admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-06-15T20:00:28.564962+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-06-15 20:00:31 +00:00
parent b11a81a2e6
commit 49ba3071ed
71 changed files with 2862 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2015/CVE-2015-13xx/CVE-2015-1385.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2015-1385",
"sourceIdentifier": "cve@mitre.org",
"published": "2015-02-02T15:59:05.020",
"lastModified": "2018-10-09T19:55:49.840",
"lastModified": "2023-06-15T19:57:37.947",
"vulnStatus": "Modified",
"descriptions": [
{
@ -62,9 +62,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:blubrry:powerpress_podcasting:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:blubrry:powerpress:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "6.0",
"matchCriteriaId": "B2F62BB1-416E-4348-B14F-7ECAC6FB643B"
"matchCriteriaId": "010BD746-FC09-435F-8F9C-5C7902BF873F"
}
]
}

6
CVE-2015/CVE-2015-94xx/CVE-2015-9410.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2015-9410",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-09-26T00:15:10.273",
"lastModified": "2020-11-10T19:41:01.057",
"lastModified": "2023-06-15T19:57:37.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:blubrry:powerpress_podcasting:6.0.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F08A9E23-572C-4E59-BF38-BD56007BF780"
"criteria": "cpe:2.3:a:blubrry:powerpress:6.0.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "3640C623-0E43-45C6-AC66-23B2CE960547"
}
]
}

20
CVE-2021/CVE-2021-07xx/CVE-2021-0701.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2021-0701",
"sourceIdentifier": "security@android.com",
"published": "2023-06-15T19:15:09.163",
"lastModified": "2023-06-15T19:15:09.163",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Product: AndroidVersions: Android SoCAndroid ID: A-277775870"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-06-01",
"source": "security@android.com"
}
]
}

20
CVE-2021/CVE-2021-09xx/CVE-2021-0945.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2021-0945",
"sourceIdentifier": "security@android.com",
"published": "2023-06-15T19:15:09.217",
"lastModified": "2023-06-15T19:15:09.217",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Product: AndroidVersions: Android SoCAndroid ID: A-278156680"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-06-01",
"source": "security@android.com"
}
]
}

69
CVE-2021/CVE-2021-332xx/CVE-2021-33223.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2021-33223",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-07T01:15:38.877",
"lastModified": "2023-06-07T02:45:15.873",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T18:22:46.187",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate privileges via the userid and role parameters in the out.UsrMgr.php file."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:seeddms:seeddms:6.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4B5F2138-42C3-4677-AF17-65E89F3A0BE7"
}
]
}
]
}
],
"references": [
{
"url": "https://sunil-singh.notion.site/SeedDMS-6-0-15-Insecure-Direct-Object-Reference-IDOR-ff504354656b47b2b0cee0b7a82ad08c",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.notion.so/SeedDMS-6-0-15-Incorrect-Access-Control-ff504354656b47b2b0cee0b7a82ad08c",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

76
CVE-2022/CVE-2022-258xx/CVE-2022-25834.json
View File

@ -2,23 +2,89 @@
"id": "CVE-2022-25834",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-07T01:15:38.987",
"lastModified": "2023-06-07T02:45:15.873",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T18:30:57.220",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:percona:xtrabackup:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.2.24",
"matchCriteriaId": "A2358310-AC98-4A5E-BC00-1B9096F55D63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:percona:xtrabackup:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0",
"versionEndIncluding": "8.0.27-19",
"matchCriteriaId": "DC4A5A98-7789-4783-A8C3-59F34A946D3A"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.percona.com/percona-xtrabackup/8.0/release-notes/8.0/8.0.32-26.0.html#improvements",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.percona.com/doc/percona-xtrabackup/2.4/index.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

14
CVE-2022/CVE-2022-429xx/CVE-2022-42915.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-42915",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-10-29T20:15:09.700",
"lastModified": "2023-03-01T18:06:08.817",
"lastModified": "2023-06-15T19:44:49.433",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -17,19 +17,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
@ -246,6 +246,7 @@
"url": "http://seclists.org/fulldisclosure/2023/Jan/19",
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
@ -253,6 +254,7 @@
"url": "http://seclists.org/fulldisclosure/2023/Jan/20",
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},

