admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-07-03T20:00:28.709051+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-07-03 20:00:32 +00:00
parent 2e0f7cea6a
commit 542e60c829
63 changed files with 4140 additions and 261 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
CVE-2022/CVE-2022-400xx/CVE-2022-40010.json
View File

@ -2,19 +2,88 @@
"id": "CVE-2022-40010",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-26T17:15:09.310",
"lastModified": "2023-06-26T17:51:24.007",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:22:31.680",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AC6 AC1200 Smart Dual-Band WiFi Router 15.03.06.50_multi was discovered to contain a cross-site scripting (XSS) vulnerability via the deviceId parameter in the Parental Control module."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac6_firmware:15.03.06.50_multi:*:*:*:*:*:*:*",
"matchCriteriaId": "D3EC4D9E-D190-4037-A9DF-9A1575276E73"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00830EE1-D0BB-462E-9F15-4E59560C14B8"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/173029/Tenda-AC6-AC1200-15.03.06.50_multi-Cross-Site-Scripting.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

65
CVE-2022/CVE-2022-483xx/CVE-2022-48331.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2022-48331",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-26T16:15:09.480",
"lastModified": "2023-06-26T17:51:24.007",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:18:02.213",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_keys feature_name_len integer overflow and resultant buffer overflow."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:widevine:trusted_application:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.1.1",
"matchCriteriaId": "6F480E2C-B345-4E99-A6FB-92E5A9B21417"
}
]
}
]
}
],
"references": [
{
"url": "https://cyberintel.es/cve/CVE-2022-48331_Buffer_Overflow_in_Widevine_drm_save_keys_0x69b0/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

65
CVE-2022/CVE-2022-483xx/CVE-2022-48332.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2022-48332",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-26T17:15:09.637",
"lastModified": "2023-06-26T17:51:24.007",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:17:53.413",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_keys file_name_len integer overflow and resultant buffer overflow."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:widevine:trusted_application:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.1.1",
"matchCriteriaId": "6F480E2C-B345-4E99-A6FB-92E5A9B21417"
}
]
}
]
}
],
"references": [
{
"url": "https://cyberintel.es/cve/CVE-2022-48332_Buffer_Overflow_in_Widevine_drm_save_keys_0x6a18/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

65
CVE-2022/CVE-2022-483xx/CVE-2022-48333.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2022-48333",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-26T17:15:09.923",
"lastModified": "2023-06-26T17:51:24.007",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:17:41.140",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify_keys prefix_len+feature_name_len integer overflow and resultant buffer overflow."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:widevine:trusted_application:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.1.1",
"matchCriteriaId": "6F480E2C-B345-4E99-A6FB-92E5A9B21417"
}
]
}
]
}
],
"references": [
{
"url": "https://cyberintel.es/cve/CVE-2022-48333_Buffer_Overflow_in_Widevine_drm_verify_keys_0x730c/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

65
CVE-2022/CVE-2022-483xx/CVE-2022-48334.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2022-48334",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-26T17:15:10.127",
"lastModified": "2023-06-26T17:51:24.007",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:22:09.900",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify_keys total_len+file_name_len integer overflow and resultant buffer overflow."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:widevine:trusted_application:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.1.1",
"matchCriteriaId": "6F480E2C-B345-4E99-A6FB-92E5A9B21417"
}
]
}
]
}
],
"references": [
{
"url": "https://cyberintel.es/cve/CVE-2022-48334_Buffer_Overflow_in_Widevine_drm_verify_keys_0x7370/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

65
CVE-2022/CVE-2022-483xx/CVE-2022-48335.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2022-48335",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-26T17:15:10.347",
"lastModified": "2023-06-26T17:51:24.007",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:22:00.730",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagVerifyProvisioning integer overflow and resultant buffer overflow."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:widevine:trusted_application:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "7.1.1",
"matchCriteriaId": "81C817C3-A881-4ABE-AE3F-4BD38C26F628"
}
]
}
]
}
],
"references": [
{
"url": "https://cyberintel.es/cve/CVE-2022-48335_Buffer_Overflow_in_Widevine_PRDiagVerifyProvisioning_0x5f90/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

65
CVE-2022/CVE-2022-483xx/CVE-2022-48336.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2022-48336",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-26T17:15:12.433",
"lastModified": "2023-06-26T17:51:24.007",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:21:55.147",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagParseAndStoreData integer overflow and resultant buffer overflow."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:widevine:trusted_application:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "7.1.1",
"matchCriteriaId": "81C817C3-A881-4ABE-AE3F-4BD38C26F628"
}
]
}
]
}
],
"references": [
{
"url": "https://cyberintel.es/cve/CVE-2022-48336_Buffer_Overflow_in_Widevine_PRDiagParseAndStoreData_0x5cc8/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

59
CVE-2023/CVE-2023-233xx/CVE-2023-23343.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23343",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-06-22T22:15:09.110",
"lastModified": "2023-06-23T13:03:31.027",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:03:11.543",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "psirt@hcl.com",
"type": "Secondary",
@ -34,10 +54,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltech:bigfix_osd_bare_metal_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "311.12",
"matchCriteriaId": "9A0DB84E-0760-43CE-87D5-D6489E91EA06"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105601",
"source": "psirt@hcl.com"
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-233xx/CVE-2023-23344.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23344",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-06-23T06:15:09.707",
"lastModified": "2023-06-23T13:03:31.027",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:16:21.420",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "psirt@hcl.com",
"type": "Secondary",
@ -34,10 +54,42 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltech:bigfix_webui_insights:14:*:*:*:*:*:*:*",
"matchCriteriaId": "F2E7A0F5-AAAC-4FA7-A4FF-304148F32D86"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105705",
"source": "psirt@hcl.com"
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-253xx/CVE-2023-25306.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-25306",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-26T15:15:09.653",
"lastModified": "2023-06-26T17:51:24.007",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T18:19:57.507",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "MultiMC Launcher <= 0.6.16 is vulnerable to Directory Traversal."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:multimc:multimc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.7.0",
"matchCriteriaId": "8C680236-5AF8-4A5C-B33E-81E41D6121FB"
}
]
}
]
}
],
"references": [
{
"url": "https://quiltmc.org/en/blog/2023-02-04-five-installer-vulnerabilities/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-253xx/CVE-2023-25307.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-25307",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-26T15:15:09.703",
"lastModified": "2023-06-26T17:51:24.007",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:19:20.030",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "nothub mrpack-install <= v0.16.2 is vulnerable to Directory Traversal."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mrpack-install_project:mrpack-install:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.16.3",
"matchCriteriaId": "0C28D8D9-F1B8-49A7-A7AE-12C244A0F2E0"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nothub/mrpack-install/security/advisories/GHSA-r887-gfxh-m9rr",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://quiltmc.org/en/blog/2023-02-04-five-installer-vulnerabilities/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

