admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-04T04:00:27.221364+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-04 04:00:30 +00:00
parent 13bfa611fa
commit 6ed7935dc1
102 changed files with 2136 additions and 283 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
CVE-2022/CVE-2022-399xx/CVE-2022-39986.json
View File

@ -2,23 +2,84 @@
"id": "CVE-2022-39986",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-01T14:15:09.877",
"lastModified": "2023-08-01T15:25:40.337",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T03:56:11.533",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:raspap:raspap:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.8.0",
"versionEndIncluding": "2.8.7",
"matchCriteriaId": "57804DDB-E74C-40C8-8F11-313B1AB2F692"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/RaspAP/raspap-webgui/blob/master/ajax/openvpn/activate_ovpncfg.php",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://medium.com/@ismael0x00/multiple-vulnerabilities-in-raspap-3c35e78809f2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

71
CVE-2022/CVE-2022-399xx/CVE-2022-39987.json
View File

@ -2,23 +2,84 @@
"id": "CVE-2022-39987",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-01T14:15:09.937",
"lastModified": "2023-08-01T15:25:40.337",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T03:56:16.500",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the \"entity\" POST parameters in /ajax/networking/get_wgkey.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:raspap:raspap:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.8.0",
"versionEndIncluding": "2.9.2",
"matchCriteriaId": "647CFC07-73BF-45E3-8329-FF7E6BA76F79"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/RaspAP/raspap-webgui/blob/master/ajax/networking/get_wgkey.php",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://medium.com/@ismael0x00/multiple-vulnerabilities-in-raspap-3c35e78809f2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2022/CVE-2022-49xx/CVE-2022-4906.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-4906",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-07-29T00:15:10.800",
"lastModified": "2023-08-02T03:57:13.620",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-04T03:15:10.967",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -81,6 +81,10 @@
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ/",
"source": "chrome-cve-admin@google.com"
}
]
}

8
CVE-2022/CVE-2022-49xx/CVE-2022-4907.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-4907",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-07-29T00:15:10.860",
"lastModified": "2023-08-02T03:57:26.400",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-04T03:15:11.497",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -81,6 +81,10 @@
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ/",
"source": "chrome-cve-admin@google.com"
}
]
}

8
CVE-2022/CVE-2022-49xx/CVE-2022-4908.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-4908",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-07-29T00:15:10.917",
"lastModified": "2023-08-02T03:57:36.927",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-04T03:15:11.593",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -81,6 +81,10 @@
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ/",
"source": "chrome-cve-admin@google.com"
}
]
}

8
CVE-2022/CVE-2022-49xx/CVE-2022-4909.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-4909",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-07-29T00:15:10.970",
"lastModified": "2023-08-02T18:25:50.143",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-04T03:15:11.700",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -81,6 +81,10 @@
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ/",
"source": "chrome-cve-admin@google.com"
}
]
}

8
CVE-2022/CVE-2022-49xx/CVE-2022-4910.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-4910",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-07-29T00:15:11.023",
"lastModified": "2023-08-02T03:58:33.100",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-04T03:15:11.813",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -81,6 +81,10 @@
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ/",
"source": "chrome-cve-admin@google.com"
}
]
}

4
CVE-2023/CVE-2023-05xx/CVE-2023-0525.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0525",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2023-08-04T00:15:10.300",
"lastModified": "2023-08-04T00:15:10.300",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:53.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-09xx/CVE-2023-0956.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0956",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-08-03T19:15:10.323",
"lastModified": "2023-08-03T19:15:10.323",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:46:03.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-201xx/CVE-2023-20181.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20181",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-08-03T22:15:10.737",
"lastModified": "2023-08-03T22:15:10.737",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:53.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-202xx/CVE-2023-20204.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20204",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-08-03T22:15:11.313",
"lastModified": "2023-08-03T22:15:11.313",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:53.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-202xx/CVE-2023-20214.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20214",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-08-03T22:15:11.420",
"lastModified": "2023-08-03T22:15:11.420",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:53.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-202xx/CVE-2023-20215.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20215",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-08-03T22:15:11.513",
"lastModified": "2023-08-03T22:15:11.513",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:53.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-202xx/CVE-2023-20216.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20216",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-08-03T22:15:11.647",
"lastModified": "2023-08-03T22:15:11.647",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:53.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-202xx/CVE-2023-20218.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20218",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-08-03T22:15:11.770",
"lastModified": "2023-08-03T22:15:11.770",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:53.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-23xx/CVE-2023-2311.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2311",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-07-29T00:15:11.967",
"lastModified": "2023-08-03T16:50:02.667",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-04T03:15:11.913",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -81,6 +81,10 @@
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ/",
"source": "chrome-cve-admin@google.com"
}
]
}

