mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-07-09 16:05:11 +00:00
Auto-Update: 2023-06-02T12:00:25.659913+00:00
This commit is contained in:
parent
6f920900d7
commit
6e5887b15e
55
CVE-2022/CVE-2022-463xx/CVE-2022-46307.json
Normal file
55
CVE-2022/CVE-2022-463xx/CVE-2022-46307.json
Normal file
@ -0,0 +1,55 @@
|
||||
{
|
||||
"id": "CVE-2022-46307",
|
||||
"sourceIdentifier": "twcert@cert.org.tw",
|
||||
"published": "2023-06-02T11:15:09.730",
|
||||
"lastModified": "2023-06-02T11:15:09.730",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "SGUDA U-Lock central lock control service\u2019s lock management function has incorrect authorization. A remote attacker with general privilege can exploit this vulnerability to call privileged APIs to acquire information, manipulate or disrupt the functionality of arbitrary electronic locks."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-863"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://www.twcert.org.tw/tw/cp-132-7099-e8897-1.html",
|
||||
"source": "twcert@cert.org.tw"
|
||||
}
|
||||
]
|
||||
}
|
55
CVE-2022/CVE-2022-463xx/CVE-2022-46308.json
Normal file
55
CVE-2022/CVE-2022-463xx/CVE-2022-46308.json
Normal file
@ -0,0 +1,55 @@
|
||||
{
|
||||
"id": "CVE-2022-46308",
|
||||
"sourceIdentifier": "twcert@cert.org.tw",
|
||||
"published": "2023-06-02T11:15:09.913",
|
||||
"lastModified": "2023-06-02T11:15:09.913",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "SGUDA U-Lock central lock control service\u2019s user management function has incorrect authorization. A remote attacker with general user privilege can exploit this vulnerability to call privileged APIs to access, modify and delete user information."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-863"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://www.twcert.org.tw/tw/cp-132-7100-7a15c-1.html",
|
||||
"source": "twcert@cert.org.tw"
|
||||
}
|
||||
]
|
||||
}
|
55
CVE-2022/CVE-2022-476xx/CVE-2022-47616.json
Normal file
55
CVE-2022/CVE-2022-476xx/CVE-2022-47616.json
Normal file
@ -0,0 +1,55 @@
|
||||
{
|
||||
"id": "CVE-2022-47616",
|
||||
"sourceIdentifier": "twcert@cert.org.tw",
|
||||
"published": "2023-06-02T11:15:09.997",
|
||||
"lastModified": "2023-06-02T11:15:09.997",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Hitron CODA-5310 has insufficient filtering for specific parameters in the connection test function. A remote attacker authenticated as an administrator, can use the management page to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "HIGH",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 7.2,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 1.2,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-78"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://www.twcert.org.tw/tw/cp-132-7082-373d5-1.html",
|
||||
"source": "twcert@cert.org.tw"
|
||||
}
|
||||
]
|
||||
}
|
55
CVE-2022/CVE-2022-476xx/CVE-2022-47617.json
Normal file
55
CVE-2022/CVE-2022-476xx/CVE-2022-47617.json
Normal file
@ -0,0 +1,55 @@
|
||||
{
|
||||
"id": "CVE-2022-47617",
|
||||
"sourceIdentifier": "twcert@cert.org.tw",
|
||||
"published": "2023-06-02T11:15:10.077",
|
||||
"lastModified": "2023-06-02T11:15:10.077",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Hitron CODA-5310 has hard-coded encryption/decryption keys in the program code. A remote attacker authenticated as an administrator can decrypt system files using the hard-coded keys for file access, modification, and cause service disruption."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "HIGH",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 7.2,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 1.2,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-798"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://www.twcert.org.tw/tw/cp-132-7083-94e13-1.html",
|
||||
"source": "twcert@cert.org.tw"
|
||||
}
|
||||
]
|
||||
}
|
55
CVE-2023/CVE-2023-257xx/CVE-2023-25780.json
Normal file
55
CVE-2023/CVE-2023-257xx/CVE-2023-25780.json
Normal file
@ -0,0 +1,55 @@
|
||||
{
|
||||
"id": "CVE-2023-25780",
|
||||
"sourceIdentifier": "twcert@cert.org.tw",
|
||||
"published": "2023-06-02T11:15:10.157",
|
||||
"lastModified": "2023-06-02T11:15:10.157",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "It is identified a vulnerability of insufficient authentication in an important specific function of Status PowerBPM. A LAN attacker with normal user privilege can exploit this vulnerability to modify substitute agent to arbitrary users, resulting in serious consequence."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
