admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-16T23:55:24.447141+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-16 23:55:28 +00:00
parent abb66d0abb
commit 4784eb6712
15 changed files with 748 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2023/CVE-2023-201xx/CVE-2023-20198.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-20198",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-10-16T16:15:10.023",
"lastModified": "2023-10-16T21:15:10.537",
"lastModified": "2023-10-16T22:15:11.833",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -42,6 +42,10 @@
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z",
"source": "ykramarz@cisco.com"
},
{
"url": "https://www.darkreading.com/vulnerabilities-threats/critical-unpatched-cisco-zero-day-bug-active-exploit",
"source": "ykramarz@cisco.com"
}
]
}

59
CVE-2023/CVE-2023-309xx/CVE-2023-30991.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-30991",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-16T23:15:10.147",
"lastModified": "2023-10-16T23:15:10.147",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 254037."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254037",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7047499",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2023/CVE-2023-387xx/CVE-2023-38728.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-38728",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-16T22:15:11.957",
"lastModified": "2023-10-16T22:15:11.957",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/262258",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7047489",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2023/CVE-2023-387xx/CVE-2023-38740.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-38740",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-16T22:15:12.057",
"lastModified": "2023-10-16T22:15:12.057",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. IBM X-Force ID: 262613."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/262613",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7047489",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2023/CVE-2023-403xx/CVE-2023-40374.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-40374",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-16T23:15:10.243",
"lastModified": "2023-10-16T23:15:10.243",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263575",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7047261",
"source": "psirt@us.ibm.com"
}
]
}

63
CVE-2023/CVE-2023-436xx/CVE-2023-43658.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-43658",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-16T22:15:12.143",
"lastModified": "2023-10-16T22:15:12.143",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "dicourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Improper escaping of event titles could lead to Cross-site Scripting (XSS) within the 'email preview' UI when a site has CSP disabled. Having CSP disabled is a non-default configuration, so the vast majority of sites are unaffected. This problem is resolved in the latest version of the discourse-calendar plugin. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/discourse/discourse-calendar/commit/9788310906febb36822d6823d14f1059c39644de",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/discourse/discourse-calendar/security/advisories/GHSA-3fwj-f6ww-7hr6",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-436xx/CVE-2023-43659.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-43659",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-16T22:15:12.237",
"lastModified": "2023-10-16T22:15:12.237",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Improper escaping of user input allowed for Cross-site Scripting attacks via the digest email preview UI. This issue only affects sites with CSP disabled. This issue has been patched in the 3.1.1 stable release as well as the 3.2.0.beta1 release. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-g4qg-5q2h-m8ph",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-438xx/CVE-2023-43814.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-43814",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-16T22:15:12.317",
"lastModified": "2023-10-16T22:15:12.317",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. Attackers with details specific to a poll in a topic can use the `/polls/grouped_poll_results` endpoint to view the content of options in the poll and the number of votes for groups of poll participants. This impacts private polls where the results were intended to only be viewable by authorized users. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. There is no workaround for this issue apart from upgrading to the fixed version.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-3x57-846g-7qcw",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-443xx/CVE-2023-44388.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-44388",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-16T22:15:12.397",
"lastModified": "2023-10-16T22:15:12.397",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to temporarily work around this problem by reducing the `client_max_body_size nginx directive`. `client_max_body_size` will limit the size of uploads that can be uploaded directly to the server."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-89h3-g746-xmwq",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-443xx/CVE-2023-44391.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44391",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-16T22:15:12.477",
"lastModified": "2023-10-16T22:15:12.477",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. User summaries are accessible for anonymous users even when `hide_user_profiles_from_public` is enabled. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-7px5-fqcf-7mfr",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-443xx/CVE-2023-44394.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-44394",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-16T22:15:12.560",
"lastModified": "2023-10-16T22:15:12.560",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "MantisBT is an open source bug tracker. Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs. This issue has been addressed in commit `65c44883f` which has been included in release `2.258`. Users are advised to upgrade. Users unable to upgrade should disable wiki integration ( `$g_wiki_enable = OFF;`)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/mantisbt/mantisbt/commit/65c44883f9d24f3ccef066fb523c93d8fdd7afc1",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-v642-mh27-8j6m",
"source": "security-advisories@github.com"
},
{
"url": "https://mantisbt.org/bugs/view.php?id=32981",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-451xx/CVE-2023-45131.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-45131",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-16T22:15:12.650",
"lastModified": "2023-10-16T22:15:12.650",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST request to MessageBus. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-84gf-hhrc-9pw6",
"source": "security-advisories@github.com"
}
]
}

