mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-19 17:31:42 +00:00
Auto-Update: 2023-08-28T20:00:25.281014+00:00
This commit is contained in:
parent
db2765c2fc
commit
71c75148bd
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2017-20186",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2023-08-28T13:15:08.937",
|
||||
"lastModified": "2023-08-28T13:15:08.937",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-08-28T19:28:54.370",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2018-25089",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2023-08-28T13:15:09.100",
|
||||
"lastModified": "2023-08-28T13:15:09.100",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-08-28T19:28:54.370",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
20
CVE-2020/CVE-2020-273xx/CVE-2020-27366.json
Normal file
20
CVE-2020/CVE-2020-273xx/CVE-2020-27366.json
Normal file
@ -0,0 +1,20 @@
|
||||
{
|
||||
"id": "CVE-2020-27366",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-28T18:15:08.593",
|
||||
"lastModified": "2023-08-28T19:28:54.367",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Cross Site Scripting (XSS) vulnerability in wlscanresults.html in Humax HGB10R-02 BRGCAB version 1.0.03, allows local attackers to execute arbitrary code."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
{
|
||||
"url": "https://pastebin.com/sr0JR1ys",
|
||||
"source": "cve@mitre.org"
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2021-23385",
|
||||
"sourceIdentifier": "report@snyk.io",
|
||||
"published": "2022-08-02T14:15:10.017",
|
||||
"lastModified": "2022-08-09T12:47:02.960",
|
||||
"vulnStatus": "Analyzed",
|
||||
"lastModified": "2023-08-28T19:15:07.507",
|
||||
"vulnStatus": "Modified",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -96,6 +96,10 @@
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00034.html",
|
||||
"source": "report@snyk.io"
|
||||
},
|
||||
{
|
||||
"url": "https://security.snyk.io/vuln/SNYK-PYTHON-FLASKSECURITY-1293234",
|
||||
"source": "report@snyk.io",
|
||||
|
@ -2,23 +2,82 @@
|
||||
"id": "CVE-2022-37050",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-22T19:16:23.657",
|
||||
"lastModified": "2023-08-22T20:10:36.537",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2023-08-28T18:34:27.900",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 6.5,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 3.6
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "NVD-CWE-Other"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:freedesktop:poppler:22.07.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "C423A5DA-DDB6-41EB-8E6B-4DFD4D03FE42"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/dcd5bd8238ea448addd102ff045badd0aca1b990",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Patch"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1274",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Issue Tracking"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,23 +2,82 @@
|
||||
"id": "CVE-2022-38349",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-22T19:16:23.880",
|
||||
"lastModified": "2023-08-22T20:10:36.537",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2023-08-28T18:29:41.430",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 6.5,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 3.6
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-617"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:freedesktop:poppler:22.08.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "032FA2DC-3A55-4599-BFC7-ECF428D33247"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/4564a002bcb6094cc460bc0d5ddff9423fe6dd28",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Patch"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1282",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Issue Tracking"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,23 +2,83 @@
|
||||
"id": "CVE-2022-44215",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-22T19:16:29.777",
|
||||
"lastModified": "2023-08-22T20:10:36.537",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2023-08-28T18:21:23.103",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "There is an open redirect vulnerability in Titan FTP server 19.0 and below. Users are redirected to any target URL."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.1,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 2.7
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-601"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "19.0",
|
||||
"matchCriteriaId": "95740E8D-D52A-4ADF-822A-AC2E60ACB02A"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://drive.google.com/file/d/1oLJaqs5RRNQLT1Hyy-tgEzzhGLB0506J/view?usp=sharing",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/JBalanza/CVE-2022-44215",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,19 +2,78 @@
|
||||
"id": "CVE-2022-47022",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-22T19:16:30.547",
|
||||
