admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-30T16:00:24.316890+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-05-30 16:00:27 +00:00
parent 02ce3cd52e
commit 5c020acb2b
33 changed files with 2649 additions and 151 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

205
CVE-2022/CVE-2022-363xx/CVE-2022-36327.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36327",
"sourceIdentifier": "psirt@wdc.com",
"published": "2023-05-18T18:15:09.883",
"lastModified": "2023-05-18T20:16:21.423",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-30T14:04:18.853",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "psirt@wdc.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "psirt@wdc.com",
"type": "Secondary",
@ -46,14 +76,181 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:my_cloud_os_5:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.26.202",
"matchCriteriaId": "056AA1A3-F012-40A9-A351-628C905B3FEA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A9EE86B-05EE-4F2E-A912-624DDCF9C41B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E783EBC-7608-4527-B1AD-9B4E7A7A108C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3034F4A-239C-4E38-9BD6-217361A7C519"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A581EBA-A1F2-4ABC-8183-29973A46FA43"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABBBDC1E-2320-4767-B669-1BB2FFB1E1C4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B78030F0-6655-4604-9D16-2FA1F3FD52FF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_mirror_g2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE090BC-C847-4DF7-9C5F-52A300845558"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF58260B-2131-402C-A9DA-67B188136DE1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB0C2FD9-4792-4DA2-9698-E53109A499EC"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:wd_cloud:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDE0337-4329-4CE3-9B0B-61BE8361E910"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.4.0-191",
"matchCriteriaId": "D471C39A-0854-4755-9DF8-5BAABAB09619"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_home:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE2FBAB-5BA0-4F09-A76E-4A6869668810"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:sandisk_ibi_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.4.0-191",
"matchCriteriaId": "13A2FB91-CCCF-42B1-BCE1-F4962D353593"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:sandisk_ibi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "296ADA43-16BA-4444-B472-DB945FB917B2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.4.0-191",
"matchCriteriaId": "0A0368E6-53C8-4BD2-B0E8-44464B245832"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:westerndigital:my_cloud_home_duo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "124BBC79-65A2-465C-B784-D21E57E96F63"
}
]
}
]
}
],
"references": [
{
"url": "https://www.westerndigital.com/support/product-security/wdc-23003-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-9-4-0-191",
"source": "psirt@wdc.com"
"source": "psirt@wdc.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.westerndigital.com/support/product-security/wdc-23006-my-cloud-firmware-version-5-26-202",
"source": "psirt@wdc.com"
"source": "psirt@wdc.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

247
CVE-2023/CVE-2023-234xx/CVE-2023-23450.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23450",
"sourceIdentifier": "psirt@sick.de",
"published": "2023-05-15T11:15:09.407",
"lastModified": "2023-05-15T12:54:28.597",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-30T14:11:13.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "psirt@sick.de",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "psirt@sick.de",
"type": "Secondary",
@ -46,18 +76,225 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sick:ftmg-esd20axx_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0",
"matchCriteriaId": "E3882685-8678-47E4-995C-C3F6D9AD5668"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sick:ftmg-esd20axx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16AD808F-900B-41EE-B90A-F9D67AAAD6BE"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sick:ftmg-esd25axx_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0",
"matchCriteriaId": "49D930E8-415C-4183-87A1-8D7F44247B67"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sick:ftmg-esd25axx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24618A95-328C-47C9-B8EF-B4DF6E65D68E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sick:ftmg-esn40sxx_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0",
"matchCriteriaId": "1DCC9C0B-7CCE-44E5-B25D-67BF971B4541"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sick:ftmg-esn40sxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "290B016B-20B7-40C1-B825-6ED4774C4861"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sick:ftmg-esn50sxx_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0",
"matchCriteriaId": "E23D6018-1DFB-4516-82C9-3A3B09C2CBF9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sick:ftmg-esn50sxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B113D9E-8E61-4F9C-9E5B-2030EEFB133B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sick:ftmg-esr50sxx_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0",
"matchCriteriaId": "77F2683F-B1B5-4033-97D4-ADF77B6B50E8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sick:ftmg-esr50sxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A02547D3-5E40-41B3-A7B4-D63F60A5F80B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sick:ftmg-esr40sxx_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0",
"matchCriteriaId": "9075A02A-C627-43DA-ACF7-776197B518C5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sick:ftmg-esr40sxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7B887993-18A8-493F-97A1-A788FBD5A5B9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sick:ftmg-esd15axx_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0",
"matchCriteriaId": "E9219CD8-34CE-45A2-904A-E7B1740706C2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sick:ftmg-esd15axx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF162AA9-6645-4032-8D29-BAE2D60FBD9B"
}
]
}
]
}
],
"references": [
{
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json",
"source": "psirt@sick.de"
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf",
"source": "psirt@sick.de"
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://sick.com/psirt",
"source": "psirt@sick.de"
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
]
}
]
}