20
CVE-2023/CVE-2023-455xx/CVE-2023-45540.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-45540",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-16T22:15:12.733",
"lastModified": "2023-10-16T22:15:12.733",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/soundarkutty/HTML-Injection/blob/main/POC.md",
"source": "cve@mitre.org"
}
]
}

55
CVE-2023/CVE-2023-458xx/CVE-2023-45807.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-45807",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-16T22:15:12.790",
"lastModified": "2023-10-16T22:15:12.790",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perform create, edit and delete operations on index metadata of dashboards and visualizations in that tenant, potentially rendering them unavailable. This issue does not affect index data, only metadata. Dashboards correctly enforces read-only permissions when indexing and updating documents. This issue does not provide additional read access to data users don\u2019t already have. This issue can be mitigated by disabling the tenants functionality for the cluster. Versions 1.3.14 and 2.11.0 contain a fix for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-281"
}
]
}
],
"references": [
{
"url": "https://github.com/opensearch-project/security/security/advisories/GHSA-72q2-gwwf-6hrv",
"source": "security-advisories@github.com"
}
]
}

51
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-10-16T22:00:24.396933+00:00
2023-10-16T23:55:24.447141+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-10-16T21:15:11.517000+00:00
2023-10-16T23:15:10.243000+00:00
```
### Last Data Feed Release
@ -29,46 +29,33 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
227973
227986
```
### CVEs added in the last Commit
Recently added CVEs: `54`
Recently added CVEs: `13`
* [CVE-2023-4820](CVE-2023/CVE-2023-48xx/CVE-2023-4820.json) (`2023-10-16T20:15:16.913`)
* [CVE-2023-4821](CVE-2023/CVE-2023-48xx/CVE-2023-4821.json) (`2023-10-16T20:15:16.990`)
* [CVE-2023-4861](CVE-2023/CVE-2023-48xx/CVE-2023-4861.json) (`2023-10-16T20:15:17.067`)
* [CVE-2023-4862](CVE-2023/CVE-2023-48xx/CVE-2023-4862.json) (`2023-10-16T20:15:17.153`)
* [CVE-2023-4933](CVE-2023/CVE-2023-49xx/CVE-2023-4933.json) (`2023-10-16T20:15:17.243`)
* [CVE-2023-4950](CVE-2023/CVE-2023-49xx/CVE-2023-4950.json) (`2023-10-16T20:15:17.323`)
* [CVE-2023-4971](CVE-2023/CVE-2023-49xx/CVE-2023-4971.json) (`2023-10-16T20:15:17.403`)
* [CVE-2023-5003](CVE-2023/CVE-2023-50xx/CVE-2023-5003.json) (`2023-10-16T20:15:17.490`)
* [CVE-2023-5057](CVE-2023/CVE-2023-50xx/CVE-2023-5057.json) (`2023-10-16T20:15:17.573`)
* [CVE-2023-5087](CVE-2023/CVE-2023-50xx/CVE-2023-5087.json) (`2023-10-16T20:15:17.657`)
* [CVE-2023-5089](CVE-2023/CVE-2023-50xx/CVE-2023-5089.json) (`2023-10-16T20:15:17.737`)
