admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-06-12T18:00:27.604964+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-06-12 18:00:31 +00:00
parent 03319f463a
commit 5ef5e46ac5
67 changed files with 3255 additions and 235 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
CVE-2013/CVE-2013-100xx/CVE-2013-10029.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2013-10029",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-05T21:15:09.250",
"lastModified": "2023-06-06T12:50:56.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T16:37:57.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:angrybte:wordpress_exit_box_lite:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.06",
"matchCriteriaId": "D2E7965F-2F2B-4A71-BD48-AF3944BEE68C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/wp-plugins/wordpress-exit-box-lite/commit/fad26701addb862c51baf85c6e3cc136aa79c309",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://vuldb.com/?ctiid.230671",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.230671",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

63
CVE-2015/CVE-2015-101xx/CVE-2015-10116.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2015-10116",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-06T01:15:40.430",
"lastModified": "2023-06-06T12:50:56.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T16:43:44.810",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,49 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:realfavicongenerator:favicon_by_realfavicongenerator:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.12",
"matchCriteriaId": "9C64FC32-ED6F-4D51-BB64-899C0D185F6B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/wp-plugins/favicon-by-realfavicongenerator/commit/949a1ae7216216350458844f50a72f100b56d4e7",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://vuldb.com/?ctiid.230661",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.230661",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

79
CVE-2015/CVE-2015-101xx/CVE-2015-10117.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2015-10117",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-06T02:15:08.830",
"lastModified": "2023-06-06T12:50:56.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T16:40:39.573",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -61,7 +83,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -69,24 +91,67 @@
"value": "CWE-79"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webaware:gf_windcave_free:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.4.3",
"matchCriteriaId": "811DDC09-2E58-4E0B-A281-58B0E52BABF1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/wp-plugins/gravity-forms-dps-pxpay/commit/5966a5e6343e3d5610bdfa126a5cfbae95e629b6",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/wp-plugins/gravity-forms-dps-pxpay/releases/tag/1.4.3",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://vuldb.com/?ctiid.230664",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.230664",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

67
CVE-2019/CVE-2019-251xx/CVE-2019-25150.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2019-25150",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:10.773",
"lastModified": "2023-06-07T02:45:10.733",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T17:32:50.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,18 +76,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpexperts:email_templates:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.3.1",
"matchCriteriaId": "9818170C-E3D6-4E58-B3A4-B0194AFF1D48"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-vulnerable-to-html-injection/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://wordpress.org/plugins/email-templates/#developers",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f5c449f1-4715-4033-b0a3-6a8ca968aabc?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

72
CVE-2019/CVE-2019-251xx/CVE-2019-25151.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2019-25151",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:10.843",
"lastModified": "2023-06-07T02:45:10.733",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T17:23:35.957",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,22 +76,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cartflows:funnel_builder:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.3.1",
"matchCriteriaId": "8408513D-2970-4319-A73B-7CBB5C6D46F5"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/privilege-escalation-vulnerability-fixed-in-wordpress-cartflows-plugin/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://wpscan.com/vulnerability/b6725319-909f-4d5c-9b34-8b6ea627b223%5D",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-funnel-builder-by-cartflows-create-high-converting-sales-funnels-for-wordpress-privilege-escalation-1-3-0/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f0b95670-0767-4325-88d0-4ae6d7302558?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

72
CVE-2020/CVE-2020-366xx/CVE-2020-36696.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-36696",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:10.930",
"lastModified": "2023-06-07T02:45:10.733",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T17:19:23.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,22 +76,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.2.7",
"matchCriteriaId": "45F62E3B-155B-4DC6-8649-BF9639E0FF62"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/high-severity-vulnerability-fixed-in-product-input-fields-for-woocommerce/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2349889%40product-input-fields-for-woocommerce&new=2349889%40product-input-fields-for-woocommerce&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://wpscan.com/vulnerability/15f345e6-fc53-4bac-bc5a-de898181ea74",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01e41573-9329-48e1-9191-e8e1532f7afc?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2020/CVE-2020-366xx/CVE-2020-36697.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-36697",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:10.997",
"lastModified": "2023-06-07T02:45:10.733",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T17:14:39.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,18 +76,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:appsaloon:wp_gdpr:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.1.1",
"matchCriteriaId": "DCC1AA40-3570-462E-A50A-EC320064F949"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/unauthenticated-stored-xss-and-content-spoofing-vulnerabilities-in-wordpress-wp-gdpr-plugin-unpatched/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wp-gdpr-multiple-vulnerabilities-2-1-1/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/032e775a-97be-4d93-bac3-094e35be4b11?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

72
CVE-2020/CVE-2020-366xx/CVE-2020-36699.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-36699",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:11.060",
"lastModified": "2023-06-07T02:45:04.330",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T17:06:27.573",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,22 +76,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:quick_page\\/post_redirect_project:quick_page\\/post_redirect:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.1.9",
"matchCriteriaId": "EFF2FFB7-62CF-4F85-B30C-3A79CA041E8C"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-wordpress-quick-page-post-redirect-plugin-unpatched/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://wpscan.com/vulnerability/10198",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-quick-page-post-redirect-security-bypass-5-1-9/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/11c4b855-8589-4ad2-b414-566ac8eb4632?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2022/CVE-2022-381xx/CVE-2022-38156.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-38156",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-12T14:15:17.660",
"lastModified": "2023-06-12T14:15:17.660",
"vulnStatus": "Received",
"lastModified": "2023-06-12T16:20:38.360",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

