admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-01T12:00:25.286048+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-01 12:00:28 +00:00
parent 57a3b858a7
commit 6688f11076
27 changed files with 1221 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
CVE-2022/CVE-2022-43xx/CVE-2022-4343.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2022-4343",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-09-01T11:15:40.037",
"lastModified": "2023-09-01T11:47:43.290",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which a project member can leak credentials stored in site profile."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/385124",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/1767797",
"source": "cve@gitlab.com"
}
]
}

24
CVE-2022/CVE-2022-443xx/CVE-2022-44349.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2022-44349",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T10:15:07.677",
"lastModified": "2023-09-01T11:47:50.290",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 is vulnerable to Cross Site Scripting (XSS)."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MVRC-ITSEC/CVEs/blob/main/CVE-2022-44349",
"source": "cve@mitre.org"
},
{
"url": "https://www.navblue.aero/product/n-crew-planning/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2022/CVE-2022-465xx/CVE-2022-46527.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2022-46527",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T11:15:39.693",
"lastModified": "2023-09-01T11:47:43.290",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "ELSYS ERS 1.5 Sound v2.3.8 was discovered to contain a buffer overflow via the NFC data parser."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2022-46527.pdf",
"source": "cve@mitre.org"
},
{
"url": "https://www.elsys.se/en/ers-sound/",
"source": "cve@mitre.org"
}
]
}

59
CVE-2023/CVE-2023-01xx/CVE-2023-0120.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-0120",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-09-01T11:15:40.287",
"lastModified": "2023-09-01T11:47:43.290",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions starting from 10.0 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to edit labels description by an unauthorised user."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/387531",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/1818425",
"source": "cve@gitlab.com"
}
]
}

59
CVE-2023/CVE-2023-12xx/CVE-2023-1279.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-1279",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-09-01T11:15:40.473",
"lastModified": "2023-09-01T11:47:43.290",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions starting from 4.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 where it was possible to create a URL that would redirect to a different project."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-138"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/395437",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/1889230",
"source": "cve@gitlab.com"
}
]
}

59
CVE-2023/CVE-2023-15xx/CVE-2023-1555.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-1555",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-09-01T11:15:40.663",
"lastModified": "2023-09-01T11:47:43.290",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/398587",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/1911908",
"source": "cve@gitlab.com"
}
]
}

55
CVE-2023/CVE-2023-244xx/CVE-2023-24412.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-24412",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-01T11:15:40.863",
"lastModified": "2023-09-01T11:47:43.290",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web-Settler Image Social Feed plugin <=\u00a01.7.6 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/add-instagram/wordpress-image-social-feed-plugin-plugin-1-7-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

24
CVE-2023/CVE-2023-246xx/CVE-2023-24674.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-24674",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T10:15:07.950",
"lastModified": "2023-09-01T11:47:50.290",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Permissions vulnerability found in Bludit CMS v.4.0.0 allows local attackers to escalate privileges via the role:admin parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://cupc4k3.medium.com/cve-2023-24674-uncovering-a-privilege-escalation-vulnerability-in-bludit-cms-dcf86c41107",
"source": "cve@mitre.org"
},
{
"url": "https://medium.com/@cupc4k3/privilege-scalation-in-bludit-cms-dcf86c41107",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-246xx/CVE-2023-24675.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-24675",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T10:15:08.080",
"lastModified": "2023-09-01T11:47:50.290",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary code via the Categories Friendly URL."
}
],
"metrics": {},
"references": [
{
"url": "https://cupc4k3.medium.com/cve-2023-24674-uncovering-a-privilege-escalation-vulnerability-in-bludit-cms-dcf86c41107",
"source": "cve@mitre.org"
},
{
"url": "https://medium.com/@cupc4k3/xss-stored-in-friendly-url-field-on-bludit-cms-641a9dd653f",
"source": "cve@mitre.org"
}
]
}