8
CVE-2023/CVE-2023-23xx/CVE-2023-2313.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2313",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-07-29T00:15:12.023",
"lastModified": "2023-08-03T16:49:52.443",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-04T03:15:12.027",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -93,6 +93,10 @@
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ/",
"source": "chrome-cve-admin@google.com"
}
]
}

8
CVE-2023/CVE-2023-23xx/CVE-2023-2314.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2314",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-07-29T00:15:12.077",
"lastModified": "2023-08-03T16:49:41.200",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-04T03:15:12.117",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -81,6 +81,10 @@
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ/",
"source": "chrome-cve-admin@google.com"
}
]
}

4
CVE-2023/CVE-2023-255xx/CVE-2023-25524.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25524",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-08-03T17:15:11.527",
"lastModified": "2023-08-03T17:15:11.527",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:46:03.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

6
CVE-2023/CVE-2023-29xx/CVE-2023-2929.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2929",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-05-30T22:15:09.997",
"lastModified": "2023-06-04T04:15:09.337",
"lastModified": "2023-08-04T03:15:12.213",
"vulnStatus": "Modified",
"descriptions": [
{
@ -80,6 +80,10 @@
"Permissions Required"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ/",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://www.debian.org/security/2023/dsa-5418",
"source": "chrome-cve-admin@google.com"

4
CVE-2023/CVE-2023-301xx/CVE-2023-30146.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30146",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T01:15:09.310",
"lastModified": "2023-08-04T01:15:09.310",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:45.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-302xx/CVE-2023-30297.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30297",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T00:15:11.523",
"lastModified": "2023-08-04T00:15:11.523",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:45.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-309xx/CVE-2023-30950.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30950",
"sourceIdentifier": "cve-coordination@palantir.com",
"published": "2023-08-03T22:15:11.887",
"lastModified": "2023-08-03T22:15:11.887",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:53.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-309xx/CVE-2023-30951.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30951",
"sourceIdentifier": "cve-coordination@palantir.com",
"published": "2023-08-03T22:15:11.993",
"lastModified": "2023-08-03T22:15:11.993",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:53.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-309xx/CVE-2023-30952.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30952",
"sourceIdentifier": "cve-coordination@palantir.com",
"published": "2023-08-03T22:15:12.083",
"lastModified": "2023-08-03T22:15:12.083",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:53.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-309xx/CVE-2023-30958.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30958",
"sourceIdentifier": "cve-coordination@palantir.com",
"published": "2023-08-03T22:15:12.170",
"lastModified": "2023-08-03T22:15:12.170",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:53.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-327xx/CVE-2023-32764.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32764",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T18:15:11.230",
"lastModified": "2023-08-03T18:15:11.230",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:46:03.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

69
CVE-2023/CVE-2023-335xx/CVE-2023-33560.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-33560",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-01T23:15:28.970",
"lastModified": "2023-08-02T13:30:45.017",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T03:55:00.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "There is a Cross Site Scripting (XSS) vulnerability in \"cid\" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpjabbers:time_slots_booking_calendar:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5452B658-8D34-4311-B7CD-FD485D8B945F"
}
]
}
]
}
],
"references": [
{
"url": "https://medium.com/@bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.phpjabbers.com/time-slots-booking-calendar/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

68
CVE-2023/CVE-2023-335xx/CVE-2023-33563.json
View File

@ -2,23 +2,81 @@
"id": "CVE-2023-33563",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-01T23:15:29.480",
"lastModified": "2023-08-02T13:30:45.017",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T03:54:39.867",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In PHP Jabbers Time Slots Booking Calendar 3.3 , lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpjabbers:time_slots_booking_calendar:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5452B658-8D34-4311-B7CD-FD485D8B945F"
}
]
}
]
}
],
"references": [
{
"url": "https://medium.com/@bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.phpjabbers.com/time-slots-booking-calendar/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

