:10.150",
"lastModified": "2023-08-25T14:45:01.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T16:42:22.000",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "@webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by content managers. This is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. Webiny is an open-source serverless enterprise CMS. The @webiny/react-rich-text-renderer package depends on the editor.js rich text editor to handle rich text content. The CMS stores rich text content from the editor.js into the database. When the @webiny/react-rich-text-renderer is used to render such content, it uses the dangerouslySetInnerHTML prop, without applying HTML sanitization. The issue arises when an actor, who in this context would specifically be a content manager with access to the CMS, inserts a malicious script as part of the user-defined input. This script is then injected and executed within the user's browser when the main page or admin page loads."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webiny:webiny:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "5.37.2",
"matchCriteriaId": "DE1F8F81-5632-48C7-A936-6DFD054D1D37"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/webiny/webiny-js/security/advisories/GHSA-3x59-vrmc-5mx6",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://webiny.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

64
CVE-2023/CVE-2023-411xx/CVE-2023-41173.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-41173",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T07:15:09.140",
"lastModified": "2023-08-25T12:47:00.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T16:26:22.403",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "AdGuard DNS before 2.2 allows remote attackers to cause a denial of service via malformed UDP packets."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adguard-dns:adguard_dns:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.2",
"matchCriteriaId": "196C4BBD-0BC5-48F8-A674-08444CC3A1AB"
}
]
}
]
}
],
"references": [
{
"url": "https://adguard-dns.io/en/versions.html#2.2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

4
CVE-2023/CVE-2023-416xx/CVE-2023-41635.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41635",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-31T14:15:08.763",
"lastModified": "2023-08-31T14:15:08.763",
"vulnStatus": "Received",
"lastModified": "2023-08-31T17:26:00.623",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-416xx/CVE-2023-41636.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41636",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-31T14:15:08.823",
"lastModified": "2023-08-31T14:15:08.823",
"vulnStatus": "Received",
"lastModified": "2023-08-31T17:26:00.623",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-416xx/CVE-2023-41637.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41637",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-31T14:15:08.877",
"lastModified": "2023-08-31T14:15:08.877",
"vulnStatus": "Received",
"lastModified": "2023-08-31T17:26:00.623",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-416xx/CVE-2023-41638.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41638",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-31T14:15:08.927",
"lastModified": "2023-08-31T14:15:08.927",
"vulnStatus": "Received",
"lastModified": "2023-08-31T17:26:00.623",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-416xx/CVE-2023-41640.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41640",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-31T14:15:08.977",
"lastModified": "2023-08-31T14:15:08.977",
"vulnStatus": "Received",
"lastModified": "2023-08-31T17:26:00.623",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-416xx/CVE-2023-41642.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41642",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-31T14:15:09.033",
"lastModified": "2023-08-31T14:15:09.033",
"vulnStatus": "Received",
"lastModified": "2023-08-31T17:26:00.623",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

20
CVE-2023/CVE-2023-417xx/CVE-2023-41717.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-41717",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-31T16:15:10.217",
"lastModified": "2023-08-31T17:25:54.340",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local attackers to bypass file download/upload restrictions."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/federella/CVE-2023-41717",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-417xx/CVE-2023-41742.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41742",
"sourceIdentifier": "security@acronis.com",
"published": "2023-08-31T15:15:08.520",
"lastModified": "2023-08-31T15:15:08.520",
"vulnStatus": "Received",
"lastModified": "2023-08-31T17:25:54.340",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

59
CVE-2023/CVE-2023-417xx/CVE-2023-41743.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-41743",
"sourceIdentifier": "security@acronis.com",
"published": "2023-08-31T16:15:10.270",
"lastModified": "2023-08-31T17:25:54.340",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173, Acronis Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@acronis.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@acronis.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/SEC-4858",
"source": "security@acronis.com"
},
{
"url": "https://security-advisory.acronis.com/advisories/SEC-5487",
"source": "security@acronis.com"
}
]
}

55
CVE-2023/CVE-2023-417xx/CVE-2023-41744.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41744",
"sourceIdentifier": "security@acronis.com",
"published": "2023-08-31T16:15:10.343",
"lastModified": "2023-08-31T17:25:54.340",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Agent (macOS) before build 30600, Acronis Cyber Protect 15 (macOS) before build 35979."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@acronis.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@acronis.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-4728",
"source": "security@acronis.com"
}
]
}