36
CVE-2023/CVE-2023-26xx/CVE-2023-2650.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-2650",
"sourceIdentifier": "openssl-security@openssl.org",
"published": "2023-05-30T14:15:09.683",
"lastModified": "2023-05-30T14:15:09.683",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low."
}
],
"metrics": {},
"references": [
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b",
"source": "openssl-security@openssl.org"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c",
"source": "openssl-security@openssl.org"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098",
"source": "openssl-security@openssl.org"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a",
"source": "openssl-security@openssl.org"
},
{
"url": "https://www.openssl.org/news/secadv/20230530.txt",
"source": "openssl-security@openssl.org"
}
]
}

70
CVE-2023/CVE-2023-273xx/CVE-2023-27397.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-27397",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-05-23T02:15:09.570",
"lastModified": "2023-05-23T13:04:34.787",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-30T15:32:54.570",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microengine:mailform:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.1.0",
"versionEndExcluding": "1.1.9",
"matchCriteriaId": "BFA1B8C3-6288-4F2C-9754-730F1F726AC5"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN31701509/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://microengine.jp/information/security_2023_05.html",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-275xx/CVE-2023-27507.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-27507",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-05-23T02:15:09.610",
"lastModified": "2023-05-23T13:04:34.787",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-30T15:33:26.400",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microengine:mailform:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.1.0",
"versionEndExcluding": "1.1.9",
"matchCriteriaId": "BFA1B8C3-6288-4F2C-9754-730F1F726AC5"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN31701509/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://microengine.jp/information/security_2023_05.html",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

114
CVE-2023/CVE-2023-275xx/CVE-2023-27512.json
View File

@ -2,27 +2,129 @@
"id": "CVE-2023-27512",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-05-23T02:15:09.653",
"lastModified": "2023-05-23T13:04:34.787",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-30T15:39:54.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10, which may allow a remote authenticated attacker to login the affected product with an administrative privilege and perform an unintended operation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:contec:sv-cpt-mc310f_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.10",
"matchCriteriaId": "825C8DE5-2210-4274-81EE-E57DD13F74F7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:contec:sv-cpt-mc310f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC9BA1B-C65A-4EEA-AAD6-88685BC7A4FA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:contec:sv-cpt-mc310_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.10",
"matchCriteriaId": "DC74EAB1-C008-4DD5-AF3B-78F6171799DE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:contec:sv-cpt-mc310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9FCCA5E-19F8-47D9-A6C6-77AF2AEFD51A"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92106300/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

114
CVE-2023/CVE-2023-275xx/CVE-2023-27514.json
View File

@ -2,27 +2,129 @@
"id": "CVE-2023-27514",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-05-23T02:15:09.700",
"lastModified": "2023-05-23T13:04:34.787",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-30T15:40:15.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute an arbitrary OS command."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:contec:sv-cpt-mc310f_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.10",
"matchCriteriaId": "825C8DE5-2210-4274-81EE-E57DD13F74F7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:contec:sv-cpt-mc310f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC9BA1B-C65A-4EEA-AAD6-88685BC7A4FA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:contec:sv-cpt-mc310_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.10",
"matchCriteriaId": "DC74EAB1-C008-4DD5-AF3B-78F6171799DE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:contec:sv-cpt-mc310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9FCCA5E-19F8-47D9-A6C6-77AF2AEFD51A"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92106300/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

