admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-07T14:00:25.857485+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-07 14:00:29 +00:00
parent f72d7fe34d
commit 4ba1feab31
51 changed files with 2108 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2021/CVE-2021-406xx/CVE-2021-40698.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2021-40698",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-07T13:15:07.160",
"lastModified": "2023-09-07T13:42:46.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass??. An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-242"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb21-75.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2021/CVE-2021-406xx/CVE-2021-40699.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2021-40699",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-07T13:15:07.300",
"lastModified": "2023-09-07T13:42:46.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an improper access control vulnerability when checking permissions in the CFIDE path. An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb21-75.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2021/CVE-2021-407xx/CVE-2021-40723.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2021-40723",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-07T13:15:07.393",
"lastModified": "2023-09-07T13:42:46.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2021/CVE-2021-407xx/CVE-2021-40790.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2021-40790",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-07T13:15:07.507",
"lastModified": "2023-09-07T13:42:46.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/premiere_pro/apsb21-117.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2021/CVE-2021-407xx/CVE-2021-40791.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2021-40791",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-07T13:15:07.597",
"lastModified": "2023-09-07T13:42:46.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/premiere_pro/apsb21-117.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2021/CVE-2021-407xx/CVE-2021-40795.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2021-40795",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-07T13:15:07.683",
"lastModified": "2023-09-07T13:42:46.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/premiere_pro/apsb21-117.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2021/CVE-2021-422xx/CVE-2021-42265.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2021-42265",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-07T13:15:07.777",
"lastModified": "2023-09-07T13:42:46.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/premiere_pro/apsb21-117.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2021/CVE-2021-427xx/CVE-2021-42734.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2021-42734",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-07T13:15:07.883",
"lastModified": "2023-09-07T13:42:46.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Photoshop version 22.5.1 ?and earlier?versions???are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/photoshop/apsb21-109.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2021/CVE-2021-430xx/CVE-2021-43018.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2021-43018",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-07T13:15:07.973",
"lastModified": "2023-09-07T13:42:46.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Photoshop versions 23.0.2 and 22.5.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious JPG file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/photoshop/apsb21-113.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2021/CVE-2021-430xx/CVE-2021-43027.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2021-43027",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-07T13:15:08.057",
"lastModified": "2023-09-07T13:42:46.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/after_effects/apsb21-115.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2021/CVE-2021-437xx/CVE-2021-43751.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2021-43751",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-07T13:15:08.140",
"lastModified": "2023-09-07T13:42:46.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/premiere_pro/apsb21-117.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2021/CVE-2021-437xx/CVE-2021-43753.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2021-43753",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-07T13:15:08.230",
"lastModified": "2023-09-07T13:42:46.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe Lightroom versions 4.4 (and earlier) are affected by a use-after-free vulnerability in the processing of parsing TIF files that could result in privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/lightroom/apsb21-119.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2021/CVE-2021-441xx/CVE-2021-44188.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2021-44188",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-07T13:15:08.317",
"lastModified": "2023-09-07T13:42:46.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/after_effects/apsb21-115.html",
"source": "psirt@adobe.com"
}
]
}

4
CVE-2022/CVE-2022-21xx/CVE-2022-2178.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-2178",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-03-06T12:15:08.803",
"lastModified": "2023-03-30T09:15:09.283",
"lastModified": "2023-09-07T12:15:44.747",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saysis Computer Starcities allows Cross-Site Scripting (XSS).This issue affects Starcities: before 1.1."
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saysis Computer Starcities allows Cross-Site Scripting (XSS).This issue affects Starcities: before 1.1.\n\n"
}
],
"metrics": {

58
CVE-2023/CVE-2023-288xx/CVE-2023-28801.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28801",
"sourceIdentifier": "cve@zscaler.com",
"published": "2023-08-31T14:15:08.420",
"lastModified": "2023-08-31T17:26:00.623",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-07T13:26:55.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cve@zscaler.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
},
{
"source": "cve@zscaler.com",
"type": "Secondary",
@ -46,10 +76,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zscaler:zscaler_internet_access_admin_portal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.2r",
"matchCriteriaId": "8285C1E0-950F-409E-AAEF-8D9E13BA8FA3"
}
]
}
]
}
],
"references": [
{
"url": "https://help.zscaler.com/zia/release-upgrade-summary-2023",
"source": "cve@zscaler.com"
"source": "cve@zscaler.com",
"tags": [
"Release Notes"
]
}
]
}