"lastModified": "2023-08-22T20:10:36.537",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2023-08-28T18:39:41.703",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to cause a denial of service or other unspecified impacts via glibc-cpuset in topology-linux.c."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9.8,
|
||||
"baseSeverity": "CRITICAL"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-476"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:open-mpi:hwloc:*:*:*:*:*:*:*:*",
|
||||
"versionStartIncluding": "2.1.0",
|
||||
"versionEndIncluding": "2.9.2",
|
||||
"matchCriteriaId": "B915E20D-5CE9-4E0A-A624-9066F29A512C"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/open-mpi/hwloc/issues/544",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Issue Tracking",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,19 +2,76 @@
|
||||
"id": "CVE-2022-48174",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-22T19:16:31.080",
|
||||
"lastModified": "2023-08-22T20:10:36.537",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2023-08-28T18:53:37.147",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9.8,
|
||||
"baseSeverity": "CRITICAL"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-787"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "1.35.0",
|
||||
"matchCriteriaId": "0CD0AEFF-77FD-4EFB-89C5-11227CEFCDF3"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://bugs.busybox.net/show_bug.cgi?id=15216",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Issue Tracking",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,19 +2,74 @@
|
||||
"id": "CVE-2022-48522",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-22T19:16:31.153",
|
||||
"lastModified": "2023-08-22T20:10:36.537",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2023-08-28T19:02:14.317",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9.8,
|
||||
"baseSeverity": "CRITICAL"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-787"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:perl:perl:5.34.0:-:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "ED202CAF-C081-41FF-948C-84A9ECADCE2A"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/Perl/perl5/blob/79a7b254d85a10b65126ad99bf10e70480569d68/sv.c#L16336-L16345",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Exploit"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-1997",
|
||||
"sourceIdentifier": "3DS.Information-Security@3ds.com",
|
||||
"published": "2023-08-28T16:15:08.627",
|
||||
"lastModified": "2023-08-28T16:15:08.627",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-08-28T19:28:54.367",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-25394",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-05-17T00:15:08.967",
|
||||
"lastModified": "2023-05-25T17:57:14.570",
|
||||
"vulnStatus": "Analyzed",
|
||||
"lastModified": "2023-08-28T18:15:08.750",
|
||||
"vulnStatus": "Modified",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -83,6 +83,10 @@
|
||||
"tags": [
|
||||
"Product"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://www.kb.cert.org/vuls/id/757109",
|
||||
"source": "cve@mitre.org"
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-33850",
|
||||
"sourceIdentifier": "psirt@us.ibm.com",
|
||||
"published": "2023-08-22T21:15:07.837",
|
||||
"lastModified": "2023-08-23T13:17:22.070",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2023-08-28T19:51:25.020",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -12,6 +12,26 @@
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 7.5,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 3.6
|
||||
},
|
||||
{
|
||||
"source": "psirt@us.ibm.com",
|
||||
"type": "Secondary",
|
||||
@ -34,22 +54,187 @@
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-203"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"operator": "AND",
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:ibm:txseries_for_multiplatform:8.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "3D5EA02F-AA81-4101-9CE2-46ED4DE76B25"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:ibm:txseries_for_multiplatform:9.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "569BF866-989C-4BF4-B80E-962F8979FD8B"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "AND",
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:ibm:txseries_for_multiplatform:8.2:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "BB032B5B-3B05-4809-8BF2-E08255E19475"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "AND",
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*",
|
||||
"matchCriteriaId": "66EEC046-128D-4555-8C9A-3C02300145B5"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "AND",
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:ibm:cics_tx:10.1:*:*:*:advanced:*:*:*",
|
||||
"matchCriteriaId": "73BBDE39-E8CF-416C-838D-046ADDA011F8"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*",
|
||||
"matchCriteriaId": "A9D7FDA3-EE60-453B-8651-686B9D28071F"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257132",
|
||||
"source": "psirt@us.ibm.com"
|
||||
"source": "psirt@us.ibm.com",
|
||||
"tags": [
|
||||