79
CVE-2023/CVE-2023-12xx/CVE-2023-1297.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1297",
"sourceIdentifier": "security@hashicorp.com",
"published": "2023-06-02T23:15:09.293",
"lastModified": "2023-06-05T13:03:17.903",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T16:10:55.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security@hashicorp.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@hashicorp.com",
"type": "Secondary",
@ -46,10 +76,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*",
"versionStartIncluding": "1.13.0",
"versionEndExcluding": "1.14.7",
"matchCriteriaId": "0047DE25-5AF8-4BE3-BAE0-883C5B933D56"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "1.13.0",
"versionEndExcluding": "1.14.7",
"matchCriteriaId": "A54134BC-44F1-490A-90C6-DA20ADFF2239"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*",
"versionStartIncluding": "1.15.0",
"versionEndExcluding": "1.15.3",
"matchCriteriaId": "9D592391-F006-4F99-BF39-DAA3D2B86305"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "1.15.0",
"versionEndExcluding": "1.15.3",
"matchCriteriaId": "12E16E32-03E5-44B6-BAB5-8809E6E852F4"
}
]
}
]
}
],
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-15-consul-cluster-peering-can-result-in-denial-of-service/54515",
"source": "security@hashicorp.com"
"source": "security@hashicorp.com",
"tags": [
"Vendor Advisory"
]
}
]
}

49
CVE-2023/CVE-2023-224xx/CVE-2023-22450.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22450",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-06-06T00:15:09.310",
"lastModified": "2023-06-06T12:50:56.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T16:56:27.357",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +66,33 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:advantech:webaccess\\/scada:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.1.3",
"matchCriteriaId": "BA8305E1-A2D7-4DBB-A5FB-E748E41FB060"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-01",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
]
}
]
}

4
CVE-2023/CVE-2023-238xx/CVE-2023-23819.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23819",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-12T14:15:17.930",
"lastModified": "2023-06-12T14:15:17.930",
"vulnStatus": "Received",
"lastModified": "2023-06-12T16:20:33.897",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-238xx/CVE-2023-23822.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23822",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-12T14:15:18.237",
"lastModified": "2023-06-12T14:15:18.237",
"vulnStatus": "Received",
"lastModified": "2023-06-12T16:20:33.897",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

86
CVE-2023/CVE-2023-271xx/CVE-2023-27126.json
View File

@ -2,27 +2,101 @@
"id": "CVE-2023-27126",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-06T18:15:10.343",
"lastModified": "2023-06-06T18:33:59.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T16:28:33.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tapo_c200_firmware:1.2.2:build_220725:*:*:*:*:*:*",
"matchCriteriaId": "C39386E6-329F-418D-8603-21B000694452"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tapo_c200:3:*:*:*:*:*:*:*",
"matchCriteriaId": "101FA54E-1A3D-4A38-BBD0-8DAFAC414EA3"
}
]
}
]
}
],
"references": [
{
"url": "http://tapo.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "http://tp-link.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.claranet.fr/blog/dans-les-entrailles-dune-camera-connectee-tp-link-14",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-279xx/CVE-2023-27916.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27916",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-06-06T17:15:13.200",
"lastModified": "2023-06-06T18:33:59.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T16:36:34.853",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +66,36 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp8:*:*:*:*:*:*",
"matchCriteriaId": "F9866251-8120-422D-9764-E4D7F8A5EE51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hornerautomation:cscape_envisionrv:4.70:*:*:*:*:*:*:*",
"matchCriteriaId": "D1CC8502-4810-4BFA-BC19-5F1DEBAFF678"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

154
CVE-2023/CVE-2023-279xx/CVE-2023-27989.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27989",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-06-05T12:15:09.360",
"lastModified": "2023-06-05T13:02:53.787",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T16:50:33.283",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@zyxel.com.tw",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "security@zyxel.com.tw",
"type": "Secondary",
@ -46,10 +76,128 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:lte7480-m804_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.00\\(abra.6\\)c0",
"matchCriteriaId": "C90AA436-A6F7-4F65-8EBA-39A98832D1FA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:lte7480-m804:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3480021-1538-48ED-BE89-BB0DF562C7DE"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:lte7490-m904_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.00\\(abqy.5\\)c0",
"matchCriteriaId": "993F8165-F285-4B51-95D5-FA2054C6CE8B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:lte7490-m904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC75F6DE-DCAF-47A0-B6BB-0E050C68AF25"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nr7101_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.00\\(abuv.7\\)c0",
"matchCriteriaId": "495C9DCB-885C-47EE-A1BA-14D431C6E5F9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nr7101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D27B24-9822-432C-8B8B-9546EE32DEC6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nebula_nr7101_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.15\\(accc.3\\)c0",
"matchCriteriaId": "A052B9C6-8462-4D2B-9B03-9CC29EEB43D9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nebula_nr7101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52096C1F-F73C-413E-9D37-82EFA4703AEC"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerability-in-4g-lte-and-5g-nr-outdoor-routers",
"source": "security@zyxel.com.tw"
"source": "security@zyxel.com.tw",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-286xx/CVE-2023-28653.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28653",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-06-06T17:15:13.543",
"lastModified": "2023-06-06T18:33:59.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T16:34:17.150",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +66,36 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp8:*:*:*:*:*:*",
"matchCriteriaId": "F9866251-8120-422D-9764-E4D7F8A5EE51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hornerautomation:cscape_envisionrv:4.70:*:*:*:*:*:*:*",
"matchCriteriaId": "D1CC8502-4810-4BFA-BC19-5F1DEBAFF678"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

55
CVE-2023/CVE-2023-289xx/CVE-2023-28933.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-28933",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-12T16:15:09.763",
"lastModified": "2023-06-12T16:20:33.897",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in StPeteDesign Call Now Accessibility Button plugin <=\u00a01.1 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/accessibility-help-button/wordpress-call-now-accessibility-button-plugin-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