47
CVE-2023/CVE-2023-340xx/CVE-2023-34011.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34011",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-01T12:15:08.703",
"lastModified": "2023-09-01T13:39:55.533",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-07T13:06:11.770",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:shopconstruct:shopconstruct:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.1.2",
"matchCriteriaId": "C773E695-F4BB-44A9-9840-7380562B7D2F"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/shopconstruct/wordpress-shopconstruct-plugin-1-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-343xx/CVE-2023-34357.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-34357",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-09-07T03:15:08.263",
"lastModified": "2023-09-07T03:15:08.263",
"vulnStatus": "Received",
"lastModified": "2023-09-07T12:50:36.973",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nSoar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The reset password link sent out through e-mail, and the link will remain valid after the password has been reset and after the expected expiration date. An attacker with access to the browser history or has the line can thus use the URL again to change the password in order to take over the account.\n\n\n\n"
},
{
"lang": "es",
"value": "Soar Cloud Ltd. HR Portal dispone de un mecanismo de recuperaci\u00f3n de contrase\u00f1as d\u00e9bil para contrase\u00f1as olvidadas. El enlace de restablecimiento de contrase\u00f1a se env\u00eda a trav\u00e9s del correo electr\u00f3nico, y el enlace seguir\u00e1 siendo v\u00e1lido despu\u00e9s de que la contrase\u00f1a haya sido restablecida y despu\u00e9s de la fecha de caducidad prevista. Un atacante con acceso al historial del navegador o al enlace puede as\u00ed utilizar la URL de nuevo para cambiar la contrase\u00f1a con el fin de hacerse cargo de la cuenta. "
}
],
"metrics": {

43
CVE-2023/CVE-2023-366xx/CVE-2023-36635.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36635",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-09-07T13:15:08.433",
"lastModified": "2023-09-07T13:42:46.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An improper access control in Fortinet FortiSwitchManager version 7.2.0 through 7.2.2\r\n7.0.0 through 7.0.1 may allow a remote authenticated read-only user to modify the interface settings via the API."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-174",
"source": "psirt@fortinet.com"
}
]
}

68
CVE-2023/CVE-2023-378xx/CVE-2023-37826.json
View File

@ -2,23 +2,81 @@
"id": "CVE-2023-37826",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T13:15:07.303",
"lastModified": "2023-09-01T13:39:55.533",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-07T13:04:10.693",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fieldname parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:general-solutions:contwise_case2:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "449C8EF4-5485-4F2E-95E1-17EDB9D1C123"
}
]
}
]
}
],
"references": [
{
"url": "https://case.contwise.com/php/portal_case.php",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/Popeye-ITSec/CVEs/blob/main/CVE-2023-37826",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-378xx/CVE-2023-37827.json
View File

@ -2,23 +2,81 @@
"id": "CVE-2023-37827",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T13:15:07.687",
"lastModified": "2023-09-01T13:39:55.533",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-07T13:03:44.377",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the executionBlockName parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:general-solutions:contwise_case2:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "449C8EF4-5485-4F2E-95E1-17EDB9D1C123"
}
]
}
]
}
],
"references": [
{
"url": "https://case.contwise.com/php/portal_case.php",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/Popeye-ITSec/CVEs/blob/main/CVE-2023-37827",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-378xx/CVE-2023-37828.json
View File

@ -2,23 +2,81 @@
"id": "CVE-2023-37828",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T13:15:07.857",
"lastModified": "2023-09-01T13:39:55.533",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-07T13:03:37.697",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Tasktyp parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:general-solutions:contwise_case2:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "449C8EF4-5485-4F2E-95E1-17EDB9D1C123"
}
]
}
]
}
],
"references": [
{
"url": "https://case.contwise.com/php/portal_case.php",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/Popeye-ITSec/CVEs/blob/main/CVE-2023-37828",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-378xx/CVE-2023-37829.json
View File