"VDB Entry",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://www.ibm.com/support/pages/node/7010369",
|
||||
"source": "psirt@us.ibm.com"
|
||||
"source": "psirt@us.ibm.com",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://www.ibm.com/support/pages/node/7022413",
|
||||
"source": "psirt@us.ibm.com"
|
||||
"source": "psirt@us.ibm.com",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://www.ibm.com/support/pages/node/7022414",
|
||||
"source": "psirt@us.ibm.com"
|
||||
"source": "psirt@us.ibm.com",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,19 +2,79 @@
|
||||
"id": "CVE-2023-38666",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-22T19:16:39.170",
|
||||
"lastModified": "2023-08-22T20:10:36.537",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2023-08-28T19:46:35.200",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessFragments function in mp4encrypt."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se ha descubierto que Bento4 v1.6.0-639 contiene una violaci\u00f3n de segmentaci\u00f3n a trav\u00e9s de la funci\u00f3n \"AP4_Processor::ProcessFragments\" en \"mp4encrypt\"."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
|
||||
"attackVector": "LOCAL",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 5.5,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 1.8,
|
||||
"impactScore": 3.6
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "NVD-CWE-noinfo"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:axiosys:bento4:1.6.0-639:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A003FBD1-339C-409D-A304-7FEE97E23250"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/axiomatic-systems/Bento4/issues/784",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Issue Tracking"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,19 +2,75 @@
|
||||
"id": "CVE-2023-38667",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-22T19:16:39.240",
|
||||
"lastModified": "2023-08-22T20:10:36.537",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2023-08-28T19:40:03.987",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of service."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
|
||||
"attackVector": "LOCAL",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 5.5,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 1.8,
|
||||
"impactScore": 3.6
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-125"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:nasm:netwide_assembler:2.16:-:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "BEA64E17-E981-49F6-A6C5-3D251093023F"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392812",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Issue Tracking"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,19 +2,75 @@
|
||||
"id": "CVE-2023-38668",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-22T19:16:39.303",
|
||||
"lastModified": "2023-08-22T20:10:36.537",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2023-08-28T19:38:54.383",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (crash)."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
|
||||
"attackVector": "LOCAL",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 5.5,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 1.8,
|
||||
"impactScore": 3.6
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-125"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:nasm:netwide_assembler:2.16:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "1A0E7B12-65F6-4A80-BE2E-85B1EF02639F"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392811",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Issue Tracking"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,27 +2,89 @@
|
||||
"id": "CVE-2023-38996",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-22T19:16:39.483",
|
||||
"lastModified": "2023-08-22T20:10:36.537",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2023-08-28T19:24:26.690",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An issue in all versions of Douran DSGate allows a local authenticated privileged attacker to execute arbitrary code via the debug command."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "LOCAL",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "HIGH",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 6.7,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 0.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "NVD-CWE-noinfo"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:douran:dsgate:*:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8C9D4EBB-1236-4FC3-A899-2D2029B2B78F"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://douran.com/en-US/Dourtal/4797/page/DSGate",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Product"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://douran.com/fa-IR/Dourtal/4797/page/DSGate",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Product"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://gist.github.com/RNPG/53b579da330ba896aa8dc2d901e5e400",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
28
CVE-2023/CVE-2023-390xx/CVE-2023-39062.json
