admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-09T02:00:51.002610+00:00

Browse Source
This commit is contained in:
René Helmke 2023-05-09 04:00:53 +02:00
parent b7b3865a45
commit 44dcb55424
14 changed files with 957 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
CVE-2022/CVE-2022-252xx/CVE-2022-25278.json Normal file
View File

@ -0,0 +1,84 @@
{
"id": "CVE-2022-25278",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2023-04-26T15:15:08.747",
"lastModified": "2023-05-09T01:38:43.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "9.3.19",
"matchCriteriaId": "5C7F59B6-66D0-4A58-B240-25C001836889"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.4.0",
"versionEndExcluding": "9.4.3",
"matchCriteriaId": "14FEC723-33EE-4E64-B221-86163C584F05"
}
]
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-core-2022-013",
"source": "mlhess@drupal.org",
"tags": [
"Vendor Advisory"
]
}
]
}

75
CVE-2022/CVE-2022-442xx/CVE-2022-44232.json Normal file
View File

@ -0,0 +1,75 @@
{
"id": "CVE-2022-44232",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-26T19:15:08.613",
"lastModified": "2023-05-09T01:26:15.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "libming 0.4.8 0.4.8 is vulnerable to Buffer Overflow. In getInt() in decompile.c unknown type may lead to denial of service. This is a different vulnerability than CVE-2018-9132 and CVE-2018-20427."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libming:libming:0.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DD92BC79-2548-4C6F-9BDD-26C12BDF68AC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/huanglei3/libming_crashes.git",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-08xx/CVE-2023-0834.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0834",
"sourceIdentifier": "security@hypr.com",
"published": "2023-04-28T15:15:10.573",
"lastModified": "2023-04-28T17:06:22.820",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-09T01:20:26.127",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@hypr.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
},
{
"source": "security@hypr.com",
"type": "Secondary",
@ -46,10 +76,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hypr:workforce_access:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.12.0",
"versionEndExcluding": "8.1.0",
"matchCriteriaId": "ACF80E3D-8A91-492B-8EC9-EF0DC8DFEFFA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.hypr.com/security-advisories",
"source": "security@hypr.com"
"source": "security@hypr.com",
"tags": [
"Vendor Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-21xx/CVE-2023-2140.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2140",
"sourceIdentifier": "3DS.Information-Security@3ds.com",
"published": "2023-04-21T16:15:07.380",
"lastModified": "2023-04-24T13:02:19.050",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-09T00:56:42.793",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "3DS.Information-Security@3ds.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
},
{
"source": "3DS.Information-Security@3ds.com",
"type": "Secondary",
@ -46,10 +76,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:3ds:delmia_apriso:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2017",
"versionEndIncluding": "2022",
"matchCriteriaId": "C52EE2E6-9E32-4D89-B848-E187676E92B3"
}
]
}
]
}
],
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories",
"source": "3DS.Information-Security@3ds.com"
"source": "3DS.Information-Security@3ds.com",
"tags": [
"Vendor Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-21xx/CVE-2023-2141.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2141",
"sourceIdentifier": "3DS.Information-Security@3ds.com",
"published": "2023-04-21T16:15:07.443",
"lastModified": "2023-04-24T13:02:19.050",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-09T01:01:22.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "3DS.Information-Security@3ds.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
},
{
"source": "3DS.Information-Security@3ds.com",
"type": "Secondary",
@ -46,10 +76,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:3ds:delmia_apriso:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2017",
"versionEndIncluding": "2022",
"matchCriteriaId": "C52EE2E6-9E32-4D89-B848-E187676E92B3"
}
]
}
]
}
],
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories",
"source": "3DS.Information-Security@3ds.com"
"source": "3DS.Information-Security@3ds.com",
"tags": [
"Vendor Advisory"
]
}
]
}