67
CVE-2023/CVE-2023-28xx/CVE-2023-2816.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2816",
"sourceIdentifier": "security@hashicorp.com",
"published": "2023-06-02T23:15:09.503",
"lastModified": "2023-06-05T13:03:17.903",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T16:32:32.880",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@hashicorp.com",
"type": "Secondary",
@ -34,10 +54,51 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*",
"versionStartIncluding": "1.15.0",
"versionEndExcluding": "1.15.3",
"matchCriteriaId": "9D592391-F006-4F99-BF39-DAA3D2B86305"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "1.15.0",
"versionEndExcluding": "1.15.3",
"matchCriteriaId": "12E16E32-03E5-44B6-BAB5-8809E6E852F4"
}
]
}
]
}
],
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-16-consul-envoy-extension-downstream-proxy-configuration-by-upstream-service-owner/54525",
"source": "security@hashicorp.com"
"source": "security@hashicorp.com",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-293xx/CVE-2023-29385.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-29385",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-12T16:15:09.860",
"lastModified": "2023-06-12T16:20:33.897",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kevon Adonis WP Abstracts plugin <=\u00a02.6.2 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-abstracts-manuscripts-manager/wordpress-wp-abstracts-plugin-2-6-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

52
CVE-2023/CVE-2023-295xx/CVE-2023-29503.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29503",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-06-06T17:15:13.777",
"lastModified": "2023-06-06T18:33:59.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T16:33:56.060",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +66,36 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp8:*:*:*:*:*:*",
"matchCriteriaId": "F9866251-8120-422D-9764-E4D7F8A5EE51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hornerautomation:cscape_envisionrv:4.70:*:*:*:*:*:*:*",
"matchCriteriaId": "D1CC8502-4810-4BFA-BC19-5F1DEBAFF678"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

47
CVE-2023/CVE-2023-301xx/CVE-2023-30198.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-30198",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-12T17:15:09.760",
"lastModified": "2023-06-12T17:15:09.760",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Control via modules/winbizpayment/downloads/download.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://friends-of-presta.github.io/security-advisories/modules/2023/06/08/winbizpayment.html",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/PrestaShop/PrestaShop/blob/6c05518b807d014ee8edb811041e3de232520c28/classes/Tools.php#L1247",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-307xx/CVE-2023-30745.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30745",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-12T14:15:18.590",
"lastModified": "2023-06-12T14:15:18.590",
"vulnStatus": "Received",
"lastModified": "2023-06-12T16:20:33.897",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-307xx/CVE-2023-30753.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30753",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-12T14:15:18.727",
"lastModified": "2023-06-12T14:15:18.727",
"vulnStatus": "Received",
"lastModified": "2023-06-12T16:20:33.897",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

72
CVE-2023/CVE-2023-30xx/CVE-2023-3027.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-3027",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-06-05T22:15:12.293",
"lastModified": "2023-06-06T12:50:56.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T16:02:32.613",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values (instead of the policy apply a static manifest on a managed cluster) of taking advantage of cluster scoped access in a created policy. This feature does not restrict properly to lookup content from the namespace where the policy was created."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -23,10 +56,41 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "197BE970-ABE7-44E9-A4E9-E8DB098DAABF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5139FE24-948C-4E38-B8BB-7C176D19309C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "324C9591-3472-472E-9445-176388966FEC"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211468#c0",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-30xx/CVE-2023-3031.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3031",
"sourceIdentifier": "vulnerability@ncsc.ch",
"published": "2023-06-02T13:15:10.007",
"lastModified": "2023-06-02T14:32:29.847",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T16:48:57.833",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "vulnerability@ncsc.ch",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "vulnerability@ncsc.ch",
"type": "Secondary",
@ -46,10 +76,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webbax:king-avis:*:*:*:*:*:prestashop:*:*",
"versionEndExcluding": "17.3.15",
"matchCriteriaId": "FBB54E94-4A21-486D-B8F0-32DB6CFDCECA"
}
]
}
]
}
],
"references": [
{
"url": "https://borelenzo.github.io/stuff/2023/06/01/cve-2023-3031.html",
"source": "vulnerability@ncsc.ch"
"source": "vulnerability@ncsc.ch",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

115
CVE-2023/CVE-2023-30xx/CVE-2023-3079.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3079",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-06-05T22:15:12.383",
"lastModified": "2023-06-11T04:15:47.247",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T16:47:28.817",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2023-06-07",
"cisaActionDue": "2023-06-28",
"cisaRequiredAction": "Apply updates per vendor instructions.",
@ -14,23 +14,124 @@
"value": "Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "114.0.5735.110",
"matchCriteriaId": "EB69CD96-74B6-49C5-8589-99136EE565C6"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://crbug.com/1450481",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYTXO5E3FI3I2ETDP3HF4SHYYTFMKMIC/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5420",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-30xx/CVE-2023-3085.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3085",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-03T11:15:21.443",
"lastModified": "2023-06-05T13:03:03.327",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T17:25:40.813",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -65,7 +87,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -73,24 +95,66 @@
"value": "CWE-79"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:x-wrt:luci:*:*:*:*:*:*:*:*",
"versionEndExcluding": "22.10_b202303121313",
"matchCriteriaId": "09A24A0C-F67C-41C5-AAAB-144C49FB5110"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/x-wrt/luci/commit/24d7da2416b9ab246825c33c213fe939a89b369c",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/x-wrt/luci/releases/tag/22.10_b202303121313",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://vuldb.com/?ctiid.230663",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.230663",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-312xx/CVE-2023-31236.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31236",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-12T15:15:09.553",
"lastModified": "2023-06-12T15:15:09.553",
"vulnStatus": "Received",
"lastModified": "2023-06-12T16:20:33.897",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