Normal file
28
CVE-2023/CVE-2023-390xx/CVE-2023-39062.json
Normal file
@ -0,0 +1,28 @@
|
||||
{
|
||||
"id": "CVE-2023-39062",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-28T18:15:08.863",
|
||||
"lastModified": "2023-08-28T19:28:54.367",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/afine-com/CVE-2023-39062",
|
||||
"source": "cve@mitre.org"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/sectroyer/CVEs/tree/main/CVE-2023-39062",
|
||||
"source": "cve@mitre.org"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/spipu/html2pdf/blob/92afd81823d62ad95eb9d034858311bb63aeb4ac/CHANGELOG.md",
|
||||
"source": "cve@mitre.org"
|
||||
}
|
||||
]
|
||||
}
|
@ -2,23 +2,82 @@
|
||||
"id": "CVE-2023-39141",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-22T19:16:39.563",
|
||||
"lastModified": "2023-08-22T20:10:36.537",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2023-08-28T19:15:08.230",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 7.5,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 3.6
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-22"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:ziahamza:webui-aria2:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "6D491B8C-CDA7-4E7C-86AB-650C71973259"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://gist.github.com/JafarAkhondali/528fe6c548b78f454911fb866b23f66e",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/ziahamza/webui-aria2/blob/109903f0e2774cf948698cd95a01f77f33d7dd2c/node-server.js#L10",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Product"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-39560",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-28T17:15:09.820",
|
||||
"lastModified": "2023-08-28T17:15:09.820",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-08-28T19:28:54.367",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
24
CVE-2023/CVE-2023-395xx/CVE-2023-39562.json
Normal file
24
CVE-2023/CVE-2023-395xx/CVE-2023-39562.json
Normal file
@ -0,0 +1,24 @@
|
||||
{
|
||||
"id": "CVE-2023-39562",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-28T19:15:07.747",
|
||||
"lastModified": "2023-08-28T19:28:54.367",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a heap-use-after-free via the gf_bs_align function at bitstream.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted file."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/ChanStormstout/Pocs/blob/master/gpac_POC/id%3A000000%2Csig%3A06%2Csrc%3A003771%2Ctime%3A328254%2Cexecs%3A120473%2Cop%3Ahavoc%2Crep%3A8",
|
||||
"source": "cve@mitre.org"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/gpac/gpac/issues/2537",
|
||||
"source": "cve@mitre.org"
|
||||
}
|
||||
]
|
||||
}
|
@ -2,23 +2,86 @@
|
||||
"id": "CVE-2023-39599",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-22T19:16:39.633",
|
||||
"lastModified": "2023-08-22T20:10:36.537",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2023-08-28T19:08:09.323",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en CSZ CMS v1.3.0 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en el par\u00e1metro \"Social Settings\"."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.4,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.3,
|
||||
"impactScore": 2.7
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:cszcms:csz_cms:1.3.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "B83DE2F9-E5FF-4A78-A40C-AB8CFF373992"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/desencrypt/CVE/blob/main/CVE-2023-39599/Readme.md",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/desencrypt/CVE/tree/main/CVE-2023-2",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-39708",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-28T14:15:09.033",
|
||||
"lastModified": "2023-08-28T14:15:09.033",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-08-28T19:28:54.367",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
28
CVE-2023/CVE-2023-397xx/CVE-2023-39709.json
Normal file
28
CVE-2023/CVE-2023-397xx/CVE-2023-39709.json
Normal file
@ -0,0 +1,28 @@
|
||||
{
|
||||
"id": "CVE-2023-39709",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-28T19:15:07.830",
|
||||
"lastModified": "2023-08-28T19:28:54.367",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Member section."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
{
|
||||
"url": "https://gist.github.com/Arajawat007/4cb86f9239c73ccfeaf466352513b188#file-cve-2023-39709",
|
||||
"source": "cve@mitre.org"
|
||||
},
|
||||
{
|
||||
"url": "https://www.sourcecodester.com/",
|
||||
"source": "cve@mitre.org"
|
||||
},
|
||||
{
|
||||
"url": "https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html",
|
||||
"source": "cve@mitre.org"
|
||||
}
|
||||
]
|
||||
}
|
24
CVE-2023/CVE-2023-398xx/CVE-2023-39810.json
Normal file
24
CVE-2023/CVE-2023-398xx/CVE-2023-39810.json
Normal file
@ -0,0 +1,24 @@
|
||||
{
|
||||
"id": "CVE-2023-39810",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-28T19:15:07.893",
|
||||
"lastModified": "2023-08-28T19:28:54.367",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