55
CVE-2023/CVE-2023-250xx/CVE-2023-25042.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25042",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-01T11:15:41.097",
"lastModified": "2023-09-01T11:47:43.290",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam Gladdy (Storm Consultancy) oAuth Twitter Feed for Developers plugin <=\u00a02.3.0 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/oauth-twitter-feed-for-developers/wordpress-oauth-twitter-feed-for-developers-plugin-2-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-250xx/CVE-2023-25044.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25044",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-01T11:15:41.313",
"lastModified": "2023-09-01T11:47:43.290",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sumo Social Share Boost plugin <=\u00a04.4 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/social-share-boost/wordpress-social-share-boost-plugin-4-4-cross-site-scripting-xss-vulnerability-2?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-254xx/CVE-2023-25477.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25477",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-01T11:15:41.503",
"lastModified": "2023-09-01T11:47:43.290",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yotuwp Video Gallery plugin <=\u00a01.3.12 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/yotuwp-easy-youtube-embed/wordpress-video-gallery-youtube-playlist-channel-gallery-by-yotuwp-plugin-1-3-12-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-254xx/CVE-2023-25488.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25488",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-01T11:15:41.677",
"lastModified": "2023-09-01T11:47:43.290",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Duc Bui Quang WP Default Feature Image plugin <=\u00a01.0.1.1 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-default-feature-image/wordpress-wp-default-feature-image-plugin-1-0-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2023/CVE-2023-32xx/CVE-2023-3205.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-3205",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-09-01T11:15:41.850",
"lastModified": "2023-09-01T11:47:43.290",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/415067",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/2011464",
"source": "cve@gitlab.com"
}
]
}

59
CVE-2023/CVE-2023-32xx/CVE-2023-3210.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-3210",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-09-01T11:15:42.053",
"lastModified": "2023-09-01T11:47:43.290",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/415074",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/2011474",
"source": "cve@gitlab.com"
}
]
}

20
CVE-2023/CVE-2023-396xx/CVE-2023-39685.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-39685",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T10:15:08.217",
"lastModified": "2023-09-01T11:47:50.290",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in hjson-java up to v3.0.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted JSON string."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/hjson/hjson-java/issues/27",
"source": "cve@mitre.org"
}
]
}

59
CVE-2023/CVE-2023-39xx/CVE-2023-3915.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-3915",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-09-01T11:15:42.267",
"lastModified": "2023-09-01T11:47:43.290",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab EE affecting all versions starting from 16.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. If an external user is given an owner role on any group, that external user may escalate their privileges on the instance by creating a service account in that group. This service account is not classified as external and may be used to access internal projects."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-279"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/417664",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/2040834",
"source": "cve@gitlab.com"
}
]
}

59
CVE-2023/CVE-2023-39xx/CVE-2023-3950.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-3950",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-09-01T11:15:42.457",
"lastModified": "2023-09-01T11:47:43.290",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419675",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/2079154",
"source": "cve@gitlab.com"
}
]
}

20
CVE-2023/CVE-2023-402xx/CVE-2023-40239.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40239",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T11:15:42.657",
"lastModified": "2023-09-01T11:47:43.290",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246, i.e., '*' indicates that the full version specification varies across product model family, but firmware level P246 (or higher) is required to remediate the vulnerability."
}
],
"metrics": {},
"references": [
{
"url": "https://publications.lexmark.com/publications/security-alerts/CVE-2023-40239.pdf",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-409xx/CVE-2023-40969.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-40969",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T11:15:42.800",
"lastModified": "2023-09-01T11:47:43.290",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/komangsughosa/CVE-ID-not-yet/blob/main/slims/slims9_bulian-9.6.1-SSRF-pop_p2p.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/slims/slims9_bulian/issues/204",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-409xx/CVE-2023-40970.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-40970",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T11:15:42.923",
"lastModified": "2023-09-01T11:47:43.290",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/modules/circulation/loan_rules.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/komangsughosa/CVE-ID-not-yet/blob/main/slims/slims9_bulian-9.6.1-SQLI-loan_rules.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/slims/slims9_bulian/issues/205",
"source": "cve@mitre.org"
}
]
}

59
CVE-2023/CVE-2023-40xx/CVE-2023-4018.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4018",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-09-01T11:15:43.037",
"lastModified": "2023-09-01T11:47:43.290",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to create model experiments in public projects."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/420301",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/2083440",
"source": "cve@gitlab.com"
}
]
}

28
CVE-2023/CVE-2023-413xx/CVE-2023-41364.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-41364",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T10:15:08.343",
"lastModified": "2023-09-01T11:47:50.290",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In tine through 2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL Injection."
}
],
"metrics": {},
"references": [
{
"url": "https://herolab.usd.de/security-advisories/",
"source": "cve@mitre.org"
},
{
"url": "https://herolab.usd.de/security-advisories/usd-2023-0002/",
"source": "cve@mitre.org"
},
{
"url": "https://www.tine-groupware.de/",
"source": "cve@mitre.org"
}
]
}

