admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-04T12:00:25.925521+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-04 12:00:29 +00:00
parent a2319456e8
commit 6ea8de774b
20 changed files with 923 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CVE-2022/CVE-2022-390xx/CVE-2022-39046.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-39046",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-08-31T06:15:07.467",
"lastModified": "2022-12-08T03:49:04.507",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-04T10:15:09.780",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -72,7 +72,6 @@
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -223,7 +222,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -240,6 +238,10 @@
}
],
"references": [
{
"url": "https://security.gentoo.org/glsa/202310-03",
"source": "cve@mitre.org"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221104-0002/",
"source": "cve@mitre.org",

59
CVE-2023/CVE-2023-15xx/CVE-2023-1584.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-1584",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-04T11:15:09.770",
"lastModified": "2023-10-04T11:15:09.770",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provider services. Please note that passwords are not stored in access tokens."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:3809",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-1584",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180886",
"source": "secalert@redhat.com"
},
{
"url": "https://github.com/quarkusio/quarkus/pull/32192",
"source": "secalert@redhat.com"
},
{
"url": "https://github.com/quarkusio/quarkus/pull/33414",
"source": "secalert@redhat.com"
}
]
}

67
CVE-2023/CVE-2023-24xx/CVE-2023-2422.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-2422",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-04T11:15:10.157",
"lastModified": "2023-10-04T11:15:10.157",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to other clients."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2
}
]
},
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:3883",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:3884",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:3885",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:3888",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:3892",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-2422",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191668",
"source": "secalert@redhat.com"
}
]
}

55
CVE-2023/CVE-2023-254xx/CVE-2023-25489.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25489",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-04T11:15:09.917",
"lastModified": "2023-10-04T11:15:09.917",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Update Theme and Plugins from Zip File plugin <=\u00a02.0.0 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/update-theme-and-plugins-from-zip-file/wordpress-update-theme-and-plugins-from-zip-file-plugin-2-0-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-257xx/CVE-2023-25788.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25788",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-04T11:15:09.997",
"lastModified": "2023-10-04T11:15:09.997",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Saphali Saphali Woocommerce Lite plugin <=\u00a01.8.13 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/saphali-woocommerce-lite/wordpress-saphali-woocommerce-lite-plugin-1-8-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-259xx/CVE-2023-25980.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25980",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-04T11:15:10.077",
"lastModified": "2023-10-04T11:15:10.077",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in CAGE Web Design | Rolf van Gelder Optimize Database after Deleting Revisions plugin <=\u00a05.1 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/rvg-optimize-database/wordpress-optimize-database-after-deleting-revisions-plugin-5-0-110-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-28xx/CVE-2023-2809.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-2809",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-04T11:15:10.223",
"lastModified": "2023-10-04T11:15:10.223",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote attacker to extract SQL database credentials from the DLL application. This vulnerability could be linked to known techniques to obtain remote execution of MS SQL commands and escalate privileges on Windows systems because the credentials are stored in plaintext."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/use-cleartext-credentials-sage-200",
"source": "cve-coordination@incibe.es"
}
]
}

55
CVE-2023/CVE-2023-35xx/CVE-2023-3512.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-3512",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-04T11:15:10.363",
"lastModified": "2023-10-04T11:15:10.363",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Relative path traversal vulnerability in Setelsa Security's ConacWin CB, in its 3.8.2.2 version and earlier, the exploitation of which could allow an attacker to perform an arbitrary download of files from the system via the \"Download file\" parameter."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-23"
}
]
}
],
"references": [
{
"url": "https://https://www.incibe.es/en/incibe-cert/notices/aviso/relative-path-traversal-setelsa-security-conacwin",
"source": "cve-coordination@incibe.es"
}
]
}

55
CVE-2023/CVE-2023-379xx/CVE-2023-37995.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37995",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-04T11:15:10.297",
"lastModified": "2023-10-04T11:15:10.297",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-CopyProtect [Protect your blog posts] plugin <=\u00a03.1.0 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-copyprotect/wordpress-wp-copyprotect-protect-your-blog-posts-plugin-3-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-37xx/CVE-2023-3701.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-3701",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-04T11:15:10.430",
"lastModified": "2023-10-04T11:15:10.430",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Aqua Drive, in its 2.4 version, is vulnerable to a relative path traversal vulnerability. By exploiting this vulnerability, an authenticated non privileged user could access/modify stored resources of other users. It could also be possible to access and modify the source and configuration files of the cloud disk platform, affecting the integrity and availability of the entire platform."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-23"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/relative-path-traversal-aqua-esolutions",
"source": "cve-coordination@incibe.es"
}
]
}