@ -2,23 +2,81 @@
"id": "CVE-2023-37829",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T13:15:07.990",
"lastModified": "2023-09-01T13:39:55.533",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-07T13:03:28.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notification.message parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:general-solutions:contwise_case2:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "449C8EF4-5485-4F2E-95E1-17EDB9D1C123"
}
]
}
]
}
],
"references": [
{
"url": "https://case.contwise.com/php/portal_case.php",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/Popeye-ITSec/CVEs/blob/main/CVE-2023-37829",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-378xx/CVE-2023-37830.json
View File

@ -2,23 +2,81 @@
"id": "CVE-2023-37830",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T13:15:08.117",
"lastModified": "2023-09-01T13:39:55.533",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-07T12:58:00.423",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:general-solutions:contwise_case2:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "449C8EF4-5485-4F2E-95E1-17EDB9D1C123"
}
]
}
]
}
],
"references": [
{
"url": "https://case.contwise.com/php/portal_case.php",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/Popeye-ITSec/CVEs/blob/main/CVE-2023-37830",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-378xx/CVE-2023-37893.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37893",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-01T12:15:08.943",
"lastModified": "2023-09-01T13:39:55.533",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-07T13:05:50.480",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:chop-chop:coming_soon_chop_chop:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.2.4",
"matchCriteriaId": "2A03FF8F-AFE9-4409-BA89-C3F08097AE1A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cc-coming-soon/wordpress-coming-soon-chop-chop-plugin-2-2-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-379xx/CVE-2023-37986.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37986",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-01T12:15:09.127",
"lastModified": "2023-09-01T13:39:55.533",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-07T13:05:43.310",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:minorange:wordpress_yourmembership_single_sign-on:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.1.3",
"matchCriteriaId": "7609D5F3-816B-4E6B-A0FC-C7D0B659F58D"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/login-with-yourmembership/wordpress-yourmembership-single-sign-on-plugin-1-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-379xx/CVE-2023-37994.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37994",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-01T12:15:09.323",
"lastModified": "2023-09-01T13:39:55.533",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-07T13:05:35.930",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpruse:art_decoration_shortcode:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.5.6",
"matchCriteriaId": "652BC4BD-4C6C-4DFE-9714-D00D50EE0F5A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/art-decoration-shortcode/wordpress-art-decoration-shortcode-plugin-1-5-6-cross-site-scripting-xss?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-379xx/CVE-2023-37997.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37997",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-01T12:15:09.480",
"lastModified": "2023-09-01T13:39:55.533",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-07T13:05:27.313",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dharmeshpatel:post_list_with_featured_image:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2",
"matchCriteriaId": "981F900C-4381-4327-9552-D9056C0ECD7F"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/post-list-with-featured-image/wordpress-post-list-with-featured-image-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-37xx/CVE-2023-3747.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-3747",
"sourceIdentifier": "cna@cloudflare.com",
"published": "2023-09-07T13:15:09.030",
"lastModified": "2023-09-07T13:42:46.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can also be created by the Administrators to allow a device to temporarily be disconnected from WARP, however, due to lack of server side validation, an attacker with local access to the device, could extend the maximum allowed disconnected time of WARP client granted by an override code by changing the date & time on the local device where WARP is running.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@cloudflare.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cna@cloudflare.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-602"
}
]
}
],
"references": [
{
"url": "https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#retrieve-the-override-code",
"source": "cna@cloudflare.com"
},
{
"url": "https://play.google.com/store/apps/details?id=com.cloudflare.onedotonedotonedotone",
"source": "cna@cloudflare.com"
}
]
}