388
CVE-2023/CVE-2023-255xx/CVE-2023-25515.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25515",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-06-23T18:15:10.887",
"lastModified": "2023-06-23T19:24:47.997",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:15:31.923",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 0.9,
"impactScore": 6.0
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -46,10 +76,362 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "470",
"versionEndExcluding": "474.44",
"matchCriteriaId": "BE5B7AC6-3A49-46AB-A466-216515A2E7D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "530",
"versionEndExcluding": "536.23",
"matchCriteriaId": "FE08BF6D-C3C1-4905-85FD-3D1A4CB612F4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "530",
"versionEndExcluding": "536.40",
"matchCriteriaId": "0F7FEA94-AA4F-46ED-9CA7-E0811E354637"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:a:nvidia:studio:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1ED5DE2-7677-4F38-8177-3BF0B3D03A09"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "470",
"versionEndExcluding": "474.44",
"matchCriteriaId": "BE5B7AC6-3A49-46AB-A466-216515A2E7D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "525",
"versionEndExcluding": "529.11",
"matchCriteriaId": "4F7E5174-40CB-46BA-BA7B-363D5949C99B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "530",
"versionEndExcluding": "536.25",
"matchCriteriaId": "092849D3-A62C-43E5-BDD7-5A4D7CA45794"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "450",
"versionEndExcluding": "454.23",
"matchCriteriaId": "AFDAA231-118A-4246-A53E-C3F144BD027A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "470",
"versionEndExcluding": "474.44",
"matchCriteriaId": "BE5B7AC6-3A49-46AB-A466-216515A2E7D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "525",
"versionEndExcluding": "529.11",
"matchCriteriaId": "4F7E5174-40CB-46BA-BA7B-363D5949C99B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "530",
"versionEndExcluding": "536.25",
"matchCriteriaId": "092849D3-A62C-43E5-BDD7-5A4D7CA45794"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*",
"versionStartIncluding": "470",
"versionEndExcluding": "470.199.02",
"matchCriteriaId": "F74C5712-6BF6-486E-8B72-BBAD45F428CB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*",
"versionStartIncluding": "525",
"versionEndExcluding": "525.125.06",
"matchCriteriaId": "23955A71-2DD7-4A63-BA9E-05967C40E49B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*",
"versionStartIncluding": "530",
"versionEndExcluding": "535.54.03",
"matchCriteriaId": "D069A217-D9A2-4B07-91CA-424852FD4A85"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*",
"versionStartIncluding": "450",
"versionEndExcluding": "450.248.02",
"matchCriteriaId": "613588B1-1B4C-43E3-8327-528D512F3A76"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*",
"versionStartIncluding": "470",
"versionEndExcluding": "470.199.02",
"matchCriteriaId": "F74C5712-6BF6-486E-8B72-BBAD45F428CB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*",
"versionStartIncluding": "525",
"versionEndExcluding": "525.125.06",
"matchCriteriaId": "23955A71-2DD7-4A63-BA9E-05967C40E49B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*",
"versionStartIncluding": "530",
"versionEndExcluding": "535.54.03",
"matchCriteriaId": "D069A217-D9A2-4B07-91CA-424852FD4A85"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.12",
"matchCriteriaId": "81A64668-3B60-402B-B0EF-919079700FB9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.7",
"matchCriteriaId": "65AFFB06-AC6E-426A-97D0-768F34853D6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0",
"versionEndExcluding": "15.2",
"matchCriteriaId": "41388772-0B7C-4238-8021-590D0F1C0CE8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*",
"versionEndExcluding": "531.79",
"matchCriteriaId": "A8D1ABE1-A024-4BD1-832A-AB459D85227D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://https://nvidia.custhelp.com/app/answers/detail/a_id/5466",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-255xx/CVE-2023-25520.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25520",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-06-23T18:15:11.033",
"lastModified": "2023-06-23T19:24:43.457",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:27:23.943",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -46,10 +76,58 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*",
"versionEndExcluding": "32.7.4",
"matchCriteriaId": "4F98866A-11A7-4529-B67F-106637A95767"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nvidia:jetson_agx_xavier:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DD3D2AA-2A9F-470D-BB0F-A7B7C2EC2490"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nvidia:jetson_tx2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE9D4A55-A232-4AF2-B7E9-CD58D7D17479"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nvidia:jetson_tx2_nx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64C3FB58-08AA-4FE4-97BE-21B254BA229F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0AA5976-FD71-4A53-BD4F-D342E871FEB0"
}
]
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5466",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-25xx/CVE-2023-2533.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2533",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-06-20T15:15:11.560",
"lastModified": "2023-06-20T15:49:08.960",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:19:40.983",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +76,43 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:papercut:papercut_mf:22.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "17E90E69-B5B5-4F51-B478-CC4CF7B9440D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:papercut:papercut_ng:22.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1E8F89-A578-499F-92BF-F3E71C5FDA4D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/arcangel/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.papercut.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

65
CVE-2023/CVE-2023-25xx/CVE-2023-2592.json
View File

@ -2,18 +2,41 @@
"id": "CVE-2023-2592",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-27T14:15:10.790",
"lastModified": "2023-06-27T16:15:38.897",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:12:26.697",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The FormCraft WordPress plugin before 3.9.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -21,12 +44,44 @@
"value": "CWE-89"
}
]
},
{
"source": "contact@wpscan.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ncrafts:formcraft:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.9.7",
"matchCriteriaId": "FEE01EF2-6BC9-4A21-AF31-92C4D031F895"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/d4298960-eaba-4185-a730-3e621d9680e1",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-262xx/CVE-2023-26258.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26258",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-03T15:15:10.377",
"lastModified": "2023-07-03T15:15:10.377",
"vulnStatus": "Received",
"lastModified": "2023-07-03T18:33:32.153",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-265xx/CVE-2023-26509.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26509",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-03T15:15:10.437",
"lastModified": "2023-07-03T15:15:10.437",
"vulnStatus": "Received",
"lastModified": "2023-07-03T18:33:32.153",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

