admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-06T20:00:25.627773+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-06 20:00:29 +00:00
parent f260538f90
commit 5e1cd28e77
32 changed files with 7187 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CVE-2021/CVE-2021-40xx/CVE-2021-4083.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-4083", "id": "CVE-2021-4083",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2022-01-18T17:15:09.403", "published": "2022-01-18T17:15:09.403",
"lastModified": "2023-08-04T20:13:28.520", "lastModified": "2023-10-06T18:05:43.720",
"vulnStatus": "Analyzed", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
@ -87,7 +87,6 @@
], ],
"configurations": [ "configurations": [
{ {
"operator": "AND",
"nodes": [ "nodes": [
{ {
"operator": "OR", "operator": "OR",
@ -96,8 +95,8 @@
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartExcluding": "4.4.294", "versionEndExcluding": "4.4.294",
"matchCriteriaId": "742F7AF0-2703-4AFF-BACC-32A95B2DCDD8" "matchCriteriaId": "D8453AEE-C6A3-45F8-875D-63F8D19E16F8"
}, },
{ {
"vulnerable": true, "vulnerable": true,
@ -377,7 +376,6 @@
] ]
}, },
{ {
"operator": "AND",
"nodes": [ "nodes": [
{ {
"operator": "OR", "operator": "OR",
@ -398,7 +396,6 @@
] ]
}, },
{ {
"operator": "AND",
"nodes": [ "nodes": [
{ {
"operator": "OR", "operator": "OR",
@ -419,7 +416,6 @@
] ]
}, },
{ {
"operator": "AND",
"nodes": [ "nodes": [
{ {
"operator": "OR", "operator": "OR",

62
CVE-2023/CVE-2023-201xx/CVE-2023-20101.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-20101", "id": "CVE-2023-20101",
"sourceIdentifier": "ykramarz@cisco.com", "sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-10-04T17:15:09.837", "published": "2023-10-04T17:15:09.837",
"lastModified": "2023-10-04T18:14:55.483", "lastModified": "2023-10-06T18:15:15.003",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted.\r\n\r This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user." "value": "A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted.\r\n\r This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Cisco Emergency Responder podr\u00eda permitir que un atacante remoto no autenticado inicie sesi\u00f3n en un dispositivo afectado utilizando la cuenta de root, que tiene credenciales est\u00e1ticas predeterminadas que no se pueden cambiar ni eliminar. Esta vulnerabilidad se debe a la presencia de credenciales de usuario est\u00e1ticas para la cuenta de root que normalmente est\u00e1n reservadas para su uso durante el desarrollo. Un atacante podr\u00eda aprovechar esta vulnerabilidad utilizando la cuenta para iniciar sesi\u00f3n en un sistema afectado. Un exploit exitoso podr\u00eda permitir al atacante iniciar sesi\u00f3n en el sistema afectado y ejecutar comandos arbitrarios como usuario root."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{ {
"source": "ykramarz@cisco.com", "source": "ykramarz@cisco.com",
"type": "Secondary", "type": "Secondary",
@ -34,10 +58,42 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:emergency_responder:12.5\\(1\\)su4:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DFD27F-7AED-436A-AA79-0A5C570DF830"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cer-priv-esc-B9t3hqk9", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cer-priv-esc-B9t3hqk9",
"source": "ykramarz@cisco.com" "source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

5047
CVE-2023/CVE-2023-201xx/CVE-2023-20186.json
View File

File diff suppressed because it is too large Load Diff

1105
CVE-2023/CVE-2023-201xx/CVE-2023-20187.json
View File

File diff suppressed because it is too large Load Diff

32
CVE-2023/CVE-2023-212xx/CVE-2023-21244.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-21244",
"sourceIdentifier": "security@android.com",
"published": "2023-10-06T19:15:12.667",
"lastModified": "2023-10-06T19:41:01.643",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/20aedba4998373addc2befcc455a118585559fef",
"source": "security@android.com"
},
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/3a448067ac9ebdf669951e90678c2daa592a81d3",
"source": "security@android.com"
},
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/5a3d0c131175d923cf35c7beb3ee77a9e6485dad",
"source": "security@android.com"
},
{
"url": "https://source.android.com/security/bulletin/2023-10-01",
"source": "security@android.com"
}
]
}

