admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-09T20:00:32.334537+00:00

Browse Source
This commit is contained in:
René Helmke 2023-05-09 22:00:35 +02:00
parent 8ef1de4353
commit 540eb98e58
90 changed files with 6989 additions and 219 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
CVE-2021/CVE-2021-263xx/CVE-2021-26354.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2021-26354",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-05-09T19:15:10.670",
"lastModified": "2023-05-09T19:15:10.670",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Insufficient bounds checking in ASP may allow an\nattacker to issue a system call from a compromised ABL which may cause\narbitrary memory values to be initialized to zero, potentially leading to a\nloss of integrity.\n\n\n\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001",
"source": "psirt@amd.com"
},
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001",
"source": "psirt@amd.com"
}
]
}

24
CVE-2021/CVE-2021-263xx/CVE-2021-26356.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2021-26356",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-05-09T19:15:10.737",
"lastModified": "2023-05-09T19:15:10.737",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A TOCTOU in ASP bootloader may allow an attacker\nto tamper with the SPI ROM following data read to memory potentially resulting\nin S3 data corruption and information disclosure.\n\n\n\n\n\n\n\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001",
"source": "psirt@amd.com"
},
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001",
"source": "psirt@amd.com"
}
]
}

20
CVE-2021/CVE-2021-263xx/CVE-2021-26365.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2021-26365",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-05-09T19:15:10.780",
"lastModified": "2023-05-09T19:15:10.780",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Certain size values in firmware binary headers\ncould trigger out of bounds reads during signature validation, leading to\ndenial of service or potentially limited leakage of information about\nout-of-bounds memory contents.\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001",
"source": "psirt@amd.com"
}
]
}

24
CVE-2021/CVE-2021-263xx/CVE-2021-26371.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2021-26371",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-05-09T19:15:10.820",
"lastModified": "2023-05-09T19:15:10.820",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A compromised or malicious ABL or UApp could\nsend a SHA256 system call to the bootloader, which may result in exposure of\nASP memory to userspace, potentially leading to information disclosure.\n\n\n\n\n\n\n\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001",
"source": "psirt@amd.com"
},
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001",
"source": "psirt@amd.com"
}
]
}

20
CVE-2021/CVE-2021-263xx/CVE-2021-26379.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2021-26379",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-05-09T19:15:10.863",
"lastModified": "2023-05-09T19:15:10.863",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Insufficient input validation of mailbox data in the\nSMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially\nleading to a loss of integrity and privilege escalation.\n\n\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001",
"source": "psirt@amd.com"
}
]
}

20
CVE-2021/CVE-2021-263xx/CVE-2021-26397.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2021-26397",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-05-09T19:15:10.903",
"lastModified": "2023-05-09T19:15:10.903",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Insufficient address validation, may allow an\nattacker with a compromised ABL and UApp to corrupt sensitive memory locations\npotentially resulting in a loss of integrity or availability.\n\n\n\n\n\n\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001",
"source": "psirt@amd.com"
}
]
}

24
CVE-2021/CVE-2021-264xx/CVE-2021-26406.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2021-26406",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-05-09T19:15:10.943",
"lastModified": "2023-05-09T19:15:10.943",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Insufficient validation in parsing Owner's\nCertificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization)\nand SEV-ES user application can lead to a host crash potentially resulting in\ndenial of service.\n\n\n\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001",
"source": "psirt@amd.com"
},
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001",
"source": "psirt@amd.com"
}
]
}

8
CVE-2021/CVE-2021-428xx/CVE-2021-42847.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-42847", "id": "CVE-2021-42847",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2021-11-11T05:15:09.597", "published": "2021-11-11T05:15:09.597",
"lastModified": "2022-04-27T17:13:41.687", "lastModified": "2023-05-09T18:15:11.397",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -124,6 +124,10 @@
} }
], ],
"references": [ "references": [
{
"url": "http://packetstormsecurity.com/files/172258/ManageEngine-ADAudit-Plus-Remote-Code-Execution.html",
"source": "cve@mitre.org"
},
{ {
"url": "https://pitstop.manageengine.com/portal/en/community/topic/fix-released-for-a-vulnerability-in-manageengine-adaudit-plus", "url": "https://pitstop.manageengine.com/portal/en/community/topic/fix-released-for-a-vulnerability-in-manageengine-adaudit-plus",
"source": "cve@mitre.org", "source": "cve@mitre.org",

20
CVE-2021/CVE-2021-467xx/CVE-2021-46749.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2021-46749",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-05-09T19:15:10.997",
"lastModified": "2023-05-09T19:15:10.997",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Insufficient bounds checking in ASP (AMD Secure\nProcessor) may allow for an out of bounds read in SMI (System Management\nInterface) mailbox checksum calculation triggering a data abort, resulting in a\npotential denial of service.\n\n\n\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001",
"source": "psirt@amd.com"
}
]
}

20
CVE-2021/CVE-2021-467xx/CVE-2021-46753.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2021-46753",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-05-09T19:15:11.040",
"lastModified": "2023-05-09T19:15:11.040",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Failure to validate the length fields of the ASP\n(AMD Secure Processor) sensor fusion hub headers may allow an attacker with a\nmalicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite\ndata structures leading to a potential loss of confidentiality and integrity.\n\n\n\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001",
"source": "psirt@amd.com"
}
]
}

20
CVE-2021/CVE-2021-467xx/CVE-2021-46762.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2021-46762",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-05-09T19:15:11.080",
"lastModified": "2023-05-09T19:15:11.080",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Insufficient input validation in the SMU may\nallow an attacker to corrupt SMU SRAM potentially leading to a loss of\nintegrity or denial of service.\n\n\n\n\n\n\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001",
"source": "psirt@amd.com"
}
]
}

20
CVE-2021/CVE-2021-467xx/CVE-2021-46763.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2021-46763",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-05-09T19:15:11.123",
"lastModified": "2023-05-09T19:15:11.123",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Insufficient input validation in the SMU may\nenable a privileged attacker to write beyond the intended bounds of a shared\nmemory buffer potentially leading to a loss of integrity.\n\n\n\n\n\n\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001",
"source": "psirt@amd.com"
}
]
}

20
CVE-2021/CVE-2021-467xx/CVE-2021-46764.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2021-46764",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-05-09T19:15:11.160",
"lastModified": "2023-05-09T19:15:11.160",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper validation of DRAM addresses in SMU may\nallow an attacker to overwrite sensitive memory locations within the ASP\npotentially resulting in a denial of service.\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001",
"source": "psirt@amd.com"
}
]
}

20
CVE-2021/CVE-2021-467xx/CVE-2021-46769.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2021-46769",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-05-09T19:15:11.200",
"lastModified": "2023-05-09T19:15:11.200",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Insufficient syscall input validation in the ASP\nBootloader may allow a privileged attacker to execute arbitrary DMA copies,\nwhich can lead to code execution. \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001",
"source": "psirt@amd.com"
}
]
}

20
CVE-2021/CVE-2021-467xx/CVE-2021-46775.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2021-46775",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-05-09T19:15:11.240",
"lastModified": "2023-05-09T19:15:11.240",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in ABL may enable an\nattacker with physical access, to perform arbitrary memory overwrites,\npotentially leading to a loss of integrity and code execution.\n\n\n\n \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001",
"source": "psirt@amd.com"
}
]
}

10
CVE-2022/CVE-2022-209xx/CVE-2022-20929.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-20929", "id": "CVE-2022-20929",
"sourceIdentifier": "ykramarz@cisco.com", "sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-03-10T21:15:10.963", "published": "2023-03-10T21:15:10.963",
"lastModified": "2023-03-16T13:22:15.433", "lastModified": "2023-05-09T18:15:11.500",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade files. An attacker could exploit this vulnerability by providing an administrator with an unauthentic upgrade file. A successful exploit could allow the attacker to fully compromise the Cisco NFVIS system." "value": "A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload.\r\n This vulnerability is due to insufficient cryptographic signature verification of upgrade files. An attacker could exploit this vulnerability by providing an administrator with an unauthentic upgrade file. A successful exploit could allow the attacker to fully compromise the Cisco NFVIS system."
} }
], ],
"metrics": { "metrics": {
@ -86,6 +86,10 @@
} }
], ],
"references": [ "references": [
{
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-4f6q-86ww-gmcr",
"source": "ykramarz@cisco.com"
},
{ {
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-ISV-BQrvEv2h", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-ISV-BQrvEv2h",
"source": "ykramarz@cisco.com", "source": "ykramarz@cisco.com",

8
CVE-2022/CVE-2022-212xx/CVE-2022-21229.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-21229", "id": "CVE-2022-21229",
"sourceIdentifier": "secure@intel.com", "sourceIdentifier": "secure@intel.com",
"published": "2022-08-18T20:15:10.217", "published": "2022-08-18T20:15:10.217",
"lastModified": "2022-08-23T18:54:30.627", "lastModified": "2023-05-09T19:15:11.283",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -102,6 +102,10 @@
"tags": [ "tags": [
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00809.html",
"source": "secure@intel.com"
} }
] ]
} }

20
CVE-2022/CVE-2022-238xx/CVE-2022-23818.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2022-23818",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-05-09T19:15:11.367",
"lastModified": "2023-05-09T19:15:11.367",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Insufficient input validation on the model\nspecific register: VM_HSAVE_PA may potentially lead to loss of SEV-SNP guest\nmemory integrity.\n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001",
"source": "psirt@amd.com"
}
]
}

84
CVE-2022/CVE-2022-252xx/CVE-2022-25273.json Normal file
View File

@ -0,0 +1,84 @@
{
"id": "CVE-2022-25273",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2023-04-26T14:15:09.203",
"lastModified": "2023-05-09T18:47:56.107",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "9.2.18",
"matchCriteriaId": "653CCAE2-C806-4269-AA91-17888FCE459E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.3.0",
"versionEndExcluding": "9.3.12",
"matchCriteriaId": "6F986047-8C92-4348-A6B5-B385DBB91B45"
}
]
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-core-2022-008",
"source": "mlhess@drupal.org",
"tags": [
"Vendor Advisory"
]
}
]
}

