admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-25T16:00:23.960832+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-25 16:00:27 +00:00
parent ae64b6cf89
commit 59f715a731
13 changed files with 412 additions and 368 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

307
CVE-2011/CVE-2011-07xx/CVE-2011-0766.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2011-0766",
"sourceIdentifier": "cret@cert.org",
"published": "2011-05-31T20:55:01.780",
"lastModified": "2011-07-13T04:00:00.000",
"lastModified": "2023-09-25T15:28:08.560",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -66,132 +66,6 @@
"versionEndIncluding": "2.0.2.1",
"matchCriteriaId": "A5C36D51-22EA-4973-BD37-34A148222677"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:erlang:crypto:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5F660E-5EC3-40E2-94FA-A66EB0CBF0DD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:erlang:crypto:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B44B72F-AFB0-498F-887D-8C0EAD9C2E88"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:erlang:crypto:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D9633B0-7155-4803-8049-D9A9D4D4AED9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:erlang:crypto:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C4C8CE57-BE27-40E4-92CB-8798981B5C66"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:erlang:crypto:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9A8B56-061C-4363-A69F-98AB8BDF78A2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:erlang:crypto:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A79B423E-6656-4B3F-BF8F-244FE2C6FEE5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:erlang:crypto:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0077206E-C950-40FD-80F2-C0FC4D2DCD26"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:erlang:crypto:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5FA101-AF58-490A-BD73-3FC14D7F3051"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:erlang:crypto:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "34AA6EAB-1AA7-442B-AFDF-FD28937CF213"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:erlang:crypto:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C2FE56F6-F2B6-43B2-884F-388D9569D5B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:erlang:crypto:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "62145D39-70A4-4482-A081-478A265A075B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:erlang:crypto:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FCBA488C-E51B-45AA-BFB1-265E1939FAC2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:erlang:crypto:1.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5E8BE3B-6F10-4DFD-9CAC-9E7851C66B33"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:erlang:crypto:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "362A2ABB-F8A5-4832-B362-15AC8F24FF4A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:erlang:crypto:1.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB0E2899-AD8E-4DCD-BCD1-A42D0767CA4A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:erlang:crypto:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "71C21890-14AE-4C90-91FE-AC3D0C56E557"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:erlang:crypto:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0D9CBBCD-D83A-4A38-9D16-478237C70C6F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:erlang:crypto:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "492B6AD5-D2B8-414A-92C6-3A11C9953731"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:erlang:crypto:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9C5A903-9071-4D8F-898A-25AF979A44A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:erlang:crypto:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4A541E52-B472-422C-9FA0-700B148FDE6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:erlang:crypto:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A1FA52AD-F30E-419E-9BC4-48150F6CA9DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:erlang:crypto:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "107B74C1-29C6-4B2B-B98D-23D4A1032D6F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:erlang:crypto:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37573744-A68C-41C7-BEF7-DBA5D82F63E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:erlang:crypto:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFBB645-A7E4-45C0-BD38-22C69AE31C76"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
"versionEndIncluding": "r14b02",
"matchCriteriaId": "AA9EF6B3-4038-4A94-B531-326D6D8A7203"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:r11b-5:*:*:*:*:*:*:*",
@ -237,171 +111,16 @@
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:r14b01:*:*:*:*:*:*:*",
"matchCriteriaId": "10182FC9-2DE9-4FAD-8C9D-D5B21A735824"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:r14b02:*:*:*:*:*:*:*",
"matchCriteriaId": "4106F0A1-8582-46CD-9F8F-1A613B272DF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0.4",
"matchCriteriaId": "B5FC28F2-797D-4C4E-B9B8-D89A3AAD7950"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssh:ssh:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E9C3330-E163-4699-B7F6-2D9B089E8A6D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssh:ssh:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F62C0C54-6BC0-4A8B-8006-F1EEEFAC3699"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssh:ssh:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "011ECCA8-63DD-4FB0-A2F4-B4BAF344242E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssh:ssh:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86A52DB0-B17A-437C-8E3A-0F824B9F88AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssh:ssh:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8EDDCCD5-76B1-4981-BA9D-0C4702DD3FBA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssh:ssh:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9E54C6-7003-46B0-85B3-0C2E7E611D38"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssh:ssh:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "082C8ECC-CDAF-440B-90D0-A1FE028B03F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssh:ssh:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7D0AAA72-CAA5-4985-ADD9-1790CE3C66D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssh:ssh:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C0C2A220-D8AB-4FAD-8048-F2C1764F965F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssh:ssh:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5010A78A-394E-4196-90CB-5D371C3BD1EC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssh:ssh:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E5F6F181-41B1-47D1-A216-194DC4C762EC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssh:ssh:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D6EEBDAB-AA0D-407B-B8EE-6C33B0423AF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssh:ssh:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "45446BD9-3B03-43B6-B686-F6EACFABD699"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssh:ssh:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FCE6F492-8E28-4FA1-9BF1-96BAF5D68545"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssh:ssh:1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "41BF66ED-CB08-440E-AC05-A31371B7A380"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssh:ssh:1.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E0EE3216-D8FF-43F0-9329-6676E2CEC250"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssh:ssh:1.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "9310E12D-1136-4AD6-9678-8ADCD9EE58C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssh:ssh:1.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "BBEDF399-58DE-491A-8B51-87E0392FF9C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssh:ssh:1.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "CBDF2DE8-8559-4BED-80AE-E1420BBF4043"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssh:ssh:1.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "23EB8421-76BF-47D1-B294-68412D5E4572"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssh:ssh:1.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D9560989-5342-4C6B-974F-7D90C467BA39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssh:ssh:1.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "971835AF-E908-4C74-9DE0-167349138DEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssh:ssh:1.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0D49C5-54B4-4437-A2D3-3EBFA1D9A3CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssh:ssh:1.2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "926B57D7-009C-4317-ACFB-98551FADC5B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssh:ssh:1.2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "B0EDBA45-FDEE-4D4B-A6FF-7E953B523DAE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssh:ssh:1.2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF5BDEF-E86B-4F4D-AF6D-B27044A96B1E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssh:ssh:1.2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "7D0FF07F-E13B-425F-9892-C50B326B2944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssh:ssh:1.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "338EDA76-05D6-48C0-952E-6244A5F206F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssh:ssh:1.2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "F719468E-A218-4EB5-9F8D-7841E84F44C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssh:ssh:1.2.29:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4FCD36-0009-4A93-A190-8FDD11C672CA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssh:ssh:1.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "71727854-1B75-465F-AF8C-DFE6EFF46B40"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssh:ssh:1.2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "64B76EA2-D3A6-4751-ADE6-998C2A7B44FA"
}
]
}
@ -409,17 +128,29 @@
}
],
"references": [
{
"url": "http://secunia.com/advisories/44709",
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://www.kb.cert.org/vuls/id/178990",
"source": "cret@cert.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "http://www.securityfocus.com/bid/47980",
"source": "cret@cert.org"
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/erlang/otp/commit/f228601de45c5b53241b103af6616453c50885a5",

8
CVE-2020/CVE-2020-217xx/CVE-2020-21710.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-21710",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:16.127",
"lastModified": "2023-08-25T17:12:07.670",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-25T15:15:09.763",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -81,6 +81,10 @@
"Mailing List",
"Patch"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00029.html",
"source": "cve@mitre.org"
}
]
}

8
CVE-2020/CVE-2020-218xx/CVE-2020-21890.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-21890",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:18.730",
"lastModified": "2023-08-25T17:15:04.217",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-25T15:15:10.063",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -73,6 +73,10 @@
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00029.html",
"source": "cve@mitre.org"
}
]
}

64
CVE-2023/CVE-2023-372xx/CVE-2023-37279.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-37279",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-20T22:15:13.093",
"lastModified": "2023-09-20T22:23:12.127",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T14:08:26.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Faktory is a language-agnostic persistent background job server. Prior to version 1.8.0, the Faktory web dashboard can suffer from denial of service by a crafted malicious url query param `days`. The vulnerability is related to how the backend reads the `days` URL query parameter in the Faktory web dashboard. The value is used directly without any checks to create a string slice. If a very large value is provided, the backend server ends up using a significant amount of memory and causing it to crash. Version 1.8.0 fixes this issue."