{
|
||||
"url": "http://busybox.com",
|
||||
"source": "cve@mitre.org"
|
||||
},
|
||||
{
|
||||
"url": "https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability/",
|
||||
"source": "cve@mitre.org"
|
||||
}
|
||||
]
|
||||
}
|
59
CVE-2023/CVE-2023-405xx/CVE-2023-40590.json
Normal file
59
CVE-2023/CVE-2023-405xx/CVE-2023-40590.json
Normal file
@ -0,0 +1,59 @@
|
||||
{
|
||||
"id": "CVE-2023-40590",
|
||||
"sourceIdentifier": "security-advisories@github.com",
|
||||
"published": "2023-08-28T18:15:08.937",
|
||||
"lastModified": "2023-08-28T19:28:54.367",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": " GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the `git` command, if a user runs GitPython from a repo has a `git.exe` or `git` executable, that program will be run instead of the one in the user's `PATH`. This is more of a problem on how Python interacts with Windows systems, Linux and any other OS aren't affected by this. But probably people using GitPython usually run it from the CWD of a repo. An attacker can trick a user to download a repository with a malicious `git` executable, if the user runs/imports GitPython from that directory, it allows the attacker to run any arbitrary commands. There is no fix currently available for windows users, however there are a few mitigations. 1: Default to an absolute path for the git program on Windows, like `C:\\\\Program Files\\\\Git\\\\cmd\\\\git.EXE` (default git path installation). 2: Require users to set the `GIT_PYTHON_GIT_EXECUTABLE` environment variable on Windows systems. 3: Make this problem prominent in the documentation and advise users to never run GitPython from an untrusted repo, or set the `GIT_PYTHON_GIT_EXECUTABLE` env var to an absolute path. 4: Resolve the executable manually by only looking into the `PATH` environment variable."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "security-advisories@github.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "LOCAL",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 7.8,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 1.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "security-advisories@github.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-426"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://docs.python.org/3/library/subprocess.html#popen-constructor",
|
||||
"source": "security-advisories@github.com"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4",
|
||||
"source": "security-advisories@github.com"
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-40748",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-28T13:15:09.397",
|
||||
"lastModified": "2023-08-28T13:15:09.397",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-08-28T19:28:54.370",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-40749",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-28T13:15:09.477",
|
||||
"lastModified": "2023-08-28T13:15:09.477",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-08-28T19:28:54.370",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-40750",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-28T13:15:09.557",
|
||||
"lastModified": "2023-08-28T13:15:09.557",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-08-28T19:28:54.370",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-40751",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-28T13:15:09.630",
|
||||
"lastModified": "2023-08-28T13:15:09.630",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-08-28T19:28:54.370",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-40752",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-28T13:15:09.707",
|
||||
"lastModified": "2023-08-28T13:15:09.707",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-08-28T19:28:54.370",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-40753",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-28T13:15:09.797",
|
||||
"lastModified": "2023-08-28T13:15:09.797",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-08-28T19:28:54.370",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-40754",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-28T13:15:09.883",
|
||||
"lastModified": "2023-08-28T13:15:09.883",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-08-28T19:28:54.370",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-40755",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-28T13:15:09.953",
|
||||
"lastModified": "2023-08-28T13:15:09.953",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-08-28T19:28:54.367",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-40756",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-28T13:15:10.033",
|
||||
"lastModified": "2023-08-28T13:15:10.033",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-08-28T19:28:54.367",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-40757",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-28T13:15:10.087",
|
||||
