admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 11:07:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-22 23:55:27.334465+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-05-22 23:55:30 +00:00
parent 60da38ffd0
commit 46fb032d7f
12 changed files with 461 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
CVE-2021/CVE-2021-38xx/CVE-2021-3803.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-3803",
"sourceIdentifier": "security@huntr.dev",
"published": "2021-09-17T07:15:09.153",
"lastModified": "2022-07-29T16:54:40.767",
"vulnStatus": "Analyzed",
"lastModified": "2023-05-22T22:15:09.210",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -87,22 +87,22 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-1333"
}
]
},
{
"source": "security@huntr.dev",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1333"
"value": "NVD-CWE-Other"
}
]
}
@ -143,6 +143,10 @@
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00023.html",
"source": "security@huntr.dev"
}
]
}

59
CVE-2022/CVE-2022-466xx/CVE-2022-46658.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2022-46658",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-05-22T23:15:09.270",
"lastModified": "2023-05-22T23:15:09.270",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to a stack-based buffer overflow which could lead to a denial of service or remote code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03",
"source": "ics-cert@hq.dhs.gov"
}
]
}

59
CVE-2022/CVE-2022-467xx/CVE-2022-46738.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2022-46738",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-05-22T23:15:09.350",
"lastModified": "2023-05-22T23:15:09.350",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The affected product exposes multiple sensitive data fields of the affected product. An attacker can use the SNMP command to get device mac address and login as admin."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1391"
}
]
}
],
"references": [
{
"url": "https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03",
"source": "ics-cert@hq.dhs.gov"
}
]
}

59
CVE-2022/CVE-2022-473xx/CVE-2022-47311.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2022-47311",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-05-22T23:15:09.423",
"lastModified": "2023-05-22T23:15:09.423",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A proprietary protocol for iBoot devices is used for control and keepalive commands. The function compares the username and password; it also contains the configuration data for the user specified. If the user does not exist, then it sends a value for username and password, which allows successful authentication for a connection."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-288"
}
]
}
],
"references": [
{
"url": "https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03",
"source": "ics-cert@hq.dhs.gov"
}
]
}

59
CVE-2022/CVE-2022-473xx/CVE-2022-47320.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2022-47320",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-05-22T23:15:09.493",
"lastModified": "2023-05-22T23:15:09.493",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The iBoot device\u2019s basic discovery protocol assists in initial device configuration. The discovery protocol shows basic information about devices on the network and allows users to perform configuration changes."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-288"
}
]
}
],
"references": [
{
"url": "https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03",
"source": "ics-cert@hq.dhs.gov"
}
]
}

59
CVE-2022/CVE-2022-49xx/CVE-2022-4945.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2022-4945",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-05-22T22:15:09.870",
"lastModified": "2023-05-22T22:15:09.870",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Dataprobe cloud usernames and passwords are stored in plain text in a specific file. Any user able to read this specific file from the device could compromise other devices connected to the user's cloud."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-256"
}
]
}
],
"references": [
{
"url": "https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03",
"source": "ics-cert@hq.dhs.gov"
}
]
}

4
CVE-2023/CVE-2023-258xx/CVE-2023-25832.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-25832",
"sourceIdentifier": "psirt@esri.com",
"published": "2023-05-09T21:15:11.590",
"lastModified": "2023-05-22T21:15:13.713",
"lastModified": "2023-05-22T22:15:09.997",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker to trick an authorized user into executing unwanted actions.\u00a0"
"value": "There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker to trick an authorized user into executing unwanted actions."
}
],
"metrics": {

24
CVE-2023/CVE-2023-258xx/CVE-2023-25833.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25833",
"sourceIdentifier": "psirt@esri.com",
"published": "2023-05-10T02:15:08.933",
"lastModified": "2023-05-16T17:50:14.373",
"vulnStatus": "Analyzed",
"lastModified": "2023-05-22T22:15:10.087",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -13,7 +13,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "psirt@esri.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -33,45 +33,45 @@
"impactScore": 2.7
},
{
"source": "psirt@esri.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "psirt@esri.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
"value": "CWE-80"
}
]
},
{
"source": "psirt@esri.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-80"
"value": "CWE-79"
}
]
}

16
CVE-2023/CVE-2023-258xx/CVE-2023-25834.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25834",
"sourceIdentifier": "psirt@esri.com",
"published": "2023-05-09T16:15:14.263",
"lastModified": "2023-05-16T17:26:50.917",
"vulnStatus": "Analyzed",
"lastModified": "2023-05-22T22:15:10.180",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -13,7 +13,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "psirt@esri.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -33,23 +33,23 @@
"impactScore": 2.5
},
{
"source": "psirt@esri.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]