77
CVE-2022/CVE-2022-252xx/CVE-2022-25274.json Normal file
View File

@ -0,0 +1,77 @@
{
"id": "CVE-2022-25274",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2023-04-26T14:15:09.300",
"lastModified": "2023-05-09T19:11:17.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and media content. This vulnerability only affects sites using Drupal's revision system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.3.0",
"versionEndExcluding": "9.3.12",
"matchCriteriaId": "6F986047-8C92-4348-A6B5-B385DBB91B45"
}
]
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-core-2022-009",
"source": "mlhess@drupal.org",
"tags": [
"Vendor Advisory"
]
}
]
}

84
CVE-2022/CVE-2022-252xx/CVE-2022-25277.json Normal file
View File

@ -0,0 +1,84 @@
{
"id": "CVE-2022-25277",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2023-04-26T15:15:08.710",
"lastModified": "2023-05-09T19:26:40.053",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). However, the protections for these two vulnerabilities previously did not work correctly together. As a result, if the site were configured to allow the upload of files with an htaccess extension, these files' filenames would not be properly sanitized. This could allow bypassing the protections provided by Drupal core's default .htaccess files and possible remote code execution on Apache web servers. This issue is mitigated by the fact that it requires a field administrator to explicitly configure a file field to allow htaccess as an extension (a restricted permission), or a contributed module or custom code that overrides allowed file uploads."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "9.3.19",
"matchCriteriaId": "5C7F59B6-66D0-4A58-B240-25C001836889"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.4.0",
"versionEndExcluding": "9.4.3",
"matchCriteriaId": "14FEC723-33EE-4E64-B221-86163C584F05"
}
]
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-core-2022-014",
"source": "mlhess@drupal.org",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2022/CVE-2022-257xx/CVE-2022-25772.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-25772", "id": "CVE-2022-25772",
"sourceIdentifier": "security@mautic.org", "sourceIdentifier": "security@mautic.org",
"published": "2022-06-20T13:15:07.973", "published": "2022-06-20T13:15:07.973",
"lastModified": "2022-06-27T18:42:23.703", "lastModified": "2023-05-09T19:15:11.413",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -130,6 +130,10 @@
"tags": [ "tags": [
"Third Party Advisory" "Third Party Advisory"
] ]
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00847.html",
"source": "security@mautic.org"
} }
] ]
} }

6
CVE-2022/CVE-2022-288xx/CVE-2022-28888.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-28888", "id": "CVE-2022-28888",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2022-07-13T18:15:08.897", "published": "2022-07-13T18:15:08.897",
"lastModified": "2023-05-09T04:15:42.127", "lastModified": "2023-05-09T18:15:11.600",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
@ -102,6 +102,10 @@
"Third Party Advisory" "Third Party Advisory"
] ]
}, },
{
"url": "http://packetstormsecurity.com/files/172257/Spryker-Commerce-OS-1.0-SQL-Injection.html",
"source": "cve@mitre.org"
},
{ {
"url": "http://seclists.org/fulldisclosure/2022/Jul/4", "url": "http://seclists.org/fulldisclosure/2022/Jul/4",
"source": "cve@mitre.org", "source": "cve@mitre.org",

2797
CVE-2022/CVE-2022-332xx/CVE-2022-33273.json
View File

File diff suppressed because it is too large Load Diff

53
CVE-2022/CVE-2022-458xx/CVE-2022-45801.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2022-45801", "id": "CVE-2022-45801",
"sourceIdentifier": "security@apache.org", "sourceIdentifier": "security@apache.org",
"published": "2023-05-01T15:15:08.790", "published": "2023-05-01T15:15:08.790",
"lastModified": "2023-05-01T20:07:36.203", "lastModified": "2023-05-09T18:09:27.697",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability.\nLDAP Injection is an attack used to exploit web based applications\nthat construct LDAP statements based on user input. When an\napplication fails to properly sanitize user input, it's possible to\nmodify LDAP statements through techniques similar to SQL Injection.\nLDAP injection attacks could result in the granting of permissions to\nunauthorized queries, and content modification inside the LDAP tree.\nThis risk may only occur when the user logs in with ldap, and the user\nname and password login will not be affected, Users of the affected\nversions should upgrade to Apache StreamPark 2.0.0 or later.\n\n\n\n\n\n\n" "value": "Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability.\nLDAP Injection is an attack used to exploit web based applications\nthat construct LDAP statements based on user input. When an\napplication fails to properly sanitize user input, it's possible to\nmodify LDAP statements through techniques similar to SQL Injection.\nLDAP injection attacks could result in the granting of permissions to\nunauthorized queries, and content modification inside the LDAP tree.\nThis risk may only occur when the user logs in with ldap, and the user\nname and password login will not be affected, Users of the affected\nversions should upgrade to Apache StreamPark 2.0.0 or later.\n\n\n\n\n\n\n"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "security@apache.org", "source": "security@apache.org",
@ -23,10 +46,32 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.0",
"versionEndExcluding": "2.0.0",
"matchCriteriaId": "18DFDC98-85AB-453B-AC21-4FA48A193C46"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://lists.apache.org/thread/xbkwwpkp3n2rs2wcxg8l26mhsftxwwr9", "url": "https://lists.apache.org/thread/xbkwwpkp3n2rs2wcxg8l26mhsftxwwr9",
"source": "security@apache.org" "source": "security@apache.org",
"tags": [
"Mailing List"
]
} }
] ]
} }

64
CVE-2022/CVE-2022-458xx/CVE-2022-45802.json
View File

@ -2,19 +2,52 @@
"id": "CVE-2022-45802", "id": "CVE-2022-45802",
"sourceIdentifier": "security@apache.org", "sourceIdentifier": "security@apache.org",
"published": "2023-05-01T15:15:08.943", "published": "2023-05-01T15:15:08.943",
"lastModified": "2023-05-01T20:07:36.203", "lastModified": "2023-05-09T18:10:43.900",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some high-risk files, and may upload them to any directory,\u00a0Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later\n\n\n\n\n\n\n" "value": "Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some high-risk files, and may upload them to any directory,\u00a0Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later\n\n\n\n\n\n\n"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "security@apache.org", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "security@apache.org",
"type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -23,10 +56,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.0",
"matchCriteriaId": "7E17C8C2-2867-4E05-9B20-45BBB1BDDE39"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://lists.apache.org/thread/thwl1v2h6r3c21x1qwff08o57qzjnst6", "url": "https://lists.apache.org/thread/thwl1v2h6r3c21x1qwff08o57qzjnst6",
"source": "security@apache.org" "source": "security@apache.org",
"tags": [
"Mailing List"
]
} }
] ]
} }

65
CVE-2022/CVE-2022-463xx/CVE-2022-46365.json
View File

@ -2,19 +2,52 @@
"id": "CVE-2022-46365", "id": "CVE-2022-46365",
"sourceIdentifier": "security@apache.org", "sourceIdentifier": "security@apache.org",
"published": "2023-05-01T15:15:09.013", "published": "2023-05-01T15:15:09.013",
"lastModified": "2023-05-01T20:07:26.670", "lastModified": "2023-05-09T18:04:19.747",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer\u00a0as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to send any username to modify and reset the account,\u00a0Users of the affected\u00a0versions should upgrade to Apache StreamPark 2.0.0 or later.\n\n\n\n\n" "value": "Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer\u00a0as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to send any username to modify and reset the account,\u00a0Users of the affected\u00a0versions should upgrade to Apache StreamPark 2.0.0 or later.\n\n\n\n\n"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "security@apache.org", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@apache.org",
"type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -23,10 +56,32 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.0",
"versionEndExcluding": "2.0.0",
"matchCriteriaId": "18DFDC98-85AB-453B-AC21-4FA48A193C46"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://lists.apache.org/thread/f68lcwrp8pcdc4yrbpcm8j7m0f5mjn7h", "url": "https://lists.apache.org/thread/f68lcwrp8pcdc4yrbpcm8j7m0f5mjn7h",
"source": "security@apache.org" "source": "security@apache.org",
"tags": [
"Mailing List"
]
} }
] ]
} }

71
CVE-2022/CVE-2022-478xx/CVE-2022-47877.json
View File

@ -2,23 +2,84 @@
"id": "CVE-2022-47877", "id": "CVE-2022-47877",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-05-02T20:15:10.590", "published": "2023-05-02T20:15:10.590",
"lastModified": "2023-05-05T19:15:15.393", "lastModified": "2023-05-09T19:42:15.130",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module 'log'." "value": "A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module 'log'."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jedox:jedox:2020.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD31D96-EC95-4111-A9A8-504144689CFF"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://packetstormsecurity.com/files/172153/Jedox-2020.2.5-Cross-Site-Scripting.html", "url": "http://packetstormsecurity.com/files/172153/Jedox-2020.2.5-Cross-Site-Scripting.html",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf", "url": "https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

104
CVE-2023/CVE-2023-01xx/CVE-2023-0155.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0155", "id": "CVE-2023-0155",
"sourceIdentifier": "cve@gitlab.com", "sourceIdentifier": "cve@gitlab.com",
"published": "2023-05-03T21:15:16.323", "published": "2023-05-03T21:15:16.323",
"lastModified": "2023-05-04T13:03:12.273", "lastModified": "2023-05-09T19:53:24.107",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{ {
"source": "cve@gitlab.com", "source": "cve@gitlab.com",
"type": "Secondary", "type": "Secondary",
@ -34,18 +54,92 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionEndExcluding": "15.8.5",
"matchCriteriaId": "3FD921B9-00B8-4C39-BC84-80DA843763B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "15.8.5",
"matchCriteriaId": "535B468A-3815-4E7A-AC3E-D1A42434588A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "15.9",
"versionEndExcluding": "15.9.5",
"matchCriteriaId": "7CE5E35C-CCD0-4C30-8256-38738D268499"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "15.9",
"versionEndExcluding": "15.9.5",
"matchCriteriaId": "AD24CB10-DA4E-4411-A901-384B03B70DCA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "15.10",
"versionEndExcluding": "15.10.1",
"matchCriteriaId": "FAEB14CD-BB39-4C93-8BA0-3D2877F208A2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "15.10",
"versionEndExcluding": "15.10.1",
"matchCriteriaId": "ADCD2B7B-6E9B-444C-AFC7-BE56381F649C"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0155.json", "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0155.json",
"source": "cve@gitlab.com" "source": "cve@gitlab.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/387638", "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/387638",
"source": "cve@gitlab.com" "source": "cve@gitlab.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://hackerone.com/reports/1817250", "url": "https://hackerone.com/reports/1817250",
"source": "cve@gitlab.com" "source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
} }
] ]
} }