4
CVE-2023/CVE-2023-380xx/CVE-2023-38031.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38031",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-09-07T04:15:10.273",
"lastModified": "2023-09-07T04:15:10.273",
"vulnStatus": "Received",
"lastModified": "2023-09-07T12:50:36.973",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-380xx/CVE-2023-38032.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38032",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-09-07T07:15:08.107",
"lastModified": "2023-09-07T07:15:08.107",
"vulnStatus": "Received",
"lastModified": "2023-09-07T12:50:36.973",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-380xx/CVE-2023-38033.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38033",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-09-07T07:15:08.297",
"lastModified": "2023-09-07T07:15:08.297",
"vulnStatus": "Received",
"lastModified": "2023-09-07T12:50:36.973",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-392xx/CVE-2023-39236.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39236",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-09-07T07:15:08.440",
"lastModified": "2023-09-07T07:15:08.440",
"vulnStatus": "Received",
"lastModified": "2023-09-07T12:50:36.973",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-392xx/CVE-2023-39237.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39237",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-09-07T07:15:08.537",
"lastModified": "2023-09-07T07:15:08.537",
"vulnStatus": "Received",
"lastModified": "2023-09-07T12:50:36.973",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-392xx/CVE-2023-39238.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39238",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-09-07T08:15:07.533",
"lastModified": "2023-09-07T08:15:07.533",
"vulnStatus": "Received",
"lastModified": "2023-09-07T12:50:36.973",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-392xx/CVE-2023-39239.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39239",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-09-07T08:15:07.620",
"lastModified": "2023-09-07T08:15:07.620",
"vulnStatus": "Received",
"lastModified": "2023-09-07T12:50:36.973",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-392xx/CVE-2023-39240.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39240",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-09-07T08:15:07.710",
"lastModified": "2023-09-07T08:15:07.710",
"vulnStatus": "Received",
"lastModified": "2023-09-07T12:50:36.973",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-394xx/CVE-2023-39420.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-39420",
"sourceIdentifier": "cve-requests@bitdefender.com",
"published": "2023-09-07T13:15:08.517",
"lastModified": "2023-09-07T13:42:46.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The RDPCore.dll component as used in the IRM Next Generation booking engine, allows a remote user to connect to customers with an \"admin\" account and a corresponding password computed daily by a routine inside the DLL file. Once reverse-engineered, this routine can help an attacker generate the daily password and connect to application customers. Given that this is an administrative account, anyone logging into a customer deployment has full, unrestricted access to the application."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-requests@bitdefender.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "cve-requests@bitdefender.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained/",
"source": "cve-requests@bitdefender.com"
}
]
}

55
CVE-2023/CVE-2023-394xx/CVE-2023-39421.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-39421",
"sourceIdentifier": "cve-requests@bitdefender.com",
"published": "2023-09-07T13:15:08.617",
"lastModified": "2023-09-07T13:42:46.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The RDPWin.dll component as used in the IRM Next Generation booking engine includes a set of hardcoded API keys for third-party services such as Twilio and Vonage. These keys allow unrestricted interaction with these services."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-requests@bitdefender.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "cve-requests@bitdefender.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained",
"source": "cve-requests@bitdefender.com"
}
]
}

55
CVE-2023/CVE-2023-394xx/CVE-2023-39422.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-39422",
"sourceIdentifier": "cve-requests@bitdefender.com",
"published": "2023-09-07T13:15:08.710",
"lastModified": "2023-09-07T13:42:46.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The\u00a0/irmdata/api/ endpoints exposed by the\u00a0IRM Next Generation booking engine authenticates requests using HMAC tokens. These tokens are however exposed in a JavaScript file loaded on the client side, thus rendering this extra safety mechanism useless."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-requests@bitdefender.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "cve-requests@bitdefender.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained",
"source": "cve-requests@bitdefender.com"
}
]
}

55
CVE-2023/CVE-2023-394xx/CVE-2023-39423.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-39423",
"sourceIdentifier": "cve-requests@bitdefender.com",
"published": "2023-09-07T13:15:08.837",
"lastModified": "2023-09-07T13:42:46.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The RDPData.dll file exposes the\u00a0/irmdata/api/common endpoint that handles session IDs, \u00a0among other features. By using a UNION SQL operator, an attacker can leak the sessions table, obtain the currently valid sessions and impersonate a currently logged-in user.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-requests@bitdefender.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "cve-requests@bitdefender.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained",
"source": "cve-requests@bitdefender.com"
}
]
}

55
CVE-2023/CVE-2023-394xx/CVE-2023-39424.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-39424",
"sourceIdentifier": "cve-requests@bitdefender.com",
"published": "2023-09-07T13:15:08.933",
"lastModified": "2023-09-07T13:42:46.843",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in\u00a0RDPngFileUpload.dll, as used in the\u00a0IRM Next Generation booking system, allows a remote attacker to upload arbitrary content (such as a web shell component) to the SQL database and execute it with SYSTEM privileges. This vulnerability requires authentication to be exploited but can be paired with another vulnerability in the platform (CVE-2023-39420, which grants access to hardcoded credentials) to carry the attack without having assigned credentials.\u00a0"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-requests@bitdefender.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "cve-requests@bitdefender.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"references": [
{
"url": "https://bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained",
"source": "cve-requests@bitdefender.com"
}
]
}

