admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-11 16:13:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-01T16:00:23.727659+00:00

Browse Source
This commit is contained in:
René Helmke 2023-05-01 18:00:26 +02:00
parent dc931a59b4
commit 61d23541d4
20 changed files with 958 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
CVE-2022/CVE-2022-450xx/CVE-2022-45064.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-45064",
"sourceIdentifier": "security@apache.org",
"published": "2023-04-13T11:15:06.737",
"lastModified": "2023-04-18T03:15:07.263",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-01T15:19:22.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
},
{
"source": "security@apache.org",
"type": "Secondary",
@ -46,14 +66,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:sling:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.14.0",
"matchCriteriaId": "27522190-48A3-4A38-A9F4-434024C179D1"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/04/18/6",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.apache.org/thread/hhp611hltby3whk03vx2mv7cmy3vs0ok",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

32
CVE-2022/CVE-2022-458xx/CVE-2022-45801.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2022-45801",
"sourceIdentifier": "security@apache.org",
"published": "2023-05-01T15:15:08.790",
"lastModified": "2023-05-01T15:15:08.790",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability.\nLDAP Injection is an attack used to exploit web based applications\nthat construct LDAP statements based on user input. When an\napplication fails to properly sanitize user input, it's possible to\nmodify LDAP statements through techniques similar to SQL Injection.\nLDAP injection attacks could result in the granting of permissions to\nunauthorized queries, and content modification inside the LDAP tree.\nThis risk may only occur when the user logs in with ldap, and the user\nname and password login will not be affected, Users of the affected\nversions should upgrade to Apache StreamPark 2.0.0 or later.\n\n\n\n\n\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/xbkwwpkp3n2rs2wcxg8l26mhsftxwwr9",
"source": "security@apache.org"
}
]
}

32
CVE-2022/CVE-2022-458xx/CVE-2022-45802.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2022-45802",
"sourceIdentifier": "security@apache.org",
"published": "2023-05-01T15:15:08.943",
"lastModified": "2023-05-01T15:15:08.943",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some high-risk files, and may upload them to any directory,\u00a0Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later\n\n\n\n\n\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/thwl1v2h6r3c21x1qwff08o57qzjnst6",
"source": "security@apache.org"
}
]
}

55
CVE-2022/CVE-2022-45xx/CVE-2022-4568.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-4568",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-05-01T15:15:09.160",
"lastModified": "2023-05-01T15:15:09.160",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-103545",
"source": "psirt@lenovo.com"
}
]
}

32
CVE-2022/CVE-2022-463xx/CVE-2022-46365.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2022-46365",
"sourceIdentifier": "security@apache.org",
"published": "2023-05-01T15:15:09.013",
"lastModified": "2023-05-01T15:15:09.013",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer\u00a0as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to send any username to modify and reset the account,\u00a0Users of the affected\u00a0versions should upgrade to Apache StreamPark 2.0.0 or later.\n\n\n\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/f68lcwrp8pcdc4yrbpcm8j7m0f5mjn7h",
"source": "security@apache.org"
}
]
}

55
CVE-2022/CVE-2022-481xx/CVE-2022-48186.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-48186",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-05-01T15:15:09.083",
"lastModified": "2023-05-01T15:15:09.083",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"references": [
{
"url": "https://iknow.lenovo.com.cn/detail/dc_206093.html",
"source": "psirt@lenovo.com"
}
]
}

55
CVE-2023/CVE-2023-06xx/CVE-2023-0683.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-0683",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-05-01T15:15:09.223",
"lastModified": "2023-05-01T15:15:09.223",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-99936",
"source": "psirt@lenovo.com"
}
]
}

55
CVE-2023/CVE-2023-08xx/CVE-2023-0896.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-0896",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-05-01T14:15:09.397",
"lastModified": "2023-05-01T14:15:09.397",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-113714",
"source": "psirt@lenovo.com"
}
]
}

70
CVE-2023/CVE-2023-21xx/CVE-2023-2131.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2131",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-04-20T21:15:08.870",
"lastModified": "2023-04-21T01:45:50.230",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-01T14:17:38.750",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +76,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:inea:me_rtu_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.36",
"matchCriteriaId": "E213CE4E-AA17-4AA5-A753-A7F2B37C7815"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:inea:me_rtu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97E14440-C423-4D41-9834-E33564A4B70D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-110-01",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

62
CVE-2023/CVE-2023-21xx/CVE-2023-2176.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-2176",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-04-20T21:15:08.937",
"lastModified": "2023-04-21T01:45:50.230",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-01T14:26:28.220",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -23,10 +56,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A"
}
]
}
]
}
],
"references": [
{
"url": "https://www.spinics.net/lists/linux-rdma/msg114749.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch"
]
}
]
}

55
CVE-2023/CVE-2023-254xx/CVE-2023-25492.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25492",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-05-01T15:15:09.290",
"lastModified": "2023-05-01T15:15:09.290",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-134"
}
]
}
],
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-99936",
"source": "psirt@lenovo.com"
}
]
}

