admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-25T02:00:26.168017+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-25 02:00:30 +00:00
parent 0637fa750f
commit 50403f7a3c
13 changed files with 373 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2023/CVE-2023-30xx/CVE-2023-3073.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-3073",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-06-02T19:15:09.433",
"lastModified": "2023-06-08T17:42:04.270",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-25T00:15:09.770",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8."
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8 via evvtgendoc."
}
],
"metrics": {

6
CVE-2023/CVE-2023-388xx/CVE-2023-38898.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-38898",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-15T17:15:12.187",
"lastModified": "2023-08-24T18:46:44.610",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-25T01:15:08.270",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component."
"value": "** DISPUTED ** An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it is a bug in some 3.12 pre-releases); (2) there are no common scenarios in which an adversary can call _asyncio._swap_current_task but does not already have the ability to call arbitrary functions; and (3) there are no common scenarios in which sensitive information, which is not already accessible to an adversary, becomes accessible through this bug."
}
],
"metrics": {

20
CVE-2023/CVE-2023-389xx/CVE-2023-38973.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-38973",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T01:15:08.630",
"lastModified": "2023-08-25T01:15:08.630",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/anh91/uasoft-indonesia--badaso/blob/main/xss5.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-389xx/CVE-2023-38974.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-38974",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T01:15:08.720",
"lastModified": "2023-08-25T01:15:08.720",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the Edit Category function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/anh91/uasoft-indonesia--badaso/blob/main/XSS4.md",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-396xx/CVE-2023-39699.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-39699",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T00:15:09.283",
"lastModified": "2023-08-25T00:15:09.283",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows attackers to include or execute files from the local file system of the targeted server."
}
],
"metrics": {},
"references": [
{
"url": "https://cwe.mitre.org/data/definitions/98.html",
"source": "cve@mitre.org"
},
{
"url": "https://drive.google.com/file/d/1NkqL4ySJApyPy8B-zDC7vE-QMBQAu8OU",
"source": "cve@mitre.org"
},
{
"url": "https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-397xx/CVE-2023-39700.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-39700",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T00:15:09.693",
"lastModified": "2023-08-25T00:15:09.693",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://cwe.mitre.org/data/definitions/79.html",
"source": "cve@mitre.org"
},
{
"url": "https://drive.google.com/file/d/1QL_517UbTFJox4CXKQpP9fehR1yXRJ-y",
"source": "cve@mitre.org"
},
{
"url": "https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)",
"source": "cve@mitre.org"
}
]
}

55
CVE-2023/CVE-2023-401xx/CVE-2023-40179.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-40179",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-25T01:15:08.777",
"lastModified": "2023-08-25T01:15:08.777",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Silverware Games is a premium social network where people can play games online. Prior to version 1.3.6, the Password Recovery form would throw an error if the specified email was not found in our database. It would only display the \"Enter the code\" form if the email is associated with a member of the site. Since version 1.3.6, the \"Enter the code\" form is always returned, showing the message \"If the entered email is associated with an account, a code will be sent now\". This change prevents potential violators from determining if our site has a user with the specified email."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-204"
}
]
}
],
"references": [
{
"url": "https://github.com/mesosoi/silverwaregames-io-issue-tracker/security/advisories/GHSA-789j-chfj-58hr",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-401xx/CVE-2023-40182.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-40182",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-25T01:15:08.910",
"lastModified": "2023-08-25T01:15:08.910",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Silverware Games is a premium social network where people can play games online. When using the Recovery form, a noticeably different amount of time passes depending of whether the specified email address presents in our database or not. This has been fixed in version 1.3.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-208"
}
]
}
],
"references": [
{
"url": "https://github.com/mesosoi/silverwaregames-io-issue-tracker/security/advisories/GHSA-9684-6j5x-ccx9",
"source": "security-advisories@github.com"
}
]
}

