admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 11:07:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-11T18:00:27.553751+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-11 18:00:31 +00:00
parent 35c7f458ed
commit 5620ae0fba
25 changed files with 25783 additions and 142 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5686
CVE-2023/CVE-2023-285xx/CVE-2023-28544.json
View File

File diff suppressed because it is too large Load Diff

5066
CVE-2023/CVE-2023-285xx/CVE-2023-28548.json
View File

File diff suppressed because it is too large Load Diff

6199
CVE-2023/CVE-2023-285xx/CVE-2023-28549.json
View File

File diff suppressed because it is too large Load Diff

7630
CVE-2023/CVE-2023-285xx/CVE-2023-28557.json
View File

File diff suppressed because it is too large Load Diff

24
CVE-2023/CVE-2023-300xx/CVE-2023-30058.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-30058",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T16:15:07.560",
"lastModified": "2023-09-11T16:15:07.560",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "novel-plus 3.6.2 is vulnerable to SQL Injection."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/201206030/novel-plus",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Rabb1tQ/HillstoneCVEs/tree/main/CVE-2023-30058",
"source": "cve@mitre.org"
}
]
}

65
CVE-2023/CVE-2023-346xx/CVE-2023-34637.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-34637",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-05T22:15:08.577",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T16:54:19.023",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in IsarNet AG IsarFlow v5.23 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the dashboard title parameter in the IsarFlow Portal."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isarnet:isarflow:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.23",
"matchCriteriaId": "0A5CB77C-166D-41F0-8EB3-98252D7B009C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.mgm-sp.com/en/isarflow-xss-vulnerability/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

49
CVE-2023/CVE-2023-357xx/CVE-2023-35719.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35719",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2023-09-06T05:15:42.437",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T17:49:21.660",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -46,10 +68,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6122:*:*:*:*:*:*",
"matchCriteriaId": "D3EFB734-E7F3-482E-9A64-DD1A0A6B1E5F"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-891",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

93
CVE-2023/CVE-2023-37xx/CVE-2023-3777.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3777",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-09-06T14:15:10.860",
"lastModified": "2023-09-10T12:16:18.500",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-11T17:59:40.753",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -46,18 +76,71 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.9.0",
"matchCriteriaId": "C9CA5EDA-9CA4-49FA-AF86-7B150825868E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0",
"versionEndExcluding": "6.5",
"matchCriteriaId": "E353C344-905E-463B-B603-D89D28061B43"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Issue Tracking",
"Mailing List",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://kernel.dance/6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5492",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-407xx/CVE-2023-40743.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-40743",
"sourceIdentifier": "security@apache.org",
"published": "2023-09-05T15:15:42.687",
"lastModified": "2023-09-05T17:31:50.810",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T17:16:46.603",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through \"ServiceFactory.getService\" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose the application to DoS, SSRF and even attacks leading to RCE.\n\nAs Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. As a workaround, you may review your code to verify no untrusted or unsanitized input is passed to \"ServiceFactory.getService\", or by applying the patch from https://github.com/apache/axis-axis1-java/commit/7e66753427466590d6def0125e448d2791723210 . The Apache Axis project does not expect to create an Axis 1.x release fixing this problem, though contributors that would like to work towards this are welcome.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
@ -23,14 +46,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:axis:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023-08-01",
"matchCriteriaId": "28772E39-4100-404C-8274-8A4FF7DDF588"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/apache/axis-axis1-java/commit/7e66753427466590d6def0125e448d2791723210",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Patch"
]
},
{
"url": "https://lists.apache.org/thread/gs0qgk2mgss7zfhzdd6ftfjvm4kp7v82",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
}
]
}

86
CVE-2023/CVE-2023-40xx/CVE-2023-4015.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4015",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-09-06T14:15:11.093",
"lastModified": "2023-09-10T12:16:19.657",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-11T17:59:05.123",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -46,18 +76,64 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.5",
"matchCriteriaId": "9E3BCCDE-3830-434C-9D47-F8B46B03DEFA"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0a771f7b266b02d262900c75f1e175c7fe76fec2",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Issue Tracking",
"Mailing List",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://kernel.dance/0a771f7b266b02d262900c75f1e175c7fe76fec2",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5492",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-410xx/CVE-2023-41012.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-41012",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-05T16:15:07.990",
"lastModified": "2023-09-05T17:31:50.810",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T17:32:47.030",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to execute arbitrary code via the authentication mechanism."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-384"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:chinamobile:intelligent_home_gateway_firmware:hg6543c4:*:*:*:*:*:*:*",
"matchCriteriaId": "3E2533ED-388E-43E7-BF0B-E6BB76790671"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:chinamobile:intelligent_home_gateway:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DB451CE-0E86-4524-8FF5-C0A3F9FAB9A2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/te5tb99/For-submitting/wiki/Command-Execution-Vulnerability-in-China-Mobile-Intelligent-Home-Gateway-HG6543C4-Identity-verification-has-design-flaws",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