114
CVE-2023/CVE-2023-275xx/CVE-2023-27518.json
View File

@ -2,27 +2,129 @@
"id": "CVE-2023-27518",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-05-23T02:15:09.743",
"lastModified": "2023-05-23T13:04:34.787",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-30T15:40:26.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute arbitrary code."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:contec:sv-cpt-mc310f_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.10",
"matchCriteriaId": "825C8DE5-2210-4274-81EE-E57DD13F74F7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:contec:sv-cpt-mc310f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC9BA1B-C65A-4EEA-AAD6-88685BC7A4FA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:contec:sv-cpt-mc310_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.10",
"matchCriteriaId": "DC74EAB1-C008-4DD5-AF3B-78F6171799DE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:contec:sv-cpt-mc310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9FCCA5E-19F8-47D9-A6C6-77AF2AEFD51A"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92106300/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

114
CVE-2023/CVE-2023-275xx/CVE-2023-27521.json
View File

@ -2,27 +2,129 @@
"id": "CVE-2023-27521",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-05-23T02:15:09.787",
"lastModified": "2023-05-23T13:04:30.710",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-30T15:40:34.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in the mail setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows remote authenticated attackers to execute an arbitrary OS command."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:contec:sv-cpt-mc310f_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.10",
"matchCriteriaId": "825C8DE5-2210-4274-81EE-E57DD13F74F7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:contec:sv-cpt-mc310f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC9BA1B-C65A-4EEA-AAD6-88685BC7A4FA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:contec:sv-cpt-mc310_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.10",
"matchCriteriaId": "DC74EAB1-C008-4DD5-AF3B-78F6171799DE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:contec:sv-cpt-mc310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9FCCA5E-19F8-47D9-A6C6-77AF2AEFD51A"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92106300/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

114
CVE-2023/CVE-2023-279xx/CVE-2023-27920.json
View File

@ -2,27 +2,129 @@
"id": "CVE-2023-27920",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-05-23T02:15:09.827",
"lastModified": "2023-05-23T13:04:30.710",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-30T15:41:23.137",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in the system date/time setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to alter system date/time of the affected product."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:contec:sv-cpt-mc310f_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.10",
"matchCriteriaId": "825C8DE5-2210-4274-81EE-E57DD13F74F7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:contec:sv-cpt-mc310f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC9BA1B-C65A-4EEA-AAD6-88685BC7A4FA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:contec:sv-cpt-mc310_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.10",
"matchCriteriaId": "DC74EAB1-C008-4DD5-AF3B-78F6171799DE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:contec:sv-cpt-mc310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9FCCA5E-19F8-47D9-A6C6-77AF2AEFD51A"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92106300/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-279xx/CVE-2023-27921.json
View File

@ -2,23 +2,94 @@
"id": "CVE-2023-27921",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-05-23T02:15:09.867",
"lastModified": "2023-05-23T13:04:30.710",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-30T15:47:27.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cryptographic key, which may lead to data acquired by a sensor of the affected product being decrypted by a network-adjacent attacker."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:jins:jins_meme_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.3.0",
"matchCriteriaId": "52F3BF86-0FE5-45C9-A957-C32AFFB536B9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:jins:jins_meme:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC1D21F9-07CB-4E3A-83A0-3EB32DCB3D20"
}
]
}
]
}
],
"references": [
{
"url": "https://jinsmeme.com/media/2023-04-fwapp2",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Release Notes"
]
},
{
"url": "https://jvn.jp/en/jp/JVN13306058/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-279xx/CVE-2023-27922.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-27922",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-05-23T02:15:09.907",
"lastModified": "2023-05-23T13:04:30.710",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-30T15:48:26.617",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Newsletter versions prior to 7.6.9 allows a remote unauthenticated attacker to inject an arbitrary script."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:thenewsletterplugin:newsletter:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "7.6.9",
"matchCriteriaId": "6D552D75-311D-48DE-B74E-E4AC195B3B89"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN59341308/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://wordpress.org/plugins/newsletter/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
]
}
]
}