24
CVE-2023/CVE-2023-402xx/CVE-2023-40217.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-40217",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T01:15:09.017",
"lastModified": "2023-08-25T01:15:09.017",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as \"not connected\" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)"
}
],
"metrics": {},
"references": [
{
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/",
"source": "cve@mitre.org"
},
{
"url": "https://www.python.org/dev/security/",
"source": "cve@mitre.org"
}
]
}

59
CVE-2023/CVE-2023-405xx/CVE-2023-40570.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-40570",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-25T01:15:09.077",
"lastModified": "2023-08-25T01:15:09.077",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The `/-/api` API explorer endpoint could reveal the names of both databases and tables - but not their contents - to an unauthenticated user. Datasette 1.0a4 has a fix for this issue. This will block access to the API explorer but will still allow access to the Datasette read or write JSON APIs, as those use different URL patterns within the Datasette `/database` hierarchy. This issue is patched in version 1.0a4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-213"
}
]
}
],
"references": [
{
"url": "https://github.com/simonw/datasette/commit/01e0558825b8f7ec17d3b691aa072daf122fcc74",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/simonw/datasette/security/advisories/GHSA-7ch3-7pp7-7cpq",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-405xx/CVE-2023-40577.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-40577",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-25T01:15:09.177",
"lastModified": "2023-08-25T01:15:09.177",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in Alertmanager version 0.2.51."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/prometheus/alertmanager/security/advisories/GHSA-v86x-5fm3-5p7j",
"source": "security-advisories@github.com"
}
]
}

6
CVE-2023/CVE-2023-411xx/CVE-2023-41105.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-41105",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-23T07:15:08.590",
"lastModified": "2023-08-23T13:17:18.197",
"lastModified": "2023-08-25T01:15:09.277",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -27,6 +27,10 @@
{
"url": "https://github.com/python/cpython/pull/107983",
"source": "cve@mitre.org"
},
{
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/",
"source": "cve@mitre.org"
}
]
}