108
CVE-2023/CVE-2023-23xx/CVE-2023-2373.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2373",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-28T14:15:10.977",
"lastModified": "2023-04-28T17:06:22.820",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-09T01:47:02.103",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,94 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:edgemax_edgerouter_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.9",
"matchCriteriaId": "1D3FE42C-7A01-420B-BD79-60992B4DC90F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:edgemax_edgerouter_firmware:2.0.9:-:*:*:*:*:*:*",
"matchCriteriaId": "DD084B6E-95B1-43EC-B44D-067F84857006"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:edgemax_edgerouter_firmware:2.0.9:hotfix1:*:*:*:*:*:*",
"matchCriteriaId": "C0CE2156-E44D-4137-B823-E29E9B504090"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:edgemax_edgerouter_firmware:2.0.9:hotfix2:*:*:*:*:*:*",
"matchCriteriaId": "D674905D-1E0B-428D-826A-CB75E5E0313C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:edgemax_edgerouter_firmware:2.0.9:hotfix4:*:*:*:*:*:*",
"matchCriteriaId": "ACD593F1-F9C4-40F1-AE07-82015E69429F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:edgemax_edgerouter_firmware:2.0.9:hotfix5:*:*:*:*:*:*",
"matchCriteriaId": "643B67AA-ED41-4716-8449-E010B44F1900"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ui:edgemax_edgerouter_firmware:2.0.9:hotfix6:*:*:*:*:*:*",
"matchCriteriaId": "ADEBD144-84BF-4A6C-B18F-4DBC6261D0D1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ui:er-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91B9AD72-BF39-4731-85B9-26036F7C425B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ui:er-x-sfp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F922D6E-7C6D-4984-A0DF-6EDC0C7A9900"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/5",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.227649",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.227649",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-267xx/CVE-2023-26782.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-26782",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-28T20:15:13.883",
"lastModified": "2023-04-28T22:22:40.580",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-09T01:54:45.817",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface ->System Configuration->Cache Configuration->Cache security characters."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-88"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:chshcms:mccms:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8979D4F2-6C04-4598-B0B4-F98D0F9E8F1A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/chshcms/mccms/issues/2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

59
CVE-2023/CVE-2023-287xx/CVE-2023-28762.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-28762",
"sourceIdentifier": "cna@sap.com",
"published": "2023-05-09T01:15:08.777",
"lastModified": "2023-05-09T01:15:08.777",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can impersonate any user on the platform resulting into accessing and modifying data. The attacker can also make the system partially or entirely unavailable.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://i7p.wdf.sap.corp/sap/support/notes/3307833",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2023/CVE-2023-287xx/CVE-2023-28764.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-28764",
"sourceIdentifier": "cna@sap.com",
"published": "2023-05-09T01:15:08.863",
"lastModified": "2023-05-09T01:15:08.863",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and domain names, which may have a low impact on confidentiality and no impact on the integrity and availability of the system.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"references": [
{
"url": "https://i7p.wdf.sap.corp/sap/support/notes/3302595",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2023/CVE-2023-291xx/CVE-2023-29188.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-29188",
"sourceIdentifier": "cna@sap.com",
"published": "2023-05-09T01:15:08.943",
"lastModified": "2023-05-09T01:15:08.943",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://i7p.wdf.sap.corp/sap/support/notes/3315979",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

156
CVE-2023/CVE-2023-292xx/CVE-2023-29268.json Normal file
View File

@ -0,0 +1,156 @@
{
"id": "CVE-2023-29268",
"sourceIdentifier": "security@tibco.com",
"published": "2023-04-26T18:15:09.160",
"lastModified": "2023-05-09T01:31:28.760",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@tibco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.4.11",
"matchCriteriaId": "65804033-AECA-41EC-8973-CAE190EF69BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D37E7A0-F21A-413E-AF65-59340520B6C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4F3602DE-B5AB-4FFA-AAD9-8C42B00988F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "510E83A5-B777-4EE6-851C-F9BE10147594"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "55EABB66-4B3D-4D72-B028-E40491CDC77C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42A74F6C-267D-4B1F-BF66-A1F10B0B2A9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C677EA4-6EB9-4B9B-9E1E-97555AF1291F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE304915-AE5B-45C7-BA5C-79AA880F1088"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D69CD443-28E2-4632-95D4-E5EB3F094768"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAE9787-53AE-4A38-8223-1F7893CC3CEE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:12.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3ECA9B9-6058-4CE5-9535-8ED98022FB74"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E78843D-BBB8-4558-9E56-75CE514FA143"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:12.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA10C631-566D-46BF-93A5-A7A92266FC47"
}
]
}
]
}
],
"references": [
{
"url": "https://www.tibco.com/services/support/advisories",
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-301xx/CVE-2023-30125.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-30125",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-28T14:15:11.083",
"lastModified": "2023-04-28T17:06:22.820",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-09T01:07:27.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting (XSS)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eyoucms:eyoucms:1.6.1-utf8-sp1:*:*:*:*:*:*:*",
"matchCriteriaId": "91E07F04-0ABB-44F1-AAA5-E4E8E7B3DE92"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/weng-xianhu/eyoucms/issues/40",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

