admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-02T16:00:25.453965+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-02 16:00:28 +00:00
parent da644461ca
commit 5a5e39673b
15 changed files with 765 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
CVE-2015/CVE-2015-101xx/CVE-2015-10124.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2015-10124",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-10-02T14:15:09.757",
"lastModified": "2023-10-02T14:17:10.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Most Popular Posts Widget Plugin up to 0.8 on WordPress. It has been classified as critical. Affected is the function add_views/show_views of the file functions.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 0.9 is able to address this issue. The patch is identified as a99667d11ac8d320006909387b100e9a8b5c12e1. It is recommended to upgrade the affected component. VDB-241026 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/wp-plugins/most-popular-posts-widget-lite/commit/a99667d11ac8d320006909387b100e9a8b5c12e1",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.241026",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.241026",
"source": "cna@vuldb.com"
}
]
}

55
CVE-2023/CVE-2023-37xx/CVE-2023-3744.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-3744",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-02T14:15:09.933",
"lastModified": "2023-10-02T14:17:10.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the \"scrape_image.php\" file in the imageURL parameter."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/server-side-request-forgery-slims",
"source": "cve-coordination@incibe.es"
}
]
}

55
CVE-2023/CVE-2023-37xx/CVE-2023-3769.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-3769",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-02T14:15:10.017",
"lastModified": "2023-10-02T14:17:10.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication, achieving a complete system reboot of the device and its services."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ingeteam-products",
"source": "cve-coordination@incibe.es"
}
]
}

55
CVE-2023/CVE-2023-37xx/CVE-2023-3770.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-3770",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-02T14:15:10.090",
"lastModified": "2023-10-02T14:17:10.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\n\u00a0Incorrect validation vulnerability of the data entered, allowing an attacker with access to the network on which the affected device is located to use the discovery port protocol (1925/UDP) to obtain device-specific information without the need for authentication.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ingeteam-products",
"source": "cve-coordination@incibe.es"
}
]
}

4
CVE-2023/CVE-2023-415xx/CVE-2023-41580.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41580",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-02T13:15:09.797",
"lastModified": "2023-10-02T13:15:09.797",
"vulnStatus": "Received",
"lastModified": "2023-10-02T14:17:10.307",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

68
CVE-2023/CVE-2023-431xx/CVE-2023-43192.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-43192",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-27T22:15:09.700",
"lastModified": "2023-09-28T12:44:13.510",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T14:27:43.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQL injection can exist in a newly created part of the JFinalcms background, and the parameters submitted by users are not filtered. As a result, special characters in parameters destroy the original logic of SQL statements. Attackers can use this vulnerability to execute any SQL statement."
},
{
"lang": "es",
"value": "La inyecci\u00f3n SQL puede existir en una parte reci\u00e9n creada del background de JFinalcms y los par\u00e1metros enviados por los usuarios no se filtran. Como resultado, los caracteres especiales en los par\u00e1metros destruyen la l\u00f3gica original de las declaraciones SQL. Los atacantes pueden utilizar esta vulnerabilidad para ejecutar cualquier declaraci\u00f3n SQL"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jrecms:springbootcms:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F34076A4-D906-47FF-A479-CD4F89469925"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/etn0tw/cve_sql/blob/main/jfinalcms_sql.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-436xx/CVE-2023-43651.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43651",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-27T21:15:10.347",
"lastModified": "2023-09-28T12:44:13.510",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T14:17:15.667",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the system. Through the WEB CLI interface provided by the koko component, a user logs into the authorized mongoDB database and exploits the MongoDB session to execute arbitrary commands. This vulnerability has been addressed in versions 2.28.20 and 3.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "JumpServer es un host de bastionado de c\u00f3digo abierto. Un usuario autenticado puede aprovechar una vulnerabilidad en las sesiones de MongoDB para ejecutar comandos arbitrarios, lo que lleva a la ejecuci\u00f3n remota de c\u00f3digo. Esta vulnerabilidad puede aprovecharse a\u00fan m\u00e1s para obtener privilegios de root en el sistema. A trav\u00e9s de la interfaz WEB CLI proporcionada por el componente koko, un usuario inicia sesi\u00f3n en la base de datos mongoDB autorizada y explota la sesi\u00f3n de MongoDB para ejecutar comandos arbitrarios. Esta vulnerabilidad se ha solucionado en las versiones 2.28.20 y 3.7.1. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,52 @@
"value": "CWE-94"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fit2cloud:jumpserver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.28.20",
"matchCriteriaId": "AF95C421-E2B7-4251-8BAF-E83A5779A9F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fit2cloud:jumpserver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.7.1",
"matchCriteriaId": "4232B350-4257-43B9-A697-AFA6D8247B1E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-4r5x-x283-wm96",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-438xx/CVE-2023-43825.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-43825",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-09-27T15:19:34.613",
"lastModified": "2023-09-27T15:41:31.350",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T14:21:14.757",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Relative path traversal vulnerability in Shihonkanri Plus Ver9.0.3 and earlier allows a local attacker to execute an arbitrary code by having a legitimate user import a specially crafted backup file of the product.."
},
{
"lang": "es",
"value": "La vulnerabilidad de path traversal relative en Shihonkanri Plus Ver9.0.3 y versiones anteriores permite a un atacante local ejecutar un c\u00f3digo arbitrario haciendo que un usuario leg\u00edtimo importe un archivo de copia de seguridad del producto especialmente manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ekakin:shihonkanri_plus:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.0.3",
"matchCriteriaId": "25BF5289-099D-4042-95F4-E93DF7B8FD8F"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://ekakin.la.coocan.jp/index.htm",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
]
},
{
"url": "https://jvn.jp/en/jp/JVN17434995/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
}
]
}