75
CVE-2023/CVE-2023-279xx/CVE-2023-27923.json
View File

@ -2,23 +2,88 @@
"id": "CVE-2023-27923",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-05-23T02:15:09.943",
"lastModified": "2023-05-23T13:04:30.710",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-30T15:48:58.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Tag edit function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vektor-inc:vk_blocks:*:*:*:*:-:wordpress:*:*",
"versionEndExcluding": "1.53.0.1",
"matchCriteriaId": "903E4266-2253-42BB-9E5E-38FD3C34826E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vektor-inc:vk_blocks:*:*:*:*:pro:wordpress:*:*",
"versionEndExcluding": "1.53.0.1",
"matchCriteriaId": "19D1817E-088E-41FB-B095-0A49B493AE6C"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN95792402/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.vektor-inc.co.jp/product-update/vk-blocks-exunit-xss/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-279xx/CVE-2023-27925.json
View File

@ -2,23 +2,88 @@
"id": "CVE-2023-27925",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-05-23T02:15:09.983",
"lastModified": "2023-05-23T13:04:30.710",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-30T15:49:19.623",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Post function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vektor-inc:vk_blocks:*:*:*:*:-:wordpress:*:*",
"versionEndExcluding": "1.53.0.1",
"matchCriteriaId": "903E4266-2253-42BB-9E5E-38FD3C34826E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vektor-inc:vk_blocks:*:*:*:*:pro:wordpress:*:*",
"versionEndExcluding": "1.53.0.1",
"matchCriteriaId": "19D1817E-088E-41FB-B095-0A49B493AE6C"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN95792402/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.vektor-inc.co.jp/product-update/vk-blocks-exunit-xss/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-279xx/CVE-2023-27926.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-27926",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-05-23T02:15:10.023",
"lastModified": "2023-05-23T13:04:30.710",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-30T15:49:34.590",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Profile setting function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vektor-inc:vk_all_in_one_expansion_unit:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "9.88.2.0",
"matchCriteriaId": "94AA9EA8-45A9-4DE5-AA20-F776BD2EA28A"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN95792402/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.vektor-inc.co.jp/product-update/vk-blocks-exunit-xss/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

10
CVE-2023/CVE-2023-280xx/CVE-2023-28068.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28068",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-05-05T07:15:08.887",
"lastModified": "2023-05-11T14:50:46.627",
"vulnStatus": "Analyzed",
"lastModified": "2023-05-30T14:15:09.507",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -56,7 +56,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
@ -66,12 +66,12 @@
]
},
{
"source": "security_alert@emc.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
"value": "CWE-732"
}
]
}

69
CVE-2023/CVE-2023-283xx/CVE-2023-28367.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-28367",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-05-23T02:15:10.067",
"lastModified": "2023-05-23T13:04:30.710",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-30T15:55:17.610",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in CTA post function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vektor-inc:vk_all_in_one_expansion_unit:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "9.88.2.0",
"matchCriteriaId": "94AA9EA8-45A9-4DE5-AA20-F776BD2EA28A"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN95792402/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.vektor-inc.co.jp/product-update/vk-blocks-exunit-xss/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

132
CVE-2023/CVE-2023-284xx/CVE-2023-28412.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28412",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-05-22T20:15:10.330",
"lastModified": "2023-05-23T13:04:43.693",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-30T15:59:29.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +76,106 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:snapone:orvc:*:*:*:*:*:pro:*:*",
"versionEndExcluding": "7.3.0",
"matchCriteriaId": "415E3C3D-6B2F-4095-B7F1-E3F777E01172"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:control4:ca-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "910274AB-35AF-428C-84D7-36774DEB59D8"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:control4:ca-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "852189C9-7720-468D-BCE0-28DFC051AEDC"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:control4:ea-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C61FA2AE-A962-4D60-BBCF-751FDB5215B9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:control4:ea-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6310809-0890-4113-837C-0074706B4E6B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:control4:ea-5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7ADAAF7-9B0B-4002-8158-FC6B0EAB6055"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:snapone:an-110-rt-2l1w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B50505-B496-4172-813E-CA174EE2D4DF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:snapone:an-110-rt-2l1w-wifi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04744281-B935-4272-8582-85C6162881F8"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:snapone:an-310-rt-4l2w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCD83E46-F84F-49F8-9601-ABC03292E0F6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:snapone:ovrc-300-pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5B44DFB-CC8D-4342-907B-D34F9EAB5CEB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:snapone:pakedge_rk-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2982D38-80BF-4041-9F59-D26C152D24D9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:snapone:pakedge_rt-3100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "061055F0-D742-4227-ADC2-1793979F9463"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:snapone:pakedge_wr-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF7BD251-BB2F-4C49-8B1E-8EB26580DFDB"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-r.pdf",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Release Notes"
]
}
]
}