65
CVE-2023/CVE-2023-397xx/CVE-2023-39703.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-39703",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T13:15:08.243",
"lastModified": "2023-09-01T13:39:55.533",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-07T12:57:41.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross site scripting (XSS) vulnerability in the Markdown Editor component of Typora v1.6.7 allows attackers to execute arbitrary code via uploading a crafted Markdown file."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:typora:typora:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.6.7",
"matchCriteriaId": "8A864E61-1493-40D3-9EFB-A8124F2FE28E"
}
]
}
]
}
],
"references": [
{
"url": "https://c0olw.github.io/2023/07/31/Typora-XSS-Vulnerability/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-397xx/CVE-2023-39710.json
View File

@ -2,27 +2,89 @@
"id": "CVE-2023-39710",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T14:15:07.777",
"lastModified": "2023-09-01T21:15:30.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-07T12:56:42.723",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Customer section."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:free_and_open_source_inventory_management_system_project:free_and_open_source_inventory_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4E30A0-0847-427A-9B08-FB699FCC7958"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/Arajawat007/dc6e4dd231accf777dae30d890a4e7df#file-cve-2023-39710",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.sourcecodester.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

73
CVE-2023/CVE-2023-398xx/CVE-2023-39810.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-39810",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-28T19:15:07.893",
"lastModified": "2023-08-28T19:28:54.367",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-07T13:48:46.393",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:busybox:busybox:1.30.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8AC195D9-9524-4293-8324-599BAD0EE324"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:busybox:busybox:1.33.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E135F20-BC21-42DE-A91C-343049863AA2"
}
]
}
]
}
],
"references": [
{
"url": "http://busybox.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-408xx/CVE-2023-40847.json
View File

@ -2,19 +2,86 @@
"id": "CVE-2023-40847",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-30T17:15:10.877",
"lastModified": "2023-08-31T10:02:10.690",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-07T13:47:17.837",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via the function \"initIpAddrInfo.\" In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac6_firmware:15.03.05.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6F60AFD7-74AF-4CA2-8232-2858D5AD023A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac6:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B622BF6D-85E6-475A-B7FB-11BA1A641191"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/12/12.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-408xx/CVE-2023-40848.json
View File

@ -2,19 +2,86 @@
"id": "CVE-2023-40848",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-30T17:15:10.943",
"lastModified": "2023-08-31T10:02:10.690",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-07T13:45:12.653",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via the function \"sub_7D858.\""
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac6_firmware:15.03.05.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6F60AFD7-74AF-4CA2-8232-2858D5AD023A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac6:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B622BF6D-85E6-475A-B7FB-11BA1A641191"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/11/11.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-417xx/CVE-2023-41742.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-41742",
"sourceIdentifier": "security@acronis.com",
"published": "2023-08-31T15:15:08.520",
"lastModified": "2023-09-06T18:44:03.223",
"lastModified": "2023-09-07T13:13:00.990",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -89,8 +89,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*",
"versionEndExcluding": "22.09",
"matchCriteriaId": "BC812D29-D735-4C72-94B1-F20E92B5FF24"
"versionEndExcluding": "c22.09",
"matchCriteriaId": "20951C06-CFEC-4A94-8E92-3AFAA54C12AD"
},
{
"vulnerable": true,

8
CVE-2023/CVE-2023-47xx/CVE-2023-4772.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4772",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-09-07T02:15:08.033",
"lastModified": "2023-09-07T02:15:08.033",
"vulnStatus": "Received",
"lastModified": "2023-09-07T12:50:36.973",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'newsletter_form' shortcode in versions up to, and including, 7.8.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El plugin Newsletter para WordPress es vulnerable a Cross-Site Scripting (XSS) almacenado a trav\u00e9s del shortcode \"newsletter_form\" en versiones hasta, e incluyendo, la 7.8.9 debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida en atributos suministrados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. "
}
],
"metrics": {

4
CVE-2023/CVE-2023-47xx/CVE-2023-4792.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4792",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-09-07T02:15:08.163",
"lastModified": "2023-09-07T02:15:08.163",
"vulnStatus": "Received",
"lastModified": "2023-09-07T12:50:36.973",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-48xx/CVE-2023-4815.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4815",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-07T07:15:08.747",
"lastModified": "2023-09-07T07:15:08.747",
"vulnStatus": "Received",
"lastModified": "2023-09-07T12:50:36.973",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