84
CVE-2023/CVE-2023-04xx/CVE-2023-0485.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0485", "id": "CVE-2023-0485",
"sourceIdentifier": "cve@gitlab.com", "sourceIdentifier": "cve@gitlab.com",
"published": "2023-05-03T21:15:16.577", "published": "2023-05-03T21:15:16.577",
"lastModified": "2023-05-04T13:03:12.273", "lastModified": "2023-05-09T19:53:10.287",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{ {
"source": "cve@gitlab.com", "source": "cve@gitlab.com",
"type": "Secondary", "type": "Secondary",
@ -34,18 +54,72 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.11",
"versionEndExcluding": "15.8.5",
"matchCriteriaId": "5709DC7C-DB07-41E0-8260-E2ED19B8FFAC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.9",
"versionEndExcluding": "15.9.4",
"matchCriteriaId": "B1317C77-8DC5-4F9C-928A-3F561C8D3CAD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.11",
"versionEndExcluding": "15.11.1",
"matchCriteriaId": "324922C6-938D-42CA-BA80-8BEEB29DAEC0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0485.json", "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0485.json",
"source": "cve@gitlab.com" "source": "cve@gitlab.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/389191", "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/389191",
"source": "cve@gitlab.com" "source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
}, },
{ {
"url": "https://hackerone.com/reports/1837937", "url": "https://hackerone.com/reports/1837937",
"source": "cve@gitlab.com" "source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
} }
] ]
} }

64
CVE-2023/CVE-2023-14xx/CVE-2023-1477.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1477", "id": "CVE-2023-1477",
"sourceIdentifier": "security@hypr.com", "sourceIdentifier": "security@hypr.com",
"published": "2023-04-28T15:15:10.633", "published": "2023-04-28T15:15:10.633",
"lastModified": "2023-04-28T17:06:22.820", "lastModified": "2023-05-09T19:38:42.500",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{ {
"source": "security@hypr.com", "source": "security@hypr.com",
"type": "Secondary", "type": "Secondary",
@ -35,6 +55,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{ {
"source": "security@hypr.com", "source": "security@hypr.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +76,38 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hypr:keycloak_authenticator:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.10.2",
"matchCriteriaId": "16BBA4C6-9D25-48D1-94E8-6208707F3E82"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hypr:keycloak_authenticator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.0.3",
"matchCriteriaId": "C46FEC6C-01FC-4C25-8D8A-9BBFDBB2AB99"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.hypr.com/security-advisories", "url": "https://www.hypr.com/security-advisories",
"source": "security@hypr.com" "source": "security@hypr.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

47
CVE-2023/CVE-2023-200xx/CVE-2023-20046.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-20046",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-05-09T18:15:11.697",
"lastModified": "2023-05-09T18:23:37.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device.\r\n\r This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to an affected device from a host that has an IP address that is configured as the source for a high-privileged user account. A successful exploit could allow the attacker to log in to the affected device through SSH as a high-privileged user.\r\n\r There are workarounds that address this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-j7p3-gjw6-pp4r",
"source": "ykramarz@cisco.com"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h",
"source": "ykramarz@cisco.com"
}
]
}

47
CVE-2023/CVE-2023-200xx/CVE-2023-20098.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-20098",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-05-09T18:15:11.760",
"lastModified": "2023-05-09T18:23:34.853",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of Cisco SDWAN vManage Software could allow an authenticated, local attacker to delete arbitrary files.\r\n\r This vulnerability is due to improper filtering of directory traversal character sequences within system commands. An attacker with administrative privileges could exploit this vulnerability by running a system command containing directory traversal character sequences to target an arbitrary file. A successful exploit could allow the attacker to delete arbitrary files from the system, including files owned by root."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-5j43-q336-92ch",
"source": "ykramarz@cisco.com"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmanage-wfnqmYhN",
"source": "ykramarz@cisco.com"
}
]
}

20
CVE-2023/CVE-2023-205xx/CVE-2023-20520.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-20520",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-05-09T19:15:11.507",
"lastModified": "2023-05-09T19:15:11.507",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper access control settings in ASP\nBootloader may allow an attacker to corrupt the return address causing a\nstack-based buffer overrun potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001",
"source": "psirt@amd.com"
}
]
}

20
CVE-2023/CVE-2023-205xx/CVE-2023-20524.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-20524",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-05-09T19:15:11.550",
"lastModified": "2023-05-09T19:15:11.550",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An attacker with a compromised ASP could\npossibly send malformed commands to an ASP on another CPU, resulting in an out\nof bounds write, potentially leading to a loss a loss of integrity.\n\n\n\n\n\n\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001",
"source": "psirt@amd.com"
}
]
}

84
CVE-2023/CVE-2023-20xx/CVE-2023-2069.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2069", "id": "CVE-2023-2069",
"sourceIdentifier": "cve@gitlab.com", "sourceIdentifier": "cve@gitlab.com",
"published": "2023-05-03T21:15:21.590", "published": "2023-05-03T21:15:21.590",
"lastModified": "2023-05-04T13:03:12.273", "lastModified": "2023-05-09T19:58:32.077",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{ {
"source": "cve@gitlab.com", "source": "cve@gitlab.com",
"type": "Secondary", "type": "Secondary",
@ -34,18 +54,72 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0",
"versionEndExcluding": "12.9.8",
"matchCriteriaId": "97201C83-37F2-46AB-B62A-CC351E6BF563"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.10.0",
"versionEndExcluding": "12.10.7",
"matchCriteriaId": "A60404F1-9B3B-4249-A49F-407E09B1377F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.0.1",
"matchCriteriaId": "D5EA4F3B-E5F3-4CFD-AE17-4FDF3FE78535"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2069.json", "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2069.json",
"source": "cve@gitlab.com" "source": "cve@gitlab.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/407374", "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/407374",
"source": "cve@gitlab.com" "source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
}, },
{ {
"url": "https://hackerone.com/reports/1939987", "url": "https://hackerone.com/reports/1939987",
"source": "cve@gitlab.com" "source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
} }
] ]
} }

72
CVE-2023/CVE-2023-22xx/CVE-2023-2247.json
View File

@ -2,19 +2,83 @@
"id": "CVE-2023-2247", "id": "CVE-2023-2247",
"sourceIdentifier": "security@octopus.com", "sourceIdentifier": "security@octopus.com",
"published": "2023-05-02T05:15:28.113", "published": "2023-05-02T05:15:28.113",
"lastModified": "2023-05-02T12:56:18.213", "lastModified": "2023-05-09T18:23:24.153",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function" "value": "In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:octopus:octopus_deploy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2018.3.0",
"versionEndExcluding": "2022.3.10929",
"matchCriteriaId": "22D1704B-F501-407B-83F5-97C5E5FB8239"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:octopus:octopus_deploy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2022.4.0",
"versionEndExcluding": "2022.4.8319",
"matchCriteriaId": "1DDA3B08-F921-4FE4-BBE3-BCC72E60A27F"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://advisories.octopus.com/post/2023/sa2023-07/", "url": "https://advisories.octopus.com/post/2023/sa2023-07/",
"source": "security@octopus.com" "source": "security@octopus.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

46
CVE-2023/CVE-2023-248xx/CVE-2023-24892.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-24892", "id": "CVE-2023-24892",
"sourceIdentifier": "secure@microsoft.com", "sourceIdentifier": "secure@microsoft.com",
"published": "2023-03-14T17:15:18.197", "published": "2023-03-14T17:15:18.197",
"lastModified": "2023-03-22T12:57:58.237", "lastModified": "2023-05-09T18:15:11.823",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -13,8 +13,28 @@
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "nvd@nist.gov", "source": "secure@microsoft.com",
"type": "Primary", "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
@ -31,26 +51,6 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 1.4 "impactScore": 1.4
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
} }
] ]
}, },

43
CVE-2023/CVE-2023-248xx/CVE-2023-24898.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-24898",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:11.913",
"lastModified": "2023-05-09T18:23:34.853",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows SMB Denial of Service Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24898",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-248xx/CVE-2023-24899.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-24899",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:11.970",
"lastModified": "2023-05-09T18:23:34.853",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Graphics Component Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24899",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-249xx/CVE-2023-24900.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-24900",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:12.033",
"lastModified": "2023-05-09T18:23:34.853",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows NTLM Security Support Provider Information Disclosure Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24900",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-249xx/CVE-2023-24901.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-24901",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:12.097",
"lastModified": "2023-05-09T18:23:34.853",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows NFS Portmapper Information Disclosure Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24901",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-249xx/CVE-2023-24902.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-24902",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:12.157",
"lastModified": "2023-05-09T18:23:34.853",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Win32k Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24902",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-249xx/CVE-2023-24903.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-24903",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:12.217",
"lastModified": "2023-05-09T18:23:34.853",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24903",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-249xx/CVE-2023-24904.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-24904",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:12.280",
"lastModified": "2023-05-09T18:23:34.853",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Installer Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24904",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-249xx/CVE-2023-24905.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-24905",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:12.347",
"lastModified": "2023-05-09T18:23:34.853",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Remote Desktop Client Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24905",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-249xx/CVE-2023-24932.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-24932",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:12.407",
"lastModified": "2023-05-09T18:23:34.853",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Secure Boot Security Feature Bypass Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-249xx/CVE-2023-24939.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-24939",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:12.467",
"lastModified": "2023-05-09T18:23:34.853",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Server for NFS Denial of Service Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24939",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-249xx/CVE-2023-24940.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-24940",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:12.527",
"lastModified": "2023-05-09T18:23:34.853",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24940",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-249xx/CVE-2023-24941.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-24941",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:12.587",
"lastModified": "2023-05-09T18:23:34.853",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Network File System Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24941",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-249xx/CVE-2023-24942.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-24942",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:12.643",
"lastModified": "2023-05-09T18:23:34.853",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Remote Procedure Call Runtime Denial of Service Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24942",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-249xx/CVE-2023-24943.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-24943",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:12.720",
"lastModified": "2023-05-09T18:23:34.853",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24943",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-249xx/CVE-2023-24944.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-24944",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:12.780",
"lastModified": "2023-05-09T18:23:34.853",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Bluetooth Driver Information Disclosure Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24944",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-249xx/CVE-2023-24945.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-24945",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:12.840",
"lastModified": "2023-05-09T18:23:34.853",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows iSCSI Target Service Information Disclosure Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24945",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-249xx/CVE-2023-24946.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-24946",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:12.900",
"lastModified": "2023-05-09T18:23:34.853",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Backup Service Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24946",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-249xx/CVE-2023-24947.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-24947",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:12.960",
"lastModified": "2023-05-09T18:23:34.853",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Bluetooth Driver Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24947",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-249xx/CVE-2023-24948.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-24948",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:13.017",
"lastModified": "2023-05-09T18:23:34.853",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Bluetooth Driver Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24948",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-249xx/CVE-2023-24949.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-24949",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:13.080",
"lastModified": "2023-05-09T18:23:25.203",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Kernel Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24949",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-249xx/CVE-2023-24950.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-24950",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:13.143",
"lastModified": "2023-05-09T18:23:25.203",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft SharePoint Server Spoofing Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24950",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-249xx/CVE-2023-24953.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-24953",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:13.203",
"lastModified": "2023-05-09T18:23:25.203",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24953",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-249xx/CVE-2023-24954.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-24954",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:13.260",
"lastModified": "2023-05-09T18:23:25.203",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft SharePoint Server Information Disclosure Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24954",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-249xx/CVE-2023-24955.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-24955",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:13.317",
"lastModified": "2023-05-09T18:23:25.203",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft SharePoint Server Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24955",
"source": "secure@microsoft.com"
}
]
}