52
CVE-2023/CVE-2023-312xx/CVE-2023-31244.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31244",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-06-06T17:15:14.360",
"lastModified": "2023-06-06T18:33:59.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T16:33:20.073",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +66,36 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp8:*:*:*:*:*:*",
"matchCriteriaId": "F9866251-8120-422D-9764-E4D7F8A5EE51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hornerautomation:cscape_envisionrv:4.70:*:*:*:*:*:*:*",
"matchCriteriaId": "D1CC8502-4810-4BFA-BC19-5F1DEBAFF678"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

52
CVE-2023/CVE-2023-312xx/CVE-2023-31278.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31278",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-06-06T17:15:14.573",
"lastModified": "2023-06-06T18:33:59.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T16:32:50.127",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +66,36 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp8:*:*:*:*:*:*",
"matchCriteriaId": "F9866251-8120-422D-9764-E4D7F8A5EE51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hornerautomation:cscape_envisionrv:4.70:*:*:*:*:*:*:*",
"matchCriteriaId": "D1CC8502-4810-4BFA-BC19-5F1DEBAFF678"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

78
CVE-2023/CVE-2023-316xx/CVE-2023-31606.json
View File

@ -2,27 +2,93 @@
"id": "CVE-2023-31606",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-06T17:15:14.843",
"lastModified": "2023-06-06T18:33:59.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T16:32:16.480",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:promptworks:redcloth:*:*:*:*:*:ruby:*:*",
"versionStartIncluding": "4.0.0",
"versionEndIncluding": "4.3.2",
"matchCriteriaId": "86D9E3AB-BACA-428A-83B9-9EF75B28878D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/e23e/CVE-2023-31606#readme",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/jgarber/redcloth",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/jgarber/redcloth/issues/73",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-321xx/CVE-2023-32118.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32118",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-12T15:15:09.633",
"lastModified": "2023-06-12T15:15:09.633",
"vulnStatus": "Received",
"lastModified": "2023-06-12T16:20:33.897",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

64
CVE-2023/CVE-2023-322xx/CVE-2023-32203.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32203",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-06-06T17:15:15.023",
"lastModified": "2023-06-06T18:33:59.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T16:29:38.377",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +76,36 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp8:*:*:*:*:*:*",
"matchCriteriaId": "F9866251-8120-422D-9764-E4D7F8A5EE51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hornerautomation:cscape_envisionrv:4.70:*:*:*:*:*:*:*",
"matchCriteriaId": "D1CC8502-4810-4BFA-BC19-5F1DEBAFF678"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

52
CVE-2023/CVE-2023-322xx/CVE-2023-32281.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32281",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-06-06T16:15:09.603",
"lastModified": "2023-06-06T18:34:03.700",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T16:38:00.760",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +66,36 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp8:*:*:*:*:*:*",
"matchCriteriaId": "F9866251-8120-422D-9764-E4D7F8A5EE51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hornerautomation:cscape_envisionrv:4.70:*:*:*:*:*:*:*",
"matchCriteriaId": "D1CC8502-4810-4BFA-BC19-5F1DEBAFF678"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

52
CVE-2023/CVE-2023-322xx/CVE-2023-32289.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32289",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-06-06T16:15:10.073",
"lastModified": "2023-06-06T18:33:59.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T16:37:10.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +66,36 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp8:*:*:*:*:*:*",
"matchCriteriaId": "F9866251-8120-422D-9764-E4D7F8A5EE51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hornerautomation:cscape_envisionrv:4.70:*:*:*:*:*:*:*",
"matchCriteriaId": "D1CC8502-4810-4BFA-BC19-5F1DEBAFF678"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

64
CVE-2023/CVE-2023-325xx/CVE-2023-32539.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32539",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-06-06T16:15:10.297",
"lastModified": "2023-06-06T18:33:59.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T16:35:32.033",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +76,36 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp8:*:*:*:*:*:*",
"matchCriteriaId": "F9866251-8120-422D-9764-E4D7F8A5EE51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hornerautomation:cscape_envisionrv:4.70:*:*:*:*:*:*:*",
"matchCriteriaId": "D1CC8502-4810-4BFA-BC19-5F1DEBAFF678"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

49
CVE-2023/CVE-2023-325xx/CVE-2023-32540.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32540",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-06-06T00:15:10.067",
"lastModified": "2023-06-06T12:50:56.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T16:55:37.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +66,33 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:advantech:webaccess\\/scada:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.1.3",
"matchCriteriaId": "BA8305E1-A2D7-4DBB-A5FB-E748E41FB060"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-01",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
]
}
]
}

52
CVE-2023/CVE-2023-325xx/CVE-2023-32545.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32545",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-06-06T15:15:09.867",
"lastModified": "2023-06-06T18:34:03.700",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T16:38:15.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +66,36 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp8:*:*:*:*:*:*",
"matchCriteriaId": "F9866251-8120-422D-9764-E4D7F8A5EE51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hornerautomation:cscape_envisionrv:4.70:*:*:*:*:*:*:*",
"matchCriteriaId": "D1CC8502-4810-4BFA-BC19-5F1DEBAFF678"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

49
CVE-2023/CVE-2023-326xx/CVE-2023-32628.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32628",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-06-06T00:15:10.177",
"lastModified": "2023-06-06T12:50:56.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T16:53:19.953",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +66,33 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:advantech:webaccess\\/scada:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.1.3",
"matchCriteriaId": "BA8305E1-A2D7-4DBB-A5FB-E748E41FB060"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-01",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
]
}
]
}

4
CVE-2023/CVE-2023-329xx/CVE-2023-32961.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32961",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-12T15:15:09.703",
"lastModified": "2023-06-12T15:15:09.703",
"vulnStatus": "Received",
"lastModified": "2023-06-12T16:20:33.897",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-32xx/CVE-2023-3206.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3206",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-12T15:15:09.887",
"lastModified": "2023-06-12T15:15:09.887",
"vulnStatus": "Received",
"lastModified": "2023-06-12T16:20:33.897",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-32xx/CVE-2023-3208.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3208",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-12T15:15:09.987",
"lastModified": "2023-06-12T15:15:09.987",
"vulnStatus": "Received",
"lastModified": "2023-06-12T16:20:33.897",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