57
CVE-2023/CVE-2023-20xx/CVE-2023-2031.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2031",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-09T06:16:01.410",
"lastModified": "2023-06-09T13:03:33.953",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T18:41:19.233",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,18 +66,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:plainware:locatoraid:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.9.14",
"matchCriteriaId": "D528BF71-96FA-4CB5-8729-7BD3BAEB18DA"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/locatoraid/trunk/modules/front/view_shortcode.php#L4",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2900106/locatoraid",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dba0a90b-f13c-4914-b6b7-278227ffc122?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-20xx/CVE-2023-2066.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2066",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-09T06:16:01.693",
"lastModified": "2023-06-09T13:03:33.953",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T18:05:22.060",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,18 +66,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bulletin:announcement_\\&_notification_banner_-_bulletin:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.6.0",
"matchCriteriaId": "DC87B6F0-6BC8-4938-B11D-7F55D5FB87D5"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/bulletin-announcements/trunk/classes/class-bulletinwp-ajax.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2906036/bulletin-announcements/trunk/classes/class-bulletinwp-ajax.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d242a466-0611-4e64-8145-29f64100e62b?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-20xx/CVE-2023-2087.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2087",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-09T06:16:03.890",
"lastModified": "2023-06-09T13:03:33.953",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T18:41:06.490",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,18 +66,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpdeveloper:essential_blocks:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.0.6",
"matchCriteriaId": "4070A2EB-50FC-4519-BD3E-A09DA3059E27"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/essential-blocks/tags/4.0.6/includes/Admin/Admin.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2900595%40essential-blocks%2Ftrunk&old=2900029%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=#file2",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d38d41c7-8786-4145-9591-3e24eff3b79c?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-210xx/CVE-2023-21095.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21095",
"sourceIdentifier": "security@android.com",
"published": "2023-06-15T19:15:09.293",
"lastModified": "2023-06-15T19:15:09.293",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In canStartSystemGesture of RecentsAnimationDeviceState.java, there is a possible partial lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-242704576"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-06-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-211xx/CVE-2023-21101.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21101",
"sourceIdentifier": "security@android.com",
"published": "2023-06-15T19:15:09.333",
"lastModified": "2023-06-15T19:15:09.333",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In multiple functions of WVDrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-258189255"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-06-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-211xx/CVE-2023-21105.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21105",
"sourceIdentifier": "security@android.com",
"published": "2023-06-15T19:15:09.377",
"lastModified": "2023-06-15T19:15:09.377",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In multiple functions of ChooserActivity.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261036568"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-06-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-211xx/CVE-2023-21108.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21108",
"sourceIdentifier": "security@android.com",
"published": "2023-06-15T19:15:09.423",
"lastModified": "2023-06-15T19:15:09.423",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In sdpu_build_uuid_seq of sdp_discovery.cc, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-239414876"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-06-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-211xx/CVE-2023-21115.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21115",
"sourceIdentifier": "security@android.com",
"published": "2023-06-15T19:15:09.467",
"lastModified": "2023-06-15T19:15:09.467",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-258834033"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-06-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-211xx/CVE-2023-21120.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21120",
"sourceIdentifier": "security@android.com",
"published": "2023-06-15T19:15:09.507",
"lastModified": "2023-06-15T19:15:09.507",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In multiple functions of cdm_engine.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-258188673"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-06-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-211xx/CVE-2023-21121.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21121",
"sourceIdentifier": "security@android.com",
"published": "2023-06-15T19:15:09.547",
"lastModified": "2023-06-15T19:15:09.547",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In onResume of AppManagementFragment.java, there is a possible way to prevent users from forgetting a previously connected VPN due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-205460459"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-06-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-211xx/CVE-2023-21122.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21122",
"sourceIdentifier": "security@android.com",
"published": "2023-06-15T19:15:09.590",
"lastModified": "2023-06-15T19:15:09.590",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In various functions of various files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-270050191"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-06-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-211xx/CVE-2023-21123.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21123",
"sourceIdentifier": "security@android.com",
"published": "2023-06-15T19:15:09.630",
"lastModified": "2023-06-15T19:15:09.630",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In multiple functions of multiple files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-270050064"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-06-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-211xx/CVE-2023-21124.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21124",
"sourceIdentifier": "security@android.com",
"published": "2023-06-15T19:15:09.673",
"lastModified": "2023-06-15T19:15:09.673",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In run of multiple files, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-265798353"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-06-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-211xx/CVE-2023-21126.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21126",
"sourceIdentifier": "security@android.com",
"published": "2023-06-15T19:15:09.710",
"lastModified": "2023-06-15T19:15:09.710",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In bindOutputSwitcherAndBroadcastButton of MediaControlPanel.java, there is a possible launch arbitrary activity under SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-271846393"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-06-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-211xx/CVE-2023-21127.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21127",
"sourceIdentifier": "security@android.com",
"published": "2023-06-15T19:15:09.757",
"lastModified": "2023-06-15T19:15:09.757",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In readSampleData of NuMediaExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-275418191"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-06-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-211xx/CVE-2023-21128.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21128",
"sourceIdentifier": "security@android.com",
"published": "2023-06-15T19:15:09.797",
"lastModified": "2023-06-15T19:15:09.797",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In various functions of AppStandbyController.java, there is a possible way to break manageability scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-272042183"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-06-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-211xx/CVE-2023-21129.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21129",
"sourceIdentifier": "security@android.com",
"published": "2023-06-15T19:15:09.837",
"lastModified": "2023-06-15T19:15:09.837",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In getFullScreenIntentDecision of NotificationInterruptStateProviderImpl.java, there is a possible activity launch while the app is in the background due to a BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-274759612"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-06-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-211xx/CVE-2023-21130.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21130",
"sourceIdentifier": "security@android.com",
"published": "2023-06-15T19:15:09.880",
"lastModified": "2023-06-15T19:15:09.880",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In btm_ble_periodic_adv_sync_lost of btm_ble_gap.cc, there is a possible remote code execution due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-273502002"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-06-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-211xx/CVE-2023-21131.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21131",
"sourceIdentifier": "security@android.com",
"published": "2023-06-15T19:15:09.920",
"lastModified": "2023-06-15T19:15:09.920",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In checkKeyIntentParceledCorrectly() of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code. This could lead to local escalation of privilege and the ability to launch arbitrary activities in settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-265015796"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-06-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-211xx/CVE-2023-21135.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21135",
"sourceIdentifier": "security@android.com",
"published": "2023-06-15T19:15:09.960",
"lastModified": "2023-06-15T19:15:09.960",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In onCreate of NotificationAccessSettings.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-260570119"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-06-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-211xx/CVE-2023-21136.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21136",
"sourceIdentifier": "security@android.com",
"published": "2023-06-15T19:15:10.000",
"lastModified": "2023-06-15T19:15:10.000",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In multiple functions of JobStore.java, there is a possible way to cause a crash on startup due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-246542285"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-06-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-211xx/CVE-2023-21137.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21137",
"sourceIdentifier": "security@android.com",
"published": "2023-06-15T19:15:10.043",
"lastModified": "2023-06-15T19:15:10.043",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In several methods of JobStore.java, uncaught exceptions in job map parsing could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-246541702"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-06-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-211xx/CVE-2023-21138.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21138",
"sourceIdentifier": "security@android.com",
"published": "2023-06-15T19:15:10.083",
"lastModified": "2023-06-15T19:15:10.083",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In onNullBinding of CallRedirectionProcessor.java, there is a possible long lived connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-273260090"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-06-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-211xx/CVE-2023-21139.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21139",
"sourceIdentifier": "security@android.com",
"published": "2023-06-15T19:15:10.127",
"lastModified": "2023-06-15T19:15:10.127",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In bindPlayer of MediaControlPanel.java, there is a possible launch arbitrary activity in SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-271845008"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-06-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-211xx/CVE-2023-21141.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21141",
"sourceIdentifier": "security@android.com",
"published": "2023-06-15T19:15:10.167",
"lastModified": "2023-06-15T19:15:10.167",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In several functions of several files, there is a possible way to access developer mode traces due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-262244249"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-06-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-211xx/CVE-2023-21142.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21142",
"sourceIdentifier": "security@android.com",
"published": "2023-06-15T19:15:10.207",
"lastModified": "2023-06-15T19:15:10.207",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In multiple files, there is a possible way to access traces in the dev mode due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-262243665"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-06-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-211xx/CVE-2023-21143.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21143",
"sourceIdentifier": "security@android.com",
"published": "2023-06-15T19:15:10.247",
"lastModified": "2023-06-15T19:15:10.247",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In multiple functions of multiple files, there is a possible way to make the device unusable due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-268193777"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-06-01",
"source": "security@android.com"
}
]
}