77
CVE-2023/CVE-2023-419xx/CVE-2023-41935.json
View File

@ -2,23 +2,90 @@
"id": "CVE-2023-41935",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-06T13:15:10.297",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T17:54:37.170",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers to use statistical methods to obtain a valid nonce."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-697"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:azure_ad:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "348.vefd011eea_20b",
"matchCriteriaId": "1DB49479-D1D1-4DED-918B-E73292121907"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:azure_ad:*:*:*:*:*:jenkins:*:*",
"versionStartIncluding": "378.vd6e2874a_69eb",
"versionEndIncluding": "396.v86ce29279947",
"matchCriteriaId": "77E0A6BF-D2E6-4FE7-9BD5-E702FDBCB161"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/06/9",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3227",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-419xx/CVE-2023-41936.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-41936",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-06T13:15:10.367",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T17:53:27.380",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Google Login Plugin 1.7 and earlier uses a non-constant time comparison function when checking whether the provided and expected token are equal, potentially allowing attackers to use statistical methods to obtain a valid token."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-697"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:google_login:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "1.7",
"matchCriteriaId": "C5A3BAD5-C8AA-40C5-9DE5-E72F8A7B7805"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/06/9",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3228",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-419xx/CVE-2023-41937.json
View File

@ -2,23 +2,84 @@
"id": "CVE-2023-41937",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-06T13:15:10.593",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T17:53:01.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 through 2.8.3 (both inclusive) trusts values provided in the webhook payload, including certain URLs, and uses configured Bitbucket credentials to connect to those URLs, allowing attackers to capture Bitbucket credentials stored in Jenkins by sending a crafted webhook payload."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:bitbucket_push_and_pull_request:*:*:*:*:*:jenkins:*:*",
"versionStartIncluding": "2.4.0",
"versionEndIncluding": "2.8.3",
"matchCriteriaId": "DE104E22-F40A-46A6-8478-7D05B93AEA9F"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/06/9",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3165",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-419xx/CVE-2023-41938.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-41938",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-06T13:15:10.660",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T17:52:09.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Ivy Plugin 2.5 and earlier allows attackers to delete disabled modules."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:ivy:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "2.5",
"matchCriteriaId": "97D30617-B933-4B75-9F78-EE9EAEE1EE79"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/06/9",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3093",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-419xx/CVE-2023-41939.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-41939",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-06T13:15:10.867",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T17:51:37.613",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jenkins SSH2 Easy Plugin 1.4 and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted (typically optional permissions, like Overall/Manage) to access functionality they're no longer entitled to."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-281"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:ssh2_easy:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "1.4",
"matchCriteriaId": "BF8F2CB1-E7F2-4900-A396-9CD3A0F02346"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/06/9",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3064",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-419xx/CVE-2023-41940.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-41940",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-06T13:15:11.027",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T17:49:38.180",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jenkins TAP Plugin 2.3 and earlier does not escape TAP file contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control TAP file contents."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:tap:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "2.3",
"matchCriteriaId": "2B0E63ED-B349-4EAF-B9DE-71113ED858F3"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/06/9",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3190",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

86
CVE-2023/CVE-2023-42xx/CVE-2023-4206.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4206",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-09-06T14:15:11.280",
"lastModified": "2023-09-10T12:16:20.303",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-11T17:57:25.160",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -46,18 +76,64 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5",
"matchCriteriaId": "98C491C7-598A-4D36-BA4F-3505A5727ED1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Issue Tracking",
"Mailing List",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://kernel.dance/b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5492",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-43xx/CVE-2023-4346.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4346",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-08-29T20:15:10.300",
"lastModified": "2023-08-29T20:41:07.003",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T17:47:59.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:knx:connection_authorization:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F328E1CB-8666-4D06-B2BC-9532454AF906"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-01",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