53
CVE-2023/CVE-2023-27xx/CVE-2023-2795.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-2795",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-27T14:15:11.493",
"lastModified": "2023-06-27T16:15:35.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:28:20.887",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The CodeColorer WordPress plugin before 0.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codecolorer_project:codecolorer:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "0.10.1",
"matchCriteriaId": "99AE3195-3A8E-43E3-A836-D916BA373271"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/2d6ecd21-3dd4-423d-80e7-277c45080a9f",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-280xx/CVE-2023-28006.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28006",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-06-22T23:15:09.277",
"lastModified": "2023-06-23T13:03:31.027",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:01:40.560",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@hcl.com",
"type": "Secondary",
@ -34,10 +54,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-327"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltech:bigfix_osd_bare_metal_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "311.12",
"matchCriteriaId": "9A0DB84E-0760-43CE-87D5-D6489E91EA06"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105601",
"source": "psirt@hcl.com"
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-280xx/CVE-2023-28016.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28016",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-06-22T23:15:09.343",
"lastModified": "2023-06-23T13:03:31.027",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:17:06.243",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "psirt@hcl.com",
"type": "Secondary",
@ -34,10 +54,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltech:bigfix_osd_bare_metal_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "311.12",
"matchCriteriaId": "9A0DB84E-0760-43CE-87D5-D6489E91EA06"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105601",
"source": "psirt@hcl.com"
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-280xx/CVE-2023-28094.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28094",
"sourceIdentifier": "security@pega.com",
"published": "2023-06-22T21:15:09.163",
"lastModified": "2023-06-23T13:03:39.067",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:06:04.897",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@pega.com",
@ -35,6 +57,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "security@pega.com",
"type": "Secondary",
@ -46,10 +78,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pega:pega_platform:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1",
"versionEndIncluding": "8.8.3",
"matchCriteriaId": "6C36507F-B90C-481F-9E47-9C5F8B33966D"
}
]
}
]
}
],
"references": [
{
"url": "https://support.pega.com/support-doc/pega-security-advisory-%E2%80%93-c23-vulnerability-default-operators?",
"source": "security@pega.com"
"source": "security@pega.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-281xx/CVE-2023-28121.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28121",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-04-12T21:15:28.057",
"lastModified": "2023-04-21T15:10:02.147",
"vulnStatus": "Analyzed",
"lastModified": "2023-07-03T18:15:09.533",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -132,6 +132,10 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.rcesecurity.com/2023/07/patch-diffing-cve-2023-28121-to-compromise-a-woocommerce/",
"source": "support@hackerone.com"
}
]
}

77
CVE-2023/CVE-2023-284xx/CVE-2023-28485.json
View File

@ -2,27 +2,92 @@
"id": "CVE-2023-28485",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-26T16:15:09.537",
"lastModified": "2023-06-26T17:51:24.007",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:22:57.320",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (Stored XSS) vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. Any user can obtain the privilege to rename within their own board (where they have BoardAdmin access), and renameAttachment does not block XSS payloads."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wekan_project:wekan:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.75",
"matchCriteriaId": "5811ACF9-EA77-4434-9012-022410D2BCD5"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/172649/Wekan-6.74-Cross-Site-Scripting.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://wekan.github.io/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://wekan.github.io/hall-of-fame/filebleed/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

291
CVE-2023/CVE-2023-28xx/CVE-2023-2828.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2828",
"sourceIdentifier": "security-officer@isc.org",
"published": "2023-06-21T17:15:47.703",
"lastModified": "2023-07-03T16:15:09.807",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-07-03T19:11:56.183",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -34,30 +34,305 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*",
"versionStartIncluding": "9.11.0",
"versionEndIncluding": "9.16.41",
"matchCriteriaId": "D07C6BAA-C1AB-46BA-8C43-2CAD9A56F9F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:supported_preview:*:*:*",
"versionStartIncluding": "9.11.3",
"versionEndIncluding": "9.16.41",
"matchCriteriaId": "1C89B14A-F275-41A5-993D-AC024C6395B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*",
"versionStartIncluding": "9.18.0",
"versionEndIncluding": "9.18.15",
"matchCriteriaId": "BB0EF8A8-398F-424C-8284-2F96E4569E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:supported_preview:*:*:*",
"versionStartIncluding": "9.18.11",
"versionEndIncluding": "9.18.15",
"matchCriteriaId": "41E493D6-D811-47ED-9227-CC2AA1837FE4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*",
"versionStartIncluding": "9.19.0",
"versionEndIncluding": "9.19.13",
"matchCriteriaId": "C3D5078D-5783-4D4A-A24F-84FB9BB9F8AC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/06/21/6",
"source": "security-officer@isc.org"
"source": "security-officer@isc.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://kb.isc.org/docs/cve-2023-2828",
"source": "security-officer@isc.org"
"source": "security-officer@isc.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEFCEVCTYEMKTWA7V7EYPI5YQQ4JWDLI/",
"source": "security-officer@isc.org"
"source": "security-officer@isc.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3K6AJK7RRSR53HRF5GGKPA6PDUDWOD2/",
"source": "security-officer@isc.org"
"source": "security-officer@isc.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230703-0010/",
"source": "security-officer@isc.org"
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5439",
"source": "security-officer@isc.org"
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
]
}
]
}