59
CVE-2023/CVE-2023-442xx/CVE-2023-44245.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44245",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-02T10:15:12.953",
"lastModified": "2023-10-02T12:57:34.287",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-04T11:48:34.220",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -40,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -48,12 +68,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:leaptodigital:contact_form_website_to_workflow_tool:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.0.0",
"matchCriteriaId": "E97BADE7-255F-461A-B9F6-939AFDE3DA95"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/contractor-contact-form-website-to-workflow-tool/wordpress-contractor-contact-form-website-to-workflow-tool-plugin-4-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

10
CVE-2023/CVE-2023-45xx/CVE-2023-4527.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4527",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-18T17:15:55.067",
"lastModified": "2023-09-25T12:15:11.270",
"lastModified": "2023-10-04T10:15:10.027",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en glibc. Cuando se llama a la funci\u00f3n getaddrinfo con la familia de direcciones AF_UNSPEC y el sistema est\u00e1 configurado con el modo no-aaaa a trav\u00e9s de /etc/resolv.conf, una respuesta DNS a trav\u00e9s de TCP de m\u00e1s de 2048 bytes puede potencialmente revelar el contenido de la pila de memoria a trav\u00e9s de los datos de la direcci\u00f3n devuelta por la funci\u00f3n, y puede provocar un crash."
}
],
"metrics": {
@ -124,6 +128,10 @@
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202310-03",
"source": "secalert@redhat.com"
}
]
}

51
CVE-2023/CVE-2023-45xx/CVE-2023-4586.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2023-4586",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-04T11:15:10.500",
"lastModified": "2023-10-04T11:15:10.500",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4586",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235564",
"source": "secalert@redhat.com"
},
{
"url": "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-1042268",
"source": "secalert@redhat.com"
}
]
}

6
CVE-2023/CVE-2023-48xx/CVE-2023-4806.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-4806",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-18T17:15:55.813",
"lastModified": "2023-10-04T00:15:12.080",
"lastModified": "2023-10-04T10:15:10.143",
"vulnStatus": "Modified",
"descriptions": [
{
@ -143,6 +143,10 @@
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202310-03",
"source": "secalert@redhat.com"
}
]
}

6
CVE-2023/CVE-2023-49xx/CVE-2023-4911.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-4911",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-03T18:15:10.463",
"lastModified": "2023-10-03T23:55:59.983",
"lastModified": "2023-10-04T10:15:10.257",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -51,6 +51,10 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238352",
"source": "secalert@redhat.com"
},
{
"url": "https://security.gentoo.org/glsa/202310-03",
"source": "secalert@redhat.com"
},
{
"url": "https://www.debian.org/security/2023/dsa-5514",
"source": "secalert@redhat.com"

59
CVE-2023/CVE-2023-49xx/CVE-2023-4997.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4997",
"sourceIdentifier": "cvd@cert.pl",
"published": "2023-10-04T11:15:10.563",
"lastModified": "2023-10-04T11:15:10.563",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper authorisation of regular users in ProIntegra Uptime DC software (versions below 2.0.0.33940) allows them to change passwords of all other users including administrators leading to a privilege escalation.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cvd@cert.pl",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cvd@cert.pl",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://cert.pl/en/posts/2023/10/CVE-2023-4997/",
"source": "cvd@cert.pl"
},
{
"url": "https://cert.pl/posts/2023/10/CVE-2023-4997/",
"source": "cvd@cert.pl"
}
]
}

74
CVE-2023/CVE-2023-52xx/CVE-2023-5296.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5296",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T22:15:12.113",
"lastModified": "2023-09-30T01:57:32.760",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-04T11:30:25.553",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic. Affected by this issue is some unknown functionality of the file api.php?m=reimplat&a=index of the component Password Handler. The manipulation leads to weak password recovery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-240926 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Xinhu RockOA 1.1/2.3.2/15.X3amdi y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo api.php?m=reimplat&amp;a=index del componente Password Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a una recuperaci\u00f3n de contrase\u00f1a d\u00e9bil. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-240926 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +97,56 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rockoa:rockoa:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D257F2BB-97B9-4A69-B30C-0F15E38C451C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rockoa:rockoa:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6955DED7-BC72-45EC-A056-B4119E6E4B92"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rockoa:rockoa:15.x3amdi:*:*:*:*:*:*:*",
"matchCriteriaId": "70F01949-3A25-4B89-AE67-D46A5B279F71"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/magicwave18/vuldb/issues/1",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://vuldb.com/?ctiid.240926",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.240926",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-52xx/CVE-2023-5297.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5297",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T22:15:12.193",
"lastModified": "2023-09-30T01:57:32.760",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-04T11:35:19.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Xinhu RockOA 2.3.2. It has been classified as problematic. This affects the function start of the file task.php?m=sys|runt&a=beifen. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240927."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Xinhu RockOA 2.3.2. Ha sido clasificada como problem\u00e1tica. Esto afecta el inicio de la funci\u00f3n del archivo task.php?m=sys|runt&amp;a=beifen. La manipulaci\u00f3n conduce a la exposici\u00f3n del archivo de copia de seguridad a una esfera de control no autorizada. Es posible iniciar el ataque de forma remota. La complejidad de un ataque es bastante alta. Se dice que la explotabilidad es dif\u00edcil. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-240927."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -61,8 +87,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-552"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -71,18 +107,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rockoa:rockoa:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6955DED7-BC72-45EC-A056-B4119E6E4B92"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/magicwave18/vuldb/issues/2",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://vuldb.com/?ctiid.240927",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.240927",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-53xx/CVE-2023-5377.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5377",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-10-04T10:15:10.353",
"lastModified": "2023-10-04T10:15:10.353",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://github.com/gpac/gpac/commit/8e9d6b38c036a97020c462ad48e1132e0ddc57ce",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/fe778df4-3867-41d6-954b-211c81bccbbf",
"source": "security@huntr.dev"
}
]
}