20
CVE-2023/CVE-2023-211xx/CVE-2023-21144.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-21144",
"sourceIdentifier": "security@android.com",
"published": "2023-06-15T19:15:10.287",
"lastModified": "2023-06-15T19:15:10.287",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or service due to long running operations. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-252766417"
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-06-01",
"source": "security@android.com"
}
]
}

55
CVE-2023/CVE-2023-216xx/CVE-2023-21618.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-21618",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-06-15T19:15:10.330",
"lastModified": "2023-06-15T19:15:10.330",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Designer version 12.4.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-824"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_designer/apsb23-39.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-222xx/CVE-2023-22248.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-22248",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-06-15T19:15:10.413",
"lastModified": "2023-06-15T19:15:10.413",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to leak another user's data. Exploitation of this issue does not require user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html",
"source": "psirt@adobe.com"
}
]
}

6
CVE-2023/CVE-2023-244xx/CVE-2023-24469.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-24469",
"sourceIdentifier": "security@opentext.com",
"published": "2023-06-13T22:15:09.317",
"lastModified": "2023-06-14T03:37:44.217",
"lastModified": "2023-06-15T19:15:10.483",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -13,7 +13,7 @@
"metrics": {},
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000018224?language=en_US",
"url": "https://portal.microfocus.com/s/article/KM000018224?language=en_US,",
"source": "security@opentext.com"
},
{
@ -21,7 +21,7 @@
"source": "security@opentext.com"
},
{
"url": "https://www.microfocus.com/support/downloads/,",
"url": "https://www.microfocus.com/support/downloads/",
"source": "security@opentext.com"
}
]