204
CVE-2023/CVE-2023-28xx/CVE-2023-2829.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2829",
"sourceIdentifier": "security-officer@isc.org",
"published": "2023-06-21T17:15:47.770",
"lastModified": "2023-07-03T16:15:09.897",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-07-03T19:11:00.110",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -34,14 +34,210 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:supported_preview:*:*:*",
"versionStartIncluding": "9.16.8",
"versionEndIncluding": "9.16.41",
"matchCriteriaId": "4ECB8B5E-F1D6-455C-8E50-87BFF2311465"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:supported_preview:*:*:*",
"versionStartIncluding": "9.18.11",
"versionEndIncluding": "9.18.15",
"matchCriteriaId": "41E493D6-D811-47ED-9227-CC2AA1837FE4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43"
}
]
}
]
}
],
"references": [
{
"url": "https://kb.isc.org/docs/cve-2023-2829",
"source": "security-officer@isc.org"
"source": "security-officer@isc.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230703-0010/",
"source": "security-officer@isc.org"
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-28xx/CVE-2023-2842.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-2842",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-27T14:15:11.567",
"lastModified": "2023-06-27T16:15:35.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:27:16.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WP Inventory Manager WordPress plugin before 2.1.0.14 does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpinventory:wp_inventory_manager:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.1.0.14",
"matchCriteriaId": "8660BB5E-CF41-430F-8179-2C0372318B37"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/0357ecc7-56f5-4843-a928-bf2d3ce75596",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-28xx/CVE-2023-2877.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-2877",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-27T14:15:11.633",
"lastModified": "2023-06-27T16:15:35.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:26:43.103",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site, leading to Remote Code Execution."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:strategy11:formidable_forms:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "6.3.1",
"matchCriteriaId": "078E6764-A4DF-4992-AE5D-F623E6B8E94C"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/33765da5-c56e-42c1-83dd-fcaad976b402",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-290xx/CVE-2023-29093.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29093",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-26T06:15:10.773",
"lastModified": "2023-06-26T13:02:32.107",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:19:55.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:piwebsolution:conditional_cart_fee_\\/_extra_charge_rule_for_woocommerce_extra_fees:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.96",
"matchCriteriaId": "8F83895C-DE14-4852-A6B7-6D44203AB0E2"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/conditional-extra-fees-for-woocommerce/wordpress-conditional-extra-fees-for-woocommerce-plugin-1-0-96-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-294xx/CVE-2023-29423.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29423",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-26T08:15:09.050",
"lastModified": "2023-06-26T13:02:32.107",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:19:39.733",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:piwebsolution:cancel_order_request_\\/_return_order_\\/_repeat_order_\\/_reorder_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.3.2",
"matchCriteriaId": "A42EB328-3F88-443C-970C-30F98C661796"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cancel-order-request-woocommerce/wordpress-cancel-order-request-woocommerce-plugin-1-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-294xx/CVE-2023-29438.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29438",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-26T13:15:09.560",
"lastModified": "2023-06-26T15:02:18.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T18:04:26.617",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:simplemodal_contact_form_project:simplemodal_contact_form:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.9",
"matchCriteriaId": "48D16A22-39A5-4073-9ADD-70751AE45381"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/simplemodal-contact-form-smcf/wordpress-simplemodal-contact-form-smcf-plugin-1-2-9-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

294
CVE-2023/CVE-2023-29xx/CVE-2023-2911.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2911",
"sourceIdentifier": "security-officer@isc.org",
"published": "2023-06-21T17:15:47.827",
"lastModified": "2023-07-03T16:15:09.983",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-07-03T19:09:45.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -34,30 +34,308 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*",
"versionStartIncluding": "9.16.33",
"versionEndIncluding": "9.16.41",
"matchCriteriaId": "2E225B5E-5D4E-4D7D-8E8E-BDAF69386072"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:supported_preview:*:*:*",
"versionStartIncluding": "9.16.33",
"versionEndIncluding": "9.16.41",
"matchCriteriaId": "B44AC868-4E58-4D76-BE4A-AB47E3FFA134"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*",
"versionStartIncluding": "9.18.7",
"versionEndIncluding": "9.18.15",
"matchCriteriaId": "DFFF05A7-1826-4485-BEE4-DB3A5B25B49A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:supported_preview:*:*:*",
"versionStartIncluding": "9.18.11",
"versionEndIncluding": "9.18.15",
"matchCriteriaId": "41E493D6-D811-47ED-9227-CC2AA1837FE4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/06/21/6",
"source": "security-officer@isc.org"
"source": "security-officer@isc.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://kb.isc.org/docs/cve-2023-2911",
"source": "security-officer@isc.org"
"source": "security-officer@isc.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEFCEVCTYEMKTWA7V7EYPI5YQQ4JWDLI/",
"source": "security-officer@isc.org"
"source": "security-officer@isc.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3K6AJK7RRSR53HRF5GGKPA6PDUDWOD2/",
"source": "security-officer@isc.org"
"source": "security-officer@isc.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230703-0010/",
"source": "security-officer@isc.org"
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5439",
"source": "security-officer@isc.org"
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-29xx/CVE-2023-2996.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-2996",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-27T14:15:11.723",
"lastModified": "2023-06-27T16:15:35.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:26:05.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,14 +46,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:automattic:jetpack:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "12.1.1",
"matchCriteriaId": "F5E11109-F3B9-4201-9C0B-94D8FDD0ECE4"
}
]
}
]
}
],
"references": [
{
"url": "https://jetpack.com/blog/jetpack-12-1-1-critical-security-update/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://wpscan.com/vulnerability/52d221bd-ae42-435d-a90a-60a5ae530663",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-302xx/CVE-2023-30261.json
View File

@ -2,27 +2,98 @@
"id": "CVE-2023-30261",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-26T14:15:10.223",
"lastModified": "2023-06-26T15:02:18.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T18:35:15.703",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Command Injection vulnerability in OpenWB 1.6 and 1.7 allows remote attackers to run arbitrary commands via crafted GET request."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openwb:openwb:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9B16EC80-37A7-45E2-8F68-DE9C60C18B44"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openwb:openwb:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2E3B3C05-CEF6-4982-B3FC-C531C79D66DA"
}
]
}
]
}
],
"references": [
{
"url": "https://eldstal.se/advisories/230329-openwb.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
]
},
{
"url": "https://github.com/snaptec/openWB/issues/2672",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
]
},
{
"url": "https://github.com/snaptec/openWB/pull/2673",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

58
CVE-2023/CVE-2023-31xx/CVE-2023-3114.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3114",
"sourceIdentifier": "security@hashicorp.com",
"published": "2023-06-22T22:15:09.197",
"lastModified": "2023-06-23T13:03:31.027",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:02:38.127",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0
},
{
"source": "security@hashicorp.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
},
{
"source": "security@hashicorp.com",
"type": "Secondary",
@ -46,10 +76,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:terraform_enterprise:*:*:*:*:*:*:*:*",
"versionStartIncluding": "202207-1",
"versionEndExcluding": "202306-1",
"matchCriteriaId": "2FD92957-F413-4189-B026-C7CB7CF7348B"
}
]
}
]
}
],
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-18-terraform-enterprise-agent-pool-controls-allowed-unauthorized-workspaces-to-target-an-agent-pool/55329",
"source": "security@hashicorp.com"
"source": "security@hashicorp.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-325xx/CVE-2023-32571.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-32571",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-22T20:15:09.640",
"lastModified": "2023-06-23T13:03:39.067",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:07:26.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-697"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dynamic-linq:linq:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.7.10",
"versionEndIncluding": "1.2.25",
"matchCriteriaId": "508EE55E-ED69-462D-B1FD-6C0F2E5AD558"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/zzzprojects/System.Linq.Dynamic.Core",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://research.nccgroup.com/2023/06/13/dynamic-linq-injection-remote-code-execution-vulnerability-cve-2023-32571/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