28
CVE-2023/CVE-2023-212xx/CVE-2023-21252.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-21252",
"sourceIdentifier": "security@android.com",
"published": "2023-10-06T19:15:12.730",
"lastModified": "2023-10-06T19:41:01.643",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into a boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/044ab0684153c4effb9f4fda47df43ccdc77bda8",
"source": "security@android.com"
},
{
"url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/50b08ee30e04d185e5ae97a5f717d436fd5a90f3",
"source": "security@android.com"
},
{
"url": "https://source.android.com/security/bulletin/2023-10-01",
"source": "security@android.com"
}
]
}

32
CVE-2023/CVE-2023-212xx/CVE-2023-21253.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-21253",
"sourceIdentifier": "security@android.com",
"published": "2023-10-06T19:15:12.777",
"lastModified": "2023-10-06T19:41:01.643",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/84df68840b6f2407146e722ebd95a7d8bc6e3529",
"source": "security@android.com"
},
{
"url": "https://android.googlesource.com/platform/tools/apksig/+/039f815895f62c9f8af23df66622b66246f3f61e",
"source": "security@android.com"
},
{
"url": "https://android.googlesource.com/platform/tools/apksig/+/41d882324288085fd32ae0bb70dc85f5fd0e2be7",
"source": "security@android.com"
},
{
"url": "https://source.android.com/security/bulletin/2023-10-01",
"source": "security@android.com"
}
]
}

24
CVE-2023/CVE-2023-212xx/CVE-2023-21266.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-21266",
"sourceIdentifier": "security@android.com",
"published": "2023-10-06T19:15:12.830",
"lastModified": "2023-10-06T19:41:01.643",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In killBackgroundProcesses of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/5b7edbf2ba076b04000eb5d27101927eeb609c26",
"source": "security@android.com"
},
{
"url": "https://source.android.com/security/bulletin/2023-10-01",
"source": "security@android.com"
}
]
}

24
CVE-2023/CVE-2023-212xx/CVE-2023-21291.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-21291",
"sourceIdentifier": "security@android.com",
"published": "2023-10-06T19:15:12.883",
"lastModified": "2023-10-06T19:41:01.643",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In visitUris of Notification.java, there is a possible way to reveal image contents from another user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/cb6282e8970f4c9db5497889699e68fb2038566e",
"source": "security@android.com"
},
{
"url": "https://source.android.com/security/bulletin/2023-10-01",
"source": "security@android.com"
}
]
}

4
CVE-2023/CVE-2023-233xx/CVE-2023-23365.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23365", "id": "CVE-2023-23365",
"sourceIdentifier": "security@qnapsecurity.com.tw", "sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2023-10-06T17:15:11.737", "published": "2023-10-06T17:15:11.737",
"lastModified": "2023-10-06T17:15:11.737", "lastModified": "2023-10-06T19:41:01.643",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-233xx/CVE-2023-23366.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23366", "id": "CVE-2023-23366",
"sourceIdentifier": "security@qnapsecurity.com.tw", "sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2023-10-06T17:15:11.840", "published": "2023-10-06T17:15:11.840",
"lastModified": "2023-10-06T17:15:11.840", "lastModified": "2023-10-06T19:41:01.643",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-233xx/CVE-2023-23370.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23370", "id": "CVE-2023-23370",
"sourceIdentifier": "security@qnapsecurity.com.tw", "sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2023-10-06T17:15:11.920", "published": "2023-10-06T17:15:11.920",
"lastModified": "2023-10-06T17:15:11.920", "lastModified": "2023-10-06T19:41:01.643",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-233xx/CVE-2023-23371.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23371", "id": "CVE-2023-23371",
"sourceIdentifier": "security@qnapsecurity.com.tw", "sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2023-10-06T17:15:11.997", "published": "2023-10-06T17:15:11.997",
"lastModified": "2023-10-06T17:15:11.997", "lastModified": "2023-10-06T19:41:01.643",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