47
CVE-2023/CVE-2023-280xx/CVE-2023-28003.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28003",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2023-04-18T21:15:09.117",
"lastModified": "2023-04-18T21:25:05.953",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-01T14:00:32.963",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cybersecurity@se.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2022",
"matchCriteriaId": "EEB54F7D-EFED-4E21-832E-AA3BBB3CB723"
}
]
}
]
}
],
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-073-01.pdf",
"source": "cybersecurity@se.com"
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
]
}
]
}

43
CVE-2023/CVE-2023-280xx/CVE-2023-28092.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-28092",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-05-01T15:15:09.357",
"lastModified": "2023-05-01T15:15:09.357",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A potential security vulnerability has been identified in HPE ProLiant RL300 Gen11 Server. The vulnerability could result in the system being vulnerable to exploits by attackers with physical access inside the server chassis.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@hpe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L",
"attackVector": "PHYSICAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.3,
"impactScore": 5.3
}
]
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04472en_us",
"source": "security-alert@hpe.com"
}
]
}

109
CVE-2023/CVE-2023-292xx/CVE-2023-29213.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29213",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-17T22:15:10.017",
"lastModified": "2023-04-18T03:15:28.387",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-01T14:02:43.807",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,18 +76,85 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartExcluding": "4.2",
"versionEndExcluding": "13.10.11",
"matchCriteriaId": "F5DD0ECC-5A9D-4EA6-B86A-6FDA940D77C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartExcluding": "14.0",
"versionEndExcluding": "14.4.7",
"matchCriteriaId": "34716609-E9E2-4E29-99DD-BB68AD639A8D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.5",
"versionEndExcluding": "14.10",
"matchCriteriaId": "569EE28C-5C86-467F-A153-DD4B9BF0053D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:4.2:-:*:*:*:*:*:*",
"matchCriteriaId": "F3C88F32-3EFB-4D0E-9046-D13157E6256F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:4.2:milestone3:*:*:*:*:*:*",
"matchCriteriaId": "BC907C33-432E-4153-B1A2-9B8BF9167E1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D1779BB7-C939-433A-BA96-EDD1A8C31AC6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E4F79D59-2C67-4875-B50F-F2ECE52B384C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/commit/49fdfd633ddfa346c522d2fe71754dc72c9496ca",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4655-wh7v-3vmg",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-20291",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
}
]
}

89
CVE-2023/CVE-2023-295xx/CVE-2023-29528.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29528",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-20T18:15:07.307",
"lastModified": "2023-04-20T18:17:39.217",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-01T15:46:06.867",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,22 +66,79 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:commons:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.3",
"versionEndExcluding": "14.10",
"matchCriteriaId": "03911D90-117F-4EFD-9CA9-D6F653CB1D48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:commons:4.2:-:*:*:*:*:*:*",
"matchCriteriaId": "C514853A-989A-4BED-A653-D1578DB40157"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:commons:4.2:milestone1:*:*:*:*:*:*",
"matchCriteriaId": "36E79F9F-67BC-4E06-9882-DEA941AEF84B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:commons:4.2:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "9BE5ECE0-5A68-4B4F-9752-8C2F46AE9009"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:commons:4.2:milestone3:*:*:*:*:*:*",
"matchCriteriaId": "60F8E581-DBE8-407C-970A-0ED230F074BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:commons:4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8D23E926-03F5-4EC0-B8D7-434F97D01A8B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki/xwiki-commons/commit/8ff1a9d7e5d7b45b690134a537d53dc05cae04ab",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-x37v-36wv-6v6h",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://jira.xwiki.org/browse/XCOMMONS-2568",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-20348",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-300xx/CVE-2023-30061.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-30061",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-01T14:15:09.550",
"lastModified": "2023-05-01T14:15:09.550",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-879 v105A1 is vulnerable to Authentication Bypass via phpcgi."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Zarathustra-L/IoT_Vul/tree/main/D-Link/DIR-879",
"source": "cve@mitre.org"
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-300xx/CVE-2023-30063.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-30063",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-01T14:15:09.593",
"lastModified": "2023-05-01T14:15:09.593",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-890L FW1.10 A1 is vulnerable to Authentication bypass."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Zarathustra-L/IoT_Vul/tree/main/D-Link/DIR-890L/Auth%20bypass",
"source": "cve@mitre.org"
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
}
]
}

18
CVE-2023/CVE-2023-304xx/CVE-2023-30456.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-30456",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-10T02:15:06.853",
"lastModified": "2023-04-13T20:10:57.007",
"lastModified": "2023-05-01T15:26:57.893",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -17,20 +17,20 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
"exploitabilityScore": 2.0,
"impactScore": 4.0
}
]
},