"lastModified": "2023-08-28T13:15:10.087",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-08-28T19:28:54.367",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-40758",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-28T13:15:10.147",
|
||||
"lastModified": "2023-08-28T13:15:10.147",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-08-28T19:28:54.367",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-40759",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-28T13:15:10.207",
|
||||
"lastModified": "2023-08-28T13:15:10.207",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-08-28T19:28:54.367",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-40760",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-28T13:15:10.267",
|
||||
"lastModified": "2023-08-28T13:15:10.267",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-08-28T19:28:54.367",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-40761",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-28T13:15:10.327",
|
||||
"lastModified": "2023-08-28T13:15:10.327",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-08-28T19:28:54.367",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-40762",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-28T13:15:10.387",
|
||||
"lastModified": "2023-08-28T13:15:10.387",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-08-28T19:28:54.367",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-40763",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-28T13:15:10.467",
|
||||
"lastModified": "2023-08-28T13:15:10.467",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-08-28T19:28:54.367",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-40764",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-28T13:15:10.533",
|
||||
"lastModified": "2023-08-28T13:15:10.533",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-08-28T19:28:54.367",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-40765",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-28T13:15:10.593",
|
||||
"lastModified": "2023-08-28T13:15:10.593",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-08-28T19:28:54.367",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-40766",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-28T13:15:10.657",
|
||||
"lastModified": "2023-08-28T13:15:10.657",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-08-28T19:28:54.367",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-40767",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-28T13:15:10.713",
|
||||
"lastModified": "2023-08-28T13:15:10.713",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-08-28T19:28:54.367",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-40846",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-08-28T14:15:09.197",
|
||||
"lastModified": "2023-08-28T14:15:09.197",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-08-28T19:28:54.367",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,27 +2,90 @@
|
||||
"id": "CVE-2023-4427",
|
||||
"sourceIdentifier": "chrome-cve-admin@google.com",
|
||||
"published": "2023-08-23T00:15:09.073",
|
||||
"lastModified": "2023-08-26T16:15:42.597",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"lastModified": "2023-08-28T19:55:42.107",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)"
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.1,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 5.2
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-125"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "116.0.5845.110",
|
||||
"matchCriteriaId": "1FFC5A2F-C97A-4FD2-825D-A3C18A1D4D78"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Release Notes",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://crbug.com/1470668",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Permissions Required"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://www.debian.org/security/2023/dsa-5483",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2023-4547",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2023-08-26T09:15:09.057",
|
||||
"lastModified": "2023-08-28T05:16:07.333",
|
||||
"lastModified": "2023-08-28T18:15:09.063",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -72,6 +72,10 @@
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "http://packetstormsecurity.com/files/174343/SPA-Cart-eCommerce-CMS-1.9.0.3-Cross-Site-Scripting.html",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.238058",
|
||||
"source": "cna@vuldb.com"
|
||||
|
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2023-4548",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2023-08-26T10:15:11.277",
|
||||
"lastModified": "2023-08-28T05:16:07.333",
|
||||
"lastModified": "2023-08-28T18:15:09.227",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -72,6 +72,10 @@
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "http://packetstormsecurity.com/files/174344/SPA-Cart-eCommerce-CMS-1.9.0.3-SQL-Injection.html",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.238059",
|
||||
"source": "cna@vuldb.com"
|
||||
|
55
README.md
55
README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
|
||||
### Last Repository Update
|