81
CVE-2023/CVE-2023-335xx/CVE-2023-33532.json
View File

@ -2,23 +2,94 @@
"id": "CVE-2023-33532",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-06T14:15:12.740",
"lastModified": "2023-06-06T18:34:03.700",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T16:39:14.450",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netgear:r6250_firmware:1.0.4.48:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7946DC-F8BA-4CBC-9A4F-18B773D10310"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netgear:r6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "321BE843-52C4-4638-A321-439CA7B3A6F2"
}
]
}
]
}
],
"references": [
{
"url": "http://netgear.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/D2y6p/CVE/blob/main/Netgear/CVE-2023-33532/Netgear_R6250_RCE.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-336xx/CVE-2023-33613.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-33613",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-06T18:15:11.357",
"lastModified": "2023-06-06T18:33:59.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T16:23:43.803",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "axTLS v2.1.5 was discovered to contain a heap buffer overflow in the bi_import function in axtls-code/crypto/bigint.c. This vulnerability allows attackers to cause a Denial of Service (DoS) when parsing a private key."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:axtls_project:axtls:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C8AD18AB-9D68-4BE7-AD0B-A204CA4C0F53"
}
]
}
]
}
],
"references": [
{
"url": "https://sourceforge.net/p/axtls/mailman/message/37843071/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
}
]
}

93
CVE-2023/CVE-2023-337xx/CVE-2023-33747.json
View File

@ -2,39 +2,114 @@
"id": "CVE-2023-33747",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-06T18:15:11.497",
"lastModified": "2023-06-07T18:15:09.757",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T16:59:41.887",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "CloudPanel v2.2.2 allows attackers to execute a path traversal."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mgt-commerce:cloudpanel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0",
"versionEndIncluding": "2.2.2",
"matchCriteriaId": "3B5B5B9F-3749-457C-8E6C-87C164F00ADD"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/172768/CloudPanel-2.2.2-Privilege-Escalation-Path-Traversal.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://cwe.mitre.org/data/definitions/264.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://cwe.mitre.org/data/definitions/269.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://cwe.mitre.org/data/definitions/35.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://github.com/EagleTube/CloudPanel",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.cloudpanel.io/docs/v2/changelog/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

53
CVE-2023/CVE-2023-339xx/CVE-2023-33968.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33968",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-05T20:15:09.750",
"lastModified": "2023-06-06T12:50:56.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T17:56:58.817",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +66,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.30",
"matchCriteriaId": "082DAE98-80F0-4423-8581-AB8D0051EAA1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/kanboard/kanboard/commit/c20be8f5fa26e54005a90c645e80b11481a65053",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-gf8r-4p6m-v8vr",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-339xx/CVE-2023-33969.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33969",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-05T20:15:09.867",
"lastModified": "2023-06-06T12:50:56.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T17:57:57.837",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +66,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.30",
"matchCriteriaId": "082DAE98-80F0-4423-8581-AB8D0051EAA1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/kanboard/kanboard/commit/05f1d23d821152cd61536d3b09e522c0f7573e3c",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-8qvf-9847-gpc9",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-340xx/CVE-2023-34026.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34026",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-12T16:15:09.950",
"lastModified": "2023-06-12T16:20:33.897",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in BrokenCrust This Day In History plugin <=\u00a03.10.1 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/this-day-in-history/wordpress-this-day-in-history-plugin-3-10-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

70
CVE-2023/CVE-2023-341xx/CVE-2023-34102.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34102",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-05T23:15:12.220",
"lastModified": "2023-06-06T12:50:56.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T16:46:32.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-470"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +76,44 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:avohq:avo:*:*:*:*:*:ruby:*:*",
"versionEndIncluding": "2.33.2",
"matchCriteriaId": "27594A1A-CFFC-4741-9F4F-45532F8FFCFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:avohq:avo:3.0.0:pre12:*:*:*:ruby:*:*",
"matchCriteriaId": "33F74798-D928-4FA3-B890-81C43DAC8F91"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/avo-hq/avo/commit/ec117882ddb1b519481bdd046dc3cfa4474e6e17",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/avo-hq/avo/security/advisories/GHSA-86h2-2g4g-29qx",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-341xx/CVE-2023-34103.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34103",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-05T23:15:12.627",
"lastModified": "2023-06-06T12:50:56.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T17:01:22.817",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +66,44 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:avohq:avo:*:*:*:*:*:ruby:*:*",
"versionEndIncluding": "2.33.2",
"matchCriteriaId": "27594A1A-CFFC-4741-9F4F-45532F8FFCFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:avohq:avo:3.0.0:pre12:*:*:*:ruby:*:*",
"matchCriteriaId": "33F74798-D928-4FA3-B890-81C43DAC8F91"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/avo-hq/avo/commit/7891c01e1fba9ca5d7dbccc43d27f385e5d08563",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/avo-hq/avo/security/advisories/GHSA-5cr9-5jx3-2g39",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-341xx/CVE-2023-34105.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-34105",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-12T17:15:09.887",
"lastModified": "2023-06-12T17:15:09.887",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV, SRT, MPEG-DASH, and GB28181. Prior to versions 5.0.157, 5.0-b1, and 6.0.48, SRS's `api-server` server is vulnerable to a drive-by command injection. An attacker may send a request to the `/api/v1/snapshots` endpoint containing any commands to be executed as part of the body of the POST request. This issue may lead to Remote Code Execution (RCE). Versions 5.0.157, 5.0-b1, and 6.0.48 contain a fix."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://github.com/ossrs/srs/blob/1d11d02e4b82fc3f37e4b048cff483b1581482c1/trunk/research/api-server/server.go#L761",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/ossrs/srs/commit/1d878c2daaf913ad01c6d0bc2f247116c8050338",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/ossrs/srs/security/advisories/GHSA-vpr5-779c-cx62",
"source": "security-advisories@github.com"
}
]
}

