admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-12-18 03:14:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-02T10:00:24.586602+00:00

Browse Source
This commit is contained in:
René Helmke 2023-05-02 12:00:27 +02:00
parent 884dd376a1
commit 51e6320942
23 changed files with 814 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
CVE-2022/CVE-2022-332xx/CVE-2022-33273.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-33273",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2023-05-02T08:15:08.763",
"lastModified": "2023-05-02T08:15:08.763",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "product-security@qualcomm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 4.7
}
]
},
"references": [
{
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin",
"source": "product-security@qualcomm.com"
}
]
}

43
CVE-2022/CVE-2022-405xx/CVE-2022-40504.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-40504",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2023-05-02T08:15:09.437",
"lastModified": "2023-05-02T08:15:09.437",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "product-security@qualcomm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin",
"source": "product-security@qualcomm.com"
}
]
}

32
CVE-2023/CVE-2023-08xx/CVE-2023-0891.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-0891",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-02T08:15:09.513",
"lastModified": "2023-05-02T08:15:09.513",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The StagTools WordPress plugin before 2.3.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/72397fee-9768-462b-933c-400181a5487c",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-09xx/CVE-2023-0924.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-0924",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-02T08:15:09.620",
"lastModified": "2023-05-02T08:15:09.620",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user (such as an Administrator) to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/0fd0d7a5-9263-43b6-9244-7880c3d3e6f4",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-10xx/CVE-2023-1021.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-1021",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-02T08:15:09.693",
"lastModified": "2023-05-02T08:15:09.693",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The amr ical events lists WordPress plugin through 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/91d04f96-11b2-46dc-860c-dc6c26360bf3",
"source": "contact@wpscan.com"
}
]
}

36
CVE-2023/CVE-2023-10xx/CVE-2023-1090.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-1090",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-02T08:15:09.753",
"lastModified": "2023-05-02T08:15:09.753",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The SMTP Mailing Queue WordPress plugin before 2.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/youki992/youki992.github.io/blob/master/others/apply.md",
"source": "contact@wpscan.com"
},
{
"url": "https://wpscan.com/vulnerability/d470dd6c-dcac-4a3e-b42a-2489a31aca45",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-11xx/CVE-2023-1125.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-1125",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-02T08:15:09.823",
"lastModified": "2023-05-02T08:15:09.823",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Ruby Help Desk WordPress plugin before 1.3.4 does not ensure that the ticket being modified belongs to the user making the request, allowing an attacker to close and/or add files and replies to tickets other than their own."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/e8a4b6ab-47f8-495d-a22c-dcf914dfb58c",
"source": "contact@wpscan.com"
}
]
}

36
CVE-2023/CVE-2023-11xx/CVE-2023-1196.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-1196",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-02T09:15:09.280",
"lastModified": "2023-05-02T09:15:09.280",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/8e5ec88e-0e66-44e4-bbf2-74155d849ede",
"source": "contact@wpscan.com"
},
{
"url": "https://wpscan.com/vulnerability/cf376ca2-92f6-44ff-929a-ace809460a33",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-15xx/CVE-2023-1525.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-1525",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-02T08:15:09.893",
"lastModified": "2023-05-02T08:15:09.893",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Site Reviews WordPress plugin before 6.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/4ae6bf90-b100-4bb5-bdd7-8acdbd950596",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-15xx/CVE-2023-1546.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-1546",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-02T08:15:09.957",
"lastModified": "2023-05-02T08:15:09.957",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/bb065397-370f-4ee1-a2c8-20e4dc4415a0",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-15xx/CVE-2023-1554.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-1554",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-02T08:15:10.023",
"lastModified": "2023-05-02T08:15:10.023",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/0d247a3d-154e-4da7-a147-c1c7e1b5e87e",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-16xx/CVE-2023-1614.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-1614",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-02T08:15:10.097",
"lastModified": "2023-05-02T08:15:10.097",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WP Custom Author URL WordPress plugin before 1.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/56abd1e2-0ea9-47f7-9a1b-2093ac15d39c",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-16xx/CVE-2023-1669.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-1669",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-02T08:15:10.180",
"lastModified": "2023-05-02T08:15:10.180",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The SEOPress WordPress plugin before 6.5.0.3 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/fb8791f5-2879-431e-9afc-06d5839e4b9d",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-17xx/CVE-2023-1730.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-1730",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-02T08:15:10.267",
"lastModified": "2023-05-02T08:15:10.267",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/44b51a56-ff05-4d50-9327-fc9bab74d4b7",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-18xx/CVE-2023-1804.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-1804",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-02T08:15:10.337",
"lastModified": "2023-05-02T08:15:10.337",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the edit parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/55b28fa6-a54f-4365-9d59-f9e331c1e11b",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-18xx/CVE-2023-1805.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-1805",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-02T08:15:10.393",
"lastModified": "2023-05-02T08:15:10.393",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/46b4582f-7651-4b74-a00b-1788587ecfa8",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-18xx/CVE-2023-1809.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-1809",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-02T08:15:10.453",
"lastModified": "2023-05-02T08:15:10.453",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/57f0a078-fbeb-4b05-8892-e6d99edb82c1",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-18xx/CVE-2023-1861.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-1861",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-02T08:15:10.517",
"lastModified": "2023-05-02T08:15:10.517",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Limit Login Attempts WordPress plugin through 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/461cbcca-aed7-4c92-ba35-ebabf4fcd810",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-19xx/CVE-2023-1911.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-1911",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-02T08:15:10.570",
"lastModified": "2023-05-02T08:15:10.570",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/e7c52af0-b210-4e7d-a5e0-ee0645ddc08c",
"source": "contact@wpscan.com"
}
]
}