|
||||
"attackVector": "ADJACENT_NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.7,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.1,
|
||||
"impactScore": 3.6
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-306"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://www.twcert.org.tw/tw/cp-132-7152-d7f5b-1.html",
|
||||
"source": "twcert@cert.org.tw"
|
||||
}
|
||||
]
|
||||
}
|
55
CVE-2023/CVE-2023-286xx/CVE-2023-28698.json
Normal file
55
CVE-2023/CVE-2023-286xx/CVE-2023-28698.json
Normal file
@ -0,0 +1,55 @@
|
||||
{
|
||||
"id": "CVE-2023-28698",
|
||||
"sourceIdentifier": "twcert@cert.org.tw",
|
||||
"published": "2023-06-02T11:15:10.230",
|
||||
"lastModified": "2023-06-02T11:15:10.230",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Wade Graphic Design FANTSY has a vulnerability of insufficient authorization check. An unauthenticated remote user can exploit this vulnerability by modifying URL parameters to gain administrator privileges to perform arbitrary system operation or disrupt service."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9.8,
|
||||
"baseSeverity": "CRITICAL"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-863"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://www.twcert.org.tw/tw/cp-132-7101-f88db-1.html",
|
||||
"source": "twcert@cert.org.tw"
|
||||
}
|
||||
]
|
||||
}
|
55
CVE-2023/CVE-2023-286xx/CVE-2023-28699.json
Normal file
55
CVE-2023/CVE-2023-286xx/CVE-2023-28699.json
Normal file
@ -0,0 +1,55 @@
|
||||
{
|
||||
"id": "CVE-2023-28699",
|
||||
"sourceIdentifier": "twcert@cert.org.tw",
|
||||
"published": "2023-06-02T11:15:10.297",
|
||||
"lastModified": "2023-06-02T11:15:10.297",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload a PHP file containing a webshell to perform arbitrary system operation or disrupt service."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-434"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://www.twcert.org.tw/tw/cp-132-7102-41ab8-1.html",
|
||||
"source": "twcert@cert.org.tw"
|
||||
}
|
||||
]
|
||||
}
|
55
CVE-2023/CVE-2023-287xx/CVE-2023-28700.json
Normal file
55
CVE-2023/CVE-2023-287xx/CVE-2023-28700.json
Normal file
@ -0,0 +1,55 @@
|
||||
{
|
||||
"id": "CVE-2023-28700",
|
||||
"sourceIdentifier": "twcert@cert.org.tw",
|
||||
"published": "2023-06-02T11:15:10.370",
|
||||
"lastModified": "2023-06-02T11:15:10.370",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "OMICARD EDM backend system\u2019s file uploading function does not restrict upload of file with dangerous type. A local area network attacker with administrator privileges can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "ADJACENT_NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "HIGH",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 6.8,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 0.9,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-434"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://www.twcert.org.tw/tw/cp-132-7144-b7536-1.html",
|
||||
"source": "twcert@cert.org.tw"
|
||||
}
|
||||
]
|
||||
}
|
55
CVE-2023/CVE-2023-287xx/CVE-2023-28701.json
Normal file
55
CVE-2023/CVE-2023-287xx/CVE-2023-28701.json
Normal file
@ -0,0 +1,55 @@
|
||||
{
|
||||
"id": "CVE-2023-28701",
|
||||
"sourceIdentifier": "twcert@cert.org.tw",
|
||||
"published": "2023-06-02T11:15:10.443",
|
||||
"lastModified": "2023-06-02T11:15:10.443",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "ELITE TECHNOLOGY CORP. Web Fax has a vulnerability of SQL Injection. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to perform arbitrary system commands, disrupt service or terminate service."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9.8,
|
||||
"baseSeverity": "CRITICAL"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-89"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://www.twcert.org.tw/tw/cp-132-7145-1a0d4-1.html",
|
||||
"source": "twcert@cert.org.tw"
|
||||
}
|
||||
]
|
||||
}
|
55
CVE-2023/CVE-2023-287xx/CVE-2023-28702.json
Normal file
55
CVE-2023/CVE-2023-287xx/CVE-2023-28702.json
Normal file
@ -0,0 +1,55 @@
|
||||
{
|
||||
"id": "CVE-2023-28702",
|
||||
"sourceIdentifier": "twcert@cert.org.tw",
|
||||
