admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-25T18:00:33.975572+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-25 18:00:37 +00:00
parent 5845d83047
commit 6c05af780a
45 changed files with 2240 additions and 206 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
CVE-2020/CVE-2020-117xx/CVE-2020-11711.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2020-11711",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T16:15:07.857",
"lastModified": "2023-08-25T17:51:53.297",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim's browser. This results in a stored XSS on the authentication interface of the admin panel. Moreover, an unsecured authentication form is present on the authentication interface of the SSL VPN captive portal. Users are allowed to save their credentials inside the browser. If an administrator saves his credentials through this unsecured form, these credentials could be stolen via the stored XSS on the admin panel without user interaction. Another possible exploitation would be modification of the authentication form of the admin panel into a malicious form."
}
],
"metrics": {},
"references": [
{
"url": "https://advisories.stormshield.eu/2020-011/",
"source": "cve@mitre.org"
},
{
"url": "https://twitter.com/_ACKNAK_",
"source": "cve@mitre.org"
},
{
"url": "https://www.digitemis.com/category/blog/actualite/",
"source": "cve@mitre.org"
}
]
}

64
CVE-2020/CVE-2020-182xx/CVE-2020-18232.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2020-18232", "id": "CVE-2020-18232",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:15:54.903", "published": "2023-08-22T19:15:54.903",
"lastModified": "2023-08-22T20:10:36.537", "lastModified": "2023-08-25T16:41:20.193",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file." "value": "Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hdfgroup:hdf5:1.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C82BB0E-2A5E-4273-8CF6-A3ED216F95F2"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/winson2004aa/PAAFS/tree/master/vul2", "url": "https://github.com/winson2004aa/PAAFS/tree/master/vul2",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

71
CVE-2020/CVE-2020-188xx/CVE-2020-18831.json
View File

@ -2,23 +2,84 @@
"id": "CVE-2020-18831", "id": "CVE-2020-18831",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:15:56.220", "published": "2023-08-22T19:15:56.220",
"lastModified": "2023-08-22T20:10:36.537", "lastModified": "2023-08-25T17:10:04.940",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file." "value": "Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:exiv2:exiv2:0.27.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E196C7D-A075-43E0-A620-C2D7C0EB559F"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/Exiv2/exiv2/issues/828", "url": "https://github.com/Exiv2/exiv2/issues/828",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
}, },
{ {
"url": "https://www.exiv2.org/download.html", "url": "https://www.exiv2.org/download.html",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Broken Link"
]
} }
] ]
} }

72
CVE-2020/CVE-2020-217xx/CVE-2020-21710.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2020-21710", "id": "CVE-2020-21710",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:16.127", "published": "2023-08-22T19:16:16.127",
"lastModified": "2023-08-22T20:10:36.537", "lastModified": "2023-08-25T17:12:07.670",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file." "value": "A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-369"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:artifex:ghostscript:9.50:*:*:*:*:*:*:*",
"matchCriteriaId": "089333A5-72AA-4E68-8A8E-81876AAC9DD3"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=701843", "url": "https://bugs.ghostscript.com/show_bug.cgi?id=701843",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
}, },
{ {
"url": "https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4e713293de84b689c4ab358f3e110ea54aa81925", "url": "https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4e713293de84b689c4ab358f3e110ea54aa81925",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
]
} }
] ]
} }

66
CVE-2020/CVE-2020-218xx/CVE-2020-21890.json
View File

@ -2,19 +2,77 @@
"id": "CVE-2020-21890", "id": "CVE-2020-21890",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:18.730", "published": "2023-08-22T19:16:18.730",
"lastModified": "2023-08-22T20:10:36.537", "lastModified": "2023-08-25T17:15:04.217",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via opening of crafted PDF document." "value": "Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via opening of crafted PDF document."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:artifex:ghostscript:9.50:*:*:*:*:*:*:*",
"matchCriteriaId": "089333A5-72AA-4E68-8A8E-81876AAC9DD3"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=701846", "url": "https://bugs.ghostscript.com/show_bug.cgi?id=701846",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

68
CVE-2020/CVE-2020-222xx/CVE-2020-22217.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2020-22217", "id": "CVE-2020-22217",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:19.050", "published": "2023-08-22T19:16:19.050",
"lastModified": "2023-08-22T20:10:36.537", "lastModified": "2023-08-25T17:42:21.850",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c." "value": "Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:c-ares:c-ares:1.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F414AE45-51A4-439A-9522-74D765564707"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:c-ares:c-ares:1.70.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09D51C0F-7CF1-4179-89B2-1F9FD53112C6"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/c-ares/c-ares/issues/333", "url": "https://github.com/c-ares/c-ares/issues/333",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
} }
] ]
} }

64
CVE-2020/CVE-2020-222xx/CVE-2020-22218.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2020-22218", "id": "CVE-2020-22218",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:19.120", "published": "2023-08-22T19:16:19.120",
"lastModified": "2023-08-22T20:10:36.537", "lastModified": "2023-08-25T17:51:52.637",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory." "value": "An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libssh2:libssh2:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F25E23F0-5D4C-4436-A262-EC251272FDA4"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/libssh2/libssh2/pull/476", "url": "https://github.com/libssh2/libssh2/pull/476",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
]
} }
] ]
} }

68
CVE-2020/CVE-2020-229xx/CVE-2020-22916.json
View File

@ -2,23 +2,81 @@
"id": "CVE-2020-22916", "id": "CVE-2020-22916",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:19.407", "published": "2023-08-22T19:16:19.407",
"lastModified": "2023-08-22T20:10:36.537", "lastModified": "2023-08-25T17:53:54.797",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of crafted file." "value": "An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of crafted file."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tukaani:xz:5.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0AB0898C-225A-4BB8-B6B1-ED309063DFBD"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/snappyJack/CVE-request-XZ-5.2.5-has-denial-of-service-vulnerability", "url": "https://github.com/snappyJack/CVE-request-XZ-5.2.5-has-denial-of-service-vulnerability",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}, },
{ {
"url": "https://tukaani.org/xz/", "url": "https://tukaani.org/xz/",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
} }
] ]
} }