125
CVE-2023/CVE-2023-332xx/CVE-2023-33299.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33299",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-06-23T08:15:09.483",
"lastModified": "2023-06-23T13:03:31.027",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T18:59:42.443",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
@ -34,10 +54,109 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.5.0",
"versionEndIncluding": "8.5.4",
"matchCriteriaId": "8292B841-851C-42C2-AF13-17AB2FA894CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.6.0",
"versionEndIncluding": "8.6.5",
"matchCriteriaId": "95E75B88-1750-4FB6-BCE4-74B69D93C918"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.7.0",
"versionEndIncluding": "8.7.6",
"matchCriteriaId": "3BD32B25-76B4-4D6E-BB5C-065070297058"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.8.0",
"versionEndIncluding": "8.8.11",
"matchCriteriaId": "46929BE3-0396-4B8A-9889-9F6CA73FAD4E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.1.0",
"versionEndIncluding": "9.1.9",
"matchCriteriaId": "D101F116-0C73-401E-9882-8BA2F403FA4E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.2.0",
"versionEndIncluding": "9.2.7",
"matchCriteriaId": "B341AE7E-48F1-4ABE-891F-F9D543D19E29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortinac:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF5B4CF-5BF9-4852-BD4F-5A27FD17EDC2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortinac:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C3107FF-B414-4C7C-BD97-AC102A744B1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "952F266E-0E48-4D69-81E0-9F813B60AC3E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E12E11B0-E21A-4124-9DF9-FF268BB19813"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortinac:9.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4648F862-AB8C-4B8D-8F2D-5D2641F08845"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortinac:9.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6B0251A8-1E8B-4B4A-962F-3E5950601814"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-074",
"source": "psirt@fortinet.com"
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-341xx/CVE-2023-34110.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34110",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-22T23:15:09.410",
"lastModified": "2023-06-23T13:03:31.027",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:00:56.767",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,22 +66,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:flask-appbuilder_project:flask-appbuilder:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.3.2",
"matchCriteriaId": "89D84C58-58FA-4CEE-804D-F114CD419E72"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/dpgaspar/Flask-AppBuilder/commit/ae25ad4c87a9051ebe4a4e8f02aee73232642626",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/dpgaspar/Flask-AppBuilder/pull/2045",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.3.2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-jhpr-j7cq-3jp3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-342xx/CVE-2023-34242.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-34242",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-15T20:15:09.473",
"lastModified": "2023-06-15T20:46:39.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:12:59.533",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of secrets (including certificates) and services across namespaces. An attacker on an affected cluster can leverage this issue to use cluster secrets that should not be visible to them, or communicate with services that they should not have access to. Gateway API functionality is disabled by default. This vulnerability is fixed in Cilium release 1.13.4. As a workaround, restrict the creation of `ReferenceGrant` resources to admin users by using Kubernetes RBAC."
},
{
"lang": "es",
"value": "Cilium es una soluci\u00f3n de red, observabilidad y seguridad con un plano de datos basado en eBPF. Antes de la versi\u00f3n 1.13.4, cuando la API de puerta de enlace est\u00e1 habilitada en Cilium, la ausencia de una comprobaci\u00f3n en el espacio de nombres en el que se crea una \"ReferenceGrant\" podr\u00eda dar lugar a que Cilium obtuviera involuntariamente visibilidad de secretos (incluidos certificados) y servicios a trav\u00e9s de espacios de nombres. Un atacante en un cl\u00faster afectado puede aprovechar este problema para utilizar secretos de cl\u00faster que no deber\u00edan ser visibles para \u00e9l, o comunicarse con servicios a los que no deber\u00eda tener acceso. La funcionalidad \"Gateway API\" est\u00e1 desactivada por defecto. Esta vulnerabilidad se ha corregido en la versi\u00f3n 1.13.4 de Cilium. Como soluci\u00f3n, restrinja la creaci\u00f3n de recursos \"ReferenceGrant\" a los usuarios administradores mediante Kubernetes RBAC. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.13.4",
"matchCriteriaId": "4CCCAA75-0B30-4621-99DA-48D617D3A9B5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/cilium/cilium/releases/tag/v1.13.4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/cilium/cilium/security/advisories/GHSA-r7wr-4w5q-55m6",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-344xx/CVE-2023-34450.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34450",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-03T17:15:09.147",
"lastModified": "2023-07-03T17:15:09.147",
"vulnStatus": "Received",
"lastModified": "2023-07-03T18:33:32.153",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-344xx/CVE-2023-34451.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34451",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-03T17:15:09.240",
"lastModified": "2023-07-03T17:15:09.240",
"vulnStatus": "Received",
"lastModified": "2023-07-03T18:33:32.153",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