55
CVE-2023/CVE-2023-24xx/CVE-2023-2479.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2479", "id": "CVE-2023-2479",
"sourceIdentifier": "security@huntr.dev", "sourceIdentifier": "security@huntr.dev",
"published": "2023-05-02T15:15:23.760", "published": "2023-05-02T15:15:23.760",
"lastModified": "2023-05-03T10:33:50.897", "lastModified": "2023-05-09T18:48:53.560",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -11,6 +11,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "security@huntr.dev", "source": "security@huntr.dev",
@ -46,14 +68,39 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:appim:appium-desktop:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.22.3-4",
"matchCriteriaId": "5433D376-10A9-4706-A432-036DD89C5F89"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/appium/appium-desktop/commit/12a988aa08b9822e97056a09486c9bebb3aad8fe", "url": "https://github.com/appium/appium-desktop/commit/12a988aa08b9822e97056a09486c9bebb3aad8fe",
"source": "security@huntr.dev" "source": "security@huntr.dev",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://huntr.dev/bounties/fbdeec3c-d197-4a68-a547-7f93fb9594b4", "url": "https://huntr.dev/bounties/fbdeec3c-d197-4a68-a547-7f93fb9594b4",
"source": "security@huntr.dev" "source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

59
CVE-2023/CVE-2023-26xx/CVE-2023-2609.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-2609",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-05-09T18:15:14.147",
"lastModified": "2023-05-09T18:23:25.203",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://github.com/vim/vim/commit/d1ae8366aff286d41e7f5bc513cc0a1af5130aad",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622",
"source": "security@huntr.dev"
}
]
}

6
CVE-2023/CVE-2023-275xx/CVE-2023-27568.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-27568", "id": "CVE-2023-27568",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-05-04T02:15:19.103", "published": "2023-05-04T02:15:19.103",
"lastModified": "2023-05-09T04:15:42.390", "lastModified": "2023-05-09T18:15:13.370",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Undergoing Analysis",
"descriptions": [ "descriptions": [
{ {
@ -12,6 +12,10 @@
], ],
"metrics": {}, "metrics": {},
"references": [ "references": [
{
"url": "http://packetstormsecurity.com/files/172257/Spryker-Commerce-OS-1.0-SQL-Injection.html",
"source": "cve@mitre.org"
},
{ {
"url": "http://seclists.org/fulldisclosure/2023/May/2", "url": "http://seclists.org/fulldisclosure/2023/May/2",
"source": "cve@mitre.org" "source": "cve@mitre.org"

43
CVE-2023/CVE-2023-282xx/CVE-2023-28251.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-28251",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:13.433",
"lastModified": "2023-05-09T18:23:25.203",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Driver Revocation List Security Feature Bypass Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28251",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-282xx/CVE-2023-28283.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-28283",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:13.490",
"lastModified": "2023-05-09T18:23:25.203",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28283",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-282xx/CVE-2023-28290.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-28290",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:13.547",
"lastModified": "2023-05-09T18:23:25.203",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28290",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-293xx/CVE-2023-29324.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-29324",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:13.607",
"lastModified": "2023-05-09T18:23:25.203",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows MSHTML Platform Security Feature Bypass Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29324",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-293xx/CVE-2023-29325.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-29325",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:13.667",
"lastModified": "2023-05-09T18:23:25.203",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows OLE Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29325",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-293xx/CVE-2023-29333.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-29333",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:13.727",
"lastModified": "2023-05-09T18:23:25.203",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Access Denial of Service Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29333",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-293xx/CVE-2023-29335.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-29335",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:13.783",
"lastModified": "2023-05-09T18:23:25.203",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word Security Feature Bypass Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29335",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-293xx/CVE-2023-29336.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-29336",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:13.840",
"lastModified": "2023-05-09T18:23:25.203",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Win32k Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29336",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-293xx/CVE-2023-29338.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-29338",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:13.900",
"lastModified": "2023-05-09T18:23:25.203",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Visual Studio Code Information Disclosure Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29338",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-293xx/CVE-2023-29340.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-29340",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:13.967",
"lastModified": "2023-05-09T18:23:25.203",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "AV1 Video Extension Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29340",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-293xx/CVE-2023-29341.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-29341",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:14.027",
"lastModified": "2023-05-09T18:23:25.203",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "AV1 Video Extension Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29341",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-293xx/CVE-2023-29343.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-29343",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:14.087",
"lastModified": "2023-05-09T18:23:25.203",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SysInternals Sysmon for Windows Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29343",
"source": "secure@microsoft.com"
}
]
}

77
CVE-2023/CVE-2023-297xx/CVE-2023-29772.json
View File

@ -2,19 +2,88 @@
"id": "CVE-2023-29772", "id": "CVE-2023-29772",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-05-02T13:15:24.957", "published": "2023-05-02T13:15:24.957",
"lastModified": "2023-05-02T13:29:57.300", "lastModified": "2023-05-09T18:40:44.477",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A Cross-site scripting (XSS) vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request." "value": "A Cross-site scripting (XSS) vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:asus:rt-ac51u_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.0.0.4.380.8591",
"matchCriteriaId": "09C8149E-4EAB-4FBB-A06A-470FCDD5CBE7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:asus:rt-ac51u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24748D40-7F43-44DA-BBEF-46D85D2AADA3"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://gitlab.com/donnm/cves/-/blob/master/xss_rtac51u_syslog.md", "url": "https://gitlab.com/donnm/cves/-/blob/master/xss_rtac51u_syslog.md",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

64
CVE-2023/CVE-2023-299xx/CVE-2023-29918.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-29918", "id": "CVE-2023-29918",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-05-02T16:15:09.027", "published": "2023-05-02T16:15:09.027",
"lastModified": "2023-05-03T10:33:50.897", "lastModified": "2023-05-09T19:27:09.447",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module." "value": "RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rosariosis:rosariosis:10.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ECEECA22-0CCE-46C9-A4F9-920A24D8D042"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://docs.google.com/document/d/1JAhJOlfKKD5Y5zEKo0_8a3A-nQ7Dz_GIMmlXmOvXV48/edit?usp=sharing", "url": "https://docs.google.com/document/d/1JAhJOlfKKD5Y5zEKo0_8a3A-nQ7Dz_GIMmlXmOvXV48/edit?usp=sharing",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

63
CVE-2023/CVE-2023-302xx/CVE-2023-30204.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-30204", "id": "CVE-2023-30204",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-05-03T21:15:23.643", "published": "2023-05-03T21:15:23.643",
"lastModified": "2023-05-04T13:03:12.273", "lastModified": "2023-05-09T19:43:20.183",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the judge_id parameter at /php-jms/edit_judge.php." "value": "Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the judge_id parameter at /php-jms/edit_judge.php."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:judging_management_system_project:judging_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FAE693B0-3497-406C-AD53-36AC05735004"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/judging-management-system/SQLi-3.md", "url": "https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/judging-management-system/SQLi-3.md",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

8
CVE-2023/CVE-2023-302xx/CVE-2023-30268.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30268", "id": "CVE-2023-30268",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-05-04T20:15:10.567", "published": "2023-05-04T20:15:10.567",
"lastModified": "2023-05-05T13:33:53.507", "lastModified": "2023-05-09T18:15:14.210",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Undergoing Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -15,10 +15,6 @@
{ {
"url": "https://gist.github.com/HuBenLab/16dc2f87f91a6f8c60eefce5abf18c08", "url": "https://gist.github.com/HuBenLab/16dc2f87f91a6f8c60eefce5abf18c08",
"source": "cve@mitre.org" "source": "cve@mitre.org"
},
{
"url": "https://github.com/HuBenLab/HuBenVulList/blob/main/CLTPHP6.0%20Improper%20Input%20Validation%202.md",
"source": "cve@mitre.org"
} }
] ]
} }