77
CVE-2023/CVE-2023-441xx/CVE-2023-44125.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-44125",
"sourceIdentifier": "product.security@lge.com",
"published": "2023-09-27T15:19:35.980",
"lastModified": "2023-09-27T15:41:01.547",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T15:36:47.867",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The vulnerability is the use of implicit PendingIntents without the PendingIntent.FLAG_IMMUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Personalized service (\"com.lge.abba\") app. The attacker's app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions=\"true\"` flag."
},
{
"lang": "es",
"value": "La vulnerabilidad es el uso de PendingIntents impl\u00edcitos sin el conjunto PendingIntent.FLAG_IMMUTABLE que conduce al robo y/o (sobre)escritura de archivos arbitrarios con privilegios del sistema en la aplicaci\u00f3n de servicio personalizado (\"com.lge.abba\"). La aplicaci\u00f3n del atacante, si tuviera acceso a las notificaciones de la aplicaci\u00f3n, podr\u00eda interceptarlas y redirigirlas a su actividad, antes de otorgar permisos de acceso a los proveedores de contenido con el indicador `android:grantUriPermissions=\"true\"`."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "product.security@lge.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "product.security@lge.com",
"type": "Secondary",
@ -46,10 +80,47 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lg:v60_thin_q_5g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85B3B7D2-762E-4DD5-90F9-5246907748C4"
}
]
}
]
}
],
"references": [
{
"url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails",
"source": "product.security@lge.com"
"source": "product.security@lge.com",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-441xx/CVE-2023-44126.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-44126",
"sourceIdentifier": "product.security@lge.com",
"published": "2023-09-27T15:19:36.647",
"lastModified": "2023-09-27T15:41:01.547",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T15:26:36.080",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The vulnerability is that the Call management (\"com.android.server.telecom\") app patched by LG sends a lot of LG-owned implicit broadcasts that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as call states, durations, called numbers, contacts info, etc."
},
{
"lang": "es",
"value": "La vulnerabilidad es que la aplicaci\u00f3n de administraci\u00f3n de llamadas (\"com.android.server.telecom\") parcheada por LG env\u00eda muchas transmisiones impl\u00edcitas propiedad de LG que revelan datos sensibles a todas las aplicaciones de terceros instaladas en el mismo dispositivo. Esas intenciones incluyen datos como estados de llamadas, duraciones, n\u00fameros llamados, informaci\u00f3n de contactos, etc."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "product.security@lge.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "product.security@lge.com",
"type": "Secondary",
@ -46,10 +80,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0",
"versionEndIncluding": "13.0",
"matchCriteriaId": "D4E21776-A17F-44D5-AF8F-4BC3806BE6B4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lg:v60_thin_q_5g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85B3B7D2-762E-4DD5-90F9-5246907748C4"
}
]
}
]
}
],
"references": [
{
"url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails",
"source": "product.security@lge.com"
"source": "product.security@lge.com",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-441xx/CVE-2023-44127.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-44127",
"sourceIdentifier": "product.security@lge.com",
"published": "2023-09-27T15:19:37.067",
"lastModified": "2023-09-27T15:41:36.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T15:21:30.717",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "he vulnerability is that the Call management (\"com.android.server.telecom\") app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers."
},
{
"lang": "es",
"value": "La vulnerabilidad es que la aplicaci\u00f3n de administraci\u00f3n de Llamadas (\"com.android.server.telecom\") parcheada por LG lanza intenciones impl\u00edcitas que revelan datos sensibles a todas las aplicaciones de terceros instaladas en el mismo dispositivo. Esas intenciones incluyen datos como detalles de contacto y n\u00fameros de tel\u00e9fono."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "product.security@lge.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "product.security@lge.com",
"type": "Secondary",
@ -46,10 +80,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0",
"versionEndIncluding": "13.0",
"matchCriteriaId": "D4E21776-A17F-44D5-AF8F-4BC3806BE6B4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lg:v60_thin_q_5g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85B3B7D2-762E-4DD5-90F9-5246907748C4"
}
]
}
]
}
],
"references": [
{
"url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails",
"source": "product.security@lge.com"
"source": "product.security@lge.com",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-46xx/CVE-2023-4659.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-4659",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-02T15:15:15.017",
"lastModified": "2023-10-02T15:15:15.017",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to \"admin\". It is also possible to perform POST, GET and DELETE requests without any token value. Therefore, an unprivileged remote user is able to create, delete and modify users within theapplication."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-request-forgery-free5gc",
"source": "cve-coordination@incibe.es"
}
]
}