47
CVE-2023/CVE-2023-287xx/CVE-2023-28791.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28791", "id": "CVE-2023-28791",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-06T14:15:11.727", "published": "2023-10-06T14:15:11.727",
"lastModified": "2023-10-06T15:25:02.197", "lastModified": "2023-10-06T19:02:01.257",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +66,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webtechforce:simple_org_chart:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.3.4",
"matchCriteriaId": "7778924C-36E7-4303-8DEF-110138627D37"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/vulnerability/simple-org-chart/wordpress-simple-org-chart-plugin-2-3-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/vulnerability/simple-org-chart/wordpress-simple-org-chart-plugin-2-3-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

4
CVE-2023/CVE-2023-329xx/CVE-2023-32971.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32971", "id": "CVE-2023-32971",
"sourceIdentifier": "security@qnapsecurity.com.tw", "sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2023-10-06T17:15:12.083", "published": "2023-10-06T17:15:12.083",
"lastModified": "2023-10-06T17:15:12.083", "lastModified": "2023-10-06T19:41:01.643",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-329xx/CVE-2023-32972.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32972", "id": "CVE-2023-32972",
"sourceIdentifier": "security@qnapsecurity.com.tw", "sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2023-10-06T17:15:12.170", "published": "2023-10-06T17:15:12.170",
"lastModified": "2023-10-06T17:15:12.170", "lastModified": "2023-10-06T19:41:01.643",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

58
CVE-2023/CVE-2023-436xx/CVE-2023-43662.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43662", "id": "CVE-2023-43662",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-28T22:15:10.270", "published": "2023-09-28T22:15:10.270",
"lastModified": "2023-09-29T04:19:01.990", "lastModified": "2023-10-06T18:28:46.827",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "ShokoServer is a media server which specializes in organizing anime. In affected versions the `/api/Image/WithPath` endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter `serverImagePath`, which is not sanitized in any way before being passed to `System.IO.File.OpenRead`, which results in an arbitrary file read. This issue may lead to an arbitrary file read which is exacerbated in the windows installer which installs the ShokoServer as administrator. Any unauthenticated attacker may be able to access sensitive information and read files stored on the server. The `/api/Image/WithPath` endpoint has been removed in commit `6c57ba0f0` which will be included in subsequent releases. Users should limit access to the `/api/Image/WithPath` endpoint or manually patch their installations until a patched release is made. This issue was discovered by the GitHub Security lab and is also indexed as GHSL-2023-191." "value": "ShokoServer is a media server which specializes in organizing anime. In affected versions the `/api/Image/WithPath` endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter `serverImagePath`, which is not sanitized in any way before being passed to `System.IO.File.OpenRead`, which results in an arbitrary file read. This issue may lead to an arbitrary file read which is exacerbated in the windows installer which installs the ShokoServer as administrator. Any unauthenticated attacker may be able to access sensitive information and read files stored on the server. The `/api/Image/WithPath` endpoint has been removed in commit `6c57ba0f0` which will be included in subsequent releases. Users should limit access to the `/api/Image/WithPath` endpoint or manually patch their installations until a patched release is made. This issue was discovered by the GitHub Security lab and is also indexed as GHSL-2023-191."
},
{
"lang": "es",
"value": "ShokoServer es un servidor de medios que se especializa en organizar anime. En las versiones afectadas, se puede acceder al endpoint `/api/Image/WithPath` sin autenticaci\u00f3n y se supone que devuelve im\u00e1genes de servidor predeterminadas. El endpoint acepta el par\u00e1metro `serverImagePath`, que no se sanitiza de ninguna manera antes de pasarse a `System.IO.File.OpenRead`, lo que da como resultado una lectura de archivo arbitraria. Este problema puede provocar una lectura de archivo arbitraria que se agrava en el instalador de Windows que instala ShokoServer como administrador. Cualquier atacante no autenticado puede acceder a informaci\u00f3n confidencial y leer archivos almacenados en el servidor. El endpoint `/api/Image/WithPath` se elimin\u00f3 en el commit `6c57ba0f0`, que se incluir\u00e1 en versiones posteriores. Los usuarios deben limitar el acceso al endpoin `/api/Image/WithPath` o parchear manualmente sus instalaciones hasta que se realice una versi\u00f3n parcheada. Este problema fue descubierto por el laboratorio de GitHub Security y tambi\u00e9n est\u00e1 indexado como GHSL-2023-191."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -46,14 +70,40 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:shokoanime:shokoserver:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.2.2",
"matchCriteriaId": "100F9CC0-A263-4C38-A023-9AB537C00CB4"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/ShokoAnime/ShokoServer/commit/6c57ba0f073d6be5a4f508c46c2ce36727cbce80", "url": "https://github.com/ShokoAnime/ShokoServer/commit/6c57ba0f073d6be5a4f508c46c2ce36727cbce80",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://github.com/ShokoAnime/ShokoServer/security/advisories/GHSA-mwcv-ghjq-8f2g", "url": "https://github.com/ShokoAnime/ShokoServer/security/advisories/GHSA-mwcv-ghjq-8f2g",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
]
} }
] ]
} }