117
CVE-2023/CVE-2023-308xx/CVE-2023-30838.json Normal file
View File

@ -0,0 +1,117 @@
{
"id": "CVE-2023-30838",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-25T19:15:11.160",
"lastModified": "2023-05-09T19:46:44.303",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the `ValidateCore::isCleanHTML()` method of Prestashop misses hijackable events which can lead to cross-site scripting (XSS) injection, allowed by the presence of pre-setup `@keyframes` methods. This XSS, which hijacks HTML attributes, can be triggered without any interaction by the visitor/administrator, which makes it as dangerous as a trivial XSS attack. Contrary to other attacks which target HTML attributes and are triggered without user interaction (such as onload / onerror which suffer from a very limited scope), this one can hijack every HTML element, which increases the danger due to a complete HTML elements scope. Versions 8.0.4 and 1.7.8.9 contain a fix for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.7.8.9",
"matchCriteriaId": "38174A16-34A0-4E08-8485-B413ADC32907"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.0.4",
"matchCriteriaId": "B84AB40A-755F-4AD7-AD86-D2FD642C710D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/PrestaShop/PrestaShop/commit/46408ae4b02f3b8b1bb6e9dc63af5bcd858abd9c",
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/PrestaShop/PrestaShop/commit/dc682192df0e4b0d656a8e645b29ca1b9dbe3693",
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-fh7r-996q-gvcp",
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-308xx/CVE-2023-30847.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30847", "id": "CVE-2023-30847",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-27T15:15:13.833", "published": "2023-04-27T15:15:13.833",
"lastModified": "2023-04-27T15:58:36.043", "lastModified": "2023-05-09T18:21:39.807",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -46,18 +66,56 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.2.6",
"matchCriteriaId": "3C540EDB-1F68-47E9-A457-B6BC1EB805D7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dena:h2o:2.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "128D1D5E-4E71-4ABB-B580-F17E2B74B5F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dena:h2o:2.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E69DE676-300A-4A95-A04D-7463CA372799"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/h2o/h2o/commit/f010336bab162839df43d9e87570897466c97e33", "url": "https://github.com/h2o/h2o/commit/f010336bab162839df43d9e87570897466c97e33",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/h2o/h2o/pull/3229", "url": "https://github.com/h2o/h2o/pull/3229",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://github.com/h2o/h2o/security/advisories/GHSA-p5hj-phwj-hrvx", "url": "https://github.com/h2o/h2o/security/advisories/GHSA-p5hj-phwj-hrvx",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

58
CVE-2023/CVE-2023-308xx/CVE-2023-30850.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30850", "id": "CVE-2023-30850",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-27T17:15:08.880", "published": "2023-04-27T17:15:08.880",
"lastModified": "2023-04-27T18:35:34.590", "lastModified": "2023-05-09T18:18:04.593",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -46,18 +66,46 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.5.21",
"matchCriteriaId": "72C537D6-67BA-4562-B853-F99E6C14315C"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38.patch", "url": "https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38.patch",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Not Applicable"
]
}, },
{ {
"url": "https://github.com/pimcore/pimcore/pull/14952", "url": "https://github.com/pimcore/pimcore/pull/14952",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-jwg4-qcgv-5wg6", "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-jwg4-qcgv-5wg6",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

72
CVE-2023/CVE-2023-308xx/CVE-2023-30859.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30859", "id": "CVE-2023-30859",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-01T14:15:09.637", "published": "2023-05-01T14:15:09.637",
"lastModified": "2023-05-01T20:07:36.203", "lastModified": "2023-05-09T19:01:26.460",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -36,8 +56,18 @@
}, },
"weaknesses": [ "weaknesses": [
{ {
"source": "security-advisories@github.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -46,14 +76,46 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:triton_project:triton:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.7.5",
"matchCriteriaId": "1D5B2B0A-229A-4F2E-8630-E89F5998121E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:triton_project:triton:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.8.0",
"versionEndExcluding": "3.8.4",
"matchCriteriaId": "3C47B5DC-D912-4CDB-98C8-6C5D9E03AFFC"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/tritonmc/Triton/releases/tag/v3.8.4", "url": "https://github.com/tritonmc/Triton/releases/tag/v3.8.4",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
}, },
{ {
"url": "https://github.com/tritonmc/Triton/security/advisories/GHSA-8vj5-jccf-q25r", "url": "https://github.com/tritonmc/Triton/security/advisories/GHSA-8vj5-jccf-q25r",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
} }
] ]
} }

54
CVE-2023/CVE-2023-308xx/CVE-2023-30869.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30869", "id": "CVE-2023-30869",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-02T10:15:09.357", "published": "2023-05-02T10:15:09.357",
"lastModified": "2023-05-02T12:56:12.940", "lastModified": "2023-05-09T18:25:38.057",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -46,14 +66,40 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sandhillsdev:easy_digital_downloads:*:*:*:*:*:wordpress:*:*",
"versionStartIncluding": "3.1",
"versionEndExcluding": "3.1.1.4.2",
"matchCriteriaId": "52CDC67E-1D35-4EEC-A986-239833BDA85C"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/articles/critical-easy-digital-downloads-vulnerability?_s_id=cve", "url": "https://patchstack.com/articles/critical-easy-digital-downloads-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Patch",
"Third Party Advisory"
]
}, },
{ {
"url": "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-1-1-4-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-1-1-4-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

481
CVE-2023/CVE-2023-312xx/CVE-2023-31207.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31207", "id": "CVE-2023-31207",
"sourceIdentifier": "security@checkmk.com", "sourceIdentifier": "security@checkmk.com",
"published": "2023-05-02T09:15:10.120", "published": "2023-05-02T09:15:10.120",
"lastModified": "2023-05-02T12:56:12.940", "lastModified": "2023-05-09T19:21:42.800",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{ {
"source": "security@checkmk.com", "source": "security@checkmk.com",
"type": "Secondary", "type": "Secondary",
@ -35,6 +55,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
},
{ {
"source": "security@checkmk.com", "source": "security@checkmk.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +76,455 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E5138E25-A5AF-495D-A713-B8BDACC133D8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "7AE78B5E-2D00-462B-AC0E-5E68BC36ED1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "9D69AA9A-C6FF-4A9F-8B02-2F207C4150FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "452F359B-BCB5-46E0-A77A-383C3C2E2D60"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "D9A66C28-A2BA-4091-AB4C-05CDB1D3777F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "463A4A68-810B-4C20-A696-4F94DB20224B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "F4459581-214F-423B-A29D-31C789FD7F1C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "CC0CFABC-A53C-4FD3-A57A-CB72C87A034B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "F96B08FA-8129-4880-86FE-47B08C2B6964"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:i1:*:*:*:*:*:*",
"matchCriteriaId": "CAEB960C-5A5E-4F7C-8588-3F6737AE5DCA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "3CB134CD-0746-47C8-BAB8-2AE9C083C4D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "E4B5DDAA-F7B5-4BFD-836E-F7DA0FC7B0C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "A4DA5440-F376-4952-ABCB-AC557C5944A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "DB7DB93B-CDD2-4662-893B-6E36F9EDA7FF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "81DFD64A-FEFD-4EBA-B6EC-28D3F0EEC33B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "918ACC6A-2EE8-401F-B18A-94B8757B202E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "1B6AE143-5A29-4EE8-AF7D-5D495A2248D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "9B678D96-5987-4423-A713-57812B896380"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p17:*:*:*:*:*:*",
"matchCriteriaId": "A16EA6BD-003D-416E-B6C7-EBE5AA4AC2B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p18:*:*:*:*:*:*",
"matchCriteriaId": "7A016627-9BF2-4D25-AB97-172EAEC4C187"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "333FBE01-E5C1-4668-B50F-B64A34E799A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "FE7C4821-74F2-442C-B51F-A52788FC61F4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "168E2F68-E3EA-407F-8DCE-BDB1F557FFFA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "D7A74CB5-CC6E-4166-B884-498F2CF1A33E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p22:*:*:*:*:*:*",
"matchCriteriaId": "42DCB139-5BBE-45F3-80F5-3A43D95A58BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "1A3E3E6C-DCC0-466D-A505-5F80379CF0AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "1542CDC8-9697-44DE-8F6A-3EB25D07EEE9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "1A5B33FF-EA21-4AEB-8D9A-21DA9DB5892A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "78616E5A-E1FF-40AA-8E13-0B2E84CE6F8F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p27:*:*:*:*:*:*",
"matchCriteriaId": "5D956394-C3F3-4C88-A791-364AE555D522"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p28:*:*:*:*:*:*",
"matchCriteriaId": "25E96088-0FA2-49FD-B93D-5AFC9605289E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p29:*:*:*:*:*:*",
"matchCriteriaId": "EDB60B12-F724-40C7-8EB2-1270484E88F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "1982ED3B-A0FA-476A-BFB2-5B7B53289496"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p30:*:*:*:*:*:*",
"matchCriteriaId": "F646D243-433E-46F9-9E8E-E4F734F9E648"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p31:*:*:*:*:*:*",
"matchCriteriaId": "D1C14080-79C9-4620-AD1F-6CB46F0F74D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p32:*:*:*:*:*:*",
"matchCriteriaId": "4AECE1FE-F3D1-4FF0-BDF9-F39FFCBF52E0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p33:*:*:*:*:*:*",
"matchCriteriaId": "C2F79F99-5F46-48A7-BEE7-1551CD56C2F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p34:*:*:*:*:*:*",
"matchCriteriaId": "2EB6F9D4-13D2-4218-96EF-64C2126369DC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p35:*:*:*:*:*:*",
"matchCriteriaId": "62841559-BDA0-4B67-932A-007D91BFBD14"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "AA60BF44-AF52-458A-BD3F-9FD5D8408575"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "9BFE55DC-89EA-404F-8DDF-93E351366789"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "C62D8997-DD3B-4B83-B6A5-DFC2408A9164"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "80B4A77F-F636-49BB-8CB6-60064984463F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "356E5744-AB8E-4FBA-992F-74ED8F9086CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "41FB6FFA-F38F-4754-A1E6-35073D84069E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "BC0AC5A2-3724-4942-ABE2-CA9F3B9B4BDA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "E3AAC1AD-C2F5-4171-BD92-95A8BA09E79A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "8CB8C4BB-4AE6-4EA2-8F38-780B627721ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "D0F14106-2A3D-4FC7-A0C7-6EDA75D1A8F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "F8C2DA36-8419-4846-BFA0-A729BE7D72C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "8AA4FA3D-7A59-4597-9D79-B6B020D86BD1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "79F0CF88-FF11-4741-AFF6-9F88F57C2140"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b7:*:*:*:*:*:*",
"matchCriteriaId": "8E93629E-C0CB-4636-B343-1C0646D8228E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b8:*:*:*:*:*:*",
"matchCriteriaId": "58102464-E66F-49CD-8952-3F3F9A6A45CC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b9:*:*:*:*:*:*",
"matchCriteriaId": "9C98E509-8466-4F95-ABE7-7ECC91640E04"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "A7B89F71-ABD2-4B2D-AE6B-C0F243E89443"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "002EF417-C702-42E2-9C8F-C9593B43AB03"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "B8E358A9-0430-4EF1-8557-7F1C088FFF48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "4B0AF395-FDC7-4321-9E00-C935641C138B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "59B9CCED-806F-47EF-B5B6-441AADCB4B81"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "FAED2CD5-A2CE-438C-8ED7-338D9D61FBD9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "F08A96EF-FD2E-4D45-884B-349869649C3D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "E80D718E-66B6-4FC6-911D-C264F2C891C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p17:*:*:*:*:*:*",
"matchCriteriaId": "174BF76A-00C5-4ECD-937D-FE66851D3979"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p18:*:*:*:*:*:*",
"matchCriteriaId": "F43DBAE4-FEF9-431E-AE82-31C7944CA830"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "960DF373-EDE6-4318-B6E9-07573ED5907A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "5FFBF793-48E0-48DB-9C12-1C4A5805009E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "B6A2F0DB-CA73-4F14-8099-7A29BADC1F4E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p22:*:*:*:*:*:*",
"matchCriteriaId": "5D23ECB8-9C2C-4BA5-ADD6-248FD2CFF37A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "9958D126-EF50-4ED7-85A3-6E5120EFB931"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "5D9B3F5F-158A-4C43-A894-1A55D1D758FC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "17729C6D-3DD1-4082-B3AF-B53770304F7B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "2E34014C-90A0-4ABB-A15F-73E83F312246"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "3144AABF-74CB-44EE-A618-8529A8ACFCF6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "88AC7AB0-40DF-44D1-83EA-FDD4D5346BBD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "4285A4A3-3DED-456D-93D4-1B9FDB42C1EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "098FD286-B6CB-4428-9A62-A5F24B4D9E92"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "8400088B-E56E-4D0B-86D5-76D884C8031A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "29554684-FEFF-42B2-B62E-6523782F537C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "91AE66E4-AE6B-4F25-9312-6418FC3E221F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "A954DDB4-ACF5-4D74-B735-0BB14762457C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "F4E9D8E0-ECFF-4987-8189-F6A5917D39B6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "7CDF16A7-E9BC-488B-A0DF-91B7F79C2D7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "EF3C4AB5-966A-46CD-8774-7BD4115FC80B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "580C70A7-387E-4650-9DBA-D7AA0BFDB1BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "343C5CD6-48ED-4693-BC2A-549A43F02931"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://checkmk.com/werk/15189", "url": "https://checkmk.com/werk/15189",
"source": "security@checkmk.com" "source": "security@checkmk.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