76
CVE-2020/CVE-2020-266xx/CVE-2020-26652.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2020-26652", "id": "CVE-2020-26652",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:19.943", "published": "2023-08-22T19:16:19.943",
"lastModified": "2023-08-22T20:10:36.537", "lastModified": "2023-08-25T17:56:03.737",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue was discovered in function nl80211_send_chandef in rtl8812au v5.6.4.2 allows attackers to cause a denial of service." "value": "An issue was discovered in function nl80211_send_chandef in rtl8812au v5.6.4.2 allows attackers to cause a denial of service."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:realtek:rtl8812au_firmware:5.6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "957AECA6-1567-42B3-996E-0786C82DCB84"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:realtek:rtl8812au:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35471A81-70F6-4162-BC0A-E5A7D070333C"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/aircrack-ng/rtl8812au/issues/730", "url": "https://github.com/aircrack-ng/rtl8812au/issues/730",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
} }
] ]
} }

63
CVE-2021/CVE-2021-293xx/CVE-2021-29390.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2021-29390", "id": "CVE-2021-29390",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:20.237", "published": "2023-08-22T19:16:20.237",
"lastModified": "2023-08-22T20:10:36.537", "lastModified": "2023-08-25T17:58:28.547",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "libjpeg-turbo version 2.0.90 is vulnerable to a heap-buffer-overflow vulnerability in decompress_smooth_data in jdcoefct.c." "value": "libjpeg-turbo version 2.0.90 is vulnerable to a heap-buffer-overflow vulnerability in decompress_smooth_data in jdcoefct.c."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:2.0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5809B6-0C5C-44C6-A2BF-4CE81A4D9200"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943797", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943797",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Permissions Required"
]
} }
] ]
} }

4
CVE-2022/CVE-2022-44xx/CVE-2022-4452.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-4452", "id": "CVE-2022-4452",
"sourceIdentifier": "chrome-cve-admin@google.com", "sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-08-25T15:15:08.040", "published": "2023-08-25T15:15:08.040",
"lastModified": "2023-08-25T15:15:08.040", "lastModified": "2023-08-25T17:51:53.297",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

73
CVE-2023/CVE-2023-202xx/CVE-2023-20224.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20224", "id": "CVE-2023-20224",
"sourceIdentifier": "ykramarz@cisco.com", "sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-08-16T22:15:11.837", "published": "2023-08-16T22:15:11.837",
"lastModified": "2023-08-18T17:15:09.787", "lastModified": "2023-08-25T17:52:52.807",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{ {
"source": "ykramarz@cisco.com", "source": "ykramarz@cisco.com",
"type": "Secondary", "type": "Secondary",
@ -34,18 +54,61 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-88"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:thousandeyes_enterprise_agent:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.230",
"matchCriteriaId": "7F8C5493-77A8-471C-8C40-20B48D378F68"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://packetstormsecurity.com/files/174233/Cisco-ThousandEyes-Enterprise-Agent-Virtual-Appliance-Privilege-Escalation.html", "url": "http://packetstormsecurity.com/files/174233/Cisco-ThousandEyes-Enterprise-Agent-Virtual-Appliance-Privilege-Escalation.html",
"source": "ykramarz@cisco.com" "source": "ykramarz@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2023/Aug/20", "url": "http://seclists.org/fulldisclosure/2023/Aug/20",
"source": "ykramarz@cisco.com" "source": "ykramarz@cisco.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-thoueye-privesc-NVhHGwb3", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-thoueye-privesc-NVhHGwb3",
"source": "ykramarz@cisco.com" "source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

61
CVE-2023/CVE-2023-202xx/CVE-2023-20229.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20229", "id": "CVE-2023-20229",
"sourceIdentifier": "ykramarz@cisco.com", "sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-08-16T22:15:12.213", "published": "2023-08-16T22:15:12.213",
"lastModified": "2023-08-17T12:53:44.537", "lastModified": "2023-08-25T16:45:26.260",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
},
{ {
"source": "ykramarz@cisco.com", "source": "ykramarz@cisco.com",
"type": "Secondary", "type": "Secondary",
@ -34,10 +54,45 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:duo_device_health_application:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.2.0",
"matchCriteriaId": "A3CF83DE-5ECA-472E-B3D9-0055279C0745"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-dha-filewrite-xPMBMZAK", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-dha-filewrite-xPMBMZAK",
"source": "ykramarz@cisco.com" "source": "ykramarz@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

82
CVE-2023/CVE-2023-202xx/CVE-2023-20237.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20237", "id": "CVE-2023-20237",
"sourceIdentifier": "ykramarz@cisco.com", "sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-08-16T22:15:12.777", "published": "2023-08-16T22:15:12.777",
"lastModified": "2023-08-17T12:53:44.537", "lastModified": "2023-08-25T16:32:21.537",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{ {
"source": "ykramarz@cisco.com", "source": "ykramarz@cisco.com",
"type": "Secondary", "type": "Secondary",
@ -34,10 +54,66 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:intersight_virtual_appliance:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.9-589",
"matchCriteriaId": "5F939C0F-2514-44C9-ADF6-4DCB344529EB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:a:cisco:intersight_assist:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D811AADF-88B4-452D-BCE8-8F288E6F3AEC"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:a:cisco:intersight_connected_virtual_appliance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C846A1B-7BAF-4352-8ED0-A175478E6222"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:a:cisco:intersight_private_virtual_appliance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB33AF02-AB30-4C29-BDD5-8BE8621DDCAF"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-forward-C45ncgqb", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-forward-C45ncgqb",
"source": "ykramarz@cisco.com" "source": "ykramarz@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