75
CVE-2023/CVE-2023-345xx/CVE-2023-34553.json
View File

@ -2,19 +2,86 @@
"id": "CVE-2023-34553",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-22T21:15:09.367",
"lastModified": "2023-06-23T13:03:39.067",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:04:02.807",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in WAFU Keyless Smart Lock v1.0 allows attackers to unlock a device via code replay attack."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-294"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:wafucn:wafu_keyless_smart_lock_firmware:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68B7D499-05DC-4BC5-8AA7-0DF9A7C8E645"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:wafucn:wafu_keyless_smart_lock:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E25A352-FE93-4042-BD32-917169B76AA9"
}
]
}
]
}
],
"references": [
{
"url": "https://ashallen.net/wireless-smart-lock-vulnerability-disclosure",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-348xx/CVE-2023-34835.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-34835",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-27T18:15:13.557",
"lastModified": "2023-06-27T18:34:43.840",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:30:38.090",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:escanav:escan_management_console:14.0.1400.2281:*:*:*:*:*:*:*",
"matchCriteriaId": "5C9D13C7-6948-4E3A-946C-B291CFBD4D70"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/sahiloj/CVE-2023-34835/blob/main/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-348xx/CVE-2023-34836.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-34836",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-27T18:15:13.603",
"lastModified": "2023-06-27T18:34:43.840",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:30:27.440",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and ListName parameters."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:escanav:escan_management_console:14.0.1400.2281:*:*:*:*:*:*:*",
"matchCriteriaId": "5C9D13C7-6948-4E3A-946C-B291CFBD4D70"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/sahiloj/CVE-2023-34836/blob/main/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-348xx/CVE-2023-34837.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-34837",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-27T18:15:13.653",
"lastModified": "2023-06-27T18:34:43.840",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:30:12.097",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:escanav:escan_management_console:14.0.1400.2281:*:*:*:*:*:*:*",
"matchCriteriaId": "5C9D13C7-6948-4E3A-946C-B291CFBD4D70"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/sahiloj/CVE-2023-34837/blob/main/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-348xx/CVE-2023-34838.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-34838",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-27T18:15:13.700",
"lastModified": "2023-06-27T18:34:43.840",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:30:00.057",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:escanav:escan_management_console:14.0.1400.2281:*:*:*:*:*:*:*",
"matchCriteriaId": "5C9D13C7-6948-4E3A-946C-B291CFBD4D70"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/sahiloj/CVE-2023-34838/blob/main/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-348xx/CVE-2023-34839.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-34839",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-27T18:15:13.747",
"lastModified": "2023-06-27T18:34:43.840",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:29:43.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:issabel:pbx:4.0.0-6:*:*:*:*:*:*:*",
"matchCriteriaId": "D1A5E56B-4B74-4BF7-ACF5-1D9F3C0FC0FF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/sahiloj/CVE-2023-34839/blob/main/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-34xx/CVE-2023-3431.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3431",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-06-27T15:15:11.743",
"lastModified": "2023-06-27T16:15:35.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:24:51.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -36,8 +58,18 @@
},
"weaknesses": [
{
"source": "security@huntr.dev",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +78,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:plantuml:plantuml:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2023.9",
"matchCriteriaId": "389D4A80-A72D-42CC-885E-818A52175C8A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/plantuml/plantuml/commit/fbe7fa3b25b4c887d83927cffb1009ec6cb8ab1e",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/fa741f95-b53c-4ed7-b157-e32c5145164c",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-34xx/CVE-2023-3432.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3432",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-06-27T15:15:11.980",
"lastModified": "2023-06-27T16:15:35.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:24:13.527",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.8
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +68,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:plantuml:plantuml:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2023.9",
"matchCriteriaId": "389D4A80-A72D-42CC-885E-818A52175C8A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/plantuml/plantuml/commit/b32500bb61ae617bb312496d6d832e4be8190797",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/8ac3316f-431c-468d-87e4-3dafff2ecf51",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-34xx/CVE-2023-3497.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3497",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-07-03T17:15:09.540",
"lastModified": "2023-07-03T17:15:09.540",
"vulnStatus": "Received",
"lastModified": "2023-07-03T18:33:32.153",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

48
CVE-2023/CVE-2023-351xx/CVE-2023-35154.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35154",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-23T21:15:09.400",
"lastModified": "2023-06-24T12:41:30.800",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T18:47:34.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,10 +66,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eng:knowage:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1.0",
"versionEndExcluding": "8.1.8",
"matchCriteriaId": "97741C80-7124-493C-B642-25BC547AA137"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-48hp-jvv8-cf62",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-351xx/CVE-2023-35171.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35171",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-23T21:15:09.703",
"lastModified": "2023-06-24T12:41:30.800",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:38:57.370",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,7 +56,7 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,20 +64,71 @@
"value": "CWE-601"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"versionStartIncluding": "26.0.0",
"versionEndExcluding": "26.0.2",
"matchCriteriaId": "CB3473C7-E5B9-44B1-AC74-F7224D9AB78B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "26.0.0",
"versionEndExcluding": "26.0.2",
"matchCriteriaId": "AE95CF9F-D964-4857-8805-2CE4CF2F6328"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h353-vvwv-j2r4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://github.com/nextcloud/server/pull/38194",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://hackerone.com/reports/1977222",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-359xx/CVE-2023-35935.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35935",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-03T17:15:09.317",
"lastModified": "2023-07-03T17:15:09.317",
"vulnStatus": "Received",
"lastModified": "2023-07-03T18:33:32.153",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-360xx/CVE-2023-36053.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36053",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-03T13:15:09.737",
"lastModified": "2023-07-03T13:15:09.737",
"vulnStatus": "Received",
"lastModified": "2023-07-03T18:33:32.153",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

64
CVE-2023/CVE-2023-363xx/CVE-2023-36301.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-36301",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-26T15:15:09.853",
"lastModified": "2023-06-26T17:51:24.007",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:18:49.437",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:talend:data_catalog:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0-20230221",
"matchCriteriaId": "3A24F7E5-1BF9-4623-95F9-93CCC98F3CCA"
}
]
}
]
}
],
"references": [
{
"url": "https://help.talend.com/r/en-US/Talend-Products-CVEs/Talend-Products-CVEs",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-366xx/CVE-2023-36660.json
View File

@ -2,27 +2,89 @@
"id": "CVE-2023-36660",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-25T22:15:21.337",
"lastModified": "2023-06-26T13:02:36.297",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:20:47.360",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nettle_project:nettle:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "315BCEC0-1D36-4DAC-99D3-652EB144BC13"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1212112",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://git.lysator.liu.se/nettle/nettle/-/commit/867a4548b95705291a3afdd66d76e7f17ba2618f",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://git.lysator.liu.se/nettle/nettle/-/compare/nettle_3.9_release_20230514...nettle_3.9.1_release_20230601",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

69
CVE-2023/CVE-2023-366xx/CVE-2023-36666.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-36666",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-25T22:15:21.527",
"lastModified": "2023-06-26T13:02:32.107",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:07:18.410",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page-header-preamble.foil.php, edit-form.foil.php, page-header-preamble.foil.php, overview.foil.php, cust.foil.php, and view.foil.php may be affected."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:inex:ixp_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.1",
"matchCriteriaId": "50ECE4A6-8FD8-416A-9D29-DB4B190314ED"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/inex/IXP-Manager/commit/fddbc38adb477c9cd46a462655ffed96d3d42229",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/inex/IXP-Manager/compare/v6.3.0...v6.3.1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