34
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-10-04T10:00:25.387016+00:00
2023-10-04T12:00:25.925521+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-10-04T09:15:31.980000+00:00
2023-10-04T11:48:34.220000+00:00
```
### Last Data Feed Release
@ -29,24 +29,38 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
226940
226952
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `12`
* [CVE-2023-44272](CVE-2023/CVE-2023-442xx/CVE-2023-44272.json) (`2023-10-04T09:15:31.810`)
* [CVE-2023-5375](CVE-2023/CVE-2023-53xx/CVE-2023-5375.json) (`2023-10-04T09:15:31.980`)
* [CVE-2023-5377](CVE-2023/CVE-2023-53xx/CVE-2023-5377.json) (`2023-10-04T10:15:10.353`)
* [CVE-2023-1584](CVE-2023/CVE-2023-15xx/CVE-2023-1584.json) (`2023-10-04T11:15:09.770`)
* [CVE-2023-25489](CVE-2023/CVE-2023-254xx/CVE-2023-25489.json) (`2023-10-04T11:15:09.917`)
* [CVE-2023-25788](CVE-2023/CVE-2023-257xx/CVE-2023-25788.json) (`2023-10-04T11:15:09.997`)
* [CVE-2023-25980](CVE-2023/CVE-2023-259xx/CVE-2023-25980.json) (`2023-10-04T11:15:10.077`)
* [CVE-2023-2422](CVE-2023/CVE-2023-24xx/CVE-2023-2422.json) (`2023-10-04T11:15:10.157`)
* [CVE-2023-2809](CVE-2023/CVE-2023-28xx/CVE-2023-2809.json) (`2023-10-04T11:15:10.223`)
* [CVE-2023-37995](CVE-2023/CVE-2023-379xx/CVE-2023-37995.json) (`2023-10-04T11:15:10.297`)
* [CVE-2023-3512](CVE-2023/CVE-2023-35xx/CVE-2023-3512.json) (`2023-10-04T11:15:10.363`)
* [CVE-2023-3701](CVE-2023/CVE-2023-37xx/CVE-2023-3701.json) (`2023-10-04T11:15:10.430`)
* [CVE-2023-4586](CVE-2023/CVE-2023-45xx/CVE-2023-4586.json) (`2023-10-04T11:15:10.500`)
* [CVE-2023-4997](CVE-2023/CVE-2023-49xx/CVE-2023-4997.json) (`2023-10-04T11:15:10.563`)
### CVEs modified in the last Commit
Recently modified CVEs: `3`
Recently modified CVEs: `7`
* [CVE-2022-23223](CVE-2022/CVE-2022-232xx/CVE-2022-23223.json) (`2023-10-04T09:15:31.480`)
* [CVE-2023-39410](CVE-2023/CVE-2023-394xx/CVE-2023-39410.json) (`2023-10-04T09:15:31.680`)
* [CVE-2023-4540](CVE-2023/CVE-2023-45xx/CVE-2023-4540.json) (`2023-10-04T09:15:31.897`)
* [CVE-2022-39046](CVE-2022/CVE-2022-390xx/CVE-2022-39046.json) (`2023-10-04T10:15:09.780`)
* [CVE-2023-4527](CVE-2023/CVE-2023-45xx/CVE-2023-4527.json) (`2023-10-04T10:15:10.027`)
* [CVE-2023-4806](CVE-2023/CVE-2023-48xx/CVE-2023-4806.json) (`2023-10-04T10:15:10.143`)
* [CVE-2023-4911](CVE-2023/CVE-2023-49xx/CVE-2023-4911.json) (`2023-10-04T10:15:10.257`)
* [CVE-2023-5296](CVE-2023/CVE-2023-52xx/CVE-2023-5296.json) (`2023-10-04T11:30:25.553`)
* [CVE-2023-5297](CVE-2023/CVE-2023-52xx/CVE-2023-5297.json) (`2023-10-04T11:35:19.407`)
* [CVE-2023-44245](CVE-2023/CVE-2023-442xx/CVE-2023-44245.json) (`2023-10-04T11:48:34.220`)
## Download and Usage