88
CVE-2023/CVE-2023-29xx/CVE-2023-2978.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-2978",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-30T14:15:09.763",
"lastModified": "2023-05-30T14:15:09.763",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Change Subscription Handler. The manipulation leads to authorization bypass. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. VDB-230210 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:N/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 4.1
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 5.1,
"impactScore": 4.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://pydio.com/en/community/releases/pydio-cells/pydio-cells-enterprise-421",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.230210",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.230210",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-29xx/CVE-2023-2979.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-2979",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-30T14:15:09.843",
"lastModified": "2023-05-30T14:15:09.843",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Abstrium Pydio Cells 4.2.0. This affects an unknown part of the component User Creation Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230211."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://pydio.com/en/community/releases/pydio-cells/pydio-cells-enterprise-421",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.230211",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.230211",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-29xx/CVE-2023-2980.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-2980",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-30T15:15:09.467",
"lastModified": "2023-05-30T15:15:09.467",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Abstrium Pydio Cells 4.2.0. This vulnerability affects unknown code of the component User Creation Handler. The manipulation leads to improper control of resource identifiers. The attack can be initiated remotely. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230212."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-99"
}
]
}
],
"references": [
{
"url": "https://pydio.com/en/community/releases/pydio-cells/pydio-cells-enterprise-421",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.230212",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.230212",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-29xx/CVE-2023-2981.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-2981",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-30T15:15:09.553",
"lastModified": "2023-05-30T15:15:09.553",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in Abstrium Pydio Cells 4.2.0. This issue affects some unknown processing of the component Chat. The manipulation leads to basic cross site scripting. The attack may be initiated remotely. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-230213 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-80"
}
]
}
],
"references": [
{
"url": "https://pydio.com/en/community/releases/pydio-cells/pydio-cells-enterprise-421",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.230213",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.230213",
"source": "cna@vuldb.com"
}
]
}

59
CVE-2023/CVE-2023-29xx/CVE-2023-2983.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-2983",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-05-30T15:15:09.630",
"lastModified": "2023-05-30T15:15:09.630",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-267"
}
]
}
],
"references": [
{
"url": "https://github.com/pimcore/pimcore/commit/c8f37b19c99cd82e4e558857d3e4d5476ea7228a",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/6b2f33d3-2fd0-4d2d-ad7b-2c1e2417eeb1",
"source": "security@huntr.dev"
}
]
}

59
CVE-2023/CVE-2023-29xx/CVE-2023-2984.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-2984",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-05-30T15:15:09.700",
"lastModified": "2023-05-30T15:15:09.700",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Path Traversal: '\\..\\filename' in GitHub repository pimcore/pimcore prior to 10.5.22."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-29"
}
]
}
],
"references": [
{
"url": "https://github.com/pimcore/pimcore/commit/e8dbc4da58ae86618bceb67ed35ce23e5e54d2ed",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/5df8b951-e2f1-4548-a7e3-601186e1b191",
"source": "security@huntr.dev"
}
]
}

82
CVE-2023/CVE-2023-317xx/CVE-2023-31742.json
View File

@ -2,23 +2,95 @@
"id": "CVE-2023-31742",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-22T17:15:09.477",
"lastModified": "2023-05-23T13:04:43.693",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-30T15:37:06.417",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linksys:wrt54gl_firmware:4.30.18.006:*:*:*:*:*:*:*",
"matchCriteriaId": "ABB375A9-7E02-4B09-8CC6-AAC4E5C6ABEC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:linksys:wrt54gl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04AA9149-2F72-4585-8A41-66AE3D573197"
}
]
}
]
}
],
"references": [
{
"url": "http://linksys.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/D2y6p/CVE/blob/main/Linksys/CVE-2023-31742/Linksys_WRT54GL_RCE.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-319xx/CVE-2023-31995.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31995",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-23T01:15:10.207",
"lastModified": "2023-05-23T13:04:34.787",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-30T14:15:09.947",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,10 @@
],
"metrics": {},
"references": [
{
"url": "https://hanwhavisionamerica.com/download/50042/",
"source": "cve@mitre.org"
},
{
"url": "https://www.hanwhavision.com/wp-content/uploads/2023/04/Camera-Vulnerability-Report.pdf",
"source": "cve@mitre.org"