69
CVE-2023/CVE-2023-335xx/CVE-2023-33564.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-33564",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-01T23:15:29.747",
"lastModified": "2023-08-02T13:30:45.017",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T03:54:18.973",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "There is a Cross Site Scripting (XSS) vulnerability in the \"theme\" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpjabbers:time_slots_booking_calendar:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5452B658-8D34-4311-B7CD-FD485D8B945F"
}
]
}
]
}
],
"references": [
{
"url": "https://medium.com/@bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.phpjabbers.com/time-slots-booking-calendar/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

4
CVE-2023/CVE-2023-336xx/CVE-2023-33665.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33665",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T00:15:11.713",
"lastModified": "2023-08-04T00:15:11.713",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:45.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-336xx/CVE-2023-33666.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33666",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T20:15:11.337",
"lastModified": "2023-08-03T20:15:11.337",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:46:03.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-33xx/CVE-2023-3373.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3373",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2023-08-04T00:15:14.130",
"lastModified": "2023-08-04T00:15:14.130",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:45.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-350xx/CVE-2023-35081.json
View File

@ -2,8 +2,12 @@
"id": "CVE-2023-35081",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-08-03T18:15:11.303",
"lastModified": "2023-08-03T18:15:11.303",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:46:03.197",
"vulnStatus": "Awaiting Analysis",
"cisaExploitAdd": "2023-07-31",
"cisaActionDue": "2023-08-21",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability",
"descriptions": [
{
"lang": "en",

58
CVE-2023/CVE-2023-357xx/CVE-2023-35791.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35791",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-31T15:15:10.327",
"lastModified": "2023-07-31T15:31:16.527",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T03:51:27.127",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -34,10 +54,42 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vound-software:intella_connect:2.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "600AAEA1-C178-4045-86D8-CA5380FB2E27"
}
]
}
]
}
],
"references": [
{
"url": "https://excellium-services.com/cert-xlm-advisory/CVE-2023-35791",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-357xx/CVE-2023-35792.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35792",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-31T15:15:10.403",
"lastModified": "2023-07-31T15:31:16.527",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T03:51:06.730",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -34,10 +54,42 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vound-software:intella_connect:2.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "600AAEA1-C178-4045-86D8-CA5380FB2E27"
}
]
}
]
}
],
"references": [
{
"url": "https://excellium-services.com/cert-xlm-advisory/CVE-2023-35792",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-35xx/CVE-2023-3598.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3598",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-07-28T21:15:14.287",
"lastModified": "2023-08-02T03:55:25.707",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-04T03:15:13.710",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -81,6 +81,10 @@
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ/",
"source": "chrome-cve-admin@google.com"
}
]
}

4
CVE-2023/CVE-2023-361xx/CVE-2023-36131.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36131",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T00:15:11.970",
"lastModified": "2023-08-04T00:15:11.970",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:45.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-361xx/CVE-2023-36132.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36132",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T00:15:12.077",
"lastModified": "2023-08-04T00:15:12.077",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:45.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-361xx/CVE-2023-36133.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36133",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T00:15:12.283",
"lastModified": "2023-08-04T00:15:12.283",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:45.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-361xx/CVE-2023-36134.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36134",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T00:15:12.397",
"lastModified": "2023-08-04T00:15:12.397",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:45.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-361xx/CVE-2023-36135.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36135",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T00:15:12.503",
"lastModified": "2023-08-04T00:15:12.503",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:45.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-361xx/CVE-2023-36137.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36137",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T00:15:12.773",
"lastModified": "2023-08-04T00:15:12.773",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:45.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-361xx/CVE-2023-36138.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36138",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T00:15:12.890",
"lastModified": "2023-08-04T00:15:12.890",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:45.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-361xx/CVE-2023-36139.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36139",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T00:15:13.010",
"lastModified": "2023-08-04T00:15:13.010",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:45.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-361xx/CVE-2023-36141.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36141",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T00:15:13.243",
"lastModified": "2023-08-04T00:15:13.243",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:45.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-361xx/CVE-2023-36158.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36158",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T00:15:13.447",
"lastModified": "2023-08-04T00:15:13.447",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:45.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-361xx/CVE-2023-36159.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36159",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T00:15:13.587",
"lastModified": "2023-08-04T00:15:13.587",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:45.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