63
CVE-2023/CVE-2023-443xx/CVE-2023-44384.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-44384",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-06T18:15:12.247",
"lastModified": "2023-10-06T19:41:01.643",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. An administrator user can make an SSRF attack by setting the Jira URL to an arbitrary location and enabling the `discourse_jira_verbose_log` site setting. A moderator user could manipulate the request path to the Jira API, allowing them to perform arbitrary GET requests using the Jira API credentials, potentially with elevated permissions, used by the application. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-691"
}
]
}
],
"references": [
{
"url": "https://github.com/discourse/discourse-jira/commit/8a2d3ad228883199fd5f081cc93d173c88e2e48f",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/discourse/discourse-jira/pull/50",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/discourse/discourse-jira/security/advisories/GHSA-pmv5-h2x6-35fh",
"source": "security-advisories@github.com"
}
]
}

64
CVE-2023/CVE-2023-447xx/CVE-2023-44761.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-44761", "id": "CVE-2023-44761",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-10-06T13:15:12.747", "published": "2023-10-06T13:15:12.747",
"lastModified": "2023-10-06T13:17:35.473", "lastModified": "2023-10-06T19:05:38.713",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects." "value": "Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:concretecms:concrete_cms:9.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7B776E3-2D7A-4BD9-9800-01AED3141336"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Forms", "url": "https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Forms",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

64
CVE-2023/CVE-2023-447xx/CVE-2023-44762.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-44762", "id": "CVE-2023-44762",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-10-06T13:15:12.807", "published": "2023-10-06T13:15:12.807",
"lastModified": "2023-10-06T13:17:35.473", "lastModified": "2023-10-06T19:05:46.900",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags." "value": "A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:concretecms:concrete_cms:9.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7B776E3-2D7A-4BD9-9800-01AED3141336"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/sromanhu/ConcreteCMS-Reflected-XSS---Tags", "url": "https://github.com/sromanhu/ConcreteCMS-Reflected-XSS---Tags",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

64
CVE-2023/CVE-2023-447xx/CVE-2023-44764.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-44764", "id": "CVE-2023-44764",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-10-06T13:15:12.863", "published": "2023-10-06T13:15:12.863",
"lastModified": "2023-10-06T13:17:35.473", "lastModified": "2023-10-06T19:05:57.683",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SITE parameter from installation or in the Settings." "value": "A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SITE parameter from installation or in the Settings."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:concretecms:concrete_cms:9.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7B776E3-2D7A-4BD9-9800-01AED3141336"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Site_Installation", "url": "https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Site_Installation",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