* [CVE-2023-5133](CVE-2023/CVE-2023-51xx/CVE-2023-5133.json) (`2023-10-16T20:15:17.823`)
* [CVE-2023-5167](CVE-2023/CVE-2023-51xx/CVE-2023-5167.json) (`2023-10-16T20:15:17.903`)
* [CVE-2023-5177](CVE-2023/CVE-2023-51xx/CVE-2023-5177.json) (`2023-10-16T20:15:17.993`)
* [CVE-2023-5561](CVE-2023/CVE-2023-55xx/CVE-2023-5561.json) (`2023-10-16T20:15:18.073`)
* [CVE-2023-30987](CVE-2023/CVE-2023-309xx/CVE-2023-30987.json) (`2023-10-16T21:15:10.627`)
* [CVE-2023-38720](CVE-2023/CVE-2023-387xx/CVE-2023-38720.json) (`2023-10-16T21:15:10.720`)
* [CVE-2023-40851](CVE-2023/CVE-2023-408xx/CVE-2023-40851.json) (`2023-10-16T21:15:10.810`)
* [CVE-2023-40852](CVE-2023/CVE-2023-408xx/CVE-2023-40852.json) (`2023-10-16T21:15:10.867`)
* [CVE-2023-42459](CVE-2023/CVE-2023-424xx/CVE-2023-42459.json) (`2023-10-16T21:15:10.923`)
* [CVE-2023-45128](CVE-2023/CVE-2023-451xx/CVE-2023-45128.json) (`2023-10-16T21:15:11.137`)
* [CVE-2023-45141](CVE-2023/CVE-2023-451xx/CVE-2023-45141.json) (`2023-10-16T21:15:11.237`)
* [CVE-2023-45144](CVE-2023/CVE-2023-451xx/CVE-2023-45144.json) (`2023-10-16T21:15:11.333`)
* [CVE-2023-45147](CVE-2023/CVE-2023-451xx/CVE-2023-45147.json) (`2023-10-16T21:15:11.433`)
* [CVE-2023-45542](CVE-2023/CVE-2023-455xx/CVE-2023-45542.json) (`2023-10-16T21:15:11.517`)
* [CVE-2023-38728](CVE-2023/CVE-2023-387xx/CVE-2023-38728.json) (`2023-10-16T22:15:11.957`)
* [CVE-2023-38740](CVE-2023/CVE-2023-387xx/CVE-2023-38740.json) (`2023-10-16T22:15:12.057`)
* [CVE-2023-43658](CVE-2023/CVE-2023-436xx/CVE-2023-43658.json) (`2023-10-16T22:15:12.143`)
* [CVE-2023-43659](CVE-2023/CVE-2023-436xx/CVE-2023-43659.json) (`2023-10-16T22:15:12.237`)
* [CVE-2023-43814](CVE-2023/CVE-2023-438xx/CVE-2023-43814.json) (`2023-10-16T22:15:12.317`)
* [CVE-2023-44388](CVE-2023/CVE-2023-443xx/CVE-2023-44388.json) (`2023-10-16T22:15:12.397`)
* [CVE-2023-44391](CVE-2023/CVE-2023-443xx/CVE-2023-44391.json) (`2023-10-16T22:15:12.477`)
* [CVE-2023-44394](CVE-2023/CVE-2023-443xx/CVE-2023-44394.json) (`2023-10-16T22:15:12.560`)
* [CVE-2023-45131](CVE-2023/CVE-2023-451xx/CVE-2023-45131.json) (`2023-10-16T22:15:12.650`)
* [CVE-2023-45540](CVE-2023/CVE-2023-455xx/CVE-2023-45540.json) (`2023-10-16T22:15:12.733`)
* [CVE-2023-45807](CVE-2023/CVE-2023-458xx/CVE-2023-45807.json) (`2023-10-16T22:15:12.790`)
* [CVE-2023-30991](CVE-2023/CVE-2023-309xx/CVE-2023-30991.json) (`2023-10-16T23:15:10.147`)
* [CVE-2023-40374](CVE-2023/CVE-2023-403xx/CVE-2023-40374.json) (`2023-10-16T23:15:10.243`)
### CVEs modified in the last Commit
Recently modified CVEs: `2`
Recently modified CVEs: `1`
* [CVE-2023-20198](CVE-2023/CVE-2023-201xx/CVE-2023-20198.json) (`2023-10-16T21:15:10.537`)
* [CVE-2023-44186](CVE-2023/CVE-2023-441xx/CVE-2023-44186.json) (`2023-10-16T21:15:11.033`)
* [CVE-2023-20198](CVE-2023/CVE-2023-201xx/CVE-2023-20198.json) (`2023-10-16T22:15:11.833`)
## Download and Usage