"published": "2023-06-02T11:15:10.510",
|
||||
"lastModified": "2023-06-02T11:15:10.510",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "ASUS RT-AC86U does not filter special characters for parameters in specific web URLs. A remote attacker with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands, disrupt system or terminate service."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-78"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://www.twcert.org.tw/tw/cp-132-7146-ef92a-1.html",
|
||||
"source": "twcert@cert.org.tw"
|
||||
}
|
||||
]
|
||||
}
|
55
CVE-2023/CVE-2023-287xx/CVE-2023-28703.json
Normal file
55
CVE-2023/CVE-2023-287xx/CVE-2023-28703.json
Normal file
@ -0,0 +1,55 @@
|
||||
{
|
||||
"id": "CVE-2023-28703",
|
||||
"sourceIdentifier": "twcert@cert.org.tw",
|
||||
"published": "2023-06-02T11:15:10.580",
|
||||
"lastModified": "2023-06-02T11:15:10.580",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "ASUS RT-AC86U\u2019s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt system or terminate service."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "HIGH",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 7.2,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 1.2,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-787"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://www.twcert.org.tw/tw/cp-132-7147-afcf9-1.html",
|
||||
"source": "twcert@cert.org.tw"
|
||||
}
|
||||
]
|
||||
}
|
55
CVE-2023/CVE-2023-287xx/CVE-2023-28704.json
Normal file
55
CVE-2023/CVE-2023-287xx/CVE-2023-28704.json
Normal file
@ -0,0 +1,55 @@
|
||||
{
|
||||
"id": "CVE-2023-28704",
|
||||
"sourceIdentifier": "twcert@cert.org.tw",
|
||||
"published": "2023-06-02T11:15:10.650",
|
||||
"lastModified": "2023-06-02T11:15:10.650",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Furbo dog camera has insufficient filtering for special parameter of device log management function. An unauthenticated remote attacker in the Bluetooth network with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands or disrupt service."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "ADJACENT_NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-77"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://www.twcert.org.tw/tw/cp-132-7153-68f52-1.html",
|
||||
"source": "twcert@cert.org.tw"
|
||||
}
|
||||
]
|
||||
}
|
55
CVE-2023/CVE-2023-287xx/CVE-2023-28705.json
Normal file
55
CVE-2023/CVE-2023-287xx/CVE-2023-28705.json
Normal file
@ -0,0 +1,55 @@
|
||||
{
|
||||
"id": "CVE-2023-28705",
|
||||
"sourceIdentifier": "twcert@cert.org.tw",
|
||||
"published": "2023-06-02T11:15:10.720",
|
||||
"lastModified": "2023-06-02T11:15:10.720",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Openfind Mail2000 has insufficient filtering special characters of email content of its content filtering function. A remote attacker can exploit this vulnerability using phishing emails that contain malicious web pages injected with JavaScript. When users access the system and open the email, it triggers an XSS (Reflected Cross-site scripting) attack."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.4,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.3,
|
||||
"impactScore": 2.7
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://www.twcert.org.tw/tw/cp-132-7158-751a6-1.html",
|
||||
"source": "twcert@cert.org.tw"
|
||||
}
|
||||
]
|
||||
}
|
55
CVE-2023/CVE-2023-306xx/CVE-2023-30602.json
Normal file
55
CVE-2023/CVE-2023-306xx/CVE-2023-30602.json
Normal file
@ -0,0 +1,55 @@
|
||||
{
|
||||
"id": "CVE-2023-30602",
|
||||
"sourceIdentifier": "twcert@cert.org.tw",
|
||||
"published": "2023-06-02T11:15:10.793",
|
||||
"lastModified": "2023-06-02T11:15:10.793",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Hitron Technologies CODA-5310\u2019s Telnet function transfers sensitive data in plaintext. An unauthenticated remote attacker can exploit this vulnerability to access credentials of normal users and administrator."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 7.5,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 3.6
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-311"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://www.twcert.org.tw/tw/cp-132-7084-74e83-1.html",
|
||||
"source": "twcert@cert.org.tw"
|
||||
}
|
||||
]
|
||||
}
|
55
CVE-2023/CVE-2023-306xx/CVE-2023-30603.json
Normal file
55