71
CVE-2023/CVE-2023-245xx/CVE-2023-24535.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-24535",
"sourceIdentifier": "security@golang.org",
"published": "2023-06-08T21:15:16.420",
"lastModified": "2023-06-09T13:03:48.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T19:01:32.533",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "security@golang.org",
"type": "Secondary",
@ -23,18 +56,44 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:protobuf:protobuf:1.29.0:*:*:*:*:go:*:*",
"matchCriteriaId": "573408EB-0BFD-4081-8878-BDECA46E6530"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/golang/protobuf/issues/1530",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://go.dev/cl/475995",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Patch"
]
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-1631",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Third Party Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-26xx/CVE-2023-2634.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-2634",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-05T14:15:10.483",
"lastModified": "2023-06-05T14:22:20.397",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T18:15:19.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Get your number WordPress plugin through 1.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:punchcreative:get_your_number:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.1.3",
"matchCriteriaId": "C8FAABAE-49D4-4269-AD3C-D9B4DDE78B2D"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/1df111aa-6057-47a2-8e8b-9ef5ec3bb472",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-26xx/CVE-2023-2686.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-2686",
"sourceIdentifier": "product-security@silabs.com",
"published": "2023-06-15T19:15:11.737",
"lastModified": "2023-06-15T19:15:11.737",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "product-security@silabs.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "product-security@silabs.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sFvQAJ?operationContext=S1",
"source": "product-security@silabs.com"
},
{
"url": "https://github.com/SiliconLabs/gecko_sdk/releases",
"source": "product-security@silabs.com"
}
]
}

55
CVE-2023/CVE-2023-288xx/CVE-2023-28809.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-28809",
"sourceIdentifier": "hsrc@hikvision.com",
"published": "2023-06-15T19:15:10.537",
"lastModified": "2023-06-15T19:15:10.537",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "hsrc@hikvision.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "hsrc@hikvision.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/",
"source": "hsrc@hikvision.com"
}
]
}

67
CVE-2023/CVE-2023-291xx/CVE-2023-29152.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29152",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-06-07T22:15:09.737",
"lastModified": "2023-06-08T02:44:28.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T19:03:37.987",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +76,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ptc:vuforia_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.9",
"matchCriteriaId": "B0401ACC-907D-43E1-9CAE-FC94DC02C9F7"
}
]
}
]
}
],
"references": [
{
"url": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Broken Link"
]
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13",
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

55
CVE-2023/CVE-2023-292xx/CVE-2023-29287.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-29287",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-06-15T19:15:10.603",
"lastModified": "2023-06-15T19:15:10.603",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Information Exposure vulnerability that could lead to a security feature bypass. An attacker could leverage this vulnerability to leak minor user data. Exploitation of this issue does not require user interaction.."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-292xx/CVE-2023-29288.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-29288",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-06-15T19:15:10.673",
"lastModified": "2023-06-15T19:15:10.673",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-292xx/CVE-2023-29289.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-29289",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-06-15T19:15:10.743",
"lastModified": "2023-06-15T19:15:10.743",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Exploitation of this issue does not require user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-91"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-292xx/CVE-2023-29290.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-29290",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-06-15T19:15:10.817",
"lastModified": "2023-06-15T19:15:10.817",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-353"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-292xx/CVE-2023-29291.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-29291",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-06-15T19:15:10.887",
"lastModified": "2023-06-15T19:15:10.887",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-292xx/CVE-2023-29292.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-29292",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-06-15T19:15:10.957",
"lastModified": "2023-06-15T19:15:10.957",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-292xx/CVE-2023-29293.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-29293",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-06-15T19:15:11.020",
"lastModified": "2023-06-15T19:15:11.020",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An admin privileged attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-292xx/CVE-2023-29294.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-29294",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-06-15T19:15:11.090",
"lastModified": "2023-06-15T19:15:11.090",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-840"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-292xx/CVE-2023-29295.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-29295",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-06-15T19:15:11.163",
"lastModified": "2023-06-15T19:15:11.163",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-292xx/CVE-2023-29296.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-29296",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-06-15T19:15:11.240",
"lastModified": "2023-06-15T19:15:11.240",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-292xx/CVE-2023-29297.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-29297",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-06-15T19:15:11.310",
"lastModified": "2023-06-15T19:15:11.310",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1336"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-293xx/CVE-2023-29302.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-29302",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-06-15T19:15:11.387",
"lastModified": "2023-06-15T19:15:11.387",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-31.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-293xx/CVE-2023-29304.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-29304",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-06-15T19:15:11.457",
"lastModified": "2023-06-15T19:15:11.457",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-31.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-293xx/CVE-2023-29307.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-29307",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-06-15T19:15:11.527",
"lastModified": "2023-06-15T19:15:11.527",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-31.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-293xx/CVE-2023-29321.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-29321",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-06-15T19:15:11.600",
"lastModified": "2023-06-15T19:15:11.600",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Animate versions 22.0.9 (and earlier) and 23.0.1 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/animate/apsb23-36.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2023/CVE-2023-293xx/CVE-2023-29322.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-29322",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-06-15T19:15:11.670",
"lastModified": "2023-06-15T19:15:11.670",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-31.html",
"source": "psirt@adobe.com"
}
]
}