85
CVE-2023/CVE-2023-332xx/CVE-2023-33241.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33241", "id": "CVE-2023-33241",
"sourceIdentifier": "disclosures@halborn.com", "sourceIdentifier": "disclosures@halborn.com",
"published": "2023-08-09T22:15:10.323", "published": "2023-08-09T22:15:10.323",
"lastModified": "2023-08-10T01:51:18.907", "lastModified": "2023-08-25T16:14:33.433",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{ {
"source": "disclosures@halborn.com", "source": "disclosures@halborn.com",
"type": "Secondary", "type": "Secondary",
@ -34,26 +54,77 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gg18_project:gg18:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB48800C-F964-43D1-B0A5-0A9E4FF0983D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gg20_project:gg20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EB9A9BD-F519-4A6B-A525-6252DD8407FE"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://eprint.iacr.org/2019/114.pdf", "url": "https://eprint.iacr.org/2019/114.pdf",
"source": "disclosures@halborn.com" "source": "disclosures@halborn.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://eprint.iacr.org/2020/540.pdf", "url": "https://eprint.iacr.org/2020/540.pdf",
"source": "disclosures@halborn.com" "source": "disclosures@halborn.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/fireblocks-labs/mpc-ecdsa-attacks-23", "url": "https://github.com/fireblocks-labs/mpc-ecdsa-attacks-23",
"source": "disclosures@halborn.com" "source": "disclosures@halborn.com",
"tags": [
"Exploit"
]
}, },
{ {
"url": "https://github.com/fireblocks-labs/safeheron-gg20-exploit-poc", "url": "https://github.com/fireblocks-labs/safeheron-gg20-exploit-poc",
"source": "disclosures@halborn.com" "source": "disclosures@halborn.com",
"tags": [
"Exploit"
]
}, },
{ {
"url": "https://www.fireblocks.com/blog/gg18-and-gg20-paillier-key-vulnerability-technical-report/", "url": "https://www.fireblocks.com/blog/gg18-and-gg20-paillier-key-vulnerability-technical-report/",
"source": "disclosures@halborn.com" "source": "disclosures@halborn.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

58
CVE-2023/CVE-2023-34xx/CVE-2023-3481.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3481", "id": "CVE-2023-3481",
"sourceIdentifier": "cve-coordination@google.com", "sourceIdentifier": "cve-coordination@google.com",
"published": "2023-08-21T11:15:07.360", "published": "2023-08-21T11:15:07.360",
"lastModified": "2023-08-21T12:47:08.843", "lastModified": "2023-08-25T16:01:54.503",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "cve-coordination@google.com", "source": "cve-coordination@google.com",
"type": "Secondary", "type": "Secondary",
@ -35,6 +55,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{ {
"source": "cve-coordination@google.com", "source": "cve-coordination@google.com",
"type": "Secondary", "type": "Secondary",
@ -50,10 +80,32 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:critters:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.0.17",
"versionEndIncluding": "0.0.19",
"matchCriteriaId": "666AC14C-1E3E-442F-815A-686CA0098417"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/GoogleChromeLabs/critters/security/advisories/GHSA-cx3j-qqxj-9597", "url": "https://github.com/GoogleChromeLabs/critters/security/advisories/GHSA-cx3j-qqxj-9597",
"source": "cve-coordination@google.com" "source": "cve-coordination@google.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

53
CVE-2023/CVE-2023-36xx/CVE-2023-3604.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-3604", "id": "CVE-2023-3604",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-21T17:15:49.260", "published": "2023-08-21T17:15:49.260",
"lastModified": "2023-08-21T18:35:09.707", "lastModified": "2023-08-25T16:35:44.563",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered." "value": "The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "contact@wpscan.com", "source": "contact@wpscan.com",
@ -23,10 +46,32 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpexpertsio:change_wp_admin_login:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.1.4",
"matchCriteriaId": "BB661D74-396D-49CF-9AC8-F8782546EDCB"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://wpscan.com/vulnerability/8f6615e8-f607-4ce4-a0e0-d5fc841ead16", "url": "https://wpscan.com/vulnerability/8f6615e8-f607-4ce4-a0e0-d5fc841ead16",
"source": "contact@wpscan.com" "source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

53
CVE-2023/CVE-2023-36xx/CVE-2023-3667.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-3667", "id": "CVE-2023-3667",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-21T17:15:49.617", "published": "2023-08-21T17:15:49.617",
"lastModified": "2023-08-21T18:35:09.707", "lastModified": "2023-08-25T17:00:11.147",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The Bit Assist WordPress plugin before 1.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" "value": "The Bit Assist WordPress plugin before 1.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "contact@wpscan.com", "source": "contact@wpscan.com",
@ -23,10 +46,32 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bitapps:bit_assist:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.1.9",
"matchCriteriaId": "CEC48703-7E01-4F58-A935-064C76186EDB"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://wpscan.com/vulnerability/9f2f3f85-6812-46b5-9175-c56f6852afd7", "url": "https://wpscan.com/vulnerability/9f2f3f85-6812-46b5-9175-c56f6852afd7",
"source": "contact@wpscan.com" "source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

75
CVE-2023/CVE-2023-372xx/CVE-2023-37250.json
View File

@ -2,27 +2,90 @@
"id": "CVE-2023-37250", "id": "CVE-2023-37250",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-20T08:15:09.013", "published": "2023-08-20T08:15:09.013",
"lastModified": "2023-08-21T19:15:08.427", "lastModified": "2023-08-25T16:15:00.827",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Unity Parsec has a TOCTOU race condition that permits local attackers to escalate privileges to SYSTEM if Parsec was installed in \"Per User\" mode. The application intentionally launches DLLs from a user-owned directory but intended to always perform integrity verification of those DLLs. This affects Parsec Loader versions through 8. Parsec Loader 9 is a fixed version." "value": "Unity Parsec has a TOCTOU race condition that permits local attackers to escalate privileges to SYSTEM if Parsec was installed in \"Per User\" mode. The application intentionally launches DLLs from a user-owned directory but intended to always perform integrity verification of those DLLs. This affects Parsec Loader versions through 8. Parsec Loader 9 is a fixed version."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-367"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:unity:parsec:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0",
"matchCriteriaId": "4AE5936B-5A8B-4E54-B8BD-00D9DC3026A0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://support.parsec.app/hc/en-us/articles/18311425588237-CVE-2023-37250", "url": "https://support.parsec.app/hc/en-us/articles/18311425588237-CVE-2023-37250",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://unity3d.com", "url": "https://unity3d.com",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
}, },
{ {
"url": "https://www.kb.cert.org/vuls/id/287122", "url": "https://www.kb.cert.org/vuls/id/287122",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
} }
] ]
} }