24
CVE-2023/CVE-2023-314xx/CVE-2023-31472.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-31472",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-09T18:15:14.283",
"lastModified": "2023-05-09T18:23:25.203",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/gl-inet/CVE-issues/blob/main/3.215/Arbitrary_File_Creation.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.gl-inet.com",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-314xx/CVE-2023-31474.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-31474",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-09T18:15:14.323",
"lastModified": "2023-05-09T18:23:25.203",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/gl-inet/CVE-issues/blob/main/3.215/Directory_Listing.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.gl-inet.com",
"source": "cve@mitre.org"
}
]
}

191
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-05-09T18:00:48.782033+00:00 2023-05-09T20:00:32.334537+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-05-09T17:53:51.073000+00:00 2023-05-09T19:58:32.077000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,111 +29,108 @@ Download and Changelog: [Click](releases/latest)
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
214579 214637
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `30` Recently added CVEs: `58`
* [CVE-2020-18280](CVE-2020/CVE-2020-182xx/CVE-2020-18280.json) (`2023-05-09T16:15:13.690`) * [CVE-2021-26354](CVE-2021/CVE-2021-263xx/CVE-2021-26354.json) (`2023-05-09T19:15:10.670`)
* [CVE-2020-23362](CVE-2020/CVE-2020-233xx/CVE-2020-23362.json) (`2023-05-09T16:15:13.963`) * [CVE-2021-26356](CVE-2021/CVE-2021-263xx/CVE-2021-26356.json) (`2023-05-09T19:15:10.737`)
* [CVE-2020-23363](CVE-2020/CVE-2020-233xx/CVE-2020-23363.json) (`2023-05-09T16:15:14.090`) * [CVE-2021-26365](CVE-2021/CVE-2021-263xx/CVE-2021-26365.json) (`2023-05-09T19:15:10.780`)
* [CVE-2021-31240](CVE-2021/CVE-2021-312xx/CVE-2021-31240.json) (`2023-05-09T16:15:14.147`) * [CVE-2021-26371](CVE-2021/CVE-2021-263xx/CVE-2021-26371.json) (`2023-05-09T19:15:10.820`)
* [CVE-2021-31711](CVE-2021/CVE-2021-317xx/CVE-2021-31711.json) (`2023-05-09T16:15:14.197`) * [CVE-2021-26379](CVE-2021/CVE-2021-263xx/CVE-2021-26379.json) (`2023-05-09T19:15:10.863`)
* [CVE-2023-25829](CVE-2023/CVE-2023-258xx/CVE-2023-25829.json) (`2023-05-09T17:15:10.387`) * [CVE-2021-26397](CVE-2021/CVE-2021-263xx/CVE-2021-26397.json) (`2023-05-09T19:15:10.903`)
* [CVE-2023-25830](CVE-2023/CVE-2023-258xx/CVE-2023-25830.json) (`2023-05-09T17:15:10.567`) * [CVE-2021-26406](CVE-2021/CVE-2021-264xx/CVE-2021-26406.json) (`2023-05-09T19:15:10.943`)
* [CVE-2023-25834](CVE-2023/CVE-2023-258xx/CVE-2023-25834.json) (`2023-05-09T16:15:14.263`) * [CVE-2021-46749](CVE-2021/CVE-2021-467xx/CVE-2021-46749.json) (`2023-05-09T19:15:10.997`)
* [CVE-2023-30083](CVE-2023/CVE-2023-300xx/CVE-2023-30083.json) (`2023-05-09T16:15:14.373`) * [CVE-2021-46753](CVE-2021/CVE-2021-467xx/CVE-2021-46753.json) (`2023-05-09T19:15:11.040`)
* [CVE-2023-30084](CVE-2023/CVE-2023-300xx/CVE-2023-30084.json) (`2023-05-09T16:15:14.423`) * [CVE-2021-46762](CVE-2021/CVE-2021-467xx/CVE-2021-46762.json) (`2023-05-09T19:15:11.080`)
* [CVE-2023-30085](CVE-2023/CVE-2023-300xx/CVE-2023-30085.json) (`2023-05-09T16:15:14.470`) * [CVE-2021-46763](CVE-2021/CVE-2021-467xx/CVE-2021-46763.json) (`2023-05-09T19:15:11.123`)
* [CVE-2023-30086](CVE-2023/CVE-2023-300xx/CVE-2023-30086.json) (`2023-05-09T16:15:14.507`) * [CVE-2021-46764](CVE-2021/CVE-2021-467xx/CVE-2021-46764.json) (`2023-05-09T19:15:11.160`)
* [CVE-2023-30087](CVE-2023/CVE-2023-300xx/CVE-2023-30087.json) (`2023-05-09T16:15:14.547`) * [CVE-2021-46769](CVE-2021/CVE-2021-467xx/CVE-2021-46769.json) (`2023-05-09T19:15:11.200`)
* [CVE-2023-30088](CVE-2023/CVE-2023-300xx/CVE-2023-30088.json) (`2023-05-09T16:15:14.583`) * [CVE-2021-46775](CVE-2021/CVE-2021-467xx/CVE-2021-46775.json) (`2023-05-09T19:15:11.240`)
* [CVE-2023-31144](CVE-2023/CVE-2023-311xx/CVE-2023-31144.json) (`2023-05-09T16:15:14.623`) * [CVE-2022-23818](CVE-2022/CVE-2022-238xx/CVE-2022-23818.json) (`2023-05-09T19:15:11.367`)
* [CVE-2023-31476](CVE-2023/CVE-2023-314xx/CVE-2023-31476.json) (`2023-05-09T16:15:14.680`) * [CVE-2023-20046](CVE-2023/CVE-2023-200xx/CVE-2023-20046.json) (`2023-05-09T18:15:11.697`)
* [CVE-2023-31489](CVE-2023/CVE-2023-314xx/CVE-2023-31489.json) (`2023-05-09T16:15:14.717`) * [CVE-2023-20098](CVE-2023/CVE-2023-200xx/CVE-2023-20098.json) (`2023-05-09T18:15:11.760`)
* [CVE-2023-31490](CVE-2023/CVE-2023-314xx/CVE-2023-31490.json) (`2023-05-09T16:15:14.757`) * [CVE-2023-20520](CVE-2023/CVE-2023-205xx/CVE-2023-20520.json) (`2023-05-09T19:15:11.507`)
* [CVE-2023-31799](CVE-2023/CVE-2023-317xx/CVE-2023-31799.json) (`2023-05-09T16:15:14.793`) * [CVE-2023-20524](CVE-2023/CVE-2023-205xx/CVE-2023-20524.json) (`2023-05-09T19:15:11.550`)
* [CVE-2023-31800](CVE-2023/CVE-2023-318xx/CVE-2023-31800.json) (`2023-05-09T16:15:14.830`) * [CVE-2023-24898](CVE-2023/CVE-2023-248xx/CVE-2023-24898.json) (`2023-05-09T18:15:11.913`)
* [CVE-2023-31801](CVE-2023/CVE-2023-318xx/CVE-2023-31801.json) (`2023-05-09T16:15:14.870`) * [CVE-2023-24899](CVE-2023/CVE-2023-248xx/CVE-2023-24899.json) (`2023-05-09T18:15:11.970`)
* [CVE-2023-31802](CVE-2023/CVE-2023-318xx/CVE-2023-31802.json) (`2023-05-09T16:15:14.910`) * [CVE-2023-24900](CVE-2023/CVE-2023-249xx/CVE-2023-24900.json) (`2023-05-09T18:15:12.033`)
* [CVE-2023-31803](CVE-2023/CVE-2023-318xx/CVE-2023-31803.json) (`2023-05-09T16:15:14.953`) * [CVE-2023-24901](CVE-2023/CVE-2023-249xx/CVE-2023-24901.json) (`2023-05-09T18:15:12.097`)
* [CVE-2023-31804](CVE-2023/CVE-2023-318xx/CVE-2023-31804.json) (`2023-05-09T16:15:14.993`) * [CVE-2023-24902](CVE-2023/CVE-2023-249xx/CVE-2023-24902.json) (`2023-05-09T18:15:12.157`)
* [CVE-2023-31805](CVE-2023/CVE-2023-318xx/CVE-2023-31805.json) (`2023-05-09T16:15:15.033`) * [CVE-2023-24903](CVE-2023/CVE-2023-249xx/CVE-2023-24903.json) (`2023-05-09T18:15:12.217`)