36
CVE-2023/CVE-2023-342xx/CVE-2023-34212.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-34212",
"sourceIdentifier": "security@apache.org",
"published": "2023-06-12T16:15:10.043",
"lastModified": "2023-06-12T16:20:33.897",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from a remote location.\n\nThe resolution validates the JNDI URL and restricts locations to a set of allowed schemes.\n\nYou are recommended to upgrade to version 1.22.0 or later which fixes this issue.\n\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/w5rm46fxmvxy216tglf0dv83wo6gnzr5",
"source": "security@apache.org"
},
{
"url": "https://nifi.apache.org/security.html#CVE-2023-34212",
"source": "security@apache.org"
}
]
}

71
CVE-2023/CVE-2023-342xx/CVE-2023-34246.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-34246",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-12T17:15:09.967",
"lastModified": "2023-06-12T17:15:09.967",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot be assured. This issue is fixed in version 5.6.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://github.com/doorkeeper-gem/doorkeeper/issues/1589",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/doorkeeper-gem/doorkeeper/pull/1646",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v5.6.6",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-7w2c-w47h-789w",
"source": "security-advisories@github.com"
},
{
"url": "https://www.rfc-editor.org/rfc/rfc8252#section-8.6",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-343xx/CVE-2023-34341.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34341",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2023-06-12T17:15:10.047",
"lastModified": "2023-06-12T17:15:10.047",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "AMI BMC contains a vulnerability in the SPX REST API, where an\nattacker with the required privileges can read and write to arbitrary locations\nwithin the memory context of the IPMI server process, which may lead to code\nexecution, denial of service, information disclosure, or data tampering.\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "biossecurity@ami.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "biossecurity@ami.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf",
"source": "biossecurity@ami.com"
}
]
}

55
CVE-2023/CVE-2023-343xx/CVE-2023-34344.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34344",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2023-06-12T17:15:10.137",
"lastModified": "2023-06-12T17:15:10.137",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "AMI BMC contains a vulnerability in the IPMI\nhandler, where an unauthorized attacker can use certain oracles to guess a\nvalid username, which may lead to information disclosure.\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "biossecurity@ami.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "biossecurity@ami.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"references": [
{
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf",
"source": "biossecurity@ami.com"
}
]
}

55
CVE-2023/CVE-2023-343xx/CVE-2023-34345.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34345",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2023-06-12T17:15:10.213",
"lastModified": "2023-06-12T17:15:10.213",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "AMI BMC contains a vulnerability in the SPX REST API, where an\nattacker with the required privileges can access arbitrary files, which may\nlead to information disclosure.\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "biossecurity@ami.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "biossecurity@ami.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf",
"source": "biossecurity@ami.com"
}
]
}

83
CVE-2023/CVE-2023-344xx/CVE-2023-34410.json
View File

@ -2,23 +2,96 @@
"id": "CVE-2023-34410",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-05T03:15:09.390",
"lastModified": "2023-06-05T13:02:53.787",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T16:57:27.243",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.15",
"matchCriteriaId": "19F5F946-5DD7-4F8D-8171-83BB0D9C5048"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.2.9",
"matchCriteriaId": "513DDB0D-A132-4046-8B49-D2776E585826"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.3.0",
"versionEndExcluding": "6.5.2",
"matchCriteriaId": "226FFAAF-14BA-4B15-A7DC-40E7CE23947B"
}
]
}
]
}
],
"references": [
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/477560",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/480002",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

79
CVE-2023/CVE-2023-344xx/CVE-2023-34411.json
View File

@ -2,31 +2,96 @@
"id": "CVE-2023-34411",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-05T04:15:11.153",
"lastModified": "2023-06-05T13:02:53.787",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-12T17:51:53.253",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xml_library_project:xml_library:*:*:*:*:*:rust:*:*",
"versionEndExcluding": "0.8.14",
"matchCriteriaId": "A870FF26-7194-4D02-B871-EEA211EF9F2A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/00xc/xml-rs/commit/0f084d45aa53e4a27476961785f59f2bd7d59a9f",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/netvl/xml-rs/commit/c09549a187e62d39d40467f129e64abf32efc35c",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/netvl/xml-rs/compare/0.8.13...0.8.14",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/netvl/xml-rs/pull/226",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

36
CVE-2023/CVE-2023-344xx/CVE-2023-34468.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-34468",
"sourceIdentifier": "security@apache.org",
"published": "2023-06-12T16:15:10.130",
"lastModified": "2023-06-12T16:20:33.897",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.\n\nThe resolution validates the Database URL and rejects H2 JDBC locations.\n\nYou are recommended to upgrade to version 1.22.0 or later which fixes this issue.\n\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8",
"source": "security@apache.org"
},
{
"url": "https://nifi.apache.org/security.html#CVE-2023-34468",
"source": "security@apache.org"
}
]
}