55
CVE-2023/CVE-2023-382xx/CVE-2023-38201.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-38201",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-08-25T17:15:08.530",
"lastModified": "2023-08-25T17:51:53.297",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-38201",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222693",
"source": "secalert@redhat.com"
},
{
"url": "https://github.com/keylime/keylime/commit/9e5ac9f25cd400b16d5969f531cee28290543f2a",
"source": "secalert@redhat.com"
},
{
"url": "https://github.com/keylime/keylime/security/advisories/GHSA-f4r5-q63f-gcww",
"source": "secalert@redhat.com"
}
]
}

85
CVE-2023/CVE-2023-389xx/CVE-2023-38906.json
View File

@ -2,23 +2,98 @@
"id": "CVE-2023-38906", "id": "CVE-2023-38906",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T00:15:07.920", "published": "2023-08-22T00:15:07.920",
"lastModified": "2023-08-22T12:41:26.783", "lastModified": "2023-08-25T17:51:19.590",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message." "value": "An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tp-link:tapo:2.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "D392C8A7-8A3F-490A-90B5-F7D7BFDC7F72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tapo_l530e_firmware:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0427C4E5-322A-40F0-AA88-2FF57A32885F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tapo_l530e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49091A2E-84FF-4A44-87EE-2BA8C366BE51"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://arxiv.org/abs/2308.09019", "url": "https://arxiv.org/abs/2308.09019",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1", "url": "https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

91
CVE-2023/CVE-2023-389xx/CVE-2023-38908.json
View File

@ -2,27 +2,106 @@
"id": "CVE-2023-38908", "id": "CVE-2023-38908",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T01:15:08.153", "published": "2023-08-22T01:15:08.153",
"lastModified": "2023-08-22T12:41:26.783", "lastModified": "2023-08-25T17:50:42.373",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function." "value": "An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tp-link:tapo:2.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "D392C8A7-8A3F-490A-90B5-F7D7BFDC7F72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tapo_l530e_firmware:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0427C4E5-322A-40F0-AA88-2FF57A32885F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tapo_l530e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49091A2E-84FF-4A44-87EE-2BA8C366BE51"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://arxiv.org/abs/2308.09019", "url": "https://arxiv.org/abs/2308.09019",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://arxiv.org/pdf/2308.09019.pdf", "url": "https://arxiv.org/pdf/2308.09019.pdf",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1", "url": "https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

92
CVE-2023/CVE-2023-389xx/CVE-2023-38909.json
View File

@ -2,27 +2,107 @@
"id": "CVE-2023-38909", "id": "CVE-2023-38909",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T01:15:08.537", "published": "2023-08-22T01:15:08.537",
"lastModified": "2023-08-22T12:41:26.783", "lastModified": "2023-08-25T17:48:53.440",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function." "value": "An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tp-link:tapo:2.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "D392C8A7-8A3F-490A-90B5-F7D7BFDC7F72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tapo_l530e_firmware:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0427C4E5-322A-40F0-AA88-2FF57A32885F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tapo_l530e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49091A2E-84FF-4A44-87EE-2BA8C366BE51"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://arxiv.org/abs/2308.09019", "url": "https://arxiv.org/abs/2308.09019",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://arxiv.org/pdf/2308.09019.pdf", "url": "https://arxiv.org/pdf/2308.09019.pdf",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1", "url": "https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

85
CVE-2023/CVE-2023-396xx/CVE-2023-39666.json
View File

@ -2,27 +2,100 @@
"id": "CVE-2023-39666", "id": "CVE-2023-39666",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-18T03:15:21.913", "published": "2023-08-18T03:15:21.913",
"lastModified": "2023-08-18T12:43:51.207", "lastModified": "2023-08-25T16:15:17.530",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "D-Link DIR-842 fw_revA_1-02_eu_multi_20151008 was discovered to contain multiple buffer overflows in the fgets function via the acStack_120 and acStack_220 parameters." "value": "D-Link DIR-842 fw_revA_1-02_eu_multi_20151008 was discovered to contain multiple buffer overflows in the fgets function via the acStack_120 and acStack_220 parameters."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-842_firmware:1.05b02:*:*:*:*:*:*:*",
"matchCriteriaId": "D761A5D9-8CAC-4056-A5B0-21917EAA53A4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-842:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C05AE997-7966-4CCA-B58A-93B684D55F60"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/Davidteeri/Bug-Report/blob/main/D-Link/DIR-842%20buffer%20overflow.md", "url": "https://github.com/Davidteeri/Bug-Report/blob/main/D-Link/DIR-842%20buffer%20overflow.md",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}, },
{ {
"url": "https://support.dlink.com/", "url": "https://support.dlink.com/",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://www.dlink.com/en/security-bulletin/", "url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

90
CVE-2023/CVE-2023-399xx/CVE-2023-39939.json
View File

@ -2,27 +2,105 @@
"id": "CVE-2023-39939", "id": "CVE-2023-39939",
"sourceIdentifier": "vultures@jpcert.or.jp", "sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-08-21T09:15:10.280", "published": "2023-08-21T09:15:10.280",
"lastModified": "2023-08-21T12:47:08.843", "lastModified": "2023-08-25T16:08:34.140",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute arbitrary queries against the database and obtain or alter the information in it." "value": "SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute arbitrary queries against the database and obtain or alter the information in it."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:luxsoft:luxcal_web_calendar:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.2.3m",
"matchCriteriaId": "D2A2C8DB-069C-43B0-B15E-8B56E92E5304"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:luxsoft:luxcal_web_calendar:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.2.3l",
"matchCriteriaId": "762AC990-3256-4610-BC78-35C1833DEC4E"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://jvn.jp/en/jp/JVN04876736/", "url": "https://jvn.jp/en/jp/JVN04876736/",
"source": "vultures@jpcert.or.jp" "source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.luxsoft.eu/", "url": "https://www.luxsoft.eu/",
"source": "vultures@jpcert.or.jp" "source": "vultures@jpcert.or.jp",
"tags": [
"Product"
]
}, },
{ {
"url": "https://www.luxsoft.eu/?download", "url": "https://www.luxsoft.eu/?download",
"source": "vultures@jpcert.or.jp" "source": "vultures@jpcert.or.jp",
"tags": [
"Product"
]
} }
] ]
} }