65
CVE-2023/CVE-2023-362xx/CVE-2023-36211.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-36211",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-01T17:15:09.833",
"lastModified": "2023-08-01T18:51:22.487",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T03:50:40.203",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Barebones CMS v2.0.2 is vulnerable to Stored Cross-Site Scripting (XSS) when an authenticated user interacts with certain features on the admin panel."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cubiclesoft:barebones_cms:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD32AE3-7C2E-47C5-8B8B-CBDC32AA88A2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.exploit-db.com/exploits/51502",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

4
CVE-2023/CVE-2023-362xx/CVE-2023-36213.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36213",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T17:15:11.977",
"lastModified": "2023-08-03T17:15:11.977",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:46:03.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-362xx/CVE-2023-36217.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36217",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T18:15:11.397",
"lastModified": "2023-08-03T18:15:11.397",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:46:03.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

47
CVE-2023/CVE-2023-365xx/CVE-2023-36501.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36501",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-25T14:15:10.807",
"lastModified": "2023-07-25T17:22:14.780",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T03:56:04.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mtrv:teachpress:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "9.0.2",
"matchCriteriaId": "F412B0C8-0E47-488B-A77F-3F94B895765B"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/teachpress/wordpress-teachpress-plugin-9-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-369xx/CVE-2023-36983.json
View File

@ -2,23 +2,81 @@
"id": "CVE-2023-36983",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-01T02:15:10.450",
"lastModified": "2023-08-01T12:55:38.437",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T03:49:33.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lavalite:lavalite:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6150AF5B-17E6-4BFB-9980-F181A335022D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/LavaLite/cms",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/M19O/Security-Advisories/tree/main/CVE-2023-36983",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-369xx/CVE-2023-36984.json
View File

@ -2,23 +2,81 @@
"id": "CVE-2023-36984",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-01T02:15:10.510",
"lastModified": "2023-08-01T12:55:38.437",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T03:49:49.787",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lavalite:lavalite:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6150AF5B-17E6-4BFB-9980-F181A335022D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/LavaLite/cms",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/M19O/Security-Advisories/tree/main/CVE-2023-36984",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-374xx/CVE-2023-37497.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37497",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-08-03T22:15:12.257",
"lastModified": "2023-08-03T22:15:12.257",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:53.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-374xx/CVE-2023-37498.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37498",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-08-03T22:15:12.343",
"lastModified": "2023-08-03T22:15:12.343",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:53.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-374xx/CVE-2023-37499.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37499",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-08-03T22:15:12.427",
"lastModified": "2023-08-03T22:15:12.427",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:53.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-375xx/CVE-2023-37500.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37500",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-08-03T22:15:12.517",
"lastModified": "2023-08-03T22:15:12.517",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:53.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-375xx/CVE-2023-37501.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37501",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-08-03T23:15:10.020",
"lastModified": "2023-08-03T23:15:10.020",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:53.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

71
CVE-2023/CVE-2023-37xx/CVE-2023-3727.json
View File

@ -2,23 +2,84 @@
"id": "CVE-2023-3727",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-08-01T23:15:31.320",
"lastModified": "2023-08-02T13:30:39.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T03:51:57.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.0.5790.98",
"matchCriteriaId": "50BEE8A6-45AE-4322-A841-DE18CF0F1590"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://crbug.com/1454086",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-37xx/CVE-2023-3728.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-3728",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-08-01T23:15:31.490",
"lastModified": "2023-08-02T13:30:39.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T03:52:07.050",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.0.5790.98",
"matchCriteriaId": "50BEE8A6-45AE-4322-A841-DE18CF0F1590"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1457421",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Exploit",
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-37xx/CVE-2023-3729.json
View File