55
CVE-2023/CVE-2023-20xx/CVE-2023-2000.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-2000",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-05-02T09:15:10.013",
"lastModified": "2023-05-02T09:15:10.013",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Mattermost Desktop App fails to validate a mattermost server redirection and navigates\u00a0to an arbitrary website\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

55
CVE-2023/CVE-2023-312xx/CVE-2023-31207.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31207",
"sourceIdentifier": "security@checkmk.com",
"published": "2023-05-02T09:15:10.120",
"lastModified": "2023-05-02T09:15:10.120",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access log."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@checkmk.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@checkmk.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://checkmk.com/werk/15189",
"source": "security@checkmk.com"
}
]
}

40
CVE-2023/CVE-2023-320xx/CVE-2023-32007.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-32007",
"sourceIdentifier": "security@apache.org",
"published": "2023-05-02T09:15:10.207",
"lastModified": "2023-05-02T09:15:10.207",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPORTED WHEN ASSIGNED ** The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This issue was disclosed earlier as CVE-2022-33891, but incorrectly claimed version 3.1.3 (which has since gone EOL) would not be affected.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\nUsers are recommended to upgrade to a supported version of Apache Spark, such as version 3.4.0.\n\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/poxgnxhhnzz735kr1wos366l5vdbb0nv",
"source": "security@apache.org"
},
{
"url": "https://spark.apache.org/security.html",
"source": "security@apache.org"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33891",
"source": "security@apache.org"
}
]
}