53
CVE-2023/CVE-2023-39xx/CVE-2023-3936.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-3936", "id": "CVE-2023-3936",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-21T17:15:49.967", "published": "2023-08-21T17:15:49.967",
"lastModified": "2023-08-21T18:35:09.707", "lastModified": "2023-08-25T17:02:58.830",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" "value": "The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "contact@wpscan.com", "source": "contact@wpscan.com",
@ -23,10 +46,32 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adenion:blog2social:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "7.2.1",
"matchCriteriaId": "992DF2FB-717E-43F0-98B4-865A462D4D29"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://wpscan.com/vulnerability/6d09a5d3-046d-47ef-86b4-c024ea09dc0f", "url": "https://wpscan.com/vulnerability/6d09a5d3-046d-47ef-86b4-c024ea09dc0f",
"source": "contact@wpscan.com" "source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

65
CVE-2023/CVE-2023-39xx/CVE-2023-3954.json
View File

@ -2,18 +2,41 @@
"id": "CVE-2023-3954", "id": "CVE-2023-3954",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-21T17:15:50.047", "published": "2023-08-21T17:15:50.047",
"lastModified": "2023-08-21T18:35:09.707", "lastModified": "2023-08-25T16:16:42.747",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" "value": "The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "contact@wpscan.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"description": [ "description": [
{ {
@ -21,12 +44,44 @@
"value": "CWE-79" "value": "CWE-79"
} }
] ]
},
{
"source": "contact@wpscan.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:multiparcels:multiparcels_shipping_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.15.4",
"matchCriteriaId": "D4222FF5-97DF-45FF-A189-D8231E113EBD"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://wpscan.com/vulnerability/b463ccbb-2dc1-479f-bc88-becd204b2dc0", "url": "https://wpscan.com/vulnerability/b463ccbb-2dc1-479f-bc88-becd204b2dc0",
"source": "contact@wpscan.com" "source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

75
CVE-2023/CVE-2023-400xx/CVE-2023-40034.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40034", "id": "CVE-2023-40034",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-16T21:15:10.087", "published": "2023-08-16T21:15:10.087",
"lastModified": "2023-08-17T12:53:44.537", "lastModified": "2023-08-25T17:43:47.567",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -36,8 +56,18 @@
}, },
"weaknesses": [ "weaknesses": [
{ {
"source": "security-advisories@github.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -46,22 +76,53 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:woodpecker-ci:woodpecker:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.0",
"versionEndExcluding": "1.0.2",
"matchCriteriaId": "1EFD3D08-B24D-4822-9C72-C4FA7DF5CE84"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/woodpecker-ci/woodpecker/commit/6e4c2f84cc84661d58cf1c0e5c421a46070bb105", "url": "https://github.com/woodpecker-ci/woodpecker/commit/6e4c2f84cc84661d58cf1c0e5c421a46070bb105",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/woodpecker-ci/woodpecker/pull/2221", "url": "https://github.com/woodpecker-ci/woodpecker/pull/2221",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
}, },
{ {
"url": "https://github.com/woodpecker-ci/woodpecker/pull/2222", "url": "https://github.com/woodpecker-ci/woodpecker/pull/2222",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
}, },
{ {
"url": "https://github.com/woodpecker-ci/woodpecker/security/advisories/GHSA-4gcf-5m39-98mc", "url": "https://github.com/woodpecker-ci/woodpecker/security/advisories/GHSA-4gcf-5m39-98mc",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

88
CVE-2023/CVE-2023-400xx/CVE-2023-40068.json
View File

@ -2,31 +2,105 @@
"id": "CVE-2023-40068", "id": "CVE-2023-40068",
"sourceIdentifier": "vultures@jpcert.or.jp", "sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-08-21T09:15:10.430", "published": "2023-08-21T09:15:10.430",
"lastModified": "2023-08-21T12:47:08.843", "lastModified": "2023-08-25T16:10:43.683",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative privilege." "value": "Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative privilege."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:advancedcustomfields:advanced_custom_fields:*:*:*:*:-:wordpress:*:*",
"versionStartIncluding": "6.1.0",
"versionEndIncluding": "6.1.7",
"matchCriteriaId": "8EF03DA3-87E4-4449-BE67-43FEBE09952B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:advancedcustomfields:advanced_custom_fields:*:*:*:*:pro:wordpress:*:*",
"versionStartIncluding": "6.1.0",
"versionEndIncluding": "6.1.7",
"matchCriteriaId": "E5706ED3-7C74-487F-B198-A0EB7FAE9DD3"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://jvn.jp/en/jp/JVN98946408/", "url": "https://jvn.jp/en/jp/JVN98946408/",
"source": "vultures@jpcert.or.jp" "source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://wordpress.org/plugins/advanced-custom-fields/", "url": "https://wordpress.org/plugins/advanced-custom-fields/",
"source": "vultures@jpcert.or.jp" "source": "vultures@jpcert.or.jp",
"tags": [
"Product"
]
}, },
{ {
"url": "https://www.advancedcustomfields.com/", "url": "https://www.advancedcustomfields.com/",
"source": "vultures@jpcert.or.jp" "source": "vultures@jpcert.or.jp",
"tags": [
"Product"
]
}, },
{ {
"url": "https://www.advancedcustomfields.com/blog/acf-6-1-8/", "url": "https://www.advancedcustomfields.com/blog/acf-6-1-8/",
"source": "vultures@jpcert.or.jp" "source": "vultures@jpcert.or.jp",
"tags": [
"Release Notes",
"Vendor Advisory"
]
} }
] ]
} }

10
CVE-2023/CVE-2023-402xx/CVE-2023-40273.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-40273", "id": "CVE-2023-40273",
"sourceIdentifier": "security@apache.org", "sourceIdentifier": "security@apache.org",
"published": "2023-08-23T16:15:09.803", "published": "2023-08-23T16:15:09.803",
"lastModified": "2023-08-23T21:15:09.263", "lastModified": "2023-08-25T16:15:08.150",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
@ -24,10 +24,6 @@
} }
], ],
"references": [ "references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/08/23/1",
"source": "security@apache.org"
},
{ {
"url": "https://github.com/apache/airflow/pull/33347", "url": "https://github.com/apache/airflow/pull/33347",
"source": "security@apache.org" "source": "security@apache.org"
@ -35,6 +31,10 @@
{ {
"url": "https://lists.apache.org/thread/9rdmv8ln4y4ncbyrlmjrsj903x4l80nj", "url": "https://lists.apache.org/thread/9rdmv8ln4y4ncbyrlmjrsj903x4l80nj",
"source": "security@apache.org" "source": "security@apache.org"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/08/23/1",
"source": "security@apache.org"
} }
] ]
} }