4
CVE-2023/CVE-2023-344xx/CVE-2023-34488.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34488",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-12T14:15:19.623",
"lastModified": "2023-06-12T14:15:19.623",
"vulnStatus": "Received",
"lastModified": "2023-06-12T16:20:33.897",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-344xx/CVE-2023-34494.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34494",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-12T14:15:19.690",
"lastModified": "2023-06-12T14:15:19.690",
"vulnStatus": "Received",
"lastModified": "2023-06-12T16:20:33.897",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-345xx/CVE-2023-34581.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34581",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-12T15:15:09.770",
"lastModified": "2023-06-12T15:15:09.770",
"vulnStatus": "Received",
"lastModified": "2023-06-12T16:20:33.897",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-350xx/CVE-2023-35042.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35042",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-12T15:15:09.820",
"lastModified": "2023-06-12T15:15:09.820",
"vulnStatus": "Received",
"lastModified": "2023-06-12T16:20:33.897",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-350xx/CVE-2023-35053.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-35053",
"sourceIdentifier": "security@jetbrains.com",
"published": "2023-06-12T16:15:10.240",
"lastModified": "2023-06-12T16:20:33.897",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@jetbrains.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@jetbrains.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "security@jetbrains.com"
}
]
}

55
CVE-2023/CVE-2023-350xx/CVE-2023-35054.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-35054",
"sourceIdentifier": "security@jetbrains.com",
"published": "2023-06-12T16:15:10.333",
"lastModified": "2023-06-12T16:20:33.897",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@jetbrains.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@jetbrains.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "security@jetbrains.com"
}
]
}

