admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-11 16:13:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-04T20:00:24.904712+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-04 20:00:28 +00:00
parent 765e097b27
commit 5669e67440
8 changed files with 316 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CVE-2022/CVE-2022-235xx/CVE-2022-23513.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-23513", "id": "CVE-2022-23513",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2022-12-23T00:15:08.747", "published": "2022-12-23T00:15:08.747",
"lastModified": "2022-12-30T21:50:38.200", "lastModified": "2023-09-04T19:15:42.337",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on `queryads` endpoint. In the case of application, this vulnerability exists because of a lack of validation in code on a root server path: `/admin/scripts/pi-hole/phpqueryads.php.` Potential threat actor(s) are able to perform an unauthorized query search in blocked domain lists. This could lead to the disclosure for any victims' personal blacklists." "value": "Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on `queryads` endpoint. In the case of application, this vulnerability exists because of a lack of validation in code on a root server path:\n`/admin/scripts/pi-hole/phpqueryads.php.` Potential threat actor(s) are able to perform an unauthorized query search in blocked domain lists. This could lead to the disclosure for any victims' personal blacklists. \n"
} }
], ],
"metrics": { "metrics": {
@ -85,6 +85,10 @@
} }
], ],
"references": [ "references": [
{
"url": "http://packetstormsecurity.com/files/174460/AdminLTE-PiHole-Broken-Access-Control.html",
"source": "security-advisories@github.com"
},
{ {
"url": "https://github.com/pi-hole/AdminLTE/releases/tag/v5.18", "url": "https://github.com/pi-hole/AdminLTE/releases/tag/v5.18",
"source": "security-advisories@github.com", "source": "security-advisories@github.com",

8
CVE-2023/CVE-2023-325xx/CVE-2023-32560.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32560", "id": "CVE-2023-32560",
"sourceIdentifier": "support@hackerone.com", "sourceIdentifier": "support@hackerone.com",
"published": "2023-08-10T20:15:10.200", "published": "2023-08-10T20:15:10.200",
"lastModified": "2023-08-16T13:04:36.617", "lastModified": "2023-09-04T19:15:43.413",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -87,6 +87,10 @@
} }
], ],
"references": [ "references": [
{
"url": "http://packetstormsecurity.com/files/174459/Ivanti-Avalance-Remote-Code-Execution.html",
"source": "support@hackerone.com"
},
{ {
"url": "https://forums.ivanti.com/s/article/Avalanche-Vulnerabilities-Addressed-in-6-4-1?language=en_US", "url": "https://forums.ivanti.com/s/article/Avalanche-Vulnerabilities-Addressed-in-6-4-1?language=en_US",
"source": "support@hackerone.com", "source": "support@hackerone.com",