20
CVE-2023/CVE-2023-407xx/CVE-2023-40796.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40796",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T16:15:08.323",
"lastModified": "2023-08-25T17:51:53.297",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Phicomm k2 v22.6.529.216 is vulnerable to command injection."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/lst-oss/Vulnerability/tree/main/Phicomm/k2",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-407xx/CVE-2023-40797.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40797",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T16:15:08.427",
"lastModified": "2023-08-25T17:51:53.297",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Tenda AC23 v16.03.07.45_cn, the sub_4781A4 function does not validate the parameters entered by the user, resulting in a post-authentication stack overflow vulnerability."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/lst-oss/Vulnerability/tree/main/Tenda/AC23/sub_4781A4",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-407xx/CVE-2023-40798.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40798",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T16:15:08.510",
"lastModified": "2023-08-25T17:51:53.297",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/lst-oss/Vulnerability/tree/main/Tenda/AC23/formSetIPv6status-formGetWanParameter",
"source": "cve@mitre.org"
}
]
}

6
CVE-2023/CVE-2023-407xx/CVE-2023-40799.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-40799", "id": "CVE-2023-40799",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T15:15:09.307", "published": "2023-08-25T15:15:09.307",
"lastModified": "2023-08-25T15:15:09.307", "lastModified": "2023-08-25T17:51:53.297",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Tenda AC23 Vv16.03.07.45_cn AC23 is vulnerable to Buffer via sub_450A4C function." "value": "Tenda AC23 Vv16.03.07.45_cn is vulnerable to Buffer Overflow via sub_450A4C function."
} }
], ],
"metrics": {}, "metrics": {},

4
CVE-2023/CVE-2023-408xx/CVE-2023-40800.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40800", "id": "CVE-2023-40800",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T15:15:09.390", "published": "2023-08-25T15:15:09.390",
"lastModified": "2023-08-25T15:15:09.390", "lastModified": "2023-08-25T17:51:53.297",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-408xx/CVE-2023-40801.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40801", "id": "CVE-2023-40801",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T15:15:09.470", "published": "2023-08-25T15:15:09.470",
"lastModified": "2023-08-25T15:15:09.470", "lastModified": "2023-08-25T17:51:53.297",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-408xx/CVE-2023-40802.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40802", "id": "CVE-2023-40802",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T15:15:09.550", "published": "2023-08-25T15:15:09.550",
"lastModified": "2023-08-25T15:15:09.550", "lastModified": "2023-08-25T17:51:53.297",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-409xx/CVE-2023-40915.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40915", "id": "CVE-2023-40915",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T15:15:09.627", "published": "2023-08-25T15:15:09.627",
"lastModified": "2023-08-25T15:15:09.627", "lastModified": "2023-08-25T17:51:53.297",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

64
CVE-2023/CVE-2023-43xx/CVE-2023-4373.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-4373", "id": "CVE-2023-4373",
"sourceIdentifier": "security@devolutions.net", "sourceIdentifier": "security@devolutions.net",
"published": "2023-08-21T19:15:08.787", "published": "2023-08-21T19:15:08.787",
"lastModified": "2023-08-22T12:41:26.783", "lastModified": "2023-08-25T17:57:11.583",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "\nInadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature.\n\n" "value": "\nInadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature.\n\n"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2023.2.19",
"matchCriteriaId": "2B3DFE86-D742-4603-9500-9D78DA42CBA9"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://devolutions.net/security/advisories/DEVO-2023-0015/", "url": "https://devolutions.net/security/advisories/DEVO-2023-0015/",
"source": "security@devolutions.net" "source": "security@devolutions.net",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

76
CVE-2023/CVE-2023-44xx/CVE-2023-4417.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-4417", "id": "CVE-2023-4417",
"sourceIdentifier": "security@devolutions.net", "sourceIdentifier": "security@devolutions.net",
"published": "2023-08-21T19:15:09.187", "published": "2023-08-21T19:15:09.187",
"lastModified": "2023-08-22T19:16:41.680", "lastModified": "2023-08-25T17:55:22.950",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process." "value": "Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2023.2.19",
"matchCriteriaId": "2B3DFE86-D742-4603-9500-9D78DA42CBA9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://devolutions.net/security/advisories/DEVO-2023-0015", "url": "https://devolutions.net/security/advisories/DEVO-2023-0015",
"source": "security@devolutions.net" "source": "security@devolutions.net",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

56
CVE-2023/CVE-2023-44xx/CVE-2023-4434.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4434", "id": "CVE-2023-4434",
"sourceIdentifier": "security@huntr.dev", "sourceIdentifier": "security@huntr.dev",
"published": "2023-08-20T01:15:10.050", "published": "2023-08-20T01:15:10.050",
"lastModified": "2023-08-21T12:47:18.157", "lastModified": "2023-08-25T17:57:45.133",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -11,6 +11,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 4.2
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "security@huntr.dev", "source": "security@huntr.dev",
@ -46,14 +68,40 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:*:*:*:*:*:android:*:*",
"versionEndExcluding": "build88",
"matchCriteriaId": "87A3E342-311A-4502-9F49-BA572D3E6D3D"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/hamza417/inure/commit/2176af74ca3a81fd001e6cc8eea5a8306f484fbb", "url": "https://github.com/hamza417/inure/commit/2176af74ca3a81fd001e6cc8eea5a8306f484fbb",
"source": "security@huntr.dev" "source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
]
}, },
{ {
"url": "https://huntr.dev/bounties/19e68377-e071-4a8e-aa4c-cd84a426602e", "url": "https://huntr.dev/bounties/19e68377-e071-4a8e-aa4c-cd84a426602e",
"source": "security@huntr.dev" "source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