6
CVE-2023/CVE-2023-52xx/CVE-2023-5217.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5217",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-09-28T16:15:10.980",
"lastModified": "2023-10-02T03:15:10.483",
"lastModified": "2023-10-02T15:15:15.200",
"vulnStatus": "Modified",
"descriptions": [
{
@ -191,6 +191,10 @@
"url": "http://www.openwall.com/lists/oss-security/2023/10/01/5",
"source": "chrome-cve-admin@google.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/02/6",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/",
"source": "chrome-cve-admin@google.com"

15
CVE-2023/CVE-2023-52xx/CVE-2023-5290.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2023-5290",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-10-02T15:15:15.297",
"lastModified": "2023-10-02T15:15:15.297",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none."
}
],
"metrics": {},
"references": []
}

51
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-10-02T14:00:24.670488+00:00
2023-10-02T16:00:25.453965+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-10-02T13:22:15.330000+00:00
2023-10-02T15:36:47.867000+00:00
```
### Last Data Feed Release
@ -29,46 +29,33 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
226749
226755
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `6`
* [CVE-2023-5106](CVE-2023/CVE-2023-51xx/CVE-2023-5106.json) (`2023-10-02T12:15:09.997`)
* [CVE-2023-41580](CVE-2023/CVE-2023-415xx/CVE-2023-41580.json) (`2023-10-02T13:15:09.797`)
* [CVE-2015-10124](CVE-2015/CVE-2015-101xx/CVE-2015-10124.json) (`2023-10-02T14:15:09.757`)
* [CVE-2023-3744](CVE-2023/CVE-2023-37xx/CVE-2023-3744.json) (`2023-10-02T14:15:09.933`)
* [CVE-2023-3769](CVE-2023/CVE-2023-37xx/CVE-2023-3769.json) (`2023-10-02T14:15:10.017`)
* [CVE-2023-3770](CVE-2023/CVE-2023-37xx/CVE-2023-3770.json) (`2023-10-02T14:15:10.090`)
* [CVE-2023-4659](CVE-2023/CVE-2023-46xx/CVE-2023-4659.json) (`2023-10-02T15:15:15.017`)
* [CVE-2023-5290](CVE-2023/CVE-2023-52xx/CVE-2023-5290.json) (`2023-10-02T15:15:15.297`)
### CVEs modified in the last Commit
Recently modified CVEs: `40`
Recently modified CVEs: `8`
* [CVE-2023-44263](CVE-2023/CVE-2023-442xx/CVE-2023-44263.json) (`2023-10-02T12:57:34.287`)
* [CVE-2023-3768](CVE-2023/CVE-2023-37xx/CVE-2023-3768.json) (`2023-10-02T12:57:34.287`)
* [CVE-2023-44228](CVE-2023/CVE-2023-442xx/CVE-2023-44228.json) (`2023-10-02T12:57:34.287`)
* [CVE-2023-44230](CVE-2023/CVE-2023-442xx/CVE-2023-44230.json) (`2023-10-02T12:57:34.287`)
* [CVE-2023-44242](CVE-2023/CVE-2023-442xx/CVE-2023-44242.json) (`2023-10-02T12:57:34.287`)