@ -2,23 +2,98 @@
"id": "CVE-2023-3729",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-08-01T23:15:31.673",
"lastModified": "2023-08-02T13:30:39.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T03:52:14.433",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Use after free in Splitscreen in Google Chrome on ChromeOS prior to 115.0.5790.98 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (Chromium security severity: High)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.0.5790.98",
"matchCriteriaId": "50BEE8A6-45AE-4322-A841-DE18CF0F1590"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1451803",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Exploit",
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-37xx/CVE-2023-3730.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-3730",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-08-01T23:15:31.857",
"lastModified": "2023-08-02T13:30:39.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T03:52:20.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Use after free in Tab Groups in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.0.5790.98",
"matchCriteriaId": "50BEE8A6-45AE-4322-A841-DE18CF0F1590"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1453465",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Exploit",
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-37xx/CVE-2023-3731.json
View File

@ -2,23 +2,98 @@
"id": "CVE-2023-3731",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-08-01T23:15:32.047",
"lastModified": "2023-08-02T13:30:39.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T03:52:32.027",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Use after free in Diagnostics in Google Chrome on ChromeOS prior to 115.0.5790.98 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.0.5790.98",
"matchCriteriaId": "50BEE8A6-45AE-4322-A841-DE18CF0F1590"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1441306",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Exploit",
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-37xx/CVE-2023-3732.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-3732",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-08-01T23:15:32.247",
"lastModified": "2023-08-02T13:30:39.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T03:52:37.287",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.0.5790.98",
"matchCriteriaId": "50BEE8A6-45AE-4322-A841-DE18CF0F1590"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1450899",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Issue Tracking",
"Mailing List",
"Permissions Required",
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-37xx/CVE-2023-3733.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2023-3733",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-08-01T23:15:32.443",
"lastModified": "2023-08-02T13:30:39.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T03:53:01.577",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in WebApp Installs in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.0.5790.98",
"matchCriteriaId": "50BEE8A6-45AE-4322-A841-DE18CF0F1590"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1450203",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-37xx/CVE-2023-3734.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2023-3734",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-08-01T23:15:32.607",
"lastModified": "2023-08-02T13:30:39.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T03:53:07.700",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Picture In Picture in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.0.5790.98",
"matchCriteriaId": "50BEE8A6-45AE-4322-A841-DE18CF0F1590"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1450376",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-37xx/CVE-2023-3735.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2023-3735",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-08-01T23:15:32.773",
"lastModified": "2023-08-02T13:30:39.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T03:53:13.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.0.5790.98",
"matchCriteriaId": "50BEE8A6-45AE-4322-A841-DE18CF0F1590"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1394410",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-37xx/CVE-2023-3736.json
View File

@ -2,23 +2,97 @@
"id": "CVE-2023-3736",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-08-01T23:15:33.013",
"lastModified": "2023-08-02T13:30:39.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T03:53:20.973",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 115.0.5790.98 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.0.5790.98",
"matchCriteriaId": "50BEE8A6-45AE-4322-A841-DE18CF0F1590"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1434438",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-37xx/CVE-2023-3737.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2023-3737",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-08-01T23:15:33.177",
"lastModified": "2023-08-02T13:30:39.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T03:53:27.777",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Notifications in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to spoof the contents of media notifications via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.0.5790.98",
"matchCriteriaId": "50BEE8A6-45AE-4322-A841-DE18CF0F1590"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1446754",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-37xx/CVE-2023-3749.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3749",
"sourceIdentifier": "productsecurity@jci.com",
"published": "2023-08-03T20:15:11.883",
"lastModified": "2023-08-03T20:15:11.883",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:46:03.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

6
CVE-2023/CVE-2023-381xx/CVE-2023-38133.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-38133",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-07-27T00:15:15.620",
"lastModified": "2023-08-02T12:15:10.350",
"lastModified": "2023-08-04T03:15:12.377",
"vulnStatus": "Modified",
"descriptions": [
{
@ -114,6 +114,10 @@
"url": "http://www.openwall.com/lists/oss-security/2023/08/02/1",
"source": "product-security@apple.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213841",
"source": "product-security@apple.com",