64
CVE-2023/CVE-2023-447xx/CVE-2023-44765.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-44765", "id": "CVE-2023-44765",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-10-06T13:15:12.923", "published": "2023-10-06T13:15:12.923",
"lastModified": "2023-10-06T13:17:35.473", "lastModified": "2023-10-06T19:06:06.630",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings." "value": "A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:concretecms:concrete_cms:9.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7B776E3-2D7A-4BD9-9800-01AED3141336"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Associations", "url": "https://github.com/sromanhu/ConcreteCMS-Stored-XSS---Associations",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

63
CVE-2023/CVE-2023-447xx/CVE-2023-44766.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-44766", "id": "CVE-2023-44766",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-10-06T13:15:12.977", "published": "2023-10-06T13:15:12.977",
"lastModified": "2023-10-06T13:17:35.473", "lastModified": "2023-10-06T19:06:47.970",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings." "value": "A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:concretecms:concrete_cms:9.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7B776E3-2D7A-4BD9-9800-01AED3141336"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/sromanhu/ConcreteCMS-Stored-XSS---SEO", "url": "https://github.com/sromanhu/ConcreteCMS-Stored-XSS---SEO",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit"
]
} }
] ]
} }

64
CVE-2023/CVE-2023-447xx/CVE-2023-44770.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-44770", "id": "CVE-2023-44770",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-10-06T13:15:13.033", "published": "2023-10-06T13:15:13.033",
"lastModified": "2023-10-06T13:17:35.473", "lastModified": "2023-10-06T19:06:20.797",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare alias." "value": "A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare alias."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribalsystems:zenario:9.4.59197:*:*:*:*:*:*:*",
"matchCriteriaId": "EC840721-C5AC-454B-A792-7E9C09E847E0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/sromanhu/ZenarioCMS--Reflected-XSS---Organizer-Alias/blob/main/README.md", "url": "https://github.com/sromanhu/ZenarioCMS--Reflected-XSS---Organizer-Alias/blob/main/README.md",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

64
CVE-2023/CVE-2023-447xx/CVE-2023-44771.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-44771", "id": "CVE-2023-44771",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-10-06T13:15:13.087", "published": "2023-10-06T13:15:13.087",
"lastModified": "2023-10-06T13:17:35.473", "lastModified": "2023-10-06T19:06:57.543",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout." "value": "A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tribalsystems:zenario:9.4.59197:*:*:*:*:*:*:*",
"matchCriteriaId": "EC840721-C5AC-454B-A792-7E9C09E847E0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/sromanhu/ZenarioCMS--Stored-XSS---Page-Layout", "url": "https://github.com/sromanhu/ZenarioCMS--Stored-XSS---Page-Layout",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

4
CVE-2023/CVE-2023-448xx/CVE-2023-44807.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44807", "id": "CVE-2023-44807",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-10-06T17:15:12.837", "published": "2023-10-06T17:15:12.837",
"lastModified": "2023-10-06T17:15:12.837", "lastModified": "2023-10-06T19:41:01.643",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

36
CVE-2023/CVE-2023-452xx/CVE-2023-45239.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-45239",
"sourceIdentifier": "cve-assign@fb.com",
"published": "2023-10-06T18:15:12.337",
"lastModified": "2023-10-06T19:41:01.643",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands and gain remote code execution on the tac_plus server."
}
],
"metrics": {},
"weaknesses": [
{
"source": "cve-assign@fb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-790"
}
]
}
],
"references": [
{
"url": "https://github.com/facebook/tac_plus/pull/41",
"source": "cve-assign@fb.com"
},
{
"url": "https://github.com/facebook/tac_plus/security/advisories/GHSA-p334-5r3g-4vx3",
"source": "cve-assign@fb.com"
}
]
}