* [CVE-2023-44264](CVE-2023/CVE-2023-442xx/CVE-2023-44264.json) (`2023-10-02T12:57:34.287`)
* [CVE-2023-44265](CVE-2023/CVE-2023-442xx/CVE-2023-44265.json) (`2023-10-02T12:57:34.287`)
* [CVE-2023-44266](CVE-2023/CVE-2023-442xx/CVE-2023-44266.json) (`2023-10-02T12:57:34.287`)
* [CVE-2023-5160](CVE-2023/CVE-2023-51xx/CVE-2023-5160.json) (`2023-10-02T12:57:34.287`)
* [CVE-2023-42132](CVE-2023/CVE-2023-421xx/CVE-2023-42132.json) (`2023-10-02T12:57:39.087`)
* [CVE-2023-41692](CVE-2023/CVE-2023-416xx/CVE-2023-41692.json) (`2023-10-02T12:57:39.087`)
* [CVE-2023-41728](CVE-2023/CVE-2023-417xx/CVE-2023-41728.json) (`2023-10-02T12:57:39.087`)
* [CVE-2023-41729](CVE-2023/CVE-2023-417xx/CVE-2023-41729.json) (`2023-10-02T12:57:39.087`)
* [CVE-2023-41731](CVE-2023/CVE-2023-417xx/CVE-2023-41731.json) (`2023-10-02T12:57:39.087`)
* [CVE-2023-41733](CVE-2023/CVE-2023-417xx/CVE-2023-41733.json) (`2023-10-02T12:57:39.087`)
* [CVE-2023-41734](CVE-2023/CVE-2023-417xx/CVE-2023-41734.json) (`2023-10-02T12:57:39.087`)
* [CVE-2023-41736](CVE-2023/CVE-2023-417xx/CVE-2023-41736.json) (`2023-10-02T12:57:39.087`)
* [CVE-2023-41737](CVE-2023/CVE-2023-417xx/CVE-2023-41737.json) (`2023-10-02T12:57:39.087`)
* [CVE-2023-41797](CVE-2023/CVE-2023-417xx/CVE-2023-41797.json) (`2023-10-02T12:57:39.087`)
* [CVE-2023-41800](CVE-2023/CVE-2023-418xx/CVE-2023-41800.json) (`2023-10-02T12:57:39.087`)
* [CVE-2023-41847](CVE-2023/CVE-2023-418xx/CVE-2023-41847.json) (`2023-10-02T12:57:39.087`)
* [CVE-2023-41855](CVE-2023/CVE-2023-418xx/CVE-2023-41855.json) (`2023-10-02T12:57:39.087`)
* [CVE-2023-41856](CVE-2023/CVE-2023-418xx/CVE-2023-41856.json) (`2023-10-02T12:57:39.087`)
* [CVE-2023-43191](CVE-2023/CVE-2023-431xx/CVE-2023-43191.json) (`2023-10-02T13:18:20.010`)
* [CVE-2023-5157](CVE-2023/CVE-2023-51xx/CVE-2023-5157.json) (`2023-10-02T13:22:15.330`)
* [CVE-2023-41580](CVE-2023/CVE-2023-415xx/CVE-2023-41580.json) (`2023-10-02T14:17:10.307`)
* [CVE-2023-43651](CVE-2023/CVE-2023-436xx/CVE-2023-43651.json) (`2023-10-02T14:17:15.667`)
* [CVE-2023-43825](CVE-2023/CVE-2023-438xx/CVE-2023-43825.json) (`2023-10-02T14:21:14.757`)
* [CVE-2023-43192](CVE-2023/CVE-2023-431xx/CVE-2023-43192.json) (`2023-10-02T14:27:43.647`)
* [CVE-2023-5217](CVE-2023/CVE-2023-52xx/CVE-2023-5217.json) (`2023-10-02T15:15:15.200`)
* [CVE-2023-44127](CVE-2023/CVE-2023-441xx/CVE-2023-44127.json) (`2023-10-02T15:21:30.717`)
* [CVE-2023-44126](CVE-2023/CVE-2023-441xx/CVE-2023-44126.json) (`2023-10-02T15:26:36.080`)
* [CVE-2023-44125](CVE-2023/CVE-2023-441xx/CVE-2023-44125.json) (`2023-10-02T15:36:47.867`)
## Download and Usage