59
CVE-2023/CVE-2023-43xx/CVE-2023-4378.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4378",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-09-01T11:15:43.113",
"lastModified": "2023-09-01T11:47:43.290",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the configured URL in the Sentry error tracking settings page. This was as a result of an incomplete fix for CVE-2022-4365."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/422134",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/2104591",
"source": "cve@gitlab.com"
}
]
}

55
CVE-2023/CVE-2023-46xx/CVE-2023-4647.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-4647",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-09-01T11:15:43.363",
"lastModified": "2023-09-01T11:47:43.290",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which the projects API pagination can be skipped, potentially leading to DoS on certain instances."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/414502",
"source": "cve@gitlab.com"
}
]
}

59
CVE-2023/CVE-2023-47xx/CVE-2023-4704.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4704",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-01T10:15:08.587",
"lastModified": "2023-09-01T11:47:50.290",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-15"
}
]
}
],
"references": [
{
"url": "https://github.com/instantsoft/icms2/commit/bc22d89691fdaf38055eba13dda8d959b16fa731",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/4a54134d-df1f-43d4-9b14-45f023cd654a",
"source": "security@huntr.dev"
}
]
}

60
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-01T08:00:24.795939+00:00
2023-09-01T12:00:25.286048+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-01T07:32:13.003000+00:00
2023-09-01T11:47:50.290000+00:00
```
### Last Data Feed Release
@ -29,44 +29,44 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
223870
223896
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `26`
* [CVE-2022-4343](CVE-2022/CVE-2022-43xx/CVE-2022-4343.json) (`2023-09-01T11:15:40.037`)
* [CVE-2022-44349](CVE-2022/CVE-2022-443xx/CVE-2022-44349.json) (`2023-09-01T10:15:07.677`)
* [CVE-2023-0120](CVE-2023/CVE-2023-01xx/CVE-2023-0120.json) (`2023-09-01T11:15:40.287`)
* [CVE-2023-1279](CVE-2023/CVE-2023-12xx/CVE-2023-1279.json) (`2023-09-01T11:15:40.473`)
* [CVE-2023-1555](CVE-2023/CVE-2023-15xx/CVE-2023-1555.json) (`2023-09-01T11:15:40.663`)
* [CVE-2023-24412](CVE-2023/CVE-2023-244xx/CVE-2023-24412.json) (`2023-09-01T11:15:40.863`)
* [CVE-2023-25042](CVE-2023/CVE-2023-250xx/CVE-2023-25042.json) (`2023-09-01T11:15:41.097`)
* [CVE-2023-25044](CVE-2023/CVE-2023-250xx/CVE-2023-25044.json) (`2023-09-01T11:15:41.313`)
* [CVE-2023-25477](CVE-2023/CVE-2023-254xx/CVE-2023-25477.json) (`2023-09-01T11:15:41.503`)
* [CVE-2023-25488](CVE-2023/CVE-2023-254xx/CVE-2023-25488.json) (`2023-09-01T11:15:41.677`)
* [CVE-2023-3205](CVE-2023/CVE-2023-32xx/CVE-2023-3205.json) (`2023-09-01T11:15:41.850`)
* [CVE-2023-3210](CVE-2023/CVE-2023-32xx/CVE-2023-3210.json) (`2023-09-01T11:15:42.053`)
* [CVE-2023-3915](CVE-2023/CVE-2023-39xx/CVE-2023-3915.json) (`2023-09-01T11:15:42.267`)
* [CVE-2023-3950](CVE-2023/CVE-2023-39xx/CVE-2023-3950.json) (`2023-09-01T11:15:42.457`)
* [CVE-2023-40239](CVE-2023/CVE-2023-402xx/CVE-2023-40239.json) (`2023-09-01T11:15:42.657`)