86
CVE-2023/CVE-2023-366xx/CVE-2023-36675.json
View File

@ -2,19 +2,97 @@
"id": "CVE-2023-36675",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-26T01:15:09.203",
"lastModified": "2023-06-26T13:02:32.107",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-03T19:20:19.150",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.35.11",
"matchCriteriaId": "FB8FFF65-64E2-4995-9D76-4A76E9165631"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.36.0",
"versionEndExcluding": "1.38.7",
"matchCriteriaId": "604E0A5B-4554-46AA-98AF-608A2CCDBF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.39.0",
"versionEndExcluding": "1.39.4",
"matchCriteriaId": "8B25814F-6A96-432B-9E6B-458E8FAA8B32"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.40.0",
"versionEndExcluding": "1.40.1",
"matchCriteriaId": "1AD12042-7940-4775-AD0E-DB4B55438E43"
}
]
}
]
}
],
"references": [
{
"url": "https://phabricator.wikimedia.org/T332889",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

4
CVE-2023/CVE-2023-368xx/CVE-2023-36814.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36814",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-03T17:15:09.393",
"lastModified": "2023-07-03T17:15:09.393",
"vulnStatus": "Received",
"lastModified": "2023-07-03T18:33:32.153",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-368xx/CVE-2023-36815.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-36815",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-03T18:15:09.653",
"lastModified": "2023-07-03T18:33:32.153",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Sealos is a Cloud Operating System designed for managing cloud-native applications. In version 4.2.0 and prior, there is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account `sealos[.] io/v1/Payment`, resulting in the ability to recharge any amount of 1 renminbi (RMB). The charging interface may expose resource information. The namespace of this custom resource would be user's control and may have permission to correct it. It is not clear whether a fix exists."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://github.com/labring/sealos/security/advisories/GHSA-vpxf-q44g-w34w",
"source": "security-advisories@github.com"
}
]
}

4
CVE-2023/CVE-2023-368xx/CVE-2023-36816.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36816",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-03T17:15:09.463",
"lastModified": "2023-07-03T17:15:09.463",
"vulnStatus": "Received",
"lastModified": "2023-07-03T18:33:32.153",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

59
CVE-2023/CVE-2023-368xx/CVE-2023-36817.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-36817",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-03T18:15:09.733",
"lastModified": "2023-07-03T18:33:32.153",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "`tktchurch/website` contains the codebase for The King's Temple Church website. In version 0.1.0, a Stripe API key was found in the public code repository of the church's project. This sensitive information was unintentionally committed and subsequently exposed in the codebase. If an unauthorized party gains access to this key, they could potentially carry out transactions on behalf of the organization, leading to financial losses. Additionally, they could access sensitive customer information, leading to privacy violations and potential legal implications. The affected component is the codebase of our project, specifically the file(s) where the Stripe API key is embedded. The key should have been stored securely, and not committed to the codebase. The maintainers plan to revoke the leaked Stripe API key immediately, generate a new one, and not commit the key to the codebase."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://github.com/tktchurch/website/security/advisories/GHSA-x3m6-5hmf-5x3w",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-368xx/CVE-2023-36819.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-36819",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-03T19:15:09.183",
"lastModified": "2023-07-03T19:15:09.183",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Knowage is the professional open source suite for modern business analytics over traditional sources and big data systems. The endpoint `_/knowage/restful-services/dossier/importTemplateFile_` allows authenticated users to download template hosted on the server. However, starting in the 6.x.x branch and prior to version 8.1.8, the application does not sanitize the `_templateName_ `parameter allowing an attacker to use `*../*` in it, and escaping the directory the template are normally placed and download any file from the system. This vulnerability allows a low privileged attacker to exfiltrate sensitive configuration file. This issue has been patched in Knowage version 8.1.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-jw99-hxxj-75g2",
"source": "security-advisories@github.com"
}
]
}