18
CVE-2023/CVE-2023-47xx/CVE-2023-4739.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-4739",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-03T20:15:13.890",
"lastModified": "2023-09-08T16:03:02.257",
"lastModified": "2023-09-11T17:58:12.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -95,6 +95,7 @@
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -102,9 +103,20 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:byzoro:smart_s85f_management_platform:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:o:byzoro:smart_s85f_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "20230820",
"matchCriteriaId": "4E83737B-553D-4C68-8F0B-41A8372BADD8"
"matchCriteriaId": "99ECFDBB-6F42-4085-A987-5B4DCC1C37EA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:byzoro:smart_s85f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E47769D-223D-4113-A1D0-5736287B1DE2"
}
]
}

73
CVE-2023/CVE-2023-47xx/CVE-2023-4745.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4745",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-04T00:15:07.820",
"lastModified": "2023-09-04T03:51:45.317",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T17:57:42.127",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,59 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:byzoro:smart_s45f_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "20230822",
"matchCriteriaId": "DACD9EBD-1C0F-44AF-BCB5-15B1AF6DDAD4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:byzoro:smart_s45f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDA1A96-1CB9-48C6-805E-514CE4FEC9E3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Jacky-Y/vuls/blob/main/vul6.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.238634",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.238634",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-47xx/CVE-2023-4779.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-4779",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-09-06T07:15:09.690",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T17:46:42.657",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [usp_gallery] shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El plugin User Submitted Posts para WordPress es vulnerable a Cross-Site Scripting (XSS) almacenado a trav\u00e9s del shortcode del plugin [usp_gallery] en versiones hasta, e incluyendo, la 20230811 debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida en atributos suministrados por el usuario como \"before\". Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:plugin-planet:user_submitted_posts:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "20230811",
"matchCriteriaId": "342FFEE3-BDD6-4090-A281-AF11460E1CA2"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/2961841",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d21ca709-183f-4dd1-849c-f1b2a4f7ec43?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-48xx/CVE-2023-4844.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4844",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-08T22:15:12.177",
"lastModified": "2023-09-10T19:45:57.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-11T16:40:46.803",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,44 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:simple_membership_system_project:simple_membership_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77F4A6E6-0527-4ACF-B3FE-1B026C2D0942"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Meizhi-hua/cve/blob/main/Simple-Membership-System%20club_edit_query.php%20has%20Sqlinjection.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.239253",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.239253",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-48xx/CVE-2023-4881.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-4881",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-11T17:15:07.547",
"lastModified": "2023-09-11T17:15:07.547",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A stack based out-of-bounds write flaw was found in the netfilter subsystem in the Linux kernel. If the expression length is a multiple of 4 (register size), the `nft_exthdr_eval` family of functions writes 4 NULL bytes past the end of the `regs` argument, leading to stack corruption and potential information disclosure or a denial of service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 4.2
}
]
},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4881",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238312",
"source": "secalert@redhat.com"
}
]
}