69
CVE-2023/CVE-2023-383xx/CVE-2023-38303.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-38303",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-31T15:15:10.487",
"lastModified": "2023-07-31T15:31:16.527",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T03:55:50.193",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group's real name parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webmin:webmin:2.021:*:*:*:*:*:*:*",
"matchCriteriaId": "80238B58-DA47-4036-900B-61044249B404"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38303",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://webmin.com/tags/webmin-changelog/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

69
CVE-2023/CVE-2023-383xx/CVE-2023-38304.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-38304",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-31T15:15:10.547",
"lastModified": "2023-07-31T15:31:16.527",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T03:55:41.383",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new group."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webmin:webmin:2.021:*:*:*:*:*:*:*",
"matchCriteriaId": "80238B58-DA47-4036-900B-61044249B404"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38304",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://webmin.com/tags/webmin-changelog/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

8
CVE-2023/CVE-2023-385xx/CVE-2023-38572.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38572",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-07-27T01:15:36.913",
"lastModified": "2023-08-03T19:57:55.053",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-04T03:15:12.497",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -117,6 +117,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213841",
"source": "product-security@apple.com",

8
CVE-2023/CVE-2023-385xx/CVE-2023-38592.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38592",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-07-28T05:15:10.873",
"lastModified": "2023-08-03T16:54:28.103",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-04T03:15:12.600",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -99,6 +99,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213841",
"source": "product-security@apple.com",

6
CVE-2023/CVE-2023-385xx/CVE-2023-38594.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-38594",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-07-27T00:15:15.887",
"lastModified": "2023-08-02T12:15:10.633",
"lastModified": "2023-08-04T03:15:12.697",
"vulnStatus": "Modified",
"descriptions": [
{
@ -114,6 +114,10 @@
"url": "http://www.openwall.com/lists/oss-security/2023/08/02/1",
"source": "product-security@apple.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213841",
"source": "product-security@apple.com",

8
CVE-2023/CVE-2023-385xx/CVE-2023-38595.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38595",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-07-27T01:15:37.767",
"lastModified": "2023-08-02T22:30:17.557",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-04T03:15:12.790",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -103,6 +103,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213841",
"source": "product-security@apple.com",

6
CVE-2023/CVE-2023-385xx/CVE-2023-38597.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-38597",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-07-27T00:15:16.030",
"lastModified": "2023-08-02T12:15:10.800",
"lastModified": "2023-08-04T03:15:12.897",
"vulnStatus": "Modified",
"descriptions": [
{
@ -102,6 +102,10 @@
"url": "http://www.openwall.com/lists/oss-security/2023/08/02/1",
"source": "product-security@apple.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213841",
"source": "product-security@apple.com",

8
CVE-2023/CVE-2023-385xx/CVE-2023-38599.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38599",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-07-28T05:15:10.997",
"lastModified": "2023-08-03T16:53:13.467",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-04T03:15:12.997",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -117,6 +117,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213841",
"source": "product-security@apple.com",

8
CVE-2023/CVE-2023-386xx/CVE-2023-38600.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38600",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-07-27T01:15:38.187",
"lastModified": "2023-08-02T22:30:00.703",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-04T03:15:13.100",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -103,6 +103,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213841",
"source": "product-security@apple.com",

8
CVE-2023/CVE-2023-386xx/CVE-2023-38611.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38611",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-07-27T01:15:39.303",
"lastModified": "2023-08-02T22:14:39.553",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-04T03:15:13.203",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -103,6 +103,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213841",
"source": "product-security@apple.com",