67
CVE-2023/CVE-2023-31xx/CVE-2023-3173.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3173",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-06-09T02:15:09.233",
"lastModified": "2023-06-09T13:03:48.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T19:29:37.350",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -40,7 +62,7 @@
},
"weaknesses": [
{
"source": "security@huntr.dev",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -48,16 +70,51 @@
"value": "CWE-307"
}
]
},
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.20",
"matchCriteriaId": "7FE0153D-83B4-43BA-A1F8-D90020C9B465"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/froxlor/froxlor/commit/464216072456efb35b4541c58e7016463dfbd9a6",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/4d715f76-950d-4251-8139-3dffea798f14",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-31xx/CVE-2023-3190.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3190",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-06-10T09:15:09.343",
"lastModified": "2023-06-11T22:29:51.193",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T18:40:40.203",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +68,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.9",
"matchCriteriaId": "1FBD6586-DC7F-4FD6-BB8D-9874CCFACB2E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nilsteampassnet/teampass/commit/241dbd4159a5d63b55af426464d30dbb53925705",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/5562c4c4-0475-448f-a451-7c4666bc7180",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-31xx/CVE-2023-3191.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3191",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-06-10T09:15:09.730",
"lastModified": "2023-06-11T22:29:51.193",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T18:40:10.303",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +68,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.9",
"matchCriteriaId": "1FBD6586-DC7F-4FD6-BB8D-9874CCFACB2E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nilsteampassnet/teampass/commit/241dbd4159a5d63b55af426464d30dbb53925705",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/19fed157-128d-4bfb-a30e-eadf748cbd1a",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

91
CVE-2023/CVE-2023-327xx/CVE-2023-32749.json
View File

@ -2,31 +2,108 @@
"id": "CVE-2023-32749",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-08T20:15:09.430",
"lastModified": "2023-06-09T13:03:48.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T18:54:39.543",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all cells and non-personal workspaces is granted."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pydio:cells:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.12",
"matchCriteriaId": "BC5DD7AD-4965-45AF-96FF-DD160981D87F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pydio:cells:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndExcluding": "4.1.3",
"matchCriteriaId": "5644B716-3AA9-4591-A7B1-9356183B93FD"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/172645/Pydio-Cells-4.1.2-Privilege-Escalation.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/May/18",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2023-003/-pydio-cells-unauthorised-role-assignments",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-342xx/CVE-2023-34243.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-34243",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-08T22:15:09.437",
"lastModified": "2023-06-09T13:03:48.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T19:20:44.020",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was registered in tgstation-server (TGS), an attacker could discover their username by brute-forcing the login endpoint with an invalid password. When a valid Windows logon was found, a distinct response would be generated. This issue has been addressed in version 5.12.5. Users are advised to upgrade. Users unable to upgrade may be mitigated by rate-limiting API calls with software that sits in front of TGS in the HTTP pipeline such as fail2ban."
},
{
"lang": "es",
"value": "TGstation es un conjunto de herramientas para gestionar servidores BYOND de producci\u00f3n. En las versiones afectadas, si un usuario de Windows estaba registrado en \"tgstation-server (TGS)\", un atacante pod\u00eda descubrir su nombre de usuario forzando el endpoint de inicio de sesi\u00f3n con una contrase\u00f1a no v\u00e1lida. Cuando se encontraba un inicio de sesi\u00f3n de Windows v\u00e1lido, se generaba una respuesta distinta. Este problema se ha solucionado en la versi\u00f3n 5.12.5. Se recomienda a los usuarios que la actualicen. Los usuarios que no puedan actualizar pueden mitigar el problema limitando la velocidad de las llamadas a la API con un software que se sit\u00fae delante de TGS en el canal HTTP, como por ejemplo fail2ban. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +80,41 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tgstation13:tgstation-server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0.0",
"versionEndExcluding": "5.12.5",
"matchCriteriaId": "39BA735D-72FE-487B-88D4-7E6E2FBF1E39"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/tgstation/tgstation-server/pull/1526",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/tgstation/tgstation-server/security/advisories/GHSA-w3jx-4x93-76ph",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-344xx/CVE-2023-34455.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-34455",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-15T18:15:09.347",
"lastModified": "2023-06-15T18:15:09.347",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1.\n\nThe code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does that by attempting to read 4 bytes. If it wasn\u2019t possible to read the 4 bytes, the function returns false. Otherwise, if 4 bytes were available, the code treats them as the length of the next chunk.\n\nIn the case that the `compressed` variable is null, a byte array is allocated with the size given by the input data. Since the code doesn\u2019t test the legality of the `chunkSize` variable, it is possible to pass a negative number (such as 0xFFFFFFFF which is -1), which will cause the code to raise a `java.lang.NegativeArraySizeException` exception. A worse case would happen when passing a huge positive value (such as 0x7FFFFFFF), which would raise the fatal `java.lang.OutOfMemoryError` error.\n\nVersion 1.1.10.1 contains a patch for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://github.com/xerial/snappy-java/blob/05c39b2ca9b5b7b39611529cc302d3d796329611/src/main/java/org/xerial/snappy/SnappyInputStream.java#L388",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/xerial/snappy-java/blob/master/src/main/java/org/xerial/snappy/SnappyInputStream.java",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/xerial/snappy-java/commit/3bf67857fcf70d9eea56eed4af7c925671e8eaea",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/xerial/snappy-java/security/advisories/GHSA-qcwq-55hx-v3vh",
"source": "security-advisories@github.com"
}
]
}