24
CVE-2023/CVE-2023-452xx/CVE-2023-45282.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-45282",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-06T19:15:12.950",
"lastModified": "2023-10-06T19:41:01.643",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In NASA Open MCT (aka openmct) 2.2.5 before 545a177, prototype pollution can occur via an import action."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/nasa/openmct/pull/7094/commits/545a1770c523ecc3410dca884c6809d5ff0f9d52",
"source": "cve@mitre.org"
},
{
"url": "https://nasa.github.io/openmct/",
"source": "cve@mitre.org"
}
]
}

47
CVE-2023/CVE-2023-453xx/CVE-2023-45303.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-45303",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-06T19:15:13.040",
"lastModified": "2023-10-06T19:41:01.643",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent to the /api/admin/settings endpoint)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://freemarker.apache.org/docs/api/freemarker/template/utility/Execute.html",
"source": "cve@mitre.org"
},
{
"url": "https://herolab.usd.de/security-advisories/usd-2023-0010/",
"source": "cve@mitre.org"
}
]
}

55
CVE-2023/CVE-2023-52xx/CVE-2023-5214.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5214",
"sourceIdentifier": "security@puppet.com",
"published": "2023-10-06T18:15:12.453",
"lastModified": "2023-10-06T19:41:01.643",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@puppet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security@puppet.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://www.puppet.com/security/cve/cve-2023-5255-denial-service-revocation-auto-renewed-certificates",
"source": "security@puppet.com"
}
]
}

47
CVE-2023/CVE-2023-53xx/CVE-2023-5366.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-5366",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-06T18:15:12.520",
"lastModified": "2023-10-06T19:41:01.643",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5366",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006347",
"source": "secalert@redhat.com"
}
]
}

