admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-22T03:00:18.732421+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-22 03:00:22 +00:00
parent a2fab73c26
commit 63cc96a831
10 changed files with 546 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
CVE-2021/CVE-2021-221xx/CVE-2021-22142.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2021-22142",
"sourceIdentifier": "bressers@elastic.co",
"published": "2023-11-22T01:15:07.210",
"lastModified": "2023-11-22T01:15:07.210",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "bressers@elastic.co",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "bressers@elastic.co",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1104"
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/elastic-stack-7-13-0-and-6-8-16-security-update/273964/1",
"source": "bressers@elastic.co"
},
{
"url": "https://www.elastic.co/community/security",
"source": "bressers@elastic.co"
}
]
}

59
CVE-2021/CVE-2021-221xx/CVE-2021-22143.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2021-22143",
"sourceIdentifier": "bressers@elastic.co",
"published": "2023-11-22T02:15:41.860",
"lastModified": "2023-11-22T02:15:41.860",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers will not be sanitized before being sent."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "bressers@elastic.co",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.7,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "bressers@elastic.co",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/elastic-apm-net-agent-1-10-0-security-update/274668",
"source": "bressers@elastic.co"
},
{
"url": "https://www.elastic.co/community/security",
"source": "bressers@elastic.co"
}
]
}

59
CVE-2021/CVE-2021-221xx/CVE-2021-22150.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2021-22150",
"sourceIdentifier": "bressers@elastic.co",
"published": "2023-11-22T01:15:07.417",
"lastModified": "2023-11-22T01:15:07.417",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "bressers@elastic.co",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "bressers@elastic.co",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/elastic-stack-7-14-1-security-update/283077",
"source": "bressers@elastic.co"
},
{
"url": "https://www.elastic.co/community/security",
"source": "bressers@elastic.co"
}
]
}

59
CVE-2021/CVE-2021-221xx/CVE-2021-22151.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2021-22151",
"sourceIdentifier": "bressers@elastic.co",
"published": "2023-11-22T01:15:07.607",
"lastModified": "2023-11-22T01:15:07.607",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "It was discovered that Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "bressers@elastic.co",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "bressers@elastic.co",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/elastic-stack-7-14-1-security-update/283077",
"source": "bressers@elastic.co"
},
{
"url": "https://www.elastic.co/community/security",
"source": "bressers@elastic.co"
}
]
}

59
CVE-2021/CVE-2021-379xx/CVE-2021-37937.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2021-37937",
"sourceIdentifier": "bressers@elastic.co",
"published": "2023-11-22T02:15:42.043",
"lastModified": "2023-11-22T02:15:42.043",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was found with how API keys are created with the Fleet-Server service account. When an API key is created with a service account, it is possible that the API key could be created with higher privileges than intended. Using this vulnerability, a compromised Fleet-Server service account could escalate themselves to a super-user."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "bressers@elastic.co",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "bressers@elastic.co",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/elastic-stack-7-14-1-security-update/283077",
"source": "bressers@elastic.co"
},
{
"url": "https://www.elastic.co/community/security",
"source": "bressers@elastic.co"
}
]
}

59
CVE-2021/CVE-2021-379xx/CVE-2021-37942.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2021-37942",
"sourceIdentifier": "bressers@elastic.co",
"published": "2023-11-22T02:15:42.220",
"lastModified": "2023-11-22T02:15:42.220",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user typically has access to."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "bressers@elastic.co",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "bressers@elastic.co",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/apm-java-agent-security-update/291355",
"source": "bressers@elastic.co"
},
{
"url": "https://www.elastic.co/community/security",
"source": "bressers@elastic.co"
}
]
}

59
CVE-2023/CVE-2023-351xx/CVE-2023-35127.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-35127",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-11-22T01:15:07.813",
"lastModified": "2023-11-22T01:15:07.813",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow may occur when Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02",
"source": "ics-cert@hq.dhs.gov"
}
]
}

59
CVE-2023/CVE-2023-401xx/CVE-2023-40152.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-40152",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-11-22T01:15:08.007",
"lastModified": "2023-11-22T01:15:08.007",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "When Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file an out of bounds write may occur."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02",
"source": "ics-cert@hq.dhs.gov"
}
]
}

59
CVE-2023/CVE-2023-52xx/CVE-2023-5299.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5299",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-11-22T01:15:08.187",
"lastModified": "2023-11-22T01:15:08.187",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02",
"source": "ics-cert@hq.dhs.gov"
}
]
}