},
{
"lang": "es",
"value": "Faktory es un servidor de trabajos en segundo plano persistente e independiente del idioma. Antes de la versi\u00f3n 1.8.0, el panel web de Faktory pod\u00eda sufrir una Denegaci\u00f3n de Servicio debido a un par\u00e1metro de consulta de URL malicioso manipulado `days`. La vulnerabilidad est\u00e1 relacionada con la forma en que el backend lee el par\u00e1metro de consulta de URL `days` en el panel web de Faktory. El valor se usa directamente sin ninguna verificaci\u00f3n para crear un segmento de cadena. Si se proporciona un valor muy grande, el servidor backend termina usando una cantidad significativa de memoria y provocando que falle. La versi\u00f3n 1.8.0 soluciona este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,10 +84,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:contribsys:faktory:*:*:*:*:*:go:*:*",
"versionEndExcluding": "1.8.0",
"matchCriteriaId": "CB5CDDB1-B61E-426C-8DD1-FE02A1558A41"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/contribsys/faktory/security/advisories/GHSA-x4hh-vjm7-g2jv",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-402xx/CVE-2023-40221.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-40221",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-09-18T20:15:09.907",
"lastModified": "2023-09-19T03:37:34.150",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-25T14:03:18.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** \n\n\n\n\n\n\n\n\n\n\n\n\nThe absence of filters when loading some sections in the web application of the vulnerable device allows potential attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section (MAIL SERVER) where the information is displayed. Injection can be done on parameter MAIL_RCV. When a legitimate user attempts to review NOTIFICATION/MAIL SERVER, the injected code will be executed.\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO *** La ausencia de filtros al cargar algunas secciones en la aplicaci\u00f3n web del dispositivo vulnerable permite a los posibles atacantes inyectar c\u00f3digo malicioso que se interpretar\u00e1 cuando un usuario leg\u00edtimo acceda a la secci\u00f3n web (SERVIDOR DE CORREO) donde se muestra la informaci\u00f3n. La inyecci\u00f3n se puede realizar en el par\u00e1metro MAIL_RCV. Cuando un usuario leg\u00edtimo intenta revisar NOTIFICACI\u00d3N/SERVIDOR DE CORREO, se ejecutar\u00e1 el c\u00f3digo inyectado. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +70,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:socomec:modulys_gp_firmware:01.12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A69C11D7-9B54-4F66-95F3-33B8E6F9E37B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:socomec:modulys_gp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C795C90-1E56-4F38-B637-6C12DEAF6541"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

64
CVE-2023/CVE-2023-422xx/CVE-2023-42279.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42279",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T18:15:12.200",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-25T14:16:35.370",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Dreamer CMS 4.1.3 es vulnerable a la inyecci\u00f3n SQL."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:iteachyou:dreamer_cms:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "113EEBC1-2B91-4AE0-995F-E24A4AD607BC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/zaizainani/-Vulnerability-recurrence-sorting/blob/main/sqlattack-en.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-424xx/CVE-2023-42450.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42450",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-19T16:15:12.897",
"lastModified": "2023-09-22T17:08:09.950",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-25T15:15:10.267",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,10 @@
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-113"
},
{
"lang": "en",
"value": "CWE-918"

20
CVE-2023/CVE-2023-431xx/CVE-2023-43131.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43131",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-25T15:15:10.567",
"lastModified": "2023-09-25T15:15:10.567",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "General Device Manager 2.5.2.2 is vulnerable to Buffer Overflow."