56
CVE-2023/CVE-2023-44xx/CVE-2023-4435.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4435", "id": "CVE-2023-4435",
"sourceIdentifier": "security@huntr.dev", "sourceIdentifier": "security@huntr.dev",
"published": "2023-08-20T01:15:10.773", "published": "2023-08-20T01:15:10.773",
"lastModified": "2023-08-21T12:47:18.157", "lastModified": "2023-08-25T17:34:31.577",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -11,6 +11,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "security@huntr.dev", "source": "security@huntr.dev",
@ -46,14 +68,40 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hamza417:inure:*:*:*:*:*:android:*:*",
"versionEndExcluding": "build88",
"matchCriteriaId": "87A3E342-311A-4502-9F49-BA572D3E6D3D"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/hamza417/inure/commit/e74062e439f860fd144da4bfc3f35e96c19c3abd", "url": "https://github.com/hamza417/inure/commit/e74062e439f860fd144da4bfc3f35e96c19c3abd",
"source": "security@huntr.dev" "source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
]
}, },
{ {
"url": "https://huntr.dev/bounties/1875ee85-4b92-4aa4-861e-094137a29276", "url": "https://huntr.dev/bounties/1875ee85-4b92-4aa4-861e-094137a29276",
"source": "security@huntr.dev" "source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

61
CVE-2023/CVE-2023-44xx/CVE-2023-4446.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4446", "id": "CVE-2023-4446",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2023-08-21T01:15:10.320", "published": "2023-08-21T01:15:10.320",
"lastModified": "2023-08-21T12:47:13.573", "lastModified": "2023-08-25T16:26:29.003",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -11,6 +11,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
@ -71,18 +93,47 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openrapid:rapidcms:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D66CF166-4A08-45F5-9577-38D3CE25AFBA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/OpenRapid/rapidcms/issues/3", "url": "https://github.com/OpenRapid/rapidcms/issues/3",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.237567", "url": "https://vuldb.com/?ctiid.237567",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?id.237567", "url": "https://vuldb.com/?id.237567",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

4
CVE-2023/CVE-2023-45xx/CVE-2023-4534.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4534", "id": "CVE-2023-4534",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2023-08-25T15:15:09.887", "published": "2023-08-25T15:15:09.887",
"lastModified": "2023-08-25T15:15:09.887", "lastModified": "2023-08-25T17:51:53.297",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