44
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-11-22T00:55:18.535980+00:00
2023-11-22T03:00:18.732421+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-11-22T00:15:07.070000+00:00
2023-11-22T02:15:42.220000+00:00
```
### Last Data Feed Release
@ -23,48 +23,34 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2023-11-21T01:00:13.564564+00:00
2023-11-22T01:00:13.561104+00:00
```
### Total Number of included CVEs
```plain
231250
231259
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `9`
* [CVE-2023-48305](CVE-2023/CVE-2023-483xx/CVE-2023-48305.json) (`2023-11-21T23:15:07.373`)
* [CVE-2023-48306](CVE-2023/CVE-2023-483xx/CVE-2023-48306.json) (`2023-11-21T23:15:07.600`)
* [CVE-2023-48307](CVE-2023/CVE-2023-483xx/CVE-2023-48307.json) (`2023-11-21T23:15:07.807`)
* [CVE-2023-48699](CVE-2023/CVE-2023-486xx/CVE-2023-48699.json) (`2023-11-21T23:15:08.103`)
* [CVE-2023-48700](CVE-2023/CVE-2023-487xx/CVE-2023-48700.json) (`2023-11-21T23:15:08.307`)
* [CVE-2023-48701](CVE-2023/CVE-2023-487xx/CVE-2023-48701.json) (`2023-11-21T23:15:08.510`)
* [CVE-2021-22142](CVE-2021/CVE-2021-221xx/CVE-2021-22142.json) (`2023-11-22T01:15:07.210`)
* [CVE-2021-22150](CVE-2021/CVE-2021-221xx/CVE-2021-22150.json) (`2023-11-22T01:15:07.417`)
* [CVE-2021-22151](CVE-2021/CVE-2021-221xx/CVE-2021-22151.json) (`2023-11-22T01:15:07.607`)
* [CVE-2021-22143](CVE-2021/CVE-2021-221xx/CVE-2021-22143.json) (`2023-11-22T02:15:41.860`)
* [CVE-2021-37937](CVE-2021/CVE-2021-379xx/CVE-2021-37937.json) (`2023-11-22T02:15:42.043`)
* [CVE-2021-37942](CVE-2021/CVE-2021-379xx/CVE-2021-37942.json) (`2023-11-22T02:15:42.220`)
* [CVE-2023-35127](CVE-2023/CVE-2023-351xx/CVE-2023-35127.json) (`2023-11-22T01:15:07.813`)
* [CVE-2023-40152](CVE-2023/CVE-2023-401xx/CVE-2023-40152.json) (`2023-11-22T01:15:08.007`)
* [CVE-2023-5299](CVE-2023/CVE-2023-52xx/CVE-2023-5299.json) (`2023-11-22T01:15:08.187`)
### CVEs modified in the last Commit
Recently modified CVEs: `17`
Recently modified CVEs: `0`
* [CVE-2021-42362](CVE-2021/CVE-2021-423xx/CVE-2021-42362.json) (`2023-11-22T00:15:07.070`)
* [CVE-2022-23830](CVE-2022/CVE-2022-238xx/CVE-2022-23830.json) (`2023-11-22T00:09:29.283`)
* [CVE-2023-48310](CVE-2023/CVE-2023-483xx/CVE-2023-48310.json) (`2023-11-21T23:15:08.007`)
* [CVE-2023-47675](CVE-2023/CVE-2023-476xx/CVE-2023-47675.json) (`2023-11-22T00:05:28.373`)
* [CVE-2023-47283](CVE-2023/CVE-2023-472xx/CVE-2023-47283.json) (`2023-11-22T00:05:40.857`)
* [CVE-2023-42428](CVE-2023/CVE-2023-424xx/CVE-2023-42428.json) (`2023-11-22T00:05:52.117`)
* [CVE-2023-48649](CVE-2023/CVE-2023-486xx/CVE-2023-48649.json) (`2023-11-22T00:06:06.837`)
* [CVE-2023-38130](CVE-2023/CVE-2023-381xx/CVE-2023-38130.json) (`2023-11-22T00:06:35.717`)
* [CVE-2023-48648](CVE-2023/CVE-2023-486xx/CVE-2023-48648.json) (`2023-11-22T00:06:56.547`)
* [CVE-2023-47239](CVE-2023/CVE-2023-472xx/CVE-2023-47239.json) (`2023-11-22T00:07:02.880`)
* [CVE-2023-48054](CVE-2023/CVE-2023-480xx/CVE-2023-48054.json) (`2023-11-22T00:07:20.520`)
* [CVE-2023-48053](CVE-2023/CVE-2023-480xx/CVE-2023-48053.json) (`2023-11-22T00:07:38.557`)
* [CVE-2023-48052](CVE-2023/CVE-2023-480xx/CVE-2023-48052.json) (`2023-11-22T00:07:54.837`)
* [CVE-2023-47240](CVE-2023/CVE-2023-472xx/CVE-2023-47240.json) (`2023-11-22T00:08:03.740`)
* [CVE-2023-47242](CVE-2023/CVE-2023-472xx/CVE-2023-47242.json) (`2023-11-22T00:08:11.023`)
* [CVE-2023-47245](CVE-2023/CVE-2023-472xx/CVE-2023-47245.json) (`2023-11-22T00:08:17.730`)
* [CVE-2023-47508](CVE-2023/CVE-2023-475xx/CVE-2023-47508.json) (`2023-11-22T00:08:24.690`)
## Download and Usage