59
CVE-2023/CVE-2023-25xx/CVE-2023-2504.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-2504",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-05-22T22:15:10.277",
"lastModified": "2023-05-22T22:15:10.277",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\nFiles present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials.\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://birddog.tv/downloads/",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-11",
"source": "ics-cert@hq.dhs.gov"
}
]
}

59
CVE-2023/CVE-2023-25xx/CVE-2023-2505.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-2505",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-05-22T22:15:10.350",
"lastModified": "2023-05-22T22:15:10.350",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nThe affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious files.\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://birddog.tv/downloads/",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-11",
"source": "ics-cert@hq.dhs.gov"
}
]
}

35
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-05-22T22:00:25.903578+00:00
2023-05-22T23:55:27.334465+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-05-22T21:15:13.830000+00:00
2023-05-22T23:15:09.493000+00:00
```
### Last Data Feed Release
@ -29,33 +29,30 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
215781
215788
```
### CVEs added in the last Commit
Recently added CVEs: `11`
Recently added CVEs: `7`
* [CVE-2023-28386](CVE-2023/CVE-2023-283xx/CVE-2023-28386.json) (`2023-05-22T20:15:10.250`)
* [CVE-2023-28412](CVE-2023/CVE-2023-284xx/CVE-2023-28412.json) (`2023-05-22T20:15:10.330`)
* [CVE-2023-28649](CVE-2023/CVE-2023-286xx/CVE-2023-28649.json) (`2023-05-22T20:15:10.417`)
* [CVE-2023-29838](CVE-2023/CVE-2023-298xx/CVE-2023-29838.json) (`2023-05-22T20:15:10.493`)
* [CVE-2023-31193](CVE-2023/CVE-2023-311xx/CVE-2023-31193.json) (`2023-05-22T20:15:10.550`)
* [CVE-2023-31240](CVE-2023/CVE-2023-312xx/CVE-2023-31240.json) (`2023-05-22T20:15:10.633`)
* [CVE-2023-31241](CVE-2023/CVE-2023-312xx/CVE-2023-31241.json) (`2023-05-22T20:15:10.720`)
* [CVE-2023-31245](CVE-2023/CVE-2023-312xx/CVE-2023-31245.json) (`2023-05-22T20:15:10.807`)
* [CVE-2023-31689](CVE-2023/CVE-2023-316xx/CVE-2023-31689.json) (`2023-05-22T20:15:10.887`)
* [CVE-2023-25183](CVE-2023/CVE-2023-251xx/CVE-2023-25183.json) (`2023-05-22T21:15:13.633`)
* [CVE-2023-31816](CVE-2023/CVE-2023-318xx/CVE-2023-31816.json) (`2023-05-22T21:15:13.830`)
* [CVE-2022-4945](CVE-2022/CVE-2022-49xx/CVE-2022-4945.json) (`2023-05-22T22:15:09.870`)
* [CVE-2022-46658](CVE-2022/CVE-2022-466xx/CVE-2022-46658.json) (`2023-05-22T23:15:09.270`)
* [CVE-2022-46738](CVE-2022/CVE-2022-467xx/CVE-2022-46738.json) (`2023-05-22T23:15:09.350`)
* [CVE-2022-47311](CVE-2022/CVE-2022-473xx/CVE-2022-47311.json) (`2023-05-22T23:15:09.423`)
* [CVE-2022-47320](CVE-2022/CVE-2022-473xx/CVE-2022-47320.json) (`2023-05-22T23:15:09.493`)
* [CVE-2023-2504](CVE-2023/CVE-2023-25xx/CVE-2023-2504.json) (`2023-05-22T22:15:10.277`)
* [CVE-2023-2505](CVE-2023/CVE-2023-25xx/CVE-2023-2505.json) (`2023-05-22T22:15:10.350`)
### CVEs modified in the last Commit
Recently modified CVEs: `3`
Recently modified CVEs: `4`
* [CVE-2023-23727](CVE-2023/CVE-2023-237xx/CVE-2023-23727.json) (`2023-05-22T20:01:10.947`)
* [CVE-2023-23641](CVE-2023/CVE-2023-236xx/CVE-2023-23641.json) (`2023-05-22T20:02:44.160`)
* [CVE-2023-25832](CVE-2023/CVE-2023-258xx/CVE-2023-25832.json) (`2023-05-22T21:15:13.713`)
* [CVE-2021-3803](CVE-2021/CVE-2021-38xx/CVE-2021-3803.json) (`2023-05-22T22:15:09.210`)
* [CVE-2023-25832](CVE-2023/CVE-2023-258xx/CVE-2023-25832.json) (`2023-05-22T22:15:09.997`)
* [CVE-2023-25833](CVE-2023/CVE-2023-258xx/CVE-2023-25833.json) (`2023-05-22T22:15:10.087`)
* [CVE-2023-25834](CVE-2023/CVE-2023-258xx/CVE-2023-25834.json) (`2023-05-22T22:15:10.180`)
## Download and Usage