admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-17T08:00:28.547836+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-17 08:00:31 +00:00
parent 3a6145aea8
commit 63a8370d31
11 changed files with 401 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
CVE-2023/CVE-2023-32xx/CVE-2023-3244.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-3244",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-17T07:15:43.617",
"lastModified": "2023-08-17T07:15:43.617",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Comments Like Dislike plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the restore_settings function called via an AJAX action in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to reset the plugin's settings. NOTE: After attempting to contact the developer with no response, and reporting this to the WordPress plugin's team 30 days ago we are disclosing this issue as it still is not updated."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/comments-like-dislike/trunk/inc/classes/cld-admin.php#L99",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/66019297-a8a8-4bbc-99db-4b47066f3e50?source=cve",
"source": "security@wordfence.com"
}
]
}

55
CVE-2023/CVE-2023-342xx/CVE-2023-34215.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34215",
"sourceIdentifier": "psirt@moxa.com",
"published": "2023-08-17T07:15:42.333",
"lastModified": "2023-08-17T07:15:42.333",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the certification-generation function, which could potentially allow malicious users to execute remote code on affected devices.\u00a0\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@moxa.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@moxa.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities",
"source": "psirt@moxa.com"
}
]
}

55
CVE-2023/CVE-2023-342xx/CVE-2023-34216.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34216",
"sourceIdentifier": "psirt@moxa.com",
"published": "2023-08-17T07:15:43.297",
"lastModified": "2023-08-17T07:15:43.297",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability derives from insufficient input validation in the key-delete function, which could potentially allow malicious users to delete arbitrary files. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@moxa.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "psirt@moxa.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities",
"source": "psirt@moxa.com"
}
]
}

55
CVE-2023/CVE-2023-342xx/CVE-2023-34217.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34217",
"sourceIdentifier": "psirt@moxa.com",
"published": "2023-08-17T07:15:43.383",
"lastModified": "2023-08-17T07:15:43.383",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@moxa.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "psirt@moxa.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities",
"source": "psirt@moxa.com"
}
]
}

8
CVE-2023/CVE-2023-398xx/CVE-2023-39849.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-39849",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-15T22:15:13.937",
"lastModified": "2023-08-16T12:02:41.873",
"lastModified": "2023-08-17T07:15:43.463",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Pikachu v1.0 was discovered to contain a SQL injection vulnerability via the $username parameter at \\inc\\function.php."
"value": "** DISPUTED ** Pikachu v1.0 was discovered to contain a SQL injection vulnerability via the $username parameter at \\inc\\function.php. NOTE: this is disputed by multiple third parties who report that the only role of Pikachu is to intentionally implement vulnerabilities for learning purposes; it is never employed for delivering services or functionality to end users."
}
],
"metrics": {},
@ -19,6 +19,10 @@
{
"url": "https://github.com/zhuifengshaonianhanlu/pikachu",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/zhuifengshaonianhanlu/pikachu/blob/master/README.md",
"source": "cve@mitre.org"
}
]
}

55
CVE-2023/CVE-2023-402xx/CVE-2023-40251.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-40251",
"sourceIdentifier": "vuln@krcert.or.kr",
"published": "2023-08-17T07:15:43.737",
"lastModified": "2023-08-17T07:15:43.737",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Encryption of Sensitive DataCAPEC- vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "vuln@krcert.or.kr",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "vuln@krcert.or.kr",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-311"
}
]
}
],
"references": [
{
"url": "https://www.genians.co.kr/notice/2023",
"source": "vuln@krcert.or.kr"
}
]
}

55
CVE-2023/CVE-2023-402xx/CVE-2023-40252.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-40252",
"sourceIdentifier": "vuln@krcert.or.kr",
"published": "2023-08-17T07:15:43.847",
"lastModified": "2023-08-17T07:15:43.847",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "vuln@krcert.or.kr",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "vuln@krcert.or.kr",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://www.genians.co.kr/notice/2023",
"source": "vuln@krcert.or.kr"
}
]
}

24
CVE-2023/CVE-2023-402xx/CVE-2023-40253.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-40253",
"sourceIdentifier": "vuln@krcert.or.kr",
"published": "2023-08-11T06:15:10.673",
"lastModified": "2023-08-11T12:58:22.393",
"lastModified": "2023-08-17T07:15:43.933",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Functionality Misuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n"
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n"
}
],
"metrics": {
@ -17,20 +17,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
"exploitabilityScore": 1.1,
"impactScore": 6.0
}
]
},
@ -41,7 +41,7 @@
"description": [
{
"lang": "en",
"value": "CWE-287"
"value": "CWE-94"
}
]
}

20
CVE-2023/CVE-2023-402xx/CVE-2023-40254.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-40254",
"sourceIdentifier": "vuln@krcert.or.kr",
"published": "2023-08-11T07:15:09.423",
"lastModified": "2023-08-11T12:58:22.393",
"lastModified": "2023-08-17T07:15:44.060",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n"
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n"
}
],
"metrics": {
@ -17,20 +17,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 5.9
"exploitabilityScore": 1.1,
"impactScore": 6.0
}
]
},
@ -41,7 +41,7 @@
"description": [
{
"lang": "en",
"value": "CWE-494"
"value": "CWE-94"
}
]
}

24
CVE-2023/CVE-2023-402xx/CVE-2023-40281.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-40281",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-08-17T07:15:44.153",
"lastModified": "2023-08-17T07:15:44.153",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in \"mail/template\" and \"products/product\" of Management page.\r\nIf this vulnerability is exploited, an arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using the product."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN46993816/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.ec-cube.net/info/weakness/20230727/",
"source": "vultures@jpcert.or.jp"
}
]
}

21
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-17T06:00:29.231609+00:00
2023-08-17T08:00:28.547836+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-17T04:15:10.687000+00:00
2023-08-17T07:15:44.153000+00:00
```
### Last Data Feed Release
@ -29,20 +29,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
222872
222879
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `7`
* [CVE-2023-4395](CVE-2023/CVE-2023-43xx/CVE-2023-4395.json) (`2023-08-17T04:15:10.687`)
* [CVE-2023-34215](CVE-2023/CVE-2023-342xx/CVE-2023-34215.json) (`2023-08-17T07:15:42.333`)
* [CVE-2023-34216](CVE-2023/CVE-2023-342xx/CVE-2023-34216.json) (`2023-08-17T07:15:43.297`)
* [CVE-2023-34217](CVE-2023/CVE-2023-342xx/CVE-2023-34217.json) (`2023-08-17T07:15:43.383`)
* [CVE-2023-3244](CVE-2023/CVE-2023-32xx/CVE-2023-3244.json) (`2023-08-17T07:15:43.617`)
* [CVE-2023-40251](CVE-2023/CVE-2023-402xx/CVE-2023-40251.json) (`2023-08-17T07:15:43.737`)
* [CVE-2023-40252](CVE-2023/CVE-2023-402xx/CVE-2023-40252.json) (`2023-08-17T07:15:43.847`)
* [CVE-2023-40281](CVE-2023/CVE-2023-402xx/CVE-2023-40281.json) (`2023-08-17T07:15:44.153`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `3`
* [CVE-2023-39849](CVE-2023/CVE-2023-398xx/CVE-2023-39849.json) (`2023-08-17T07:15:43.463`)
* [CVE-2023-40253](CVE-2023/CVE-2023-402xx/CVE-2023-40253.json) (`2023-08-17T07:15:43.933`)
* [CVE-2023-40254](CVE-2023/CVE-2023-402xx/CVE-2023-40254.json) (`2023-08-17T07:15:44.060`)
## Download and Usage