CVE-2023/CVE-2023-306xx/CVE-2023-30603.json
Normal file
@ -0,0 +1,55 @@
|
||||
{
|
||||
"id": "CVE-2023-30603",
|
||||
"sourceIdentifier": "twcert@cert.org.tw",
|
||||
"published": "2023-06-02T11:15:10.863",
|
||||
"lastModified": "2023-06-02T11:15:10.863",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remote attackers can exploit this vulnerability to obtain the administrator\u2019s privilege, resulting in performing arbitrary system operation or disrupt service."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9.8,
|
||||
"baseSeverity": "CRITICAL"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-287"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://www.twcert.org.tw/tw/cp-132-7085-13321-1.html",
|
||||
"source": "twcert@cert.org.tw"
|
||||
}
|
||||
]
|
||||
}
|
55
CVE-2023/CVE-2023-306xx/CVE-2023-30604.json
Normal file
55
CVE-2023/CVE-2023-306xx/CVE-2023-30604.json
Normal file
@ -0,0 +1,55 @@
|
||||
{
|
||||
"id": "CVE-2023-30604",
|
||||
"sourceIdentifier": "twcert@cert.org.tw",
|
||||
"published": "2023-06-02T11:15:10.930",
|
||||
"lastModified": "2023-06-02T11:15:10.930",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "It is identified a vulnerability of insufficient authentication in the system configuration interface of Hitron Technologies CODA-5310. An unauthorized remote attacker can exploit this vulnerability to access system configuration interface, resulting in performing arbitrary system operation or disrupt service."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9.8,
|
||||
"baseSeverity": "CRITICAL"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "twcert@cert.org.tw",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-306"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://www.twcert.org.tw/tw/cp-132-7086-35622-1.html",
|
||||
"source": "twcert@cert.org.tw"
|
||||
}
|
||||
]
|
||||
}
|
25
README.md
25
README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
|
||||
### Last Repository Update
|
||||
|
||||
```plain
|
||||
2023-06-02T10:00:24.168928+00:00
|
||||
2023-06-02T12:00:25.659913+00:00
|
||||
```
|
||||
|
||||
### Most recent CVE Modification Timestamp synchronized with NVD
|
||||
|
||||
```plain
|
||||
2023-06-02T08:15:09.003000+00:00
|
||||
2023-06-02T11:15:10.930000+00:00
|
||||
```
|
||||
|
||||
### Last Data Feed Release
|
||||
@ -29,14 +29,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
|
||||
### Total Number of included CVEs
|
||||
|
||||
```plain
|
||||
216669
|
||||
216685
|
||||
```
|
||||
|
||||
### CVEs added in the last Commit
|
||||
|
||||
Recently added CVEs: `1`
|
||||
Recently added CVEs: `16`
|
||||
|
||||
* [CVE-2023-3000](CVE-2023/CVE-2023-30xx/CVE-2023-3000.json) (`2023-06-02T08:15:09.003`)
|
||||
* [CVE-2022-46307](CVE-2022/CVE-2022-463xx/CVE-2022-46307.json) (`2023-06-02T11:15:09.730`)
|
||||
* [CVE-2022-46308](CVE-2022/CVE-2022-463xx/CVE-2022-46308.json) (`2023-06-02T11:15:09.913`)
|
||||
* [CVE-2022-47616](CVE-2022/CVE-2022-476xx/CVE-2022-47616.json) (`2023-06-02T11:15:09.997`)
|
||||
* [CVE-2022-47617](CVE-2022/CVE-2022-476xx/CVE-2022-47617.json) (`2023-06-02T11:15:10.077`)
|
||||
* [CVE-2023-25780](CVE-2023/CVE-2023-257xx/CVE-2023-25780.json) (`2023-06-02T11:15:10.157`)
|
||||
* [CVE-2023-28698](CVE-2023/CVE-2023-286xx/CVE-2023-28698.json) (`2023-06-02T11:15:10.230`)
|
||||
* [CVE-2023-28699](CVE-2023/CVE-2023-286xx/CVE-2023-28699.json) (`2023-06-02T11:15:10.297`)
|
||||
* [CVE-2023-28700](CVE-2023/CVE-2023-287xx/CVE-2023-28700.json) (`2023-06-02T11:15:10.370`)
|
||||
* [CVE-2023-28701](CVE-2023/CVE-2023-287xx/CVE-2023-28701.json) (`2023-06-02T11:15:10.443`)
|
||||
* [CVE-2023-28702](CVE-2023/CVE-2023-287xx/CVE-2023-28702.json) (`2023-06-02T11:15:10.510`)
|
||||
* [CVE-2023-28703](CVE-2023/CVE-2023-287xx/CVE-2023-28703.json) (`2023-06-02T11:15:10.580`)
|
||||
* [CVE-2023-28704](CVE-2023/CVE-2023-287xx/CVE-2023-28704.json) (`2023-06-02T11:15:10.650`)
|
||||
* [CVE-2023-28705](CVE-2023/CVE-2023-287xx/CVE-2023-28705.json) (`2023-06-02T11:15:10.720`)
|
||||
* [CVE-2023-30602](CVE-2023/CVE-2023-306xx/CVE-2023-30602.json) (`2023-06-02T11:15:10.793`)
|
||||
* [CVE-2023-30603](CVE-2023/CVE-2023-306xx/CVE-2023-30603.json) (`2023-06-02T11:15:10.863`)
|
||||
* [CVE-2023-30604](CVE-2023/CVE-2023-306xx/CVE-2023-30604.json) (`2023-06-02T11:15:10.930`)
|
||||
|
||||
|
||||
### CVEs modified in the last Commit
|
||||
|
Loading…
x
Reference in New Issue
Block a user