69
CVE-2023/CVE-2023-44xx/CVE-2023-4478.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4478",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-08-25T10:15:09.687",
"lastModified": "2023-08-25T12:47:00.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T17:44:40.807",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -46,10 +76,43 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.8.9",
"matchCriteriaId": "7F550344-4A29-4354-9AB9-9E9168B81908"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.9.0",
"versionEndExcluding": "7.10.5",
"matchCriteriaId": "78A07BB1-20D2-41B4-9823-B3EF8CDFC997"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E47E76CA-0C92-4039-8448-D6618DF531CD"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-45xx/CVE-2023-4534.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4534",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-08-25T15:15:09.887",
"lastModified": "2023-08-25T17:51:53.297",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-31T17:22:17.063",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:neomind:fusion_platform:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023-07-31",
"matchCriteriaId": "F9FF69C4-0884-4397-A6B3-E2BDDC1F209A"
}
]
}
]
}
],
"references": [
{
"url": "https://l6x.notion.site/PoC-9f23bb9757374f82981de81604500d98?pvs=4",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.238026",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.238026",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
}
]
}

59
CVE-2023/CVE-2023-46xx/CVE-2023-4678.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4678",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-08-31T16:15:10.417",
"lastModified": "2023-08-31T17:25:54.340",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-369"
}
]
}
],
"references": [
{
"url": "https://github.com/gpac/gpac/commit/4607052c482a51dbdacfe1ade10645c181d07b07",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/688a4a01-8c18-469d-8cbe-a2e79e80c877",
"source": "security@huntr.dev"
}
]
}

59
CVE-2023/CVE-2023-46xx/CVE-2023-4681.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4681",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-08-31T16:15:10.520",
"lastModified": "2023-08-31T17:25:54.340",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://github.com/gpac/gpac/commit/4bac19ad854159b21ba70d8ab7c4e1cd1db8ea1c",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/d67c5619-ab36-41cc-93b7-04828e25f60e",
"source": "security@huntr.dev"
}
]
}

59
CVE-2023/CVE-2023-46xx/CVE-2023-4682.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4682",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-08-31T16:15:10.670",
"lastModified": "2023-08-31T17:25:54.340",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://github.com/gpac/gpac/commit/b1042c3eefca87c4bc32afb404ed6518d693e5be",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/15232a74-e3b8-43f0-ae8a-4e89d56c474c",
"source": "security@huntr.dev"
}
]
}

59
CVE-2023/CVE-2023-46xx/CVE-2023-4683.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4683",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-08-31T16:15:10.767",
"lastModified": "2023-08-31T17:25:54.340",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://github.com/gpac/gpac/commit/112767e8b178fc82dec3cf82a1ca14d802cdb8ec",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/7852e4d2-af4e-4421-a39e-db23e0549922",
"source": "security@huntr.dev"
}
]
}