}
],
"metrics": {},
"references": [
{
"url": "https://www.exploit-db.com/exploits/51641",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-432xx/CVE-2023-43256.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-43256",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-25T14:15:10.690",
"lastModified": "2023-09-25T14:15:10.690",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input."
}
],
"metrics": {},
"references": [
{
"url": "https://blog.moku.fr/cves/CVE-unassigned/",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/GladysAssistant/Gladys/commit/f27d0ea4689c3deca5739b5f9ed45a2ddbf00b7b",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-434xx/CVE-2023-43456.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-43456",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-25T15:15:10.687",
"lastModified": "2023-09-25T15:29:07.907",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Service Provider Management System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the firstname, middlename and lastname parameters in the /php-spms/admin/?page=user endpoint."
}
],
"metrics": {},
"references": [
{
"url": "https://samh4cks.github.io/posts/cve-2023-43456/",
"source": "cve@mitre.org"
},
{
"url": "https://www.sourcecodester.com/php/16501/service-provider-management-system-using-php-and-mysql-source-code-free-download.html",
"source": "cve@mitre.org"
},
{
"url": "https://www.sourcecodester.com/users/tips23",
"source": "cve@mitre.org"
}
]
}

105
CVE-2023/CVE-2023-436xx/CVE-2023-43669.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43669",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T06:15:13.833",
"lastModified": "2023-09-23T19:15:46.990",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-25T15:42:44.960",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,43 +14,124 @@
"value": "Tungstenite crate hasta 0.20.0 para Rust permite a atacantes remotos provocar una Denegaci\u00f3n de Servicio (por minutos de consumo de CPU) a trav\u00e9s de una longitud excesiva de un encabezado HTTP en un protocolo de enlace del cliente. La longitud afecta tanto la cantidad de veces que se intenta un an\u00e1lisis (por ejemplo, miles de veces) como la cantidad promedio de datos para cada intento de an\u00e1lisis (por ejemplo, millones de bytes)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:snapview:tungstenite:*:*:*:*:*:rust:*:*",
"versionEndIncluding": "0.20.0",
"matchCriteriaId": "12C41B5D-324F-42A2-B0EF-670FD95BAD9B"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240110",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1215563",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://crates.io/crates/tungstenite/versions",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://cwe.mitre.org/data/definitions/407.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Technical Description"
]
},
{
"url": "https://github.com/advisories/GHSA-9mcr-873m-xcxp",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/github/advisory-database/pull/2752",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/snapview/tungstenite-rs/commit/8b3ecd3cc0008145ab4bc8d0657c39d09db8c7e2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/snapview/tungstenite-rs/issues/376",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2023-43669",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

21