64
CVE-2023/CVE-2023-329xx/CVE-2023-32994.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-32994",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T17:15:11.937",
"lastModified": "2023-05-16T20:04:03.627",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-30T14:30:10.230",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 and earlier unconditionally disables SSL/TLS certificate validation for connections to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:saml_single_sign_on:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "2.1.0",
"matchCriteriaId": "33F17ECF-DC9A-46B4-9EC5-826840A29616"
}
]
}
]
}
],
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3001%20(2)",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-329xx/CVE-2023-32997.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-32997",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T17:15:12.067",
"lastModified": "2023-05-16T20:04:03.627",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-30T14:32:10.560",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-384"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:cas:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "1.6.2",
"matchCriteriaId": "9BB22430-F210-4E81-85CD-D2D2B6BB60F4"
}
]
}
]
}
],
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3000",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-329xx/CVE-2023-32998.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-32998",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T17:15:12.110",
"lastModified": "2023-05-16T20:04:03.627",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-30T14:36:31.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:appspider:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "1.0.15",
"matchCriteriaId": "AC299A2B-F122-46A1-B408-E3F97C9C494E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3121",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-330xx/CVE-2023-33006.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-33006",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T17:15:12.467",
"lastModified": "2023-05-16T20:04:03.627",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-30T14:16:12.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:wso2_oauth:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0",
"matchCriteriaId": "91997D65-1525-472D-B3F1-AAFC876DFAA4"
}
]
}
]
}
],
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2990",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-332xx/CVE-2023-33293.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-33293",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-22T16:15:10.567",
"lastModified": "2023-05-22T16:15:51.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-30T15:18:16.863",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in KaiOS 3.0 and 3.1. The binary /system/kaios/api-daemon exposes a local web server on *.localhost with subdomains for each installed applications, e.g., myapp.localhost. An attacker can make fetch requests to api-deamon to determine if a given app is installed and read the manifest.webmanifest contents, including the app version."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:kaiostech:kaios:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03AA5112-C7B7-4073-AF53-BE1DA528A0F2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:kaiostech:kaios:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74F006E6-8842-429B-8FF0-6E76783A7061"
}
]
}
]
}
],
"references": [
{
"url": "https://kaios.dev/cve/1410290",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-332xx/CVE-2023-33294.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-33294",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-22T16:15:10.630",
"lastModified": "2023-05-22T16:15:51.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-30T15:34:50.353",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctweb_server binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted and returns proper CORS headers, it's accessible to all websites via the browser. At a bare minimum, this allows an attacker to retrieve a list of the user's installed apps, notifications, and downloads. It also allows an attacker to delete local files and modify system properties including the boolean persist.moz.killswitch property (which would render the device inoperable). This vulnerability is partially mitigated by SELinux which prevents reads, writes, or modifications to files or permissions within protected partitions."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:kaiostech:kaios:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03AA5112-C7B7-4073-AF53-BE1DA528A0F2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:kaiostech:kaios:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74F006E6-8842-429B-8FF0-6E76783A7061"
}
]
}
]
}
],
"references": [
{
"url": "https://kaios.dev/cve/1411380",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