75
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-06-12T16:00:27.194945+00:00
2023-06-12T18:00:27.604964+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-06-12T15:57:18.677000+00:00
2023-06-12T17:57:57.837000+00:00
```
### Last Data Feed Release
@ -29,46 +29,57 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
217432
217445
```
### CVEs added in the last Commit
Recently added CVEs: `14`
Recently added CVEs: `13`
* [CVE-2022-38156](CVE-2022/CVE-2022-381xx/CVE-2022-38156.json) (`2023-06-12T14:15:17.660`)
* [CVE-2023-23819](CVE-2023/CVE-2023-238xx/CVE-2023-23819.json) (`2023-06-12T14:15:17.930`)
* [CVE-2023-23822](CVE-2023/CVE-2023-238xx/CVE-2023-23822.json) (`2023-06-12T14:15:18.237`)
* [CVE-2023-30745](CVE-2023/CVE-2023-307xx/CVE-2023-30745.json) (`2023-06-12T14:15:18.590`)
* [CVE-2023-30753](CVE-2023/CVE-2023-307xx/CVE-2023-30753.json) (`2023-06-12T14:15:18.727`)
* [CVE-2023-34488](CVE-2023/CVE-2023-344xx/CVE-2023-34488.json) (`2023-06-12T14:15:19.623`)
* [CVE-2023-34494](CVE-2023/CVE-2023-344xx/CVE-2023-34494.json) (`2023-06-12T14:15:19.690`)
* [CVE-2023-31236](CVE-2023/CVE-2023-312xx/CVE-2023-31236.json) (`2023-06-12T15:15:09.553`)
* [CVE-2023-32118](CVE-2023/CVE-2023-321xx/CVE-2023-32118.json) (`2023-06-12T15:15:09.633`)
* [CVE-2023-32961](CVE-2023/CVE-2023-329xx/CVE-2023-32961.json) (`2023-06-12T15:15:09.703`)
* [CVE-2023-34581](CVE-2023/CVE-2023-345xx/CVE-2023-34581.json) (`2023-06-12T15:15:09.770`)
* [CVE-2023-35042](CVE-2023/CVE-2023-350xx/CVE-2023-35042.json) (`2023-06-12T15:15:09.820`)
* [CVE-2023-3206](CVE-2023/CVE-2023-32xx/CVE-2023-3206.json) (`2023-06-12T15:15:09.887`)
* [CVE-2023-3208](CVE-2023/CVE-2023-32xx/CVE-2023-3208.json) (`2023-06-12T15:15:09.987`)
* [CVE-2023-28933](CVE-2023/CVE-2023-289xx/CVE-2023-28933.json) (`2023-06-12T16:15:09.763`)
* [CVE-2023-29385](CVE-2023/CVE-2023-293xx/CVE-2023-29385.json) (`2023-06-12T16:15:09.860`)
* [CVE-2023-34026](CVE-2023/CVE-2023-340xx/CVE-2023-34026.json) (`2023-06-12T16:15:09.950`)
* [CVE-2023-34212](CVE-2023/CVE-2023-342xx/CVE-2023-34212.json) (`2023-06-12T16:15:10.043`)
* [CVE-2023-34468](CVE-2023/CVE-2023-344xx/CVE-2023-34468.json) (`2023-06-12T16:15:10.130`)
* [CVE-2023-35053](CVE-2023/CVE-2023-350xx/CVE-2023-35053.json) (`2023-06-12T16:15:10.240`)
* [CVE-2023-35054](CVE-2023/CVE-2023-350xx/CVE-2023-35054.json) (`2023-06-12T16:15:10.333`)
* [CVE-2023-30198](CVE-2023/CVE-2023-301xx/CVE-2023-30198.json) (`2023-06-12T17:15:09.760`)
* [CVE-2023-34105](CVE-2023/CVE-2023-341xx/CVE-2023-34105.json) (`2023-06-12T17:15:09.887`)
* [CVE-2023-34246](CVE-2023/CVE-2023-342xx/CVE-2023-34246.json) (`2023-06-12T17:15:09.967`)
* [CVE-2023-34341](CVE-2023/CVE-2023-343xx/CVE-2023-34341.json) (`2023-06-12T17:15:10.047`)
* [CVE-2023-34344](CVE-2023/CVE-2023-343xx/CVE-2023-34344.json) (`2023-06-12T17:15:10.137`)
* [CVE-2023-34345](CVE-2023/CVE-2023-343xx/CVE-2023-34345.json) (`2023-06-12T17:15:10.213`)
### CVEs modified in the last Commit
Recently modified CVEs: `13`
Recently modified CVEs: `53`
* [CVE-2018-25087](CVE-2018/CVE-2018-250xx/CVE-2018-25087.json) (`2023-06-12T14:16:55.693`)
* [CVE-2023-34362](CVE-2023/CVE-2023-343xx/CVE-2023-34362.json) (`2023-06-12T14:07:41.803`)
* [CVE-2023-33551](CVE-2023/CVE-2023-335xx/CVE-2023-33551.json) (`2023-06-12T14:10:17.633`)
* [CVE-2023-33956](CVE-2023/CVE-2023-339xx/CVE-2023-33956.json) (`2023-06-12T14:14:39.023`)
* [CVE-2023-31759](CVE-2023/CVE-2023-317xx/CVE-2023-31759.json) (`2023-06-12T14:15:18.860`)
* [CVE-2023-31761](CVE-2023/CVE-2023-317xx/CVE-2023-31761.json) (`2023-06-12T14:15:19.040`)
* [CVE-2023-31762](CVE-2023/CVE-2023-317xx/CVE-2023-31762.json) (`2023-06-12T14:15:19.233`)
* [CVE-2023-31763](CVE-2023/CVE-2023-317xx/CVE-2023-31763.json) (`2023-06-12T14:15:19.423`)
* [CVE-2023-31569](CVE-2023/CVE-2023-315xx/CVE-2023-31569.json) (`2023-06-12T14:22:15.087`)
* [CVE-2023-33552](CVE-2023/CVE-2023-335xx/CVE-2023-33552.json) (`2023-06-12T14:27:41.910`)
* [CVE-2023-33460](CVE-2023/CVE-2023-334xx/CVE-2023-33460.json) (`2023-06-12T14:27:48.193`)
* [CVE-2023-22918](CVE-2023/CVE-2023-229xx/CVE-2023-22918.json) (`2023-06-12T15:40:49.187`)
* [CVE-2023-33457](CVE-2023/CVE-2023-334xx/CVE-2023-33457.json) (`2023-06-12T15:57:18.677`)
* [CVE-2023-2816](CVE-2023/CVE-2023-28xx/CVE-2023-2816.json) (`2023-06-12T16:32:32.880`)
* [CVE-2023-31278](CVE-2023/CVE-2023-312xx/CVE-2023-31278.json) (`2023-06-12T16:32:50.127`)
* [CVE-2023-31244](CVE-2023/CVE-2023-312xx/CVE-2023-31244.json) (`2023-06-12T16:33:20.073`)
* [CVE-2023-29503](CVE-2023/CVE-2023-295xx/CVE-2023-29503.json) (`2023-06-12T16:33:56.060`)
* [CVE-2023-28653](CVE-2023/CVE-2023-286xx/CVE-2023-28653.json) (`2023-06-12T16:34:17.150`)
* [CVE-2023-32539](CVE-2023/CVE-2023-325xx/CVE-2023-32539.json) (`2023-06-12T16:35:32.033`)
* [CVE-2023-27916](CVE-2023/CVE-2023-279xx/CVE-2023-27916.json) (`2023-06-12T16:36:34.853`)
* [CVE-2023-32289](CVE-2023/CVE-2023-322xx/CVE-2023-32289.json) (`2023-06-12T16:37:10.407`)
* [CVE-2023-32281](CVE-2023/CVE-2023-322xx/CVE-2023-32281.json) (`2023-06-12T16:38:00.760`)
* [CVE-2023-32545](CVE-2023/CVE-2023-325xx/CVE-2023-32545.json) (`2023-06-12T16:38:15.397`)
* [CVE-2023-33532](CVE-2023/CVE-2023-335xx/CVE-2023-33532.json) (`2023-06-12T16:39:14.450`)
* [CVE-2023-34102](CVE-2023/CVE-2023-341xx/CVE-2023-34102.json) (`2023-06-12T16:46:32.247`)
* [CVE-2023-3079](CVE-2023/CVE-2023-30xx/CVE-2023-3079.json) (`2023-06-12T16:47:28.817`)
* [CVE-2023-3031](CVE-2023/CVE-2023-30xx/CVE-2023-3031.json) (`2023-06-12T16:48:57.833`)
* [CVE-2023-27989](CVE-2023/CVE-2023-279xx/CVE-2023-27989.json) (`2023-06-12T16:50:33.283`)
* [CVE-2023-32628](CVE-2023/CVE-2023-326xx/CVE-2023-32628.json) (`2023-06-12T16:53:19.953`)
* [CVE-2023-32540](CVE-2023/CVE-2023-325xx/CVE-2023-32540.json) (`2023-06-12T16:55:37.857`)
* [CVE-2023-22450](CVE-2023/CVE-2023-224xx/CVE-2023-22450.json) (`2023-06-12T16:56:27.357`)
* [CVE-2023-34410](CVE-2023/CVE-2023-344xx/CVE-2023-34410.json) (`2023-06-12T16:57:27.243`)
* [CVE-2023-33747](CVE-2023/CVE-2023-337xx/CVE-2023-33747.json) (`2023-06-12T16:59:41.887`)
* [CVE-2023-34103](CVE-2023/CVE-2023-341xx/CVE-2023-34103.json) (`2023-06-12T17:01:22.817`)
* [CVE-2023-3085](CVE-2023/CVE-2023-30xx/CVE-2023-3085.json) (`2023-06-12T17:25:40.813`)
* [CVE-2023-34411](CVE-2023/CVE-2023-344xx/CVE-2023-34411.json) (`2023-06-12T17:51:53.253`)
* [CVE-2023-33968](CVE-2023/CVE-2023-339xx/CVE-2023-33968.json) (`2023-06-12T17:56:58.817`)
* [CVE-2023-33969](CVE-2023/CVE-2023-339xx/CVE-2023-33969.json) (`2023-06-12T17:57:57.837`)
## Download and Usage