CVE-2023/CVE-2023-49xx/CVE-2023-4916.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4916",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-09-13T03:15:09.343",
"lastModified": "2023-09-15T15:27:29.793",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-25T14:15:10.807",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "The Login with phone number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.8. This is due to missing nonce validation on the 'lwp_update_password_action' function. This makes it possible for unauthenticated attackers to change user password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
"value": "The Login with phone number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.6. This is due to missing nonce validation on the 'lwp_update_password_action' function. This makes it possible for unauthenticated attackers to change user password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento Login with phone number para WordPress es vulnerable a Cross-Site Request Forgery en versiones hasta la 1.4.8 inclusive. Esto se debe a que falta la validaci\u00f3n nonce en la funci\u00f3n 'lwp_update_password_action'. Esto hace posible que atacantes no autenticados cambien la contrase\u00f1a del usuario mediante una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {
@ -66,11 +70,12 @@
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/trunk/login-with-phonenumber.php#L2953",
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/trunk/login-with-phonenumber.php?rev=2965324#L2942",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/trunk/login-with-phonenumber.php?rev=2967707#L2948",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/71083db7-377b-47a1-ac8b-83d8974a2654?source=cve",

60
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-25T14:00:24.482349+00:00
2023-09-25T16:00:23.960832+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-25T13:54:29.890000+00:00
2023-09-25T15:42:44.960000+00:00
```
### Last Data Feed Release
@ -29,57 +29,31 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
226108
226111
```
### CVEs added in the last Commit
Recently added CVEs: `13`
Recently added CVEs: `3`
* [CVE-2022-48605](CVE-2022/CVE-2022-486xx/CVE-2022-48605.json) (`2023-09-25T13:15:10.590`)
* [CVE-2023-41296](CVE-2023/CVE-2023-412xx/CVE-2023-41296.json) (`2023-09-25T12:15:10.957`)
* [CVE-2023-41298](CVE-2023/CVE-2023-412xx/CVE-2023-41298.json) (`2023-09-25T12:15:11.090`)
* [CVE-2023-41299](CVE-2023/CVE-2023-412xx/CVE-2023-41299.json) (`2023-09-25T12:15:11.147`)
* [CVE-2023-41294](CVE-2023/CVE-2023-412xx/CVE-2023-41294.json) (`2023-09-25T12:15:10.827`)
* [CVE-2023-41295](CVE-2023/CVE-2023-412xx/CVE-2023-41295.json) (`2023-09-25T12:15:10.897`)
* [CVE-2023-41297](CVE-2023/CVE-2023-412xx/CVE-2023-41297.json) (`2023-09-25T12:15:11.033`)
* [CVE-2023-41419](CVE-2023/CVE-2023-414xx/CVE-2023-41419.json) (`2023-09-25T12:15:11.210`)
* [CVE-2023-41293](CVE-2023/CVE-2023-412xx/CVE-2023-41293.json) (`2023-09-25T13:15:10.727`)
* [CVE-2023-41300](CVE-2023/CVE-2023-413xx/CVE-2023-41300.json) (`2023-09-25T13:15:11.037`)
* [CVE-2023-41301](CVE-2023/CVE-2023-413xx/CVE-2023-41301.json) (`2023-09-25T13:15:11.250`)
* [CVE-2023-41302](CVE-2023/CVE-2023-413xx/CVE-2023-41302.json) (`2023-09-25T13:15:11.323`)
* [CVE-2023-41303](CVE-2023/CVE-2023-413xx/CVE-2023-41303.json) (`2023-09-25T13:15:11.557`)
* [CVE-2023-43256](CVE-2023/CVE-2023-432xx/CVE-2023-43256.json) (`2023-09-25T14:15:10.690`)