41
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-05-02T08:00:28.719397+00:00
2023-05-02T10:00:24.586602+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-05-02T06:15:10.510000+00:00
2023-05-02T09:15:10.207000+00:00
```
### Last Data Feed Release
@ -29,24 +29,35 @@ Download and Changelog: [Click](releases/latest)
### Total Number of included CVEs
```plain
213892
213914
```
### CVEs added in the last Commit
Recently added CVEs: `11`
Recently added CVEs: `22`
* [CVE-2022-25713](CVE-2022/CVE-2022-257xx/CVE-2022-25713.json) (`2023-05-02T06:15:08.500`)
* [CVE-2022-33281](CVE-2022/CVE-2022-332xx/CVE-2022-33281.json) (`2023-05-02T06:15:09.507`)
* [CVE-2022-33292](CVE-2022/CVE-2022-332xx/CVE-2022-33292.json) (`2023-05-02T06:15:09.757`)
* [CVE-2022-33304](CVE-2022/CVE-2022-333xx/CVE-2022-33304.json) (`2023-05-02T06:15:09.910`)
* [CVE-2022-33305](CVE-2022/CVE-2022-333xx/CVE-2022-33305.json) (`2023-05-02T06:15:09.997`)
* [CVE-2022-34144](CVE-2022/CVE-2022-341xx/CVE-2022-34144.json) (`2023-05-02T06:15:10.077`)
* [CVE-2022-40505](CVE-2022/CVE-2022-405xx/CVE-2022-40505.json) (`2023-05-02T06:15:10.173`)
* [CVE-2022-40508](CVE-2022/CVE-2022-405xx/CVE-2022-40508.json) (`2023-05-02T06:15:10.263`)
* [CVE-2023-21642](CVE-2023/CVE-2023-216xx/CVE-2023-21642.json) (`2023-05-02T06:15:10.347`)
* [CVE-2023-21665](CVE-2023/CVE-2023-216xx/CVE-2023-21665.json) (`2023-05-02T06:15:10.433`)
* [CVE-2023-21666](CVE-2023/CVE-2023-216xx/CVE-2023-21666.json) (`2023-05-02T06:15:10.510`)
* [CVE-2022-33273](CVE-2022/CVE-2022-332xx/CVE-2022-33273.json) (`2023-05-02T08:15:08.763`)
* [CVE-2022-40504](CVE-2022/CVE-2022-405xx/CVE-2022-40504.json) (`2023-05-02T08:15:09.437`)
* [CVE-2023-0891](CVE-2023/CVE-2023-08xx/CVE-2023-0891.json) (`2023-05-02T08:15:09.513`)
* [CVE-2023-0924](CVE-2023/CVE-2023-09xx/CVE-2023-0924.json) (`2023-05-02T08:15:09.620`)
* [CVE-2023-1021](CVE-2023/CVE-2023-10xx/CVE-2023-1021.json) (`2023-05-02T08:15:09.693`)
* [CVE-2023-1090](CVE-2023/CVE-2023-10xx/CVE-2023-1090.json) (`2023-05-02T08:15:09.753`)
* [CVE-2023-1125](CVE-2023/CVE-2023-11xx/CVE-2023-1125.json) (`2023-05-02T08:15:09.823`)
* [CVE-2023-1196](CVE-2023/CVE-2023-11xx/CVE-2023-1196.json) (`2023-05-02T09:15:09.280`)
* [CVE-2023-1525](CVE-2023/CVE-2023-15xx/CVE-2023-1525.json) (`2023-05-02T08:15:09.893`)
* [CVE-2023-1546](CVE-2023/CVE-2023-15xx/CVE-2023-1546.json) (`2023-05-02T08:15:09.957`)
* [CVE-2023-1554](CVE-2023/CVE-2023-15xx/CVE-2023-1554.json) (`2023-05-02T08:15:10.023`)
* [CVE-2023-1614](CVE-2023/CVE-2023-16xx/CVE-2023-1614.json) (`2023-05-02T08:15:10.097`)
* [CVE-2023-1669](CVE-2023/CVE-2023-16xx/CVE-2023-1669.json) (`2023-05-02T08:15:10.180`)
* [CVE-2023-1730](CVE-2023/CVE-2023-17xx/CVE-2023-1730.json) (`2023-05-02T08:15:10.267`)
* [CVE-2023-1804](CVE-2023/CVE-2023-18xx/CVE-2023-1804.json) (`2023-05-02T08:15:10.337`)
* [CVE-2023-1805](CVE-2023/CVE-2023-18xx/CVE-2023-1805.json) (`2023-05-02T08:15:10.393`)
* [CVE-2023-1809](CVE-2023/CVE-2023-18xx/CVE-2023-1809.json) (`2023-05-02T08:15:10.453`)
* [CVE-2023-1861](CVE-2023/CVE-2023-18xx/CVE-2023-1861.json) (`2023-05-02T08:15:10.517`)
* [CVE-2023-1911](CVE-2023/CVE-2023-19xx/CVE-2023-1911.json) (`2023-05-02T08:15:10.570`)
* [CVE-2023-2000](CVE-2023/CVE-2023-20xx/CVE-2023-2000.json) (`2023-05-02T09:15:10.013`)
* [CVE-2023-31207](CVE-2023/CVE-2023-312xx/CVE-2023-31207.json) (`2023-05-02T09:15:10.120`)
* [CVE-2023-32007](CVE-2023/CVE-2023-320xx/CVE-2023-32007.json) (`2023-05-02T09:15:10.207`)
### CVEs modified in the last Commit