20
CVE-2023/CVE-2023-348xx/CVE-2023-34833.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-34833",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-15T18:15:09.427",
"lastModified": "2023-06-15T18:15:09.427",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file."
}
],
"metrics": {},
"references": [
{
"url": "https://note.youdao.com/s/3tge43wH",
"source": "cve@mitre.org"
}
]
}

76
CVE-2023/CVE-2023-348xx/CVE-2023-34856.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-34856",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-09T20:15:10.277",
"lastModified": "2023-06-09T20:40:34.737",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T18:08:26.147",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05.29A allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /auth_pic.cgi."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:di-7500g-ci_firmware:19.05.29a:*:*:*:*:*:*:*",
"matchCriteriaId": "51B632E9-AD4B-42B5-B7F7-44412B86B055"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:di-7500g-ci:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A585823A-0AA8-45D4-8406-D446D04286B4"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/hashshfza/Vulnerability/issues/2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-349xx/CVE-2023-34959.json
View File

@ -2,31 +2,97 @@
"id": "CVE-2023-34959",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-08T19:15:10.003",
"lastModified": "2023-06-09T13:03:52.847",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T18:58:27.980",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:chamilo:chamilo_lms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.11.0",
"versionEndIncluding": "1.11.18",
"matchCriteriaId": "2633146D-0E64-40CC-97EF-DF2774900717"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/chamilo/chamilo-lms/commit/cc278f01864948b1fb160e03f0a3dc0875d5f81f",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/chamilo/chamilo-lms/commit/ea5791ff8ce6ea45148a171b0da5348a7c415e6f",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/chamilo/chamilo-lms/commit/ed946908fef23e8aa4cefc28f745f3cd6710099f",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-111-2023-04-20-Moderate-impact-Low-risk-Multiple-blind-SSRF-in-links-and-social-tools",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-349xx/CVE-2023-34961.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-34961",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-08T19:15:10.077",
"lastModified": "2023-06-09T13:03:52.847",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T18:57:30.313",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:chamilo:chamilo_lms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.11.0",
"versionEndIncluding": "1.11.18",
"matchCriteriaId": "2633146D-0E64-40CC-97EF-DF2774900717"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/chamilo/chamilo-lms/commit/80d1a8c9063a20f286b0195ef537c84a1a11875a",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-105-2023-04-15-Low-impact-Moderate-risk-XSS-in-student-work-comments",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-349xx/CVE-2023-34962.json
View File

@ -2,27 +2,90 @@
"id": "CVE-2023-34962",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-08T19:15:10.163",
"lastModified": "2023-06-09T13:03:48.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-15T18:59:24.027",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student's personal notes."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:chamilo:chamilo_lms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.11.0",
"versionEndIncluding": "1.11.18",
"matchCriteriaId": "2633146D-0E64-40CC-97EF-DF2774900717"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/chamilo/chamilo-lms/commit/19af444d2da9e5a60f02b4ebe7755cdff36709cd",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/chamilo/chamilo-lms/commit/f9a17bfaf05994383bca5f4b65eb6897acc60d41",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-106-2023-04-15-Moderate-impact-Moderate-risk-A-student-can-access-and-modify-another-students-personal-notes",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