* [CVE-2023-40969](CVE-2023/CVE-2023-409xx/CVE-2023-40969.json) (`2023-09-01T11:15:42.800`)
* [CVE-2023-40970](CVE-2023/CVE-2023-409xx/CVE-2023-40970.json) (`2023-09-01T11:15:42.923`)
* [CVE-2023-4018](CVE-2023/CVE-2023-40xx/CVE-2023-4018.json) (`2023-09-01T11:15:43.037`)
* [CVE-2023-4378](CVE-2023/CVE-2023-43xx/CVE-2023-4378.json) (`2023-09-01T11:15:43.113`)
* [CVE-2023-4647](CVE-2023/CVE-2023-46xx/CVE-2023-4647.json) (`2023-09-01T11:15:43.363`)
* [CVE-2023-24674](CVE-2023/CVE-2023-246xx/CVE-2023-24674.json) (`2023-09-01T10:15:07.950`)
* [CVE-2023-24675](CVE-2023/CVE-2023-246xx/CVE-2023-24675.json) (`2023-09-01T10:15:08.080`)
* [CVE-2023-39685](CVE-2023/CVE-2023-396xx/CVE-2023-39685.json) (`2023-09-01T10:15:08.217`)
* [CVE-2023-41364](CVE-2023/CVE-2023-413xx/CVE-2023-41364.json) (`2023-09-01T10:15:08.343`)
* [CVE-2023-4704](CVE-2023/CVE-2023-47xx/CVE-2023-4704.json) (`2023-09-01T10:15:08.587`)
### CVEs modified in the last Commit
Recently modified CVEs: `41`
Recently modified CVEs: `0`
* [CVE-2023-39354](CVE-2023/CVE-2023-393xx/CVE-2023-39354.json) (`2023-09-01T07:32:13.003`)
* [CVE-2023-39355](CVE-2023/CVE-2023-393xx/CVE-2023-39355.json) (`2023-09-01T07:32:13.003`)
* [CVE-2023-39352](CVE-2023/CVE-2023-393xx/CVE-2023-39352.json) (`2023-09-01T07:32:13.003`)
* [CVE-2023-39353](CVE-2023/CVE-2023-393xx/CVE-2023-39353.json) (`2023-09-01T07:32:13.003`)
* [CVE-2023-39356](CVE-2023/CVE-2023-393xx/CVE-2023-39356.json) (`2023-09-01T07:32:13.003`)
* [CVE-2023-41749](CVE-2023/CVE-2023-417xx/CVE-2023-41749.json) (`2023-09-01T07:32:13.003`)
* [CVE-2023-41750](CVE-2023/CVE-2023-417xx/CVE-2023-41750.json) (`2023-09-01T07:32:13.003`)
* [CVE-2023-41751](CVE-2023/CVE-2023-417xx/CVE-2023-41751.json) (`2023-09-01T07:32:13.003`)
* [CVE-2023-4299](CVE-2023/CVE-2023-42xx/CVE-2023-4299.json) (`2023-09-01T07:32:13.003`)
* [CVE-2023-4688](CVE-2023/CVE-2023-46xx/CVE-2023-4688.json) (`2023-09-01T07:32:13.003`)
* [CVE-2023-40181](CVE-2023/CVE-2023-401xx/CVE-2023-40181.json) (`2023-09-01T07:32:13.003`)
* [CVE-2023-40186](CVE-2023/CVE-2023-401xx/CVE-2023-40186.json) (`2023-09-01T07:32:13.003`)
* [CVE-2023-40187](CVE-2023/CVE-2023-401xx/CVE-2023-40187.json) (`2023-09-01T07:32:13.003`)
* [CVE-2023-40188](CVE-2023/CVE-2023-401xx/CVE-2023-40188.json) (`2023-09-01T07:32:13.003`)
* [CVE-2023-40567](CVE-2023/CVE-2023-405xx/CVE-2023-40567.json) (`2023-09-01T07:32:13.003`)
* [CVE-2023-40569](CVE-2023/CVE-2023-405xx/CVE-2023-40569.json) (`2023-09-01T07:32:13.003`)
* [CVE-2023-40574](CVE-2023/CVE-2023-405xx/CVE-2023-40574.json) (`2023-09-01T07:32:13.003`)
* [CVE-2023-40575](CVE-2023/CVE-2023-405xx/CVE-2023-40575.json) (`2023-09-01T07:32:13.003`)
* [CVE-2023-40576](CVE-2023/CVE-2023-405xx/CVE-2023-40576.json) (`2023-09-01T07:32:13.003`)
* [CVE-2023-39912](CVE-2023/CVE-2023-399xx/CVE-2023-39912.json) (`2023-09-01T07:32:13.003`)
* [CVE-2023-4481](CVE-2023/CVE-2023-44xx/CVE-2023-4481.json) (`2023-09-01T07:32:13.003`)
* [CVE-2023-4695](CVE-2023/CVE-2023-46xx/CVE-2023-4695.json) (`2023-09-01T07:32:13.003`)
* [CVE-2023-4696](CVE-2023/CVE-2023-46xx/CVE-2023-4696.json) (`2023-09-01T07:32:13.003`)
* [CVE-2023-4697](CVE-2023/CVE-2023-46xx/CVE-2023-4697.json) (`2023-09-01T07:32:13.003`)
* [CVE-2023-4698](CVE-2023/CVE-2023-46xx/CVE-2023-4698.json) (`2023-09-01T07:32:13.003`)
## Download and Usage