* [CVE-2023-31806](CVE-2023/CVE-2023-318xx/CVE-2023-31806.json) (`2023-05-09T16:15:15.077`) * [CVE-2023-24904](CVE-2023/CVE-2023-249xx/CVE-2023-24904.json) (`2023-05-09T18:15:12.280`)
* [CVE-2023-31807](CVE-2023/CVE-2023-318xx/CVE-2023-31807.json) (`2023-05-09T16:15:15.123`) * [CVE-2023-24905](CVE-2023/CVE-2023-249xx/CVE-2023-24905.json) (`2023-05-09T18:15:12.347`)
* [CVE-2023-32066](CVE-2023/CVE-2023-320xx/CVE-2023-32066.json) (`2023-05-09T16:15:15.160`) * [CVE-2023-24932](CVE-2023/CVE-2023-249xx/CVE-2023-24932.json) (`2023-05-09T18:15:12.407`)
* [CVE-2023-32069](CVE-2023/CVE-2023-320xx/CVE-2023-32069.json) (`2023-05-09T16:15:15.230`) * [CVE-2023-24939](CVE-2023/CVE-2023-249xx/CVE-2023-24939.json) (`2023-05-09T18:15:12.467`)
* [CVE-2023-32071](CVE-2023/CVE-2023-320xx/CVE-2023-32071.json) (`2023-05-09T16:15:15.297`) * [CVE-2023-24940](CVE-2023/CVE-2023-249xx/CVE-2023-24940.json) (`2023-05-09T18:15:12.527`)
* [CVE-2023-24941](CVE-2023/CVE-2023-249xx/CVE-2023-24941.json) (`2023-05-09T18:15:12.587`)
* [CVE-2023-24942](CVE-2023/CVE-2023-249xx/CVE-2023-24942.json) (`2023-05-09T18:15:12.643`)
* [CVE-2023-24943](CVE-2023/CVE-2023-249xx/CVE-2023-24943.json) (`2023-05-09T18:15:12.720`)
* [CVE-2023-24944](CVE-2023/CVE-2023-249xx/CVE-2023-24944.json) (`2023-05-09T18:15:12.780`)
* [CVE-2023-24945](CVE-2023/CVE-2023-249xx/CVE-2023-24945.json) (`2023-05-09T18:15:12.840`)
* [CVE-2023-24946](CVE-2023/CVE-2023-249xx/CVE-2023-24946.json) (`2023-05-09T18:15:12.900`)
* [CVE-2023-24947](CVE-2023/CVE-2023-249xx/CVE-2023-24947.json) (`2023-05-09T18:15:12.960`)
* [CVE-2023-24948](CVE-2023/CVE-2023-249xx/CVE-2023-24948.json) (`2023-05-09T18:15:13.017`)
* [CVE-2023-24949](CVE-2023/CVE-2023-249xx/CVE-2023-24949.json) (`2023-05-09T18:15:13.080`)
* [CVE-2023-24950](CVE-2023/CVE-2023-249xx/CVE-2023-24950.json) (`2023-05-09T18:15:13.143`)
* [CVE-2023-24953](CVE-2023/CVE-2023-249xx/CVE-2023-24953.json) (`2023-05-09T18:15:13.203`)
* [CVE-2023-24954](CVE-2023/CVE-2023-249xx/CVE-2023-24954.json) (`2023-05-09T18:15:13.260`)
* [CVE-2023-24955](CVE-2023/CVE-2023-249xx/CVE-2023-24955.json) (`2023-05-09T18:15:13.317`)
* [CVE-2023-2609](CVE-2023/CVE-2023-26xx/CVE-2023-2609.json) (`2023-05-09T18:15:14.147`)
* [CVE-2023-28251](CVE-2023/CVE-2023-282xx/CVE-2023-28251.json) (`2023-05-09T18:15:13.433`)
* [CVE-2023-28283](CVE-2023/CVE-2023-282xx/CVE-2023-28283.json) (`2023-05-09T18:15:13.490`)
* [CVE-2023-28290](CVE-2023/CVE-2023-282xx/CVE-2023-28290.json) (`2023-05-09T18:15:13.547`)
* [CVE-2023-29324](CVE-2023/CVE-2023-293xx/CVE-2023-29324.json) (`2023-05-09T18:15:13.607`)
* [CVE-2023-29325](CVE-2023/CVE-2023-293xx/CVE-2023-29325.json) (`2023-05-09T18:15:13.667`)
* [CVE-2023-29333](CVE-2023/CVE-2023-293xx/CVE-2023-29333.json) (`2023-05-09T18:15:13.727`)
* [CVE-2023-29335](CVE-2023/CVE-2023-293xx/CVE-2023-29335.json) (`2023-05-09T18:15:13.783`)
* [CVE-2023-29336](CVE-2023/CVE-2023-293xx/CVE-2023-29336.json) (`2023-05-09T18:15:13.840`)
* [CVE-2023-29338](CVE-2023/CVE-2023-293xx/CVE-2023-29338.json) (`2023-05-09T18:15:13.900`)
* [CVE-2023-29340](CVE-2023/CVE-2023-293xx/CVE-2023-29340.json) (`2023-05-09T18:15:13.967`)
* [CVE-2023-29341](CVE-2023/CVE-2023-293xx/CVE-2023-29341.json) (`2023-05-09T18:15:14.027`)
* [CVE-2023-29343](CVE-2023/CVE-2023-293xx/CVE-2023-29343.json) (`2023-05-09T18:15:14.087`)
* [CVE-2023-31472](CVE-2023/CVE-2023-314xx/CVE-2023-31472.json) (`2023-05-09T18:15:14.283`)
* [CVE-2023-31474](CVE-2023/CVE-2023-314xx/CVE-2023-31474.json) (`2023-05-09T18:15:14.323`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `62` Recently modified CVEs: `31`
* [CVE-2013-10026](CVE-2013/CVE-2013-100xx/CVE-2013-10026.json) (`2023-05-09T17:18:59.857`) * [CVE-2021-42847](CVE-2021/CVE-2021-428xx/CVE-2021-42847.json) (`2023-05-09T18:15:11.397`)
* [CVE-2017-9946](CVE-2017/CVE-2017-99xx/CVE-2017-9946.json) (`2023-05-09T16:27:38.737`) * [CVE-2022-20929](CVE-2022/CVE-2022-209xx/CVE-2022-20929.json) (`2023-05-09T18:15:11.500`)
* [CVE-2017-9947](CVE-2017/CVE-2017-99xx/CVE-2017-9947.json) (`2023-05-09T16:27:57.397`) * [CVE-2022-21229](CVE-2022/CVE-2022-212xx/CVE-2022-21229.json) (`2023-05-09T19:15:11.283`)
* [CVE-2019-13939](CVE-2019/CVE-2019-139xx/CVE-2019-13939.json) (`2023-05-09T16:27:15.257`) * [CVE-2022-25273](CVE-2022/CVE-2022-252xx/CVE-2022-25273.json) (`2023-05-09T18:47:56.107`)
* [CVE-2022-25713](CVE-2022/CVE-2022-257xx/CVE-2022-25713.json) (`2023-05-09T16:38:01.897`) * [CVE-2022-25274](CVE-2022/CVE-2022-252xx/CVE-2022-25274.json) (`2023-05-09T19:11:17.407`)
* [CVE-2022-30995](CVE-2022/CVE-2022-309xx/CVE-2022-30995.json) (`2023-05-09T17:03:06.093`) * [CVE-2022-25277](CVE-2022/CVE-2022-252xx/CVE-2022-25277.json) (`2023-05-09T19:26:40.053`)
* [CVE-2022-33281](CVE-2022/CVE-2022-332xx/CVE-2022-33281.json) (`2023-05-09T16:37:34.280`) * [CVE-2022-25772](CVE-2022/CVE-2022-257xx/CVE-2022-25772.json) (`2023-05-09T19:15:11.413`)
* [CVE-2022-33292](CVE-2022/CVE-2022-332xx/CVE-2022-33292.json) (`2023-05-09T16:37:09.067`) * [CVE-2022-28888](CVE-2022/CVE-2022-288xx/CVE-2022-28888.json) (`2023-05-09T18:15:11.600`)
* [CVE-2022-33304](CVE-2022/CVE-2022-333xx/CVE-2022-33304.json) (`2023-05-09T16:36:32.340`) * [CVE-2022-33273](CVE-2022/CVE-2022-332xx/CVE-2022-33273.json) (`2023-05-09T18:33:28.843`)
* [CVE-2022-33305](CVE-2022/CVE-2022-333xx/CVE-2022-33305.json) (`2023-05-09T16:36:20.023`) * [CVE-2022-45801](CVE-2022/CVE-2022-458xx/CVE-2022-45801.json) (`2023-05-09T18:09:27.697`)
* [CVE-2022-3405](CVE-2022/CVE-2022-34xx/CVE-2022-3405.json) (`2023-05-09T17:02:27.727`) * [CVE-2022-45802](CVE-2022/CVE-2022-458xx/CVE-2022-45802.json) (`2023-05-09T18:10:43.900`)
* [CVE-2022-34144](CVE-2022/CVE-2022-341xx/CVE-2022-34144.json) (`2023-05-09T16:36:24.253`) * [CVE-2022-46365](CVE-2022/CVE-2022-463xx/CVE-2022-46365.json) (`2023-05-09T18:04:19.747`)
* [CVE-2022-40505](CVE-2022/CVE-2022-405xx/CVE-2022-40505.json) (`2023-05-09T16:34:33.830`) * [CVE-2022-47877](CVE-2022/CVE-2022-478xx/CVE-2022-47877.json) (`2023-05-09T19:42:15.130`)
* [CVE-2022-40508](CVE-2022/CVE-2022-405xx/CVE-2022-40508.json) (`2023-05-09T16:36:28.163`) * [CVE-2023-0155](CVE-2023/CVE-2023-01xx/CVE-2023-0155.json) (`2023-05-09T19:53:24.107`)