* [CVE-2023-43131](CVE-2023/CVE-2023-431xx/CVE-2023-43131.json) (`2023-09-25T15:15:10.567`)
* [CVE-2023-43456](CVE-2023/CVE-2023-434xx/CVE-2023-43456.json) (`2023-09-25T15:15:10.687`)
### CVEs modified in the last Commit
Recently modified CVEs: `27`
Recently modified CVEs: `9`
* [CVE-2022-1438](CVE-2022/CVE-2022-14xx/CVE-2022-1438.json) (`2023-09-25T13:40:48.813`)
* [CVE-2023-4527](CVE-2023/CVE-2023-45xx/CVE-2023-4527.json) (`2023-09-25T12:15:11.270`)
* [CVE-2023-39407](CVE-2023/CVE-2023-394xx/CVE-2023-39407.json) (`2023-09-25T13:03:52.033`)
* [CVE-2023-39408](CVE-2023/CVE-2023-394xx/CVE-2023-39408.json) (`2023-09-25T13:03:52.033`)
* [CVE-2023-39409](CVE-2023/CVE-2023-394xx/CVE-2023-39409.json) (`2023-09-25T13:03:52.033`)
* [CVE-2023-41872](CVE-2023/CVE-2023-418xx/CVE-2023-41872.json) (`2023-09-25T13:04:42.943`)
* [CVE-2023-5042](CVE-2023/CVE-2023-50xx/CVE-2023-5042.json) (`2023-09-25T13:25:16.230`)
* [CVE-2023-5154](CVE-2023/CVE-2023-51xx/CVE-2023-5154.json) (`2023-09-25T13:25:52.120`)
* [CVE-2023-5153](CVE-2023/CVE-2023-51xx/CVE-2023-5153.json) (`2023-09-25T13:26:00.733`)
* [CVE-2023-5152](CVE-2023/CVE-2023-51xx/CVE-2023-5152.json) (`2023-09-25T13:26:02.773`)
* [CVE-2023-5151](CVE-2023/CVE-2023-51xx/CVE-2023-5151.json) (`2023-09-25T13:26:04.017`)
* [CVE-2023-5150](CVE-2023/CVE-2023-51xx/CVE-2023-5150.json) (`2023-09-25T13:26:09.983`)
* [CVE-2023-5149](CVE-2023/CVE-2023-51xx/CVE-2023-5149.json) (`2023-09-25T13:26:11.523`)
* [CVE-2023-5148](CVE-2023/CVE-2023-51xx/CVE-2023-5148.json) (`2023-09-25T13:26:12.937`)
* [CVE-2023-5147](CVE-2023/CVE-2023-51xx/CVE-2023-5147.json) (`2023-09-25T13:26:14.630`)
* [CVE-2023-43270](CVE-2023/CVE-2023-432xx/CVE-2023-43270.json) (`2023-09-25T13:43:34.870`)
* [CVE-2023-43494](CVE-2023/CVE-2023-434xx/CVE-2023-43494.json) (`2023-09-25T13:43:35.503`)
* [CVE-2023-40989](CVE-2023/CVE-2023-409xx/CVE-2023-40989.json) (`2023-09-25T13:47:01.087`)
* [CVE-2023-43128](CVE-2023/CVE-2023-431xx/CVE-2023-43128.json) (`2023-09-25T13:47:09.797`)
* [CVE-2023-5134](CVE-2023/CVE-2023-51xx/CVE-2023-5134.json) (`2023-09-25T13:47:32.760`)
* [CVE-2023-5125](CVE-2023/CVE-2023-51xx/CVE-2023-5125.json) (`2023-09-25T13:47:46.330`)
* [CVE-2023-43470](CVE-2023/CVE-2023-434xx/CVE-2023-43470.json) (`2023-09-25T13:51:55.063`)
* [CVE-2023-43469](CVE-2023/CVE-2023-434xx/CVE-2023-43469.json) (`2023-09-25T13:52:25.717`)
* [CVE-2023-43468](CVE-2023/CVE-2023-434xx/CVE-2023-43468.json) (`2023-09-25T13:52:41.227`)
* [CVE-2023-41084](CVE-2023/CVE-2023-410xx/CVE-2023-41084.json) (`2023-09-25T13:54:29.890`)
* [CVE-2011-0766](CVE-2011/CVE-2011-07xx/CVE-2011-0766.json) (`2023-09-25T15:28:08.560`)
* [CVE-2020-21710](CVE-2020/CVE-2020-217xx/CVE-2020-21710.json) (`2023-09-25T15:15:09.763`)
* [CVE-2020-21890](CVE-2020/CVE-2020-218xx/CVE-2020-21890.json) (`2023-09-25T15:15:10.063`)
* [CVE-2023-40221](CVE-2023/CVE-2023-402xx/CVE-2023-40221.json) (`2023-09-25T14:03:18.907`)
* [CVE-2023-37279](CVE-2023/CVE-2023-372xx/CVE-2023-37279.json) (`2023-09-25T14:08:26.917`)
* [CVE-2023-4916](CVE-2023/CVE-2023-49xx/CVE-2023-4916.json) (`2023-09-25T14:15:10.807`)
* [CVE-2023-42279](CVE-2023/CVE-2023-422xx/CVE-2023-42279.json) (`2023-09-25T14:16:35.370`)
* [CVE-2023-42450](CVE-2023/CVE-2023-424xx/CVE-2023-42450.json) (`2023-09-25T15:15:10.267`)
* [CVE-2023-43669](CVE-2023/CVE-2023-436xx/CVE-2023-43669.json) (`2023-09-25T15:42:44.960`)
## Download and Usage