72
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-06-15T18:00:34.249351+00:00
2023-06-15T20:00:28.564962+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-06-15T17:51:29.210000+00:00
2023-06-15T19:57:37.947000+00:00
```
### Last Data Feed Release
@ -29,35 +29,65 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
217826
217875
```
### CVEs added in the last Commit
Recently added CVEs: `5`
Recently added CVEs: `49`
* [CVE-2023-34626](CVE-2023/CVE-2023-346xx/CVE-2023-34626.json) (`2023-06-15T16:15:09.347`)
* [CVE-2023-34453](CVE-2023/CVE-2023-344xx/CVE-2023-34453.json) (`2023-06-15T17:15:09.790`)
* [CVE-2023-34454](CVE-2023/CVE-2023-344xx/CVE-2023-34454.json) (`2023-06-15T17:15:09.873`)
* [CVE-2023-34666](CVE-2023/CVE-2023-346xx/CVE-2023-34666.json) (`2023-06-15T17:15:09.943`)
* [CVE-2023-34880](CVE-2023/CVE-2023-348xx/CVE-2023-34880.json) (`2023-06-15T17:15:09.987`)
* [CVE-2023-21139](CVE-2023/CVE-2023-211xx/CVE-2023-21139.json) (`2023-06-15T19:15:10.127`)
* [CVE-2023-21141](CVE-2023/CVE-2023-211xx/CVE-2023-21141.json) (`2023-06-15T19:15:10.167`)
* [CVE-2023-21142](CVE-2023/CVE-2023-211xx/CVE-2023-21142.json) (`2023-06-15T19:15:10.207`)
* [CVE-2023-21143](CVE-2023/CVE-2023-211xx/CVE-2023-21143.json) (`2023-06-15T19:15:10.247`)
* [CVE-2023-21144](CVE-2023/CVE-2023-211xx/CVE-2023-21144.json) (`2023-06-15T19:15:10.287`)
* [CVE-2023-21618](CVE-2023/CVE-2023-216xx/CVE-2023-21618.json) (`2023-06-15T19:15:10.330`)
* [CVE-2023-22248](CVE-2023/CVE-2023-222xx/CVE-2023-22248.json) (`2023-06-15T19:15:10.413`)
* [CVE-2023-28809](CVE-2023/CVE-2023-288xx/CVE-2023-28809.json) (`2023-06-15T19:15:10.537`)
* [CVE-2023-29287](CVE-2023/CVE-2023-292xx/CVE-2023-29287.json) (`2023-06-15T19:15:10.603`)
* [CVE-2023-29288](CVE-2023/CVE-2023-292xx/CVE-2023-29288.json) (`2023-06-15T19:15:10.673`)
* [CVE-2023-29289](CVE-2023/CVE-2023-292xx/CVE-2023-29289.json) (`2023-06-15T19:15:10.743`)
* [CVE-2023-29290](CVE-2023/CVE-2023-292xx/CVE-2023-29290.json) (`2023-06-15T19:15:10.817`)
* [CVE-2023-29291](CVE-2023/CVE-2023-292xx/CVE-2023-29291.json) (`2023-06-15T19:15:10.887`)
* [CVE-2023-29292](CVE-2023/CVE-2023-292xx/CVE-2023-29292.json) (`2023-06-15T19:15:10.957`)
* [CVE-2023-29293](CVE-2023/CVE-2023-292xx/CVE-2023-29293.json) (`2023-06-15T19:15:11.020`)
* [CVE-2023-29294](CVE-2023/CVE-2023-292xx/CVE-2023-29294.json) (`2023-06-15T19:15:11.090`)
* [CVE-2023-29295](CVE-2023/CVE-2023-292xx/CVE-2023-29295.json) (`2023-06-15T19:15:11.163`)
* [CVE-2023-29296](CVE-2023/CVE-2023-292xx/CVE-2023-29296.json) (`2023-06-15T19:15:11.240`)
* [CVE-2023-29297](CVE-2023/CVE-2023-292xx/CVE-2023-29297.json) (`2023-06-15T19:15:11.310`)
* [CVE-2023-29302](CVE-2023/CVE-2023-293xx/CVE-2023-29302.json) (`2023-06-15T19:15:11.387`)
* [CVE-2023-29304](CVE-2023/CVE-2023-293xx/CVE-2023-29304.json) (`2023-06-15T19:15:11.457`)
* [CVE-2023-29307](CVE-2023/CVE-2023-293xx/CVE-2023-29307.json) (`2023-06-15T19:15:11.527`)
* [CVE-2023-29321](CVE-2023/CVE-2023-293xx/CVE-2023-29321.json) (`2023-06-15T19:15:11.600`)
* [CVE-2023-29322](CVE-2023/CVE-2023-293xx/CVE-2023-29322.json) (`2023-06-15T19:15:11.670`)