76
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-10-06T18:00:24.978385+00:00 2023-10-06T20:00:25.627773+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-10-06T17:59:22.463000+00:00 2023-10-06T19:41:01.643000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,54 +29,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
227134 227145
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `10` Recently added CVEs: `11`
* [CVE-2023-39928](CVE-2023/CVE-2023-399xx/CVE-2023-39928.json) (`2023-10-06T16:15:13.223`) * [CVE-2023-44384](CVE-2023/CVE-2023-443xx/CVE-2023-44384.json) (`2023-10-06T18:15:12.247`)
* [CVE-2023-44233](CVE-2023/CVE-2023-442xx/CVE-2023-44233.json) (`2023-10-06T16:15:15.907`) * [CVE-2023-45239](CVE-2023/CVE-2023-452xx/CVE-2023-45239.json) (`2023-10-06T18:15:12.337`)
* [CVE-2023-44243](CVE-2023/CVE-2023-442xx/CVE-2023-44243.json) (`2023-10-06T16:15:15.983`) * [CVE-2023-5214](CVE-2023/CVE-2023-52xx/CVE-2023-5214.json) (`2023-10-06T18:15:12.453`)
* [CVE-2023-23365](CVE-2023/CVE-2023-233xx/CVE-2023-23365.json) (`2023-10-06T17:15:11.737`) * [CVE-2023-5366](CVE-2023/CVE-2023-53xx/CVE-2023-5366.json) (`2023-10-06T18:15:12.520`)
* [CVE-2023-23366](CVE-2023/CVE-2023-233xx/CVE-2023-23366.json) (`2023-10-06T17:15:11.840`) * [CVE-2023-21244](CVE-2023/CVE-2023-212xx/CVE-2023-21244.json) (`2023-10-06T19:15:12.667`)
* [CVE-2023-23370](CVE-2023/CVE-2023-233xx/CVE-2023-23370.json) (`2023-10-06T17:15:11.920`) * [CVE-2023-21252](CVE-2023/CVE-2023-212xx/CVE-2023-21252.json) (`2023-10-06T19:15:12.730`)
* [CVE-2023-23371](CVE-2023/CVE-2023-233xx/CVE-2023-23371.json) (`2023-10-06T17:15:11.997`) * [CVE-2023-21253](CVE-2023/CVE-2023-212xx/CVE-2023-21253.json) (`2023-10-06T19:15:12.777`)
* [CVE-2023-32971](CVE-2023/CVE-2023-329xx/CVE-2023-32971.json) (`2023-10-06T17:15:12.083`) * [CVE-2023-21266](CVE-2023/CVE-2023-212xx/CVE-2023-21266.json) (`2023-10-06T19:15:12.830`)
* [CVE-2023-32972](CVE-2023/CVE-2023-329xx/CVE-2023-32972.json) (`2023-10-06T17:15:12.170`) * [CVE-2023-21291](CVE-2023/CVE-2023-212xx/CVE-2023-21291.json) (`2023-10-06T19:15:12.883`)
* [CVE-2023-44807](CVE-2023/CVE-2023-448xx/CVE-2023-44807.json) (`2023-10-06T17:15:12.837`) * [CVE-2023-45282](CVE-2023/CVE-2023-452xx/CVE-2023-45282.json) (`2023-10-06T19:15:12.950`)
* [CVE-2023-45303](CVE-2023/CVE-2023-453xx/CVE-2023-45303.json) (`2023-10-06T19:15:13.040`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `91` Recently modified CVEs: `20`
* [CVE-2023-40558](CVE-2023/CVE-2023-405xx/CVE-2023-40558.json) (`2023-10-06T16:25:05.677`) * [CVE-2021-4083](CVE-2021/CVE-2021-40xx/CVE-2021-4083.json) (`2023-10-06T18:05:43.720`)
* [CVE-2023-40201](CVE-2023/CVE-2023-402xx/CVE-2023-40201.json) (`2023-10-06T16:25:17.340`) * [CVE-2023-20186](CVE-2023/CVE-2023-201xx/CVE-2023-20186.json) (`2023-10-06T18:14:19.640`)
* [CVE-2023-25489](CVE-2023/CVE-2023-254xx/CVE-2023-25489.json) (`2023-10-06T16:26:25.187`) * [CVE-2023-20101](CVE-2023/CVE-2023-201xx/CVE-2023-20101.json) (`2023-10-06T18:15:15.003`)
* [CVE-2023-3213](CVE-2023/CVE-2023-32xx/CVE-2023-3213.json) (`2023-10-06T16:26:39.383`) * [CVE-2023-20187](CVE-2023/CVE-2023-201xx/CVE-2023-20187.json) (`2023-10-06T18:21:22.807`)
* [CVE-2023-43980](CVE-2023/CVE-2023-439xx/CVE-2023-43980.json) (`2023-10-06T16:26:51.337`) * [CVE-2023-43662](CVE-2023/CVE-2023-436xx/CVE-2023-43662.json) (`2023-10-06T18:28:46.827`)