77
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-11T16:00:25.914215+00:00
2023-09-11T18:00:27.553751+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-11T15:54:29.937000+00:00
2023-09-11T17:59:40.753000+00:00
```
### Last Data Feed Release
@ -29,62 +29,43 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
224610
224612
```
### CVEs added in the last Commit
Recently added CVEs: `20`
Recently added CVEs: `2`
* [CVE-2019-16470](CVE-2019/CVE-2019-164xx/CVE-2019-16470.json) (`2023-09-11T14:15:07.740`)
* [CVE-2019-16471](CVE-2019/CVE-2019-164xx/CVE-2019-16471.json) (`2023-09-11T14:15:07.887`)
* [CVE-2019-7819](CVE-2019/CVE-2019-78xx/CVE-2019-7819.json) (`2023-09-11T14:15:08.130`)
* [CVE-2020-24088](CVE-2020/CVE-2020-240xx/CVE-2020-24088.json) (`2023-09-11T15:15:52.357`)
* [CVE-2022-28831](CVE-2022/CVE-2022-288xx/CVE-2022-28831.json) (`2023-09-11T14:15:08.267`)
* [CVE-2022-28832](CVE-2022/CVE-2022-288xx/CVE-2022-28832.json) (`2023-09-11T14:15:08.367`)
* [CVE-2022-28833](CVE-2022/CVE-2022-288xx/CVE-2022-28833.json) (`2023-09-11T14:15:08.457`)
* [CVE-2022-28834](CVE-2022/CVE-2022-288xx/CVE-2022-28834.json) (`2023-09-11T14:15:08.557`)
* [CVE-2022-28835](CVE-2022/CVE-2022-288xx/CVE-2022-28835.json) (`2023-09-11T14:15:08.647`)
* [CVE-2022-28836](CVE-2022/CVE-2022-288xx/CVE-2022-28836.json) (`2023-09-11T14:15:08.750`)
* [CVE-2022-34224](CVE-2022/CVE-2022-342xx/CVE-2022-34224.json) (`2023-09-11T14:15:08.850`)
* [CVE-2022-34227](CVE-2022/CVE-2022-342xx/CVE-2022-34227.json) (`2023-09-11T14:15:08.957`)
* [CVE-2022-34238](CVE-2022/CVE-2022-342xx/CVE-2022-34238.json) (`2023-09-11T14:15:09.053`)
* [CVE-2022-23382](CVE-2022/CVE-2022-233xx/CVE-2022-23382.json) (`2023-09-11T15:15:52.553`)
* [CVE-2023-36980](CVE-2023/CVE-2023-369xx/CVE-2023-36980.json) (`2023-09-11T14:15:09.183`)
* [CVE-2023-40786](CVE-2023/CVE-2023-407xx/CVE-2023-40786.json) (`2023-09-11T14:15:09.240`)
* [CVE-2023-4630](CVE-2023/CVE-2023-46xx/CVE-2023-4630.json) (`2023-09-11T14:15:09.343`)
* [CVE-2023-27470](CVE-2023/CVE-2023-274xx/CVE-2023-27470.json) (`2023-09-11T15:15:52.727`)
* [CVE-2023-36140](CVE-2023/CVE-2023-361xx/CVE-2023-36140.json) (`2023-09-11T15:16:00.773`)
* [CVE-2023-41000](CVE-2023/CVE-2023-410xx/CVE-2023-41000.json) (`2023-09-11T15:16:02.307`)
* [CVE-2023-30058](CVE-2023/CVE-2023-300xx/CVE-2023-30058.json) (`2023-09-11T16:15:07.560`)
* [CVE-2023-4881](CVE-2023/CVE-2023-48xx/CVE-2023-4881.json) (`2023-09-11T17:15:07.547`)
### CVEs modified in the last Commit
Recently modified CVEs: `23`
Recently modified CVEs: `22`
* [CVE-2021-44192](CVE-2021/CVE-2021-441xx/CVE-2021-44192.json) (`2023-09-11T14:28:19.747`)
* [CVE-2021-44191](CVE-2021/CVE-2021-441xx/CVE-2021-44191.json) (`2023-09-11T14:28:31.323`)
* [CVE-2021-44190](CVE-2021/CVE-2021-441xx/CVE-2021-44190.json) (`2023-09-11T14:28:38.023`)
* [CVE-2021-44189](CVE-2021/CVE-2021-441xx/CVE-2021-44189.json) (`2023-09-11T14:28:46.247`)
* [CVE-2021-44188](CVE-2021/CVE-2021-441xx/CVE-2021-44188.json) (`2023-09-11T14:28:55.657`)
* [CVE-2021-43751](CVE-2021/CVE-2021-437xx/CVE-2021-43751.json) (`2023-09-11T14:29:25.530`)
* [CVE-2021-43027](CVE-2021/CVE-2021-430xx/CVE-2021-43027.json) (`2023-09-11T14:29:34.957`)
* [CVE-2021-42265](CVE-2021/CVE-2021-422xx/CVE-2021-42265.json) (`2023-09-11T14:29:54.693`)
* [CVE-2021-40795](CVE-2021/CVE-2021-407xx/CVE-2021-40795.json) (`2023-09-11T14:30:05.667`)