47
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-24T23:55:25.062324+00:00
2023-08-25T02:00:26.168017+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-24T23:15:09.380000+00:00
2023-08-25T01:15:09.277000+00:00
```
### Last Data Feed Release
@ -23,48 +23,37 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2023-08-24T00:00:13.569934+00:00
2023-08-25T00:00:13.552039+00:00
```
### Total Number of included CVEs
```plain
223405
223414
```
### CVEs added in the last Commit
Recently added CVEs: `11`
Recently added CVEs: `9`
* [CVE-2023-32077](CVE-2023/CVE-2023-320xx/CVE-2023-32077.json) (`2023-08-24T22:15:08.077`)
* [CVE-2023-32078](CVE-2023/CVE-2023-320xx/CVE-2023-32078.json) (`2023-08-24T22:15:10.267`)
* [CVE-2023-32079](CVE-2023/CVE-2023-320xx/CVE-2023-32079.json) (`2023-08-24T23:15:08.570`)
* [CVE-2023-37469](CVE-2023/CVE-2023-374xx/CVE-2023-37469.json) (`2023-08-24T23:15:08.700`)
* [CVE-2023-38508](CVE-2023/CVE-2023-385xx/CVE-2023-38508.json) (`2023-08-24T23:15:08.803`)
* [CVE-2023-39519](CVE-2023/CVE-2023-395xx/CVE-2023-39519.json) (`2023-08-24T23:15:08.907`)
* [CVE-2023-39521](CVE-2023/CVE-2023-395xx/CVE-2023-39521.json) (`2023-08-24T23:15:09.000`)
* [CVE-2023-40017](CVE-2023/CVE-2023-400xx/CVE-2023-40017.json) (`2023-08-24T23:15:09.097`)
* [CVE-2023-40022](CVE-2023/CVE-2023-400xx/CVE-2023-40022.json) (`2023-08-24T23:15:09.177`)
* [CVE-2023-40030](CVE-2023/CVE-2023-400xx/CVE-2023-40030.json) (`2023-08-24T23:15:09.287`)
* [CVE-2023-4508](CVE-2023/CVE-2023-45xx/CVE-2023-4508.json) (`2023-08-24T23:15:09.380`)
* [CVE-2023-39699](CVE-2023/CVE-2023-396xx/CVE-2023-39699.json) (`2023-08-25T00:15:09.283`)
* [CVE-2023-39700](CVE-2023/CVE-2023-397xx/CVE-2023-39700.json) (`2023-08-25T00:15:09.693`)
* [CVE-2023-38973](CVE-2023/CVE-2023-389xx/CVE-2023-38973.json) (`2023-08-25T01:15:08.630`)
* [CVE-2023-38974](CVE-2023/CVE-2023-389xx/CVE-2023-38974.json) (`2023-08-25T01:15:08.720`)
* [CVE-2023-40179](CVE-2023/CVE-2023-401xx/CVE-2023-40179.json) (`2023-08-25T01:15:08.777`)
* [CVE-2023-40182](CVE-2023/CVE-2023-401xx/CVE-2023-40182.json) (`2023-08-25T01:15:08.910`)
* [CVE-2023-40217](CVE-2023/CVE-2023-402xx/CVE-2023-40217.json) (`2023-08-25T01:15:09.017`)
* [CVE-2023-40570](CVE-2023/CVE-2023-405xx/CVE-2023-40570.json) (`2023-08-25T01:15:09.077`)
* [CVE-2023-40577](CVE-2023/CVE-2023-405xx/CVE-2023-40577.json) (`2023-08-25T01:15:09.177`)
### CVEs modified in the last Commit
Recently modified CVEs: `12`
Recently modified CVEs: `3`
* [CVE-2021-33388](CVE-2021/CVE-2021-333xx/CVE-2021-33388.json) (`2023-08-24T22:02:17.067`)
* [CVE-2021-33390](CVE-2021/CVE-2021-333xx/CVE-2021-33390.json) (`2023-08-24T22:03:03.697`)
* [CVE-2022-28068](CVE-2022/CVE-2022-280xx/CVE-2022-28068.json) (`2023-08-24T22:03:29.030`)
* [CVE-2022-28069](CVE-2022/CVE-2022-280xx/CVE-2022-28069.json) (`2023-08-24T22:03:46.670`)
* [CVE-2022-28070](CVE-2022/CVE-2022-280xx/CVE-2022-28070.json) (`2023-08-24T22:04:19.953`)
* [CVE-2022-28071](CVE-2022/CVE-2022-280xx/CVE-2022-28071.json) (`2023-08-24T22:04:41.027`)
* [CVE-2022-28072](CVE-2022/CVE-2022-280xx/CVE-2022-28072.json) (`2023-08-24T22:04:59.273`)
* [CVE-2022-28073](CVE-2022/CVE-2022-280xx/CVE-2022-28073.json) (`2023-08-24T22:05:12.257`)
* [CVE-2022-39266](CVE-2022/CVE-2022-392xx/CVE-2022-39266.json) (`2023-08-24T23:15:07.693`)
* [CVE-2023-23563](CVE-2023/CVE-2023-235xx/CVE-2023-23563.json) (`2023-08-24T22:05:24.360`)
* [CVE-2023-23564](CVE-2023/CVE-2023-235xx/CVE-2023-23564.json) (`2023-08-24T22:05:33.550`)
* [CVE-2023-23565](CVE-2023/CVE-2023-235xx/CVE-2023-23565.json) (`2023-08-24T22:05:49.407`)
* [CVE-2023-3073](CVE-2023/CVE-2023-30xx/CVE-2023-3073.json) (`2023-08-25T00:15:09.770`)
* [CVE-2023-38898](CVE-2023/CVE-2023-388xx/CVE-2023-38898.json) (`2023-08-25T01:15:08.270`)
* [CVE-2023-41105](CVE-2023/CVE-2023-411xx/CVE-2023-41105.json) (`2023-08-25T01:15:09.277`)
## Download and Usage