62
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-07T10:00:25.460923+00:00
2023-09-07T14:00:25.857485+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-07T09:15:07.567000+00:00
2023-09-07T13:48:46.393000+00:00
```
### Last Data Feed Release
@ -29,26 +29,64 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
224433
224453
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `20`
* [CVE-2023-39238](CVE-2023/CVE-2023-392xx/CVE-2023-39238.json) (`2023-09-07T08:15:07.533`)
* [CVE-2023-39239](CVE-2023/CVE-2023-392xx/CVE-2023-39239.json) (`2023-09-07T08:15:07.620`)
* [CVE-2023-39240](CVE-2023/CVE-2023-392xx/CVE-2023-39240.json) (`2023-09-07T08:15:07.710`)
* [CVE-2021-40698](CVE-2021/CVE-2021-406xx/CVE-2021-40698.json) (`2023-09-07T13:15:07.160`)
* [CVE-2021-40699](CVE-2021/CVE-2021-406xx/CVE-2021-40699.json) (`2023-09-07T13:15:07.300`)
* [CVE-2021-40723](CVE-2021/CVE-2021-407xx/CVE-2021-40723.json) (`2023-09-07T13:15:07.393`)
* [CVE-2021-40790](CVE-2021/CVE-2021-407xx/CVE-2021-40790.json) (`2023-09-07T13:15:07.507`)
* [CVE-2021-40791](CVE-2021/CVE-2021-407xx/CVE-2021-40791.json) (`2023-09-07T13:15:07.597`)
* [CVE-2021-40795](CVE-2021/CVE-2021-407xx/CVE-2021-40795.json) (`2023-09-07T13:15:07.683`)
* [CVE-2021-42265](CVE-2021/CVE-2021-422xx/CVE-2021-42265.json) (`2023-09-07T13:15:07.777`)
* [CVE-2021-42734](CVE-2021/CVE-2021-427xx/CVE-2021-42734.json) (`2023-09-07T13:15:07.883`)
* [CVE-2021-43018](CVE-2021/CVE-2021-430xx/CVE-2021-43018.json) (`2023-09-07T13:15:07.973`)
* [CVE-2021-43027](CVE-2021/CVE-2021-430xx/CVE-2021-43027.json) (`2023-09-07T13:15:08.057`)
* [CVE-2021-43751](CVE-2021/CVE-2021-437xx/CVE-2021-43751.json) (`2023-09-07T13:15:08.140`)
* [CVE-2021-43753](CVE-2021/CVE-2021-437xx/CVE-2021-43753.json) (`2023-09-07T13:15:08.230`)
* [CVE-2021-44188](CVE-2021/CVE-2021-441xx/CVE-2021-44188.json) (`2023-09-07T13:15:08.317`)
* [CVE-2023-36635](CVE-2023/CVE-2023-366xx/CVE-2023-36635.json) (`2023-09-07T13:15:08.433`)
* [CVE-2023-39420](CVE-2023/CVE-2023-394xx/CVE-2023-39420.json) (`2023-09-07T13:15:08.517`)
* [CVE-2023-39421](CVE-2023/CVE-2023-394xx/CVE-2023-39421.json) (`2023-09-07T13:15:08.617`)
* [CVE-2023-39422](CVE-2023/CVE-2023-394xx/CVE-2023-39422.json) (`2023-09-07T13:15:08.710`)
* [CVE-2023-39423](CVE-2023/CVE-2023-394xx/CVE-2023-39423.json) (`2023-09-07T13:15:08.837`)
* [CVE-2023-39424](CVE-2023/CVE-2023-394xx/CVE-2023-39424.json) (`2023-09-07T13:15:08.933`)
* [CVE-2023-3747](CVE-2023/CVE-2023-37xx/CVE-2023-3747.json) (`2023-09-07T13:15:09.030`)
### CVEs modified in the last Commit
Recently modified CVEs: `4`
Recently modified CVEs: `30`