* [CVE-2021-40791](CVE-2021/CVE-2021-407xx/CVE-2021-40791.json) (`2023-09-11T14:30:19.897`)
* [CVE-2021-40790](CVE-2021/CVE-2021-407xx/CVE-2021-40790.json) (`2023-09-11T14:30:30.213`)
* [CVE-2021-44195](CVE-2021/CVE-2021-441xx/CVE-2021-44195.json) (`2023-09-11T14:30:39.200`)
* [CVE-2021-44194](CVE-2021/CVE-2021-441xx/CVE-2021-44194.json) (`2023-09-11T14:30:57.757`)
* [CVE-2021-44193](CVE-2021/CVE-2021-441xx/CVE-2021-44193.json) (`2023-09-11T14:31:15.820`)
* [CVE-2023-36388](CVE-2023/CVE-2023-363xx/CVE-2023-36388.json) (`2023-09-11T14:15:13.023`)
* [CVE-2023-36387](CVE-2023/CVE-2023-363xx/CVE-2023-36387.json) (`2023-09-11T14:25:26.437`)
* [CVE-2023-36161](CVE-2023/CVE-2023-361xx/CVE-2023-36161.json) (`2023-09-11T14:26:36.900`)
* [CVE-2023-39264](CVE-2023/CVE-2023-392xx/CVE-2023-39264.json) (`2023-09-11T14:28:53.417`)
* [CVE-2023-39364](CVE-2023/CVE-2023-393xx/CVE-2023-39364.json) (`2023-09-11T15:10:59.710`)
* [CVE-2023-4743](CVE-2023/CVE-2023-47xx/CVE-2023-4743.json) (`2023-09-11T15:15:11.110`)
* [CVE-2023-35833](CVE-2023/CVE-2023-358xx/CVE-2023-35833.json) (`2023-09-11T15:15:53.930`)
* [CVE-2023-41362](CVE-2023/CVE-2023-413xx/CVE-2023-41362.json) (`2023-09-11T15:16:03.410`)
* [CVE-2023-4019](CVE-2023/CVE-2023-40xx/CVE-2023-4019.json) (`2023-09-11T15:54:29.937`)
* [CVE-2023-4844](CVE-2023/CVE-2023-48xx/CVE-2023-4844.json) (`2023-09-11T16:40:46.803`)
* [CVE-2023-34637](CVE-2023/CVE-2023-346xx/CVE-2023-34637.json) (`2023-09-11T16:54:19.023`)
* [CVE-2023-28557](CVE-2023/CVE-2023-285xx/CVE-2023-28557.json) (`2023-09-11T16:57:21.930`)
* [CVE-2023-28549](CVE-2023/CVE-2023-285xx/CVE-2023-28549.json) (`2023-09-11T16:58:23.583`)
* [CVE-2023-28548](CVE-2023/CVE-2023-285xx/CVE-2023-28548.json) (`2023-09-11T17:05:04.900`)
* [CVE-2023-28544](CVE-2023/CVE-2023-285xx/CVE-2023-28544.json) (`2023-09-11T17:08:00.573`)
* [CVE-2023-40743](CVE-2023/CVE-2023-407xx/CVE-2023-40743.json) (`2023-09-11T17:16:46.603`)
* [CVE-2023-41012](CVE-2023/CVE-2023-410xx/CVE-2023-41012.json) (`2023-09-11T17:32:47.030`)
* [CVE-2023-4779](CVE-2023/CVE-2023-47xx/CVE-2023-4779.json) (`2023-09-11T17:46:42.657`)
* [CVE-2023-4346](CVE-2023/CVE-2023-43xx/CVE-2023-4346.json) (`2023-09-11T17:47:59.647`)
* [CVE-2023-35719](CVE-2023/CVE-2023-357xx/CVE-2023-35719.json) (`2023-09-11T17:49:21.660`)
* [CVE-2023-41940](CVE-2023/CVE-2023-419xx/CVE-2023-41940.json) (`2023-09-11T17:49:38.180`)
* [CVE-2023-41939](CVE-2023/CVE-2023-419xx/CVE-2023-41939.json) (`2023-09-11T17:51:37.613`)
* [CVE-2023-41938](CVE-2023/CVE-2023-419xx/CVE-2023-41938.json) (`2023-09-11T17:52:09.947`)
* [CVE-2023-41937](CVE-2023/CVE-2023-419xx/CVE-2023-41937.json) (`2023-09-11T17:53:01.077`)
* [CVE-2023-41936](CVE-2023/CVE-2023-419xx/CVE-2023-41936.json) (`2023-09-11T17:53:27.380`)
* [CVE-2023-41935](CVE-2023/CVE-2023-419xx/CVE-2023-41935.json) (`2023-09-11T17:54:37.170`)
* [CVE-2023-4206](CVE-2023/CVE-2023-42xx/CVE-2023-4206.json) (`2023-09-11T17:57:25.160`)
* [CVE-2023-4745](CVE-2023/CVE-2023-47xx/CVE-2023-4745.json) (`2023-09-11T17:57:42.127`)
* [CVE-2023-4739](CVE-2023/CVE-2023-47xx/CVE-2023-4739.json) (`2023-09-11T17:58:12.637`)
* [CVE-2023-4015](CVE-2023/CVE-2023-40xx/CVE-2023-4015.json) (`2023-09-11T17:59:05.123`)
* [CVE-2023-3777](CVE-2023/CVE-2023-37xx/CVE-2023-3777.json) (`2023-09-11T17:59:40.753`)
## Download and Usage