68
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-05-30T14:00:27.154349+00:00
2023-05-30T16:00:24.316890+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-05-30T13:06:04.283000+00:00
2023-05-30T15:59:29.237000+00:00
```
### Last Data Feed Release
@ -29,45 +29,51 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
216351
216358
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `7`
* [CVE-2023-30196](CVE-2023/CVE-2023-301xx/CVE-2023-30196.json) (`2023-05-30T12:15:09.677`)
* [CVE-2023-2650](CVE-2023/CVE-2023-26xx/CVE-2023-2650.json) (`2023-05-30T14:15:09.683`)
* [CVE-2023-2978](CVE-2023/CVE-2023-29xx/CVE-2023-2978.json) (`2023-05-30T14:15:09.763`)
* [CVE-2023-2979](CVE-2023/CVE-2023-29xx/CVE-2023-2979.json) (`2023-05-30T14:15:09.843`)
* [CVE-2023-2980](CVE-2023/CVE-2023-29xx/CVE-2023-2980.json) (`2023-05-30T15:15:09.467`)
* [CVE-2023-2981](CVE-2023/CVE-2023-29xx/CVE-2023-2981.json) (`2023-05-30T15:15:09.553`)
* [CVE-2023-2983](CVE-2023/CVE-2023-29xx/CVE-2023-2983.json) (`2023-05-30T15:15:09.630`)
* [CVE-2023-2984](CVE-2023/CVE-2023-29xx/CVE-2023-2984.json) (`2023-05-30T15:15:09.700`)
### CVEs modified in the last Commit
Recently modified CVEs: `100`
Recently modified CVEs: `25`
* [CVE-2023-33193](CVE-2023/CVE-2023-331xx/CVE-2023-33193.json) (`2023-05-30T12:52:56.613`)
* [CVE-2023-33191](CVE-2023/CVE-2023-331xx/CVE-2023-33191.json) (`2023-05-30T12:52:56.613`)
* [CVE-2023-33955](CVE-2023/CVE-2023-339xx/CVE-2023-33955.json) (`2023-05-30T12:52:56.613`)
* [CVE-2023-0329](CVE-2023/CVE-2023-03xx/CVE-2023-0329.json) (`2023-05-30T12:52:56.613`)
* [CVE-2023-0443](CVE-2023/CVE-2023-04xx/CVE-2023-0443.json) (`2023-05-30T12:52:56.613`)
* [CVE-2023-0733](CVE-2023/CVE-2023-07xx/CVE-2023-0733.json) (`2023-05-30T12:52:56.613`)
* [CVE-2023-0766](CVE-2023/CVE-2023-07xx/CVE-2023-0766.json) (`2023-05-30T12:52:56.613`)
* [CVE-2023-1524](CVE-2023/CVE-2023-15xx/CVE-2023-1524.json) (`2023-05-30T12:52:56.613`)
* [CVE-2023-1938](CVE-2023/CVE-2023-19xx/CVE-2023-1938.json) (`2023-05-30T12:52:56.613`)
* [CVE-2023-2023](CVE-2023/CVE-2023-20xx/CVE-2023-2023.json) (`2023-05-30T12:52:56.613`)
* [CVE-2023-2111](CVE-2023/CVE-2023-21xx/CVE-2023-2111.json) (`2023-05-30T12:52:56.613`)
* [CVE-2023-2113](CVE-2023/CVE-2023-21xx/CVE-2023-2113.json) (`2023-05-30T12:52:56.613`)
* [CVE-2023-2117](CVE-2023/CVE-2023-21xx/CVE-2023-2117.json) (`2023-05-30T12:52:56.613`)
* [CVE-2023-2223](CVE-2023/CVE-2023-22xx/CVE-2023-2223.json) (`2023-05-30T12:52:56.613`)
* [CVE-2023-2256](CVE-2023/CVE-2023-22xx/CVE-2023-2256.json) (`2023-05-30T12:52:56.613`)
* [CVE-2023-2287](CVE-2023/CVE-2023-22xx/CVE-2023-2287.json) (`2023-05-30T12:52:56.613`)
* [CVE-2023-2288](CVE-2023/CVE-2023-22xx/CVE-2023-2288.json) (`2023-05-30T12:52:56.613`)
* [CVE-2023-2296](CVE-2023/CVE-2023-22xx/CVE-2023-2296.json) (`2023-05-30T12:52:56.613`)
* [CVE-2023-2470](CVE-2023/CVE-2023-24xx/CVE-2023-2470.json) (`2023-05-30T12:52:56.613`)