* [CVE-2023-4497](CVE-2023/CVE-2023-44xx/CVE-2023-4497.json) (`2023-10-06T16:31:00.943`) * [CVE-2023-28791](CVE-2023/CVE-2023-287xx/CVE-2023-28791.json) (`2023-10-06T19:02:01.257`)
* [CVE-2023-43730](CVE-2023/CVE-2023-437xx/CVE-2023-43730.json) (`2023-10-06T17:15:12.260`) * [CVE-2023-44761](CVE-2023/CVE-2023-447xx/CVE-2023-44761.json) (`2023-10-06T19:05:38.713`)
* [CVE-2023-43731](CVE-2023/CVE-2023-437xx/CVE-2023-43731.json) (`2023-10-06T17:15:12.367`) * [CVE-2023-44762](CVE-2023/CVE-2023-447xx/CVE-2023-44762.json) (`2023-10-06T19:05:46.900`)
* [CVE-2023-43732](CVE-2023/CVE-2023-437xx/CVE-2023-43732.json) (`2023-10-06T17:15:12.463`) * [CVE-2023-44764](CVE-2023/CVE-2023-447xx/CVE-2023-44764.json) (`2023-10-06T19:05:57.683`)
* [CVE-2023-43733](CVE-2023/CVE-2023-437xx/CVE-2023-43733.json) (`2023-10-06T17:15:12.553`) * [CVE-2023-44765](CVE-2023/CVE-2023-447xx/CVE-2023-44765.json) (`2023-10-06T19:06:06.630`)
* [CVE-2023-43734](CVE-2023/CVE-2023-437xx/CVE-2023-43734.json) (`2023-10-06T17:15:12.643`) * [CVE-2023-44770](CVE-2023/CVE-2023-447xx/CVE-2023-44770.json) (`2023-10-06T19:06:20.797`)
* [CVE-2023-43735](CVE-2023/CVE-2023-437xx/CVE-2023-43735.json) (`2023-10-06T17:15:12.740`) * [CVE-2023-44766](CVE-2023/CVE-2023-447xx/CVE-2023-44766.json) (`2023-10-06T19:06:47.970`)
* [CVE-2023-4911](CVE-2023/CVE-2023-49xx/CVE-2023-4911.json) (`2023-10-06T17:15:12.893`) * [CVE-2023-44771](CVE-2023/CVE-2023-447xx/CVE-2023-44771.json) (`2023-10-06T19:06:57.543`)
* [CVE-2023-26782](CVE-2023/CVE-2023-267xx/CVE-2023-26782.json) (`2023-10-06T17:20:59.803`) * [CVE-2023-23365](CVE-2023/CVE-2023-233xx/CVE-2023-23365.json) (`2023-10-06T19:41:01.643`)
* [CVE-2023-4401](CVE-2023/CVE-2023-44xx/CVE-2023-4401.json) (`2023-10-06T17:54:38.027`) * [CVE-2023-23366](CVE-2023/CVE-2023-233xx/CVE-2023-23366.json) (`2023-10-06T19:41:01.643`)
* [CVE-2023-43073](CVE-2023/CVE-2023-430xx/CVE-2023-43073.json) (`2023-10-06T17:55:26.480`) * [CVE-2023-23370](CVE-2023/CVE-2023-233xx/CVE-2023-23370.json) (`2023-10-06T19:41:01.643`)
* [CVE-2023-43072](CVE-2023/CVE-2023-430xx/CVE-2023-43072.json) (`2023-10-06T17:55:43.053`) * [CVE-2023-23371](CVE-2023/CVE-2023-233xx/CVE-2023-23371.json) (`2023-10-06T19:41:01.643`)
* [CVE-2023-43071](CVE-2023/CVE-2023-430xx/CVE-2023-43071.json) (`2023-10-06T17:56:09.033`) * [CVE-2023-32971](CVE-2023/CVE-2023-329xx/CVE-2023-32971.json) (`2023-10-06T19:41:01.643`)
* [CVE-2023-43069](CVE-2023/CVE-2023-430xx/CVE-2023-43069.json) (`2023-10-06T17:56:59.323`) * [CVE-2023-32972](CVE-2023/CVE-2023-329xx/CVE-2023-32972.json) (`2023-10-06T19:41:01.643`)
* [CVE-2023-43070](CVE-2023/CVE-2023-430xx/CVE-2023-43070.json) (`2023-10-06T17:57:03.317`) * [CVE-2023-44807](CVE-2023/CVE-2023-448xx/CVE-2023-44807.json) (`2023-10-06T19:41:01.643`)
* [CVE-2023-43068](CVE-2023/CVE-2023-430xx/CVE-2023-43068.json) (`2023-10-06T17:57:26.520`)
* [CVE-2023-44043](CVE-2023/CVE-2023-440xx/CVE-2023-44043.json) (`2023-10-06T17:57:41.317`)
* [CVE-2023-5111](CVE-2023/CVE-2023-51xx/CVE-2023-5111.json) (`2023-10-06T17:58:29.377`)
* [CVE-2023-39410](CVE-2023/CVE-2023-394xx/CVE-2023-39410.json) (`2023-10-06T17:58:36.833`)
* [CVE-2023-43740](CVE-2023/CVE-2023-437xx/CVE-2023-43740.json) (`2023-10-06T17:59:22.463`)
## Download and Usage ## Download and Usage