8
CVE-2023/CVE-2023-386xx/CVE-2023-38633.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38633",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-22T17:15:09.810",
"lastModified": "2023-08-01T16:09:50.957",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-04T03:15:13.313",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -149,6 +149,10 @@
"tags": [
"Release Notes"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R5BCXT5GW6RCL45ZUHUZR4CJG2BAFDVC/",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-387xx/CVE-2023-38708.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38708",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-04T01:15:09.890",
"lastModified": "2023-08-04T01:15:09.890",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:45.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-389xx/CVE-2023-38941.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38941",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T00:15:13.757",
"lastModified": "2023-08-04T00:15:13.757",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:45.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-389xx/CVE-2023-38942.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38942",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T19:15:10.600",
"lastModified": "2023-08-03T19:15:10.600",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:46:03.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-389xx/CVE-2023-38949.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38949",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T23:15:10.973",
"lastModified": "2023-08-03T23:15:10.973",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:53.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-389xx/CVE-2023-38950.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38950",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T23:15:11.117",
"lastModified": "2023-08-03T23:15:11.117",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:53.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-389xx/CVE-2023-38951.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38951",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T23:15:11.363",
"lastModified": "2023-08-03T23:15:11.363",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:53.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-389xx/CVE-2023-38952.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38952",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T23:15:11.473",
"lastModified": "2023-08-03T23:15:11.473",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:53.837",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

65
CVE-2023/CVE-2023-389xx/CVE-2023-38989.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-38989",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-31T18:15:10.320",
"lastModified": "2023-07-31T18:26:42.343",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-04T03:51:49.137",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jeesite:jeesite:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C335A4-A2F6-43E7-A432-2568E1D3460B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/thinkgem/jeesite/issues/518",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-389xx/CVE-2023-38991.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38991",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-04T00:15:13.870",
"lastModified": "2023-08-04T00:15:13.870",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:45.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-390xx/CVE-2023-39075.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39075",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T18:15:11.477",
"lastModified": "2023-08-03T18:15:11.477",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:46:03.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-391xx/CVE-2023-39121.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39121",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-03T20:15:11.623",
"lastModified": "2023-08-03T20:15:11.623",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:46:03.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-393xx/CVE-2023-39343.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39343",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-04T01:15:10.250",
"lastModified": "2023-08-04T01:15:10.250",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:45.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-40xx/CVE-2023-4002.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4002",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-08-04T01:15:10.557",
"lastModified": "2023-08-04T01:15:10.557",
"vulnStatus": "Received",
"lastModified": "2023-08-04T02:45:45.693",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

59
CVE-2023/CVE-2023-41xx/CVE-2023-4139.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4139",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-04T03:15:13.813",
"lastModified": "2023-08-04T03:15:13.813",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and including, 7.9.8. This makes it possible for unauthenticated attackers to list and view exported files."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/2944635/wp-ultimate-csv-importer/trunk/wp-ultimate-csv-importer.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6404476e-0c32-4f8e-882f-6a1785ba5748?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2023/CVE-2023-41xx/CVE-2023-4140.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-4140",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-04T03:15:14.000",
"lastModified": "2023-08-04T03:15:14.000",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'get_header_values' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the administrator previously grants access in the plugin settings, to modify their user role by supplying the 'wp_capabilities->cus1' parameter."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wp-ultimate-csv-importer/tags/7.9.6/importExtensions/ImportHelpers.php#L205",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2944635/wp-ultimate-csv-importer/trunk/wp-ultimate-csv-importer.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5fdba41f-daa5-44e8-bc47-aa8b7bd31054?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2023/CVE-2023-41xx/CVE-2023-4141.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-4141",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-04T03:15:14.133",
"lastModified": "2023-08-04T03:15:14.133",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus2' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to create a PHP file and execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means php file creation is still allowed for site administrators, use the plugin with caution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wp-ultimate-csv-importer/tags/7.9.6/importExtensions/ImportHelpers.php#L205",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2944635/wp-ultimate-csv-importer/trunk/wp-ultimate-csv-importer.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b4fe8b1f-da1c-4f94-9ab4-272766b488c3?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2023/CVE-2023-41xx/CVE-2023-4142.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-4142",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-04T03:15:14.267",
"lastModified": "2023-08-04T03:15:14.267",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus1' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means remote code execution is still possible for site administrators, use the plugin with caution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wp-ultimate-csv-importer/tags/7.9.6/importExtensions/ImportHelpers.php#L205",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2944635/wp-ultimate-csv-importer/trunk/wp-ultimate-csv-importer.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db1bad2e-55df-40c5-9a3f-651858a19b42?source=cve",
"source": "security@wordfence.com"
}
]
}

Some files were not shown because too many files have changed in this diff Show More