81
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-31T16:00:25.141265+00:00
2023-08-31T18:00:25.961652+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-31T15:15:08.637000+00:00
2023-08-31T17:59:30.080000+00:00
```
### Last Data Feed Release
@ -29,47 +29,62 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
223815
223833
```
### CVEs added in the last Commit
Recently added CVEs: `12`
Recently added CVEs: `18`
* [CVE-2022-45451](CVE-2022/CVE-2022-454xx/CVE-2022-45451.json) (`2023-08-31T15:15:08.213`)
* [CVE-2022-46868](CVE-2022/CVE-2022-468xx/CVE-2022-46868.json) (`2023-08-31T15:15:08.343`)
* [CVE-2023-28801](CVE-2023/CVE-2023-288xx/CVE-2023-28801.json) (`2023-08-31T14:15:08.420`)
* [CVE-2023-33834](CVE-2023/CVE-2023-338xx/CVE-2023-33834.json) (`2023-08-31T14:15:08.563`)
* [CVE-2023-33835](CVE-2023/CVE-2023-338xx/CVE-2023-33835.json) (`2023-08-31T14:15:08.657`)
* [CVE-2023-41635](CVE-2023/CVE-2023-416xx/CVE-2023-41635.json) (`2023-08-31T14:15:08.763`)
* [CVE-2023-41636](CVE-2023/CVE-2023-416xx/CVE-2023-41636.json) (`2023-08-31T14:15:08.823`)
* [CVE-2023-41637](CVE-2023/CVE-2023-416xx/CVE-2023-41637.json) (`2023-08-31T14:15:08.877`)
* [CVE-2023-41638](CVE-2023/CVE-2023-416xx/CVE-2023-41638.json) (`2023-08-31T14:15:08.927`)
* [CVE-2023-41640](CVE-2023/CVE-2023-416xx/CVE-2023-41640.json) (`2023-08-31T14:15:08.977`)
* [CVE-2023-41642](CVE-2023/CVE-2023-416xx/CVE-2023-41642.json) (`2023-08-31T14:15:09.033`)
* [CVE-2023-41742](CVE-2023/CVE-2023-417xx/CVE-2023-41742.json) (`2023-08-31T15:15:08.520`)
* [CVE-2023-31167](CVE-2023/CVE-2023-311xx/CVE-2023-31167.json) (`2023-08-31T16:15:08.507`)
* [CVE-2023-31168](CVE-2023/CVE-2023-311xx/CVE-2023-31168.json) (`2023-08-31T16:15:08.937`)
* [CVE-2023-31169](CVE-2023/CVE-2023-311xx/CVE-2023-31169.json) (`2023-08-31T16:15:09.230`)
* [CVE-2023-31170](CVE-2023/CVE-2023-311xx/CVE-2023-31170.json) (`2023-08-31T16:15:09.313`)
* [CVE-2023-31171](CVE-2023/CVE-2023-311xx/CVE-2023-31171.json) (`2023-08-31T16:15:09.403`)
* [CVE-2023-31172](CVE-2023/CVE-2023-311xx/CVE-2023-31172.json) (`2023-08-31T16:15:09.487`)
* [CVE-2023-31173](CVE-2023/CVE-2023-311xx/CVE-2023-31173.json) (`2023-08-31T16:15:09.567`)
* [CVE-2023-31174](CVE-2023/CVE-2023-311xx/CVE-2023-31174.json) (`2023-08-31T16:15:09.827`)
* [CVE-2023-31175](CVE-2023/CVE-2023-311xx/CVE-2023-31175.json) (`2023-08-31T16:15:09.923`)
* [CVE-2023-34391](CVE-2023/CVE-2023-343xx/CVE-2023-34391.json) (`2023-08-31T16:15:10.017`)
* [CVE-2023-34392](CVE-2023/CVE-2023-343xx/CVE-2023-34392.json) (`2023-08-31T16:15:10.123`)
* [CVE-2023-41717](CVE-2023/CVE-2023-417xx/CVE-2023-41717.json) (`2023-08-31T16:15:10.217`)
* [CVE-2023-41743](CVE-2023/CVE-2023-417xx/CVE-2023-41743.json) (`2023-08-31T16:15:10.270`)
* [CVE-2023-41744](CVE-2023/CVE-2023-417xx/CVE-2023-41744.json) (`2023-08-31T16:15:10.343`)
* [CVE-2023-4678](CVE-2023/CVE-2023-46xx/CVE-2023-4678.json) (`2023-08-31T16:15:10.417`)
* [CVE-2023-4681](CVE-2023/CVE-2023-46xx/CVE-2023-4681.json) (`2023-08-31T16:15:10.520`)
* [CVE-2023-4682](CVE-2023/CVE-2023-46xx/CVE-2023-4682.json) (`2023-08-31T16:15:10.670`)
* [CVE-2023-4683](CVE-2023/CVE-2023-46xx/CVE-2023-4683.json) (`2023-08-31T16:15:10.767`)
### CVEs modified in the last Commit
Recently modified CVEs: `16`
Recently modified CVEs: `42`
* [CVE-2019-13689](CVE-2019/CVE-2019-136xx/CVE-2019-13689.json) (`2023-08-31T14:35:03.567`)
* [CVE-2022-43357](CVE-2022/CVE-2022-433xx/CVE-2022-43357.json) (`2023-08-31T14:23:21.023`)
* [CVE-2023-4419](CVE-2023/CVE-2023-44xx/CVE-2023-4419.json) (`2023-08-31T14:09:35.067`)