* [CVE-2023-2518](CVE-2023/CVE-2023-25xx/CVE-2023-2518.json) (`2023-05-30T12:52:56.613`)
* [CVE-2023-30601](CVE-2023/CVE-2023-306xx/CVE-2023-30601.json) (`2023-05-30T12:52:56.613`)
* [CVE-2023-2972](CVE-2023/CVE-2023-29xx/CVE-2023-2972.json) (`2023-05-30T12:52:56.613`)
* [CVE-2023-2973](CVE-2023/CVE-2023-29xx/CVE-2023-2973.json) (`2023-05-30T12:52:56.613`)
* [CVE-2023-33234](CVE-2023/CVE-2023-332xx/CVE-2023-33234.json) (`2023-05-30T12:52:56.613`)
* [CVE-2023-2856](CVE-2023/CVE-2023-28xx/CVE-2023-2856.json) (`2023-05-30T12:59:20.893`)
* [CVE-2022-36327](CVE-2022/CVE-2022-363xx/CVE-2022-36327.json) (`2023-05-30T14:04:18.853`)
* [CVE-2023-23450](CVE-2023/CVE-2023-234xx/CVE-2023-23450.json) (`2023-05-30T14:11:13.857`)
* [CVE-2023-28068](CVE-2023/CVE-2023-280xx/CVE-2023-28068.json) (`2023-05-30T14:15:09.507`)
* [CVE-2023-31995](CVE-2023/CVE-2023-319xx/CVE-2023-31995.json) (`2023-05-30T14:15:09.947`)
* [CVE-2023-33006](CVE-2023/CVE-2023-330xx/CVE-2023-33006.json) (`2023-05-30T14:16:12.517`)
* [CVE-2023-32994](CVE-2023/CVE-2023-329xx/CVE-2023-32994.json) (`2023-05-30T14:30:10.230`)
* [CVE-2023-32997](CVE-2023/CVE-2023-329xx/CVE-2023-32997.json) (`2023-05-30T14:32:10.560`)
* [CVE-2023-32998](CVE-2023/CVE-2023-329xx/CVE-2023-32998.json) (`2023-05-30T14:36:31.517`)
* [CVE-2023-33293](CVE-2023/CVE-2023-332xx/CVE-2023-33293.json) (`2023-05-30T15:18:16.863`)
* [CVE-2023-27397](CVE-2023/CVE-2023-273xx/CVE-2023-27397.json) (`2023-05-30T15:32:54.570`)
* [CVE-2023-27507](CVE-2023/CVE-2023-275xx/CVE-2023-27507.json) (`2023-05-30T15:33:26.400`)
* [CVE-2023-33294](CVE-2023/CVE-2023-332xx/CVE-2023-33294.json) (`2023-05-30T15:34:50.353`)
* [CVE-2023-31742](CVE-2023/CVE-2023-317xx/CVE-2023-31742.json) (`2023-05-30T15:37:06.417`)
* [CVE-2023-27512](CVE-2023/CVE-2023-275xx/CVE-2023-27512.json) (`2023-05-30T15:39:54.467`)
* [CVE-2023-27514](CVE-2023/CVE-2023-275xx/CVE-2023-27514.json) (`2023-05-30T15:40:15.907`)
* [CVE-2023-27518](CVE-2023/CVE-2023-275xx/CVE-2023-27518.json) (`2023-05-30T15:40:26.997`)
* [CVE-2023-27521](CVE-2023/CVE-2023-275xx/CVE-2023-27521.json) (`2023-05-30T15:40:34.467`)
* [CVE-2023-27920](CVE-2023/CVE-2023-279xx/CVE-2023-27920.json) (`2023-05-30T15:41:23.137`)
* [CVE-2023-27921](CVE-2023/CVE-2023-279xx/CVE-2023-27921.json) (`2023-05-30T15:47:27.067`)
* [CVE-2023-27922](CVE-2023/CVE-2023-279xx/CVE-2023-27922.json) (`2023-05-30T15:48:26.617`)
* [CVE-2023-27923](CVE-2023/CVE-2023-279xx/CVE-2023-27923.json) (`2023-05-30T15:48:58.967`)
* [CVE-2023-27925](CVE-2023/CVE-2023-279xx/CVE-2023-27925.json) (`2023-05-30T15:49:19.623`)
* [CVE-2023-27926](CVE-2023/CVE-2023-279xx/CVE-2023-27926.json) (`2023-05-30T15:49:34.590`)
* [CVE-2023-28367](CVE-2023/CVE-2023-283xx/CVE-2023-28367.json) (`2023-05-30T15:55:17.610`)
* [CVE-2023-28412](CVE-2023/CVE-2023-284xx/CVE-2023-28412.json) (`2023-05-30T15:59:29.237`)
## Download and Usage