* [CVE-2021-43361](CVE-2021/CVE-2021-433xx/CVE-2021-43361.json) (`2023-09-07T08:15:07.210`)
* [CVE-2021-43362](CVE-2021/CVE-2021-433xx/CVE-2021-43362.json) (`2023-09-07T08:15:07.327`)
* [CVE-2022-0900](CVE-2022/CVE-2022-09xx/CVE-2022-0900.json) (`2023-09-07T09:15:07.567`)
* [CVE-2023-0979](CVE-2023/CVE-2023-09xx/CVE-2023-0979.json) (`2023-09-07T08:15:07.413`)
* [CVE-2023-38032](CVE-2023/CVE-2023-380xx/CVE-2023-38032.json) (`2023-09-07T12:50:36.973`)
* [CVE-2023-38033](CVE-2023/CVE-2023-380xx/CVE-2023-38033.json) (`2023-09-07T12:50:36.973`)
* [CVE-2023-39236](CVE-2023/CVE-2023-392xx/CVE-2023-39236.json) (`2023-09-07T12:50:36.973`)
* [CVE-2023-39237](CVE-2023/CVE-2023-392xx/CVE-2023-39237.json) (`2023-09-07T12:50:36.973`)
* [CVE-2023-4815](CVE-2023/CVE-2023-48xx/CVE-2023-4815.json) (`2023-09-07T12:50:36.973`)
* [CVE-2023-39238](CVE-2023/CVE-2023-392xx/CVE-2023-39238.json) (`2023-09-07T12:50:36.973`)
* [CVE-2023-39239](CVE-2023/CVE-2023-392xx/CVE-2023-39239.json) (`2023-09-07T12:50:36.973`)
* [CVE-2023-39240](CVE-2023/CVE-2023-392xx/CVE-2023-39240.json) (`2023-09-07T12:50:36.973`)
* [CVE-2023-39710](CVE-2023/CVE-2023-397xx/CVE-2023-39710.json) (`2023-09-07T12:56:42.723`)
* [CVE-2023-39703](CVE-2023/CVE-2023-397xx/CVE-2023-39703.json) (`2023-09-07T12:57:41.467`)
* [CVE-2023-37830](CVE-2023/CVE-2023-378xx/CVE-2023-37830.json) (`2023-09-07T12:58:00.423`)
* [CVE-2023-37829](CVE-2023/CVE-2023-378xx/CVE-2023-37829.json) (`2023-09-07T13:03:28.967`)
* [CVE-2023-37828](CVE-2023/CVE-2023-378xx/CVE-2023-37828.json) (`2023-09-07T13:03:37.697`)
* [CVE-2023-37827](CVE-2023/CVE-2023-378xx/CVE-2023-37827.json) (`2023-09-07T13:03:44.377`)
* [CVE-2023-37826](CVE-2023/CVE-2023-378xx/CVE-2023-37826.json) (`2023-09-07T13:04:10.693`)
* [CVE-2023-37997](CVE-2023/CVE-2023-379xx/CVE-2023-37997.json) (`2023-09-07T13:05:27.313`)
* [CVE-2023-37994](CVE-2023/CVE-2023-379xx/CVE-2023-37994.json) (`2023-09-07T13:05:35.930`)
* [CVE-2023-37986](CVE-2023/CVE-2023-379xx/CVE-2023-37986.json) (`2023-09-07T13:05:43.310`)
* [CVE-2023-37893](CVE-2023/CVE-2023-378xx/CVE-2023-37893.json) (`2023-09-07T13:05:50.480`)
* [CVE-2023-34011](CVE-2023/CVE-2023-340xx/CVE-2023-34011.json) (`2023-09-07T13:06:11.770`)
* [CVE-2023-41742](CVE-2023/CVE-2023-417xx/CVE-2023-41742.json) (`2023-09-07T13:13:00.990`)
* [CVE-2023-28801](CVE-2023/CVE-2023-288xx/CVE-2023-28801.json) (`2023-09-07T13:26:55.797`)
* [CVE-2023-40848](CVE-2023/CVE-2023-408xx/CVE-2023-40848.json) (`2023-09-07T13:45:12.653`)
* [CVE-2023-40847](CVE-2023/CVE-2023-408xx/CVE-2023-40847.json) (`2023-09-07T13:47:17.837`)
* [CVE-2023-39810](CVE-2023/CVE-2023-398xx/CVE-2023-39810.json) (`2023-09-07T13:48:46.393`)
## Download and Usage