48
CVE-2023/CVE-2023-308xx/CVE-2023-30854.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30854",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-28T16:15:10.200",
"lastModified": "2023-04-28T17:06:22.820",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-09T01:14:01.287",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,10 +66,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.4",
"matchCriteriaId": "C7827575-CC53-4298-AA70-AFD19408C79A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-6vrj-ph27-qfp3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

29
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-05-09T00:00:31.306579+00:00
2023-05-09T02:00:51.002610+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-05-08T23:15:09.897000+00:00
2023-05-09T01:54:45.817000+00:00
```
### Last Data Feed Release
@ -23,29 +23,38 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](releases/latest)
```plain
2023-05-08T00:00:20.958367+00:00
2023-05-09T00:00:20.976844+00:00
```
### Total Number of included CVEs
```plain
214409
214412
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `3`
* [CVE-2023-22710](CVE-2023/CVE-2023-227xx/CVE-2023-22710.json) (`2023-05-08T23:15:09.820`)
* [CVE-2023-22813](CVE-2023/CVE-2023-228xx/CVE-2023-22813.json) (`2023-05-08T23:15:09.897`)
* [CVE-2023-23894](CVE-2023/CVE-2023-238xx/CVE-2023-23894.json) (`2023-05-08T22:15:09.163`)
* [CVE-2023-24376](CVE-2023/CVE-2023-243xx/CVE-2023-24376.json) (`2023-05-08T22:15:09.240`)
* [CVE-2023-28762](CVE-2023/CVE-2023-287xx/CVE-2023-28762.json) (`2023-05-09T01:15:08.777`)
* [CVE-2023-28764](CVE-2023/CVE-2023-287xx/CVE-2023-28764.json) (`2023-05-09T01:15:08.863`)
* [CVE-2023-29188](CVE-2023/CVE-2023-291xx/CVE-2023-29188.json) (`2023-05-09T01:15:08.943`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `10`
* [CVE-2022-25278](CVE-2022/CVE-2022-252xx/CVE-2022-25278.json) (`2023-05-09T01:38:43.977`)
* [CVE-2022-44232](CVE-2022/CVE-2022-442xx/CVE-2022-44232.json) (`2023-05-09T01:26:15.347`)
* [CVE-2023-0834](CVE-2023/CVE-2023-08xx/CVE-2023-0834.json) (`2023-05-09T01:20:26.127`)
* [CVE-2023-2140](CVE-2023/CVE-2023-21xx/CVE-2023-2140.json) (`2023-05-09T00:56:42.793`)
* [CVE-2023-2141](CVE-2023/CVE-2023-21xx/CVE-2023-2141.json) (`2023-05-09T01:01:22.827`)
* [CVE-2023-2373](CVE-2023/CVE-2023-23xx/CVE-2023-2373.json) (`2023-05-09T01:47:02.103`)
* [CVE-2023-26782](CVE-2023/CVE-2023-267xx/CVE-2023-26782.json) (`2023-05-09T01:54:45.817`)
* [CVE-2023-29268](CVE-2023/CVE-2023-292xx/CVE-2023-29268.json) (`2023-05-09T01:31:28.760`)
* [CVE-2023-30125](CVE-2023/CVE-2023-301xx/CVE-2023-30125.json) (`2023-05-09T01:07:27.727`)
* [CVE-2023-30854](CVE-2023/CVE-2023-308xx/CVE-2023-30854.json) (`2023-05-09T01:14:01.287`)
## Download and Usage