74
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-08-25T16:00:30.436334+00:00 2023-08-25T18:00:33.975572+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-08-25T15:57:53.300000+00:00 2023-08-25T17:58:28.547000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,53 +29,49 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
223450 223455
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `9` Recently added CVEs: `5`
* [CVE-2022-4452](CVE-2022/CVE-2022-44xx/CVE-2022-4452.json) (`2023-08-25T15:15:08.040`) * [CVE-2020-11711](CVE-2020/CVE-2020-117xx/CVE-2020-11711.json) (`2023-08-25T16:15:07.857`)
* [CVE-2023-39742](CVE-2023/CVE-2023-397xx/CVE-2023-39742.json) (`2023-08-25T14:15:09.763`) * [CVE-2023-40796](CVE-2023/CVE-2023-407xx/CVE-2023-40796.json) (`2023-08-25T16:15:08.323`)
* [CVE-2023-41167](CVE-2023/CVE-2023-411xx/CVE-2023-41167.json) (`2023-08-25T14:15:10.150`) * [CVE-2023-40797](CVE-2023/CVE-2023-407xx/CVE-2023-40797.json) (`2023-08-25T16:15:08.427`)
* [CVE-2023-40799](CVE-2023/CVE-2023-407xx/CVE-2023-40799.json) (`2023-08-25T15:15:09.307`) * [CVE-2023-40798](CVE-2023/CVE-2023-407xx/CVE-2023-40798.json) (`2023-08-25T16:15:08.510`)
* [CVE-2023-40800](CVE-2023/CVE-2023-408xx/CVE-2023-40800.json) (`2023-08-25T15:15:09.390`) * [CVE-2023-38201](CVE-2023/CVE-2023-382xx/CVE-2023-38201.json) (`2023-08-25T17:15:08.530`)
* [CVE-2023-40801](CVE-2023/CVE-2023-408xx/CVE-2023-40801.json) (`2023-08-25T15:15:09.470`)
* [CVE-2023-40802](CVE-2023/CVE-2023-408xx/CVE-2023-40802.json) (`2023-08-25T15:15:09.550`)
* [CVE-2023-40915](CVE-2023/CVE-2023-409xx/CVE-2023-40915.json) (`2023-08-25T15:15:09.627`)
* [CVE-2023-4534](CVE-2023/CVE-2023-45xx/CVE-2023-4534.json) (`2023-08-25T15:15:09.887`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `31` Recently modified CVEs: `39`
* [CVE-2020-24292](CVE-2020/CVE-2020-242xx/CVE-2020-24292.json) (`2023-08-25T15:34:45.413`) * [CVE-2023-37250](CVE-2023/CVE-2023-372xx/CVE-2023-37250.json) (`2023-08-25T16:15:00.827`)
* [CVE-2020-24293](CVE-2020/CVE-2020-242xx/CVE-2020-24293.json) (`2023-08-25T15:37:30.777`) * [CVE-2023-40273](CVE-2023/CVE-2023-402xx/CVE-2023-40273.json) (`2023-08-25T16:15:08.150`)
* [CVE-2020-24294](CVE-2020/CVE-2020-242xx/CVE-2020-24294.json) (`2023-08-25T15:44:37.527`) * [CVE-2023-39666](CVE-2023/CVE-2023-396xx/CVE-2023-39666.json) (`2023-08-25T16:15:17.530`)
* [CVE-2020-24295](CVE-2020/CVE-2020-242xx/CVE-2020-24295.json) (`2023-08-25T15:46:04.610`) * [CVE-2023-3954](CVE-2023/CVE-2023-39xx/CVE-2023-3954.json) (`2023-08-25T16:16:42.747`)
* [CVE-2020-22181](CVE-2020/CVE-2020-221xx/CVE-2020-22181.json) (`2023-08-25T15:51:30.537`) * [CVE-2023-4446](CVE-2023/CVE-2023-44xx/CVE-2023-4446.json) (`2023-08-25T16:26:29.003`)
* [CVE-2022-0850](CVE-2022/CVE-2022-08xx/CVE-2022-0850.json) (`2023-08-25T15:24:17.467`) * [CVE-2023-20237](CVE-2023/CVE-2023-202xx/CVE-2023-20237.json) (`2023-08-25T16:32:21.537`)
* [CVE-2023-36674](CVE-2023/CVE-2023-366xx/CVE-2023-36674.json) (`2023-08-25T14:08:11.103`) * [CVE-2023-3604](CVE-2023/CVE-2023-36xx/CVE-2023-3604.json) (`2023-08-25T16:35:44.563`)
* [CVE-2023-39741](CVE-2023/CVE-2023-397xx/CVE-2023-39741.json) (`2023-08-25T14:15:09.287`) * [CVE-2023-20229](CVE-2023/CVE-2023-202xx/CVE-2023-20229.json) (`2023-08-25T16:45:26.260`)
* [CVE-2023-39743](CVE-2023/CVE-2023-397xx/CVE-2023-39743.json) (`2023-08-25T14:15:09.957`) * [CVE-2023-3667](CVE-2023/CVE-2023-36xx/CVE-2023-3667.json) (`2023-08-25T17:00:11.147`)
* [CVE-2023-4445](CVE-2023/CVE-2023-44xx/CVE-2023-4445.json) (`2023-08-25T14:24:56.657`) * [CVE-2023-3936](CVE-2023/CVE-2023-39xx/CVE-2023-3936.json) (`2023-08-25T17:02:58.830`)
* [CVE-2023-39671](CVE-2023/CVE-2023-396xx/CVE-2023-39671.json) (`2023-08-25T14:51:35.360`) * [CVE-2023-4435](CVE-2023/CVE-2023-44xx/CVE-2023-4435.json) (`2023-08-25T17:34:31.577`)
* [CVE-2023-39674](CVE-2023/CVE-2023-396xx/CVE-2023-39674.json) (`2023-08-25T14:51:47.643`) * [CVE-2023-40034](CVE-2023/CVE-2023-400xx/CVE-2023-40034.json) (`2023-08-25T17:43:47.567`)
* [CVE-2023-39617](CVE-2023/CVE-2023-396xx/CVE-2023-39617.json) (`2023-08-25T14:56:11.560`) * [CVE-2023-38909](CVE-2023/CVE-2023-389xx/CVE-2023-38909.json) (`2023-08-25T17:48:53.440`)
* [CVE-2023-39618](CVE-2023/CVE-2023-396xx/CVE-2023-39618.json) (`2023-08-25T14:57:10.980`) * [CVE-2023-38908](CVE-2023/CVE-2023-389xx/CVE-2023-38908.json) (`2023-08-25T17:50:42.373`)
* [CVE-2023-39745](CVE-2023/CVE-2023-397xx/CVE-2023-39745.json) (`2023-08-25T15:02:19.863`) * [CVE-2023-38906](CVE-2023/CVE-2023-389xx/CVE-2023-38906.json) (`2023-08-25T17:51:19.590`)
* [CVE-2023-39747](CVE-2023/CVE-2023-397xx/CVE-2023-39747.json) (`2023-08-25T15:02:42.837`) * [CVE-2023-40799](CVE-2023/CVE-2023-407xx/CVE-2023-40799.json) (`2023-08-25T17:51:53.297`)
* [CVE-2023-39748](CVE-2023/CVE-2023-397xx/CVE-2023-39748.json) (`2023-08-25T15:02:59.867`) * [CVE-2023-40800](CVE-2023/CVE-2023-408xx/CVE-2023-40800.json) (`2023-08-25T17:51:53.297`)
* [CVE-2023-33242](CVE-2023/CVE-2023-332xx/CVE-2023-33242.json) (`2023-08-25T15:06:14.247`) * [CVE-2023-40801](CVE-2023/CVE-2023-408xx/CVE-2023-40801.json) (`2023-08-25T17:51:53.297`)
* [CVE-2023-4447](CVE-2023/CVE-2023-44xx/CVE-2023-4447.json) (`2023-08-25T15:12:40.690`) * [CVE-2023-40802](CVE-2023/CVE-2023-408xx/CVE-2023-40802.json) (`2023-08-25T17:51:53.297`)
* [CVE-2023-4448](CVE-2023/CVE-2023-44xx/CVE-2023-4448.json) (`2023-08-25T15:13:01.857`) * [CVE-2023-40915](CVE-2023/CVE-2023-409xx/CVE-2023-40915.json) (`2023-08-25T17:51:53.297`)
* [CVE-2023-3269](CVE-2023/CVE-2023-32xx/CVE-2023-3269.json) (`2023-08-25T15:15:08.783`) * [CVE-2023-4534](CVE-2023/CVE-2023-45xx/CVE-2023-4534.json) (`2023-08-25T17:51:53.297`)
* [CVE-2023-2006](CVE-2023/CVE-2023-20xx/CVE-2023-2006.json) (`2023-08-25T15:23:55.877`) * [CVE-2023-20224](CVE-2023/CVE-2023-202xx/CVE-2023-20224.json) (`2023-08-25T17:52:52.807`)
* [CVE-2023-2235](CVE-2023/CVE-2023-22xx/CVE-2023-2235.json) (`2023-08-25T15:24:09.620`) * [CVE-2023-4417](CVE-2023/CVE-2023-44xx/CVE-2023-4417.json) (`2023-08-25T17:55:22.950`)
* [CVE-2023-2737](CVE-2023/CVE-2023-27xx/CVE-2023-2737.json) (`2023-08-25T15:42:05.057`) * [CVE-2023-4373](CVE-2023/CVE-2023-43xx/CVE-2023-4373.json) (`2023-08-25T17:57:11.583`)
* [CVE-2023-39543](CVE-2023/CVE-2023-395xx/CVE-2023-39543.json) (`2023-08-25T15:57:53.300`) * [CVE-2023-4434](CVE-2023/CVE-2023-44xx/CVE-2023-4434.json) (`2023-08-25T17:57:45.133`)
## Download and Usage ## Download and Usage