67
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-07-03T18:00:30.019834+00:00
2023-07-03T20:00:28.709051+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-07-03T17:53:58.230000+00:00
2023-07-03T19:38:57.370000+00:00
```
### Last Data Feed Release
@ -29,48 +29,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
219064
219067
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `3`
* [CVE-2023-34450](CVE-2023/CVE-2023-344xx/CVE-2023-34450.json) (`2023-07-03T17:15:09.147`)
* [CVE-2023-34451](CVE-2023/CVE-2023-344xx/CVE-2023-34451.json) (`2023-07-03T17:15:09.240`)
* [CVE-2023-35935](CVE-2023/CVE-2023-359xx/CVE-2023-35935.json) (`2023-07-03T17:15:09.317`)
* [CVE-2023-36814](CVE-2023/CVE-2023-368xx/CVE-2023-36814.json) (`2023-07-03T17:15:09.393`)
* [CVE-2023-36816](CVE-2023/CVE-2023-368xx/CVE-2023-36816.json) (`2023-07-03T17:15:09.463`)
* [CVE-2023-3497](CVE-2023/CVE-2023-34xx/CVE-2023-3497.json) (`2023-07-03T17:15:09.540`)
* [CVE-2023-36815](CVE-2023/CVE-2023-368xx/CVE-2023-36815.json) (`2023-07-03T18:15:09.653`)
* [CVE-2023-36817](CVE-2023/CVE-2023-368xx/CVE-2023-36817.json) (`2023-07-03T18:15:09.733`)
* [CVE-2023-36819](CVE-2023/CVE-2023-368xx/CVE-2023-36819.json) (`2023-07-03T19:15:09.183`)
### CVEs modified in the last Commit
Recently modified CVEs: `23`
Recently modified CVEs: `59`
* [CVE-2015-20108](CVE-2015/CVE-2015-201xx/CVE-2015-20108.json) (`2023-07-03T16:15:09.237`)
* [CVE-2022-48502](CVE-2022/CVE-2022-485xx/CVE-2022-48502.json) (`2023-07-03T16:15:09.393`)
* [CVE-2023-1891](CVE-2023/CVE-2023-18xx/CVE-2023-1891.json) (`2023-07-03T16:06:07.267`)
* [CVE-2023-20883](CVE-2023/CVE-2023-208xx/CVE-2023-20883.json) (`2023-07-03T16:15:09.470`)
* [CVE-2023-2598](CVE-2023/CVE-2023-25xx/CVE-2023-2598.json) (`2023-07-03T16:15:09.547`)
* [CVE-2023-2650](CVE-2023/CVE-2023-26xx/CVE-2023-2650.json) (`2023-07-03T16:15:09.623`)
* [CVE-2023-2731](CVE-2023/CVE-2023-27xx/CVE-2023-2731.json) (`2023-07-03T16:15:09.727`)
* [CVE-2023-2828](CVE-2023/CVE-2023-28xx/CVE-2023-2828.json) (`2023-07-03T16:15:09.807`)
* [CVE-2023-2829](CVE-2023/CVE-2023-28xx/CVE-2023-2829.json) (`2023-07-03T16:15:09.897`)
* [CVE-2023-2911](CVE-2023/CVE-2023-29xx/CVE-2023-2911.json) (`2023-07-03T16:15:09.983`)
* [CVE-2023-2953](CVE-2023/CVE-2023-29xx/CVE-2023-2953.json) (`2023-07-03T16:15:10.070`)
* [CVE-2023-30774](CVE-2023/CVE-2023-307xx/CVE-2023-30774.json) (`2023-07-03T16:15:10.150`)
* [CVE-2023-30775](CVE-2023/CVE-2023-307xx/CVE-2023-30775.json) (`2023-07-03T16:15:10.230`)
* [CVE-2023-3111](CVE-2023/CVE-2023-31xx/CVE-2023-3111.json) (`2023-07-03T16:15:10.300`)
* [CVE-2023-3212](CVE-2023/CVE-2023-32xx/CVE-2023-3212.json) (`2023-07-03T16:16:09.447`)
* [CVE-2023-35759](CVE-2023/CVE-2023-357xx/CVE-2023-35759.json) (`2023-07-03T16:24:39.053`)
* [CVE-2023-1166](CVE-2023/CVE-2023-11xx/CVE-2023-1166.json) (`2023-07-03T16:32:54.863`)
* [CVE-2023-3316](CVE-2023/CVE-2023-33xx/CVE-2023-3316.json) (`2023-07-03T16:43:32.603`)
* [CVE-2023-0873](CVE-2023/CVE-2023-08xx/CVE-2023-0873.json) (`2023-07-03T16:48:44.673`)
* [CVE-2023-22359](CVE-2023/CVE-2023-223xx/CVE-2023-22359.json) (`2023-07-03T16:53:40.840`)
* [CVE-2023-33243](CVE-2023/CVE-2023-332xx/CVE-2023-33243.json) (`2023-07-03T17:30:11.167`)
* [CVE-2023-32752](CVE-2023/CVE-2023-327xx/CVE-2023-32752.json) (`2023-07-03T17:37:32.993`)
* [CVE-2023-32339](CVE-2023/CVE-2023-323xx/CVE-2023-32339.json) (`2023-07-03T17:53:58.230`)
* [CVE-2023-34242](CVE-2023/CVE-2023-342xx/CVE-2023-34242.json) (`2023-07-03T19:12:59.533`)
* [CVE-2023-25515](CVE-2023/CVE-2023-255xx/CVE-2023-25515.json) (`2023-07-03T19:15:31.923`)
* [CVE-2023-23344](CVE-2023/CVE-2023-233xx/CVE-2023-23344.json) (`2023-07-03T19:16:21.420`)
* [CVE-2023-28016](CVE-2023/CVE-2023-280xx/CVE-2023-28016.json) (`2023-07-03T19:17:06.243`)
* [CVE-2023-36301](CVE-2023/CVE-2023-363xx/CVE-2023-36301.json) (`2023-07-03T19:18:49.437`)
* [CVE-2023-25307](CVE-2023/CVE-2023-253xx/CVE-2023-25307.json) (`2023-07-03T19:19:20.030`)
* [CVE-2023-29423](CVE-2023/CVE-2023-294xx/CVE-2023-29423.json) (`2023-07-03T19:19:39.733`)
* [CVE-2023-2533](CVE-2023/CVE-2023-25xx/CVE-2023-2533.json) (`2023-07-03T19:19:40.983`)
* [CVE-2023-29093](CVE-2023/CVE-2023-290xx/CVE-2023-29093.json) (`2023-07-03T19:19:55.117`)
* [CVE-2023-36675](CVE-2023/CVE-2023-366xx/CVE-2023-36675.json) (`2023-07-03T19:20:19.150`)
* [CVE-2023-36660](CVE-2023/CVE-2023-366xx/CVE-2023-36660.json) (`2023-07-03T19:20:47.360`)
* [CVE-2023-28485](CVE-2023/CVE-2023-284xx/CVE-2023-28485.json) (`2023-07-03T19:22:57.320`)
* [CVE-2023-3432](CVE-2023/CVE-2023-34xx/CVE-2023-3432.json) (`2023-07-03T19:24:13.527`)
* [CVE-2023-3431](CVE-2023/CVE-2023-34xx/CVE-2023-3431.json) (`2023-07-03T19:24:51.337`)
* [CVE-2023-2996](CVE-2023/CVE-2023-29xx/CVE-2023-2996.json) (`2023-07-03T19:26:05.237`)
* [CVE-2023-2877](CVE-2023/CVE-2023-28xx/CVE-2023-2877.json) (`2023-07-03T19:26:43.103`)
* [CVE-2023-2842](CVE-2023/CVE-2023-28xx/CVE-2023-2842.json) (`2023-07-03T19:27:16.967`)
* [CVE-2023-25520](CVE-2023/CVE-2023-255xx/CVE-2023-25520.json) (`2023-07-03T19:27:23.943`)
* [CVE-2023-2795](CVE-2023/CVE-2023-27xx/CVE-2023-2795.json) (`2023-07-03T19:28:20.887`)
* [CVE-2023-34839](CVE-2023/CVE-2023-348xx/CVE-2023-34839.json) (`2023-07-03T19:29:43.347`)
* [CVE-2023-34838](CVE-2023/CVE-2023-348xx/CVE-2023-34838.json) (`2023-07-03T19:30:00.057`)
* [CVE-2023-34837](CVE-2023/CVE-2023-348xx/CVE-2023-34837.json) (`2023-07-03T19:30:12.097`)
* [CVE-2023-34836](CVE-2023/CVE-2023-348xx/CVE-2023-34836.json) (`2023-07-03T19:30:27.440`)
* [CVE-2023-34835](CVE-2023/CVE-2023-348xx/CVE-2023-34835.json) (`2023-07-03T19:30:38.090`)
* [CVE-2023-35171](CVE-2023/CVE-2023-351xx/CVE-2023-35171.json) (`2023-07-03T19:38:57.370`)
## Download and Usage