59
CVE-2023/CVE-2023-308xx/CVE-2023-30859.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-30859",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-01T14:15:09.637",
"lastModified": "2023-05-01T14:15:09.637",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to broadcast the 'triton:main' plugin channel. Using this plugin channel you are able to send a payload packet containing a byte (2) and a string (any spigot command). This could be used to make yourself a server operator and be used to extract other user information through phishing (pretending to be an admin), many servers use essentials so the /geoip command could be available to them, etc. This could also be modified to allow you to set the servers language, set another players language, etc. This issue affects those who have bungee enabled in config. This issue has been fixed in version 3.8.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-419"
}
]
}
],
"references": [
{
"url": "https://github.com/tritonmc/Triton/releases/tag/v3.8.4",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/tritonmc/Triton/security/advisories/GHSA-8vj5-jccf-q25r",
"source": "security-advisories@github.com"
}
]
}

35
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-05-01T14:00:24.840899+00:00
2023-05-01T16:00:23.727659+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-05-01T13:49:18.663000+00:00
2023-05-01T15:46:06.867000+00:00
```
### Last Data Feed Release
@ -29,25 +29,38 @@ Download and Changelog: [Click](releases/latest)
### Total Number of included CVEs
```plain
213842
213854
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `12`
* [CVE-2023-2235](CVE-2023/CVE-2023-22xx/CVE-2023-2235.json) (`2023-05-01T13:15:44.713`)
* [CVE-2023-2236](CVE-2023/CVE-2023-22xx/CVE-2023-2236.json) (`2023-05-01T13:15:44.850`)
* [CVE-2023-2248](CVE-2023/CVE-2023-22xx/CVE-2023-2248.json) (`2023-05-01T13:15:44.907`)
* [CVE-2022-4568](CVE-2022/CVE-2022-45xx/CVE-2022-4568.json) (`2023-05-01T15:15:09.160`)
* [CVE-2022-45801](CVE-2022/CVE-2022-458xx/CVE-2022-45801.json) (`2023-05-01T15:15:08.790`)
* [CVE-2022-45802](CVE-2022/CVE-2022-458xx/CVE-2022-45802.json) (`2023-05-01T15:15:08.943`)
* [CVE-2022-46365](CVE-2022/CVE-2022-463xx/CVE-2022-46365.json) (`2023-05-01T15:15:09.013`)
* [CVE-2022-48186](CVE-2022/CVE-2022-481xx/CVE-2022-48186.json) (`2023-05-01T15:15:09.083`)
* [CVE-2023-0683](CVE-2023/CVE-2023-06xx/CVE-2023-0683.json) (`2023-05-01T15:15:09.223`)
* [CVE-2023-0896](CVE-2023/CVE-2023-08xx/CVE-2023-0896.json) (`2023-05-01T14:15:09.397`)
* [CVE-2023-25492](CVE-2023/CVE-2023-254xx/CVE-2023-25492.json) (`2023-05-01T15:15:09.290`)
* [CVE-2023-28092](CVE-2023/CVE-2023-280xx/CVE-2023-28092.json) (`2023-05-01T15:15:09.357`)
* [CVE-2023-30061](CVE-2023/CVE-2023-300xx/CVE-2023-30061.json) (`2023-05-01T14:15:09.550`)
* [CVE-2023-30063](CVE-2023/CVE-2023-300xx/CVE-2023-30063.json) (`2023-05-01T14:15:09.593`)
* [CVE-2023-30859](CVE-2023/CVE-2023-308xx/CVE-2023-30859.json) (`2023-05-01T14:15:09.637`)
### CVEs modified in the last Commit
Recently modified CVEs: `3`
Recently modified CVEs: `7`
* [CVE-2023-0317](CVE-2023/CVE-2023-03xx/CVE-2023-0317.json) (`2023-05-01T13:47:17.730`)
* [CVE-2023-29921](CVE-2023/CVE-2023-299xx/CVE-2023-29921.json) (`2023-05-01T13:49:18.663`)
* [CVE-2023-30543](CVE-2023/CVE-2023-305xx/CVE-2023-30543.json) (`2023-05-01T13:16:18.050`)
* [CVE-2022-45064](CVE-2022/CVE-2022-450xx/CVE-2022-45064.json) (`2023-05-01T15:19:22.327`)
* [CVE-2023-2131](CVE-2023/CVE-2023-21xx/CVE-2023-2131.json) (`2023-05-01T14:17:38.750`)
* [CVE-2023-2176](CVE-2023/CVE-2023-21xx/CVE-2023-2176.json) (`2023-05-01T14:26:28.220`)
* [CVE-2023-28003](CVE-2023/CVE-2023-280xx/CVE-2023-28003.json) (`2023-05-01T14:00:32.963`)
* [CVE-2023-29213](CVE-2023/CVE-2023-292xx/CVE-2023-29213.json) (`2023-05-01T14:02:43.807`)
* [CVE-2023-29528](CVE-2023/CVE-2023-295xx/CVE-2023-29528.json) (`2023-05-01T15:46:06.867`)
* [CVE-2023-30456](CVE-2023/CVE-2023-304xx/CVE-2023-30456.json) (`2023-05-01T15:26:57.893`)
## Download and Usage