* [CVE-2022-41104](CVE-2022/CVE-2022-411xx/CVE-2022-41104.json) (`2023-05-09T17:15:09.413`) * [CVE-2023-0485](CVE-2023/CVE-2023-04xx/CVE-2023-0485.json) (`2023-05-09T19:53:10.287`)
* [CVE-2022-41120](CVE-2022/CVE-2022-411xx/CVE-2022-41120.json) (`2023-05-09T17:15:09.613`) * [CVE-2023-1477](CVE-2023/CVE-2023-14xx/CVE-2023-1477.json) (`2023-05-09T19:38:42.500`)
* [CVE-2023-1387](CVE-2023/CVE-2023-13xx/CVE-2023-1387.json) (`2023-05-09T16:39:27.417`) * [CVE-2023-2069](CVE-2023/CVE-2023-20xx/CVE-2023-2069.json) (`2023-05-09T19:58:32.077`)
* [CVE-2023-1966](CVE-2023/CVE-2023-19xx/CVE-2023-1966.json) (`2023-05-09T17:53:51.073`) * [CVE-2023-2247](CVE-2023/CVE-2023-22xx/CVE-2023-2247.json) (`2023-05-09T18:23:24.153`)
* [CVE-2023-2000](CVE-2023/CVE-2023-20xx/CVE-2023-2000.json) (`2023-05-09T16:31:00.540`) * [CVE-2023-2479](CVE-2023/CVE-2023-24xx/CVE-2023-2479.json) (`2023-05-09T18:48:53.560`)
* [CVE-2023-2158](CVE-2023/CVE-2023-21xx/CVE-2023-2158.json) (`2023-05-09T17:52:35.830`) * [CVE-2023-24892](CVE-2023/CVE-2023-248xx/CVE-2023-24892.json) (`2023-05-09T18:15:11.823`)
* [CVE-2023-21642](CVE-2023/CVE-2023-216xx/CVE-2023-21642.json) (`2023-05-09T16:32:01.093`) * [CVE-2023-27568](CVE-2023/CVE-2023-275xx/CVE-2023-27568.json) (`2023-05-09T18:15:13.370`)
* [CVE-2023-21712](CVE-2023/CVE-2023-217xx/CVE-2023-21712.json) (`2023-05-09T16:50:44.697`) * [CVE-2023-29772](CVE-2023/CVE-2023-297xx/CVE-2023-29772.json) (`2023-05-09T18:40:44.477`)
* [CVE-2023-21738](CVE-2023/CVE-2023-217xx/CVE-2023-21738.json) (`2023-05-09T17:15:09.807`) * [CVE-2023-29918](CVE-2023/CVE-2023-299xx/CVE-2023-29918.json) (`2023-05-09T19:27:09.447`)
* [CVE-2023-21775](CVE-2023/CVE-2023-217xx/CVE-2023-21775.json) (`2023-05-09T17:15:09.937`) * [CVE-2023-30204](CVE-2023/CVE-2023-302xx/CVE-2023-30204.json) (`2023-05-09T19:43:20.183`)
* [CVE-2023-21795](CVE-2023/CVE-2023-217xx/CVE-2023-21795.json) (`2023-05-09T17:15:10.107`) * [CVE-2023-30268](CVE-2023/CVE-2023-302xx/CVE-2023-30268.json) (`2023-05-09T18:15:14.210`)
* [CVE-2023-21796](CVE-2023/CVE-2023-217xx/CVE-2023-21796.json) (`2023-05-09T17:15:10.237`) * [CVE-2023-30838](CVE-2023/CVE-2023-308xx/CVE-2023-30838.json) (`2023-05-09T19:46:44.303`)
* [CVE-2023-22503](CVE-2023/CVE-2023-225xx/CVE-2023-22503.json) (`2023-05-09T16:24:56.853`) * [CVE-2023-30847](CVE-2023/CVE-2023-308xx/CVE-2023-30847.json) (`2023-05-09T18:21:39.807`)
* [CVE-2023-22691](CVE-2023/CVE-2023-226xx/CVE-2023-22691.json) (`2023-05-09T17:07:24.280`) * [CVE-2023-30850](CVE-2023/CVE-2023-308xx/CVE-2023-30850.json) (`2023-05-09T18:18:04.593`)
* [CVE-2023-2355](CVE-2023/CVE-2023-23xx/CVE-2023-2355.json) (`2023-05-09T16:38:54.170`) * [CVE-2023-30859](CVE-2023/CVE-2023-308xx/CVE-2023-30859.json) (`2023-05-09T19:01:26.460`)
* [CVE-2023-23790](CVE-2023/CVE-2023-237xx/CVE-2023-23790.json) (`2023-05-09T17:04:45.130`) * [CVE-2023-30869](CVE-2023/CVE-2023-308xx/CVE-2023-30869.json) (`2023-05-09T18:25:38.057`)
* [CVE-2023-2445](CVE-2023/CVE-2023-24xx/CVE-2023-2445.json) (`2023-05-09T17:25:41.957`) * [CVE-2023-31207](CVE-2023/CVE-2023-312xx/CVE-2023-31207.json) (`2023-05-09T19:21:42.800`)
* [CVE-2023-24512](CVE-2023/CVE-2023-245xx/CVE-2023-24512.json) (`2023-05-09T16:02:21.720`)
* [CVE-2023-2459](CVE-2023/CVE-2023-24xx/CVE-2023-2459.json) (`2023-05-09T17:16:44.733`)
* [CVE-2023-2460](CVE-2023/CVE-2023-24xx/CVE-2023-2460.json) (`2023-05-09T17:16:24.910`)
* [CVE-2023-2461](CVE-2023/CVE-2023-24xx/CVE-2023-2461.json) (`2023-05-09T17:16:07.147`)
* [CVE-2023-2462](CVE-2023/CVE-2023-24xx/CVE-2023-2462.json) (`2023-05-09T17:15:30.470`)
* [CVE-2023-2463](CVE-2023/CVE-2023-24xx/CVE-2023-2463.json) (`2023-05-09T17:13:37.423`)
* [CVE-2023-2464](CVE-2023/CVE-2023-24xx/CVE-2023-2464.json) (`2023-05-09T17:12:05.487`)
* [CVE-2023-2465](CVE-2023/CVE-2023-24xx/CVE-2023-2465.json) (`2023-05-09T17:11:35.407`)
* [CVE-2023-2466](CVE-2023/CVE-2023-24xx/CVE-2023-2466.json) (`2023-05-09T17:11:08.640`)
* [CVE-2023-2467](CVE-2023/CVE-2023-24xx/CVE-2023-2467.json) (`2023-05-09T17:10:36.677`)
* [CVE-2023-2468](CVE-2023/CVE-2023-24xx/CVE-2023-2468.json) (`2023-05-09T17:10:02.967`)
* [CVE-2023-2473](CVE-2023/CVE-2023-24xx/CVE-2023-2473.json) (`2023-05-09T17:36:44.243`)
* [CVE-2023-2474](CVE-2023/CVE-2023-24xx/CVE-2023-2474.json) (`2023-05-09T17:35:26.590`)
* [CVE-2023-2475](CVE-2023/CVE-2023-24xx/CVE-2023-2475.json) (`2023-05-09T17:27:09.967`)
* [CVE-2023-2476](CVE-2023/CVE-2023-24xx/CVE-2023-2476.json) (`2023-05-09T17:21:53.020`)
* [CVE-2023-2477](CVE-2023/CVE-2023-24xx/CVE-2023-2477.json) (`2023-05-09T17:20:54.677`)
* [CVE-2023-25787](CVE-2023/CVE-2023-257xx/CVE-2023-25787.json) (`2023-05-09T17:00:02.467`)
* [CVE-2023-25792](CVE-2023/CVE-2023-257xx/CVE-2023-25792.json) (`2023-05-09T16:59:05.530`)
* [CVE-2023-25797](CVE-2023/CVE-2023-257xx/CVE-2023-25797.json) (`2023-05-09T16:42:33.117`)
* [CVE-2023-27075](CVE-2023/CVE-2023-270xx/CVE-2023-27075.json) (`2023-05-09T17:43:32.093`)
* [CVE-2023-27107](CVE-2023/CVE-2023-271xx/CVE-2023-27107.json) (`2023-05-09T17:24:20.610`)
* [CVE-2023-28070](CVE-2023/CVE-2023-280xx/CVE-2023-28070.json) (`2023-05-09T17:06:23.173`)
* [CVE-2023-29680](CVE-2023/CVE-2023-296xx/CVE-2023-29680.json) (`2023-05-09T16:29:40.173`)
* [CVE-2023-29681](CVE-2023/CVE-2023-296xx/CVE-2023-29681.json) (`2023-05-09T16:29:48.443`)
* [CVE-2023-29839](CVE-2023/CVE-2023-298xx/CVE-2023-29839.json) (`2023-05-09T17:08:54.440`)
* [CVE-2023-30845](CVE-2023/CVE-2023-308xx/CVE-2023-30845.json) (`2023-05-09T16:08:02.997`)
* [CVE-2023-30852](CVE-2023/CVE-2023-308xx/CVE-2023-30852.json) (`2023-05-09T17:53:20.770`)
* [CVE-2023-31138](CVE-2023/CVE-2023-311xx/CVE-2023-31138.json) (`2023-05-09T17:37:00.247`)
* [CVE-2023-31139](CVE-2023/CVE-2023-311xx/CVE-2023-31139.json) (`2023-05-09T17:37:00.247`)
* [CVE-2023-31143](CVE-2023/CVE-2023-311xx/CVE-2023-31143.json) (`2023-05-09T17:37:00.247`)
* [CVE-2023-32060](CVE-2023/CVE-2023-320xx/CVE-2023-32060.json) (`2023-05-09T17:37:00.247`)
## Download and Usage ## Download and Usage