* [CVE-2023-39106](CVE-2023/CVE-2023-391xx/CVE-2023-39106.json) (`2023-08-31T14:27:05.690`)
* [CVE-2023-25848](CVE-2023/CVE-2023-258xx/CVE-2023-25848.json) (`2023-08-31T14:29:48.863`)
* [CVE-2023-40217](CVE-2023/CVE-2023-402xx/CVE-2023-40217.json) (`2023-08-31T14:35:35.653`)
* [CVE-2023-40030](CVE-2023/CVE-2023-400xx/CVE-2023-40030.json) (`2023-08-31T14:35:56.270`)
* [CVE-2023-39288](CVE-2023/CVE-2023-392xx/CVE-2023-39288.json) (`2023-08-31T14:43:31.107`)
* [CVE-2023-22877](CVE-2023/CVE-2023-228xx/CVE-2023-22877.json) (`2023-08-31T14:44:01.710`)
* [CVE-2023-40577](CVE-2023/CVE-2023-405xx/CVE-2023-40577.json) (`2023-08-31T14:45:39.280`)
* [CVE-2023-20230](CVE-2023/CVE-2023-202xx/CVE-2023-20230.json) (`2023-08-31T14:59:01.167`)
* [CVE-2023-20169](CVE-2023/CVE-2023-201xx/CVE-2023-20169.json) (`2023-08-31T15:00:30.660`)
* [CVE-2023-20211](CVE-2023/CVE-2023-202xx/CVE-2023-20211.json) (`2023-08-31T15:01:05.433`)
* [CVE-2023-20228](CVE-2023/CVE-2023-202xx/CVE-2023-20228.json) (`2023-08-31T15:01:26.960`)
* [CVE-2023-20900](CVE-2023/CVE-2023-209xx/CVE-2023-20900.json) (`2023-08-31T15:15:08.420`)
* [CVE-2023-4296](CVE-2023/CVE-2023-42xx/CVE-2023-4296.json) (`2023-08-31T15:15:08.637`)
* [CVE-2023-41173](CVE-2023/CVE-2023-411xx/CVE-2023-41173.json) (`2023-08-31T16:26:22.403`)
* [CVE-2023-25981](CVE-2023/CVE-2023-259xx/CVE-2023-25981.json) (`2023-08-31T16:28:52.840`)
* [CVE-2023-40530](CVE-2023/CVE-2023-405xx/CVE-2023-40530.json) (`2023-08-31T16:29:12.807`)
* [CVE-2023-40166](CVE-2023/CVE-2023-401xx/CVE-2023-40166.json) (`2023-08-31T16:33:53.880`)
* [CVE-2023-41167](CVE-2023/CVE-2023-411xx/CVE-2023-41167.json) (`2023-08-31T16:42:22.000`)
* [CVE-2023-40796](CVE-2023/CVE-2023-407xx/CVE-2023-40796.json) (`2023-08-31T16:55:05.220`)
* [CVE-2023-41080](CVE-2023/CVE-2023-410xx/CVE-2023-41080.json) (`2023-08-31T17:05:13.283`)
* [CVE-2023-4534](CVE-2023/CVE-2023-45xx/CVE-2023-4534.json) (`2023-08-31T17:22:17.063`)
* [CVE-2023-41742](CVE-2023/CVE-2023-417xx/CVE-2023-41742.json) (`2023-08-31T17:25:54.340`)
* [CVE-2023-33833](CVE-2023/CVE-2023-338xx/CVE-2023-33833.json) (`2023-08-31T17:26:00.623`)
* [CVE-2023-28801](CVE-2023/CVE-2023-288xx/CVE-2023-28801.json) (`2023-08-31T17:26:00.623`)
* [CVE-2023-33834](CVE-2023/CVE-2023-338xx/CVE-2023-33834.json) (`2023-08-31T17:26:00.623`)
* [CVE-2023-33835](CVE-2023/CVE-2023-338xx/CVE-2023-33835.json) (`2023-08-31T17:26:00.623`)
* [CVE-2023-41635](CVE-2023/CVE-2023-416xx/CVE-2023-41635.json) (`2023-08-31T17:26:00.623`)
* [CVE-2023-41636](CVE-2023/CVE-2023-416xx/CVE-2023-41636.json) (`2023-08-31T17:26:00.623`)
* [CVE-2023-41637](CVE-2023/CVE-2023-416xx/CVE-2023-41637.json) (`2023-08-31T17:26:00.623`)
* [CVE-2023-41638](CVE-2023/CVE-2023-416xx/CVE-2023-41638.json) (`2023-08-31T17:26:00.623`)
* [CVE-2023-41640](CVE-2023/CVE-2023-416xx/CVE-2023-41640.json) (`2023-08-31T17:26:00.623`)
* [CVE-2023-41642](CVE-2023/CVE-2023-416xx/CVE-2023-41642.json) (`2023-08-31T17:26:00.623`)
* [CVE-2023-40164](CVE-2023/CVE-2023-401xx/CVE-2023-40164.json) (`2023-08-31T17:33:09.500`)
* [CVE-2023-39287](CVE-2023/CVE-2023-392xx/CVE-2023-39287.json) (`2023-08-31T17:34:40.143`)
* [CVE-2023-40580](CVE-2023/CVE-2023-405xx/CVE-2023-40580.json) (`2023-08-31T17:38:54.047`)
* [CVE-2023-40579](CVE-2023/CVE-2023-405xx/CVE-2023-40579.json) (`2023-08-31T17:39:36.077`)
* [CVE-2023-4478](CVE-2023/CVE-2023-44xx/CVE-2023-4478.json) (`2023-08-31T17:44:40.807`)
* [CVE-2023-32078](CVE-2023/CVE-2023-320xx/CVE-2023-32078.json) (`2023-08-31T17:59:30.080`)
## Download and Usage