55
CVE-2023/CVE-2023-400xx/CVE-2023-40015.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-40015",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-04T18:15:07.880",
"lastModified": "2023-09-04T18:15:07.880",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Vyper is a Pythonic Smart Contract Language. For the following (probably non-exhaustive) list of expressions, the compiler evaluates the arguments from right to left instead of left to right. `unsafe_add, unsafe_sub, unsafe_mul, unsafe_div, pow_mod256, |, &, ^ (bitwise operators), bitwise_or (deprecated), bitwise_and (deprecated), bitwise_xor (deprecated), raw_call, <, >, <=, >=, ==, !=, in, not in (when lhs and rhs are enums)`. This behaviour becomes a problem when the evaluation of one of the arguments produces side effects that other arguments depend on. The following expressions can produce side-effect: state modifying external call , state modifying internal call, `raw_call`, `pop()` when used on a Dynamic Array stored in the storage, `create_minimal_proxy_to`, `create_copy_of`, `create_from_blueprint`. This issue has not yet been patched. Users are advised to make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-670"
}
]
}
],
"references": [
{
"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-g2xh-c426-v8mf",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-410xx/CVE-2023-41052.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-41052",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-04T18:15:08.657",
"lastModified": "2023-09-04T18:15:08.657",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions `uint256_addmod`, `uint256_mulmod`, `ecadd` and `ecmul` does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side effects that other arguments depend on. A patch is currently being developed on pull request #3583. When using builtins from the list above, users should make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-670"
}
]
}
],
"references": [
{
"url": "https://github.com/vyperlang/vyper/pull/3583",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-4hg4-9mf5-wxxq",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-410xx/CVE-2023-41054.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-41054",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-04T18:15:08.977",
"lastModified": "2023-09-04T18:15:08.977",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. LibreY is subject to a Server-Side Request Forgery (SSRF) vulnerability in the `image_proxy.php` file of LibreY before commit 8f9b9803f231e2954e5b49987a532d28fe50a627. This vulnerability allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service (DoS) attacks via the `url` parameter. Remote attackers can use the server as a proxy to send HTTP GET requests and retrieve information in the internal network. Remote attackers can also request the server to download large files or chain requests among multiple instances to reduce the performance of the server or even deny access from legitimate users. This issue has been addressed in https://github.com/Ahwxorg/LibreY/pull/31. LibreY hosters are advised to use the latest commit. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://github.com/Ahwxorg/LibreY/pull/31",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Ahwxorg/LibreY/security/advisories/GHSA-p4f9-h8x8-mpwf",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-410xx/CVE-2023-41055.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-41055",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-04T18:15:09.203",
"lastModified": "2023-09-04T18:15:09.203",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. LibreY is subject to a Server-Side Request Forgery (SSRF) vulnerability in the `engines/google/text.php` and `engines/duckduckgo/text.php` files in versions before commit be59098abd119cda70b15bf3faac596dfd39a744. This vulnerability allows remote attackers to request the server to send HTTP GET requests to arbitrary targets and conduct Denial-of-Service (DoS) attacks via the `wikipedia_language` cookie. Remote attackers can request the server to download large files to reduce the performance of the server or even deny access from legitimate users. This issue has been patched in https://github.com/Ahwxorg/LibreY/pull/9. LibreY hosters are advised to use the latest commit. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://github.com/Ahwxorg/LibreY/pull/9",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Ahwxorg/LibreY/security/advisories/GHSA-xfj6-4vp9-8rgc",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-410xx/CVE-2023-41057.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-41057",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-04T18:15:09.397",
"lastModified": "2023-09-04T18:15:09.397",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "hyper-bump-it is a command line tool for updating the version in project files.`hyper-bump-it` reads a file glob pattern from the configuration file. That is combined with the project root directory to construct a full glob pattern that is used to find files that should be edited. These matched files should be contained within the project root directory, but that is not checked. This could result in changes being written to files outside of the project. The default behaviour of `hyper-bump-it` is to display the planned changes and prompt the user for confirmation before editing any files. However, the configuration file provides a field that can be used cause files to be edited without displaying the prompt. This issue has been fixed in release version 0.5.1. Users are advised to upgrade. Users that are unable to update from vulnerable versions, executing `hyper-bump-it` with the `--interactive` command line argument will ensure that all planned changes are displayed and prompt the user for confirmation before editing any files, even if the configuration file contains `show_confirm_prompt=true`.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/plannigan/hyper-bump-it/pull/307",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/plannigan/hyper-bump-it/security/advisories/GHSA-xc27-f9q3-4448",
"source": "security-advisories@github.com"
}
]
}

19
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-09-04T18:00:24.984246+00:00 2023-09-04T20:00:24.904712+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-09-04T16:15:08.143000+00:00 2023-09-04T19:15:43.413000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,21 +29,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
224124 224129
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `2` Recently added CVEs: `5`
* [CVE-2023-28072](CVE-2023/CVE-2023-280xx/CVE-2023-28072.json) (`2023-09-04T16:15:07.767`) * [CVE-2023-40015](CVE-2023/CVE-2023-400xx/CVE-2023-40015.json) (`2023-09-04T18:15:07.880`)
* [CVE-2023-4758](CVE-2023/CVE-2023-47xx/CVE-2023-4758.json) (`2023-09-04T16:15:08.143`) * [CVE-2023-41052](CVE-2023/CVE-2023-410xx/CVE-2023-41052.json) (`2023-09-04T18:15:08.657`)
* [CVE-2023-41054](CVE-2023/CVE-2023-410xx/CVE-2023-41054.json) (`2023-09-04T18:15:08.977`)
* [CVE-2023-41055](CVE-2023/CVE-2023-410xx/CVE-2023-41055.json) (`2023-09-04T18:15:09.203`)
* [CVE-2023-41057](CVE-2023/CVE-2023-410xx/CVE-2023-41057.json) (`2023-09-04T18:15:09.397`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `0` Recently modified CVEs: `2`
* [CVE-2022-23513](CVE-2022/CVE-2022-235xx/CVE-2022-23513.json) (`2023-09-04T19:15:42.337`)
* [CVE-2023-32560](CVE-2023/CVE-2023-325xx/CVE-2023-32560.json) (`2023-09-04T19:15:43.413`)
## Download and Usage ## Download and Usage