* [CVE-2023-2686](CVE-2023/CVE-2023-26xx/CVE-2023-2686.json) (`2023-06-15T19:15:11.737`)
### CVEs modified in the last Commit
Recently modified CVEs: `11`
Recently modified CVEs: `21`
* [CVE-2023-2866](CVE-2023/CVE-2023-28xx/CVE-2023-2866.json) (`2023-06-15T16:20:13.673`)
* [CVE-2023-33496](CVE-2023/CVE-2023-334xx/CVE-2023-33496.json) (`2023-06-15T16:35:45.003`)
* [CVE-2023-1864](CVE-2023/CVE-2023-18xx/CVE-2023-1864.json) (`2023-06-15T16:38:25.937`)
* [CVE-2023-24420](CVE-2023/CVE-2023-244xx/CVE-2023-24420.json) (`2023-06-15T16:45:17.990`)
* [CVE-2023-25055](CVE-2023/CVE-2023-250xx/CVE-2023-25055.json) (`2023-06-15T16:45:17.990`)
* [CVE-2023-27634](CVE-2023/CVE-2023-276xx/CVE-2023-27634.json) (`2023-06-15T16:45:17.990`)
* [CVE-2023-33849](CVE-2023/CVE-2023-338xx/CVE-2023-33849.json) (`2023-06-15T16:56:56.460`)
* [CVE-2023-29502](CVE-2023/CVE-2023-295xx/CVE-2023-29502.json) (`2023-06-15T17:08:17.320`)
* [CVE-2023-24476](CVE-2023/CVE-2023-244xx/CVE-2023-24476.json) (`2023-06-15T17:25:11.497`)
* [CVE-2023-34958](CVE-2023/CVE-2023-349xx/CVE-2023-34958.json) (`2023-06-15T17:30:29.973`)
* [CVE-2023-2067](CVE-2023/CVE-2023-20xx/CVE-2023-2067.json) (`2023-06-15T17:51:29.210`)
* [CVE-2015-1385](CVE-2015/CVE-2015-13xx/CVE-2015-1385.json) (`2023-06-15T19:57:37.947`)
* [CVE-2015-9410](CVE-2015/CVE-2015-94xx/CVE-2015-9410.json) (`2023-06-15T19:57:37.947`)
* [CVE-2021-33223](CVE-2021/CVE-2021-332xx/CVE-2021-33223.json) (`2023-06-15T18:22:46.187`)
* [CVE-2022-25834](CVE-2022/CVE-2022-258xx/CVE-2022-25834.json) (`2023-06-15T18:30:57.220`)
* [CVE-2022-42915](CVE-2022/CVE-2022-429xx/CVE-2022-42915.json) (`2023-06-15T19:44:49.433`)
* [CVE-2023-2066](CVE-2023/CVE-2023-20xx/CVE-2023-2066.json) (`2023-06-15T18:05:22.060`)
* [CVE-2023-34856](CVE-2023/CVE-2023-348xx/CVE-2023-34856.json) (`2023-06-15T18:08:26.147`)
* [CVE-2023-2634](CVE-2023/CVE-2023-26xx/CVE-2023-2634.json) (`2023-06-15T18:15:19.997`)
* [CVE-2023-3191](CVE-2023/CVE-2023-31xx/CVE-2023-3191.json) (`2023-06-15T18:40:10.303`)
* [CVE-2023-3190](CVE-2023/CVE-2023-31xx/CVE-2023-3190.json) (`2023-06-15T18:40:40.203`)
* [CVE-2023-2087](CVE-2023/CVE-2023-20xx/CVE-2023-2087.json) (`2023-06-15T18:41:06.490`)
* [CVE-2023-2031](CVE-2023/CVE-2023-20xx/CVE-2023-2031.json) (`2023-06-15T18:41:19.233`)
* [CVE-2023-32749](CVE-2023/CVE-2023-327xx/CVE-2023-32749.json) (`2023-06-15T18:54:39.543`)
* [CVE-2023-34961](CVE-2023/CVE-2023-349xx/CVE-2023-34961.json) (`2023-06-15T18:57:30.313`)
* [CVE-2023-34959](CVE-2023/CVE-2023-349xx/CVE-2023-34959.json) (`2023-06-15T18:58:27.980`)
* [CVE-2023-34962](CVE-2023/CVE-2023-349xx/CVE-2023-34962.json) (`2023-06-15T18:59:24.027`)
* [CVE-2023-24535](CVE-2023/CVE-2023-245xx/CVE-2023-24535.json) (`2023-06-15T19:01:32.533`)
* [CVE-2023-29152](CVE-2023/CVE-2023-291xx/CVE-2023-29152.json) (`2023-06-15T19:03:37.987`)
* [CVE-2023-24469](CVE-2023/CVE-2023-244xx/CVE-2023-24469.json) (`2023-06-15T19:15:10.483`)
* [CVE-2023-34243](CVE-2023/CVE-2023-342xx/CVE-2023-34243.json) (`2023-06-15T19:20:44.020`)
* [CVE-2023-3173](CVE-2023/CVE-2023-31xx/CVE-2023-3173.json) (`2023-06-15T19:29:37.350`)
## Download and Usage