||||
|
||||
```plain
|
||||
2023-08-28T18:00:25.157865+00:00
|
||||
2023-08-28T20:00:25.281014+00:00
|
||||
```
|
||||
|
||||
### Most recent CVE Modification Timestamp synchronized with NVD
|
||||
|
||||
```plain
|
||||
2023-08-28T17:46:02.613000+00:00
|
||||
2023-08-28T19:55:42.107000+00:00
|
||||
```
|
||||
|
||||
### Last Data Feed Release
|
||||
@ -29,33 +29,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
|
||||
### Total Number of included CVEs
|
||||
|
||||
```plain
|
||||
223561
|
||||
223567
|
||||
```
|
||||
|
||||
### CVEs added in the last Commit
|
||||
|
||||
Recently added CVEs: `2`
|
||||
Recently added CVEs: `6`
|
||||
|
||||
* [CVE-2023-1997](CVE-2023/CVE-2023-19xx/CVE-2023-1997.json) (`2023-08-28T16:15:08.627`)
|
||||
* [CVE-2023-39560](CVE-2023/CVE-2023-395xx/CVE-2023-39560.json) (`2023-08-28T17:15:09.820`)
|
||||
* [CVE-2020-27366](CVE-2020/CVE-2020-273xx/CVE-2020-27366.json) (`2023-08-28T18:15:08.593`)
|
||||
* [CVE-2023-39062](CVE-2023/CVE-2023-390xx/CVE-2023-39062.json) (`2023-08-28T18:15:08.863`)
|
||||
* [CVE-2023-40590](CVE-2023/CVE-2023-405xx/CVE-2023-40590.json) (`2023-08-28T18:15:08.937`)
|
||||
* [CVE-2023-39562](CVE-2023/CVE-2023-395xx/CVE-2023-39562.json) (`2023-08-28T19:15:07.747`)
|
||||
* [CVE-2023-39709](CVE-2023/CVE-2023-397xx/CVE-2023-39709.json) (`2023-08-28T19:15:07.830`)
|
||||
* [CVE-2023-39810](CVE-2023/CVE-2023-398xx/CVE-2023-39810.json) (`2023-08-28T19:15:07.893`)
|
||||
|
||||
|
||||
### CVEs modified in the last Commit
|
||||
|
||||
Recently modified CVEs: `12`
|
||||
Recently modified CVEs: `44`
|
||||
|
||||
* [CVE-2020-21583](CVE-2020/CVE-2020-215xx/CVE-2020-21583.json) (`2023-08-28T16:35:03.030`)
|
||||
* [CVE-2020-26683](CVE-2020/CVE-2020-266xx/CVE-2020-26683.json) (`2023-08-28T16:44:27.123`)
|
||||
* [CVE-2021-34193](CVE-2021/CVE-2021-341xx/CVE-2021-34193.json) (`2023-08-28T17:04:48.407`)
|
||||
* [CVE-2021-35309](CVE-2021/CVE-2021-353xx/CVE-2021-35309.json) (`2023-08-28T17:23:51.530`)
|
||||
* [CVE-2021-40263](CVE-2021/CVE-2021-402xx/CVE-2021-40263.json) (`2023-08-28T17:25:01.043`)
|
||||
* [CVE-2021-46312](CVE-2021/CVE-2021-463xx/CVE-2021-46312.json) (`2023-08-28T17:40:07.023`)
|
||||
* [CVE-2021-46310](CVE-2021/CVE-2021-463xx/CVE-2021-46310.json) (`2023-08-28T17:46:02.613`)
|
||||
* [CVE-2023-20232](CVE-2023/CVE-2023-202xx/CVE-2023-20232.json) (`2023-08-28T16:00:45.907`)
|
||||
* [CVE-2023-32563](CVE-2023/CVE-2023-325xx/CVE-2023-32563.json) (`2023-08-28T16:15:09.003`)
|
||||
* [CVE-2023-37151](CVE-2023/CVE-2023-371xx/CVE-2023-37151.json) (`2023-08-28T16:15:09.600`)
|
||||
* [CVE-2023-4273](CVE-2023/CVE-2023-42xx/CVE-2023-4273.json) (`2023-08-28T16:15:09.860`)
|
||||
* [CVE-2023-27576](CVE-2023/CVE-2023-275xx/CVE-2023-27576.json) (`2023-08-28T17:15:09.600`)
|
||||
* [CVE-2023-40759](CVE-2023/CVE-2023-407xx/CVE-2023-40759.json) (`2023-08-28T19:28:54.367`)
|
||||
* [CVE-2023-40760](CVE-2023/CVE-2023-407xx/CVE-2023-40760.json) (`2023-08-28T19:28:54.367`)
|
||||
* [CVE-2023-40761](CVE-2023/CVE-2023-407xx/CVE-2023-40761.json) (`2023-08-28T19:28:54.367`)
|
||||
* [CVE-2023-40762](CVE-2023/CVE-2023-407xx/CVE-2023-40762.json) (`2023-08-28T19:28:54.367`)
|
||||
* [CVE-2023-40763](CVE-2023/CVE-2023-407xx/CVE-2023-40763.json) (`2023-08-28T19:28:54.367`)
|
||||
* [CVE-2023-40764](CVE-2023/CVE-2023-407xx/CVE-2023-40764.json) (`2023-08-28T19:28:54.367`)
|
||||
* [CVE-2023-40765](CVE-2023/CVE-2023-407xx/CVE-2023-40765.json) (`2023-08-28T19:28:54.367`)
|
||||
* [CVE-2023-40766](CVE-2023/CVE-2023-407xx/CVE-2023-40766.json) (`2023-08-28T19:28:54.367`)
|
||||
* [CVE-2023-40767](CVE-2023/CVE-2023-407xx/CVE-2023-40767.json) (`2023-08-28T19:28:54.367`)
|
||||
* [CVE-2023-39708](CVE-2023/CVE-2023-397xx/CVE-2023-39708.json) (`2023-08-28T19:28:54.367`)
|
||||
* [CVE-2023-40846](CVE-2023/CVE-2023-408xx/CVE-2023-40846.json) (`2023-08-28T19:28:54.367`)
|
||||
* [CVE-2023-1997](CVE-2023/CVE-2023-19xx/CVE-2023-1997.json) (`2023-08-28T19:28:54.367`)
|
||||
* [CVE-2023-39560](CVE-2023/CVE-2023-395xx/CVE-2023-39560.json) (`2023-08-28T19:28:54.367`)
|
||||
* [CVE-2023-40748](CVE-2023/CVE-2023-407xx/CVE-2023-40748.json) (`2023-08-28T19:28:54.370`)
|
||||
* [CVE-2023-40749](CVE-2023/CVE-2023-407xx/CVE-2023-40749.json) (`2023-08-28T19:28:54.370`)
|
||||
* [CVE-2023-40750](CVE-2023/CVE-2023-407xx/CVE-2023-40750.json) (`2023-08-28T19:28:54.370`)
|
||||
* [CVE-2023-40751](CVE-2023/CVE-2023-407xx/CVE-2023-40751.json) (`2023-08-28T19:28:54.370`)
|
||||
* [CVE-2023-40752](CVE-2023/CVE-2023-407xx/CVE-2023-40752.json) (`2023-08-28T19:28:54.370`)
|
||||
* [CVE-2023-40753](CVE-2023/CVE-2023-407xx/CVE-2023-40753.json) (`2023-08-28T19:28:54.370`)
|
||||
* [CVE-2023-40754](CVE-2023/CVE-2023-407xx/CVE-2023-40754.json) (`2023-08-28T19:28:54.370`)
|
||||
* [CVE-2023-38668](CVE-2023/CVE-2023-386xx/CVE-2023-38668.json) (`2023-08-28T19:38:54.383`)
|
||||
* [CVE-2023-38667](CVE-2023/CVE-2023-386xx/CVE-2023-38667.json) (`2023-08-28T19:40:03.987`)
|
||||
* [CVE-2023-38666](CVE-2023/CVE-2023-386xx/CVE-2023-38666.json) (`2023-08-28T19:46:35.200`)
|
||||
* [CVE-2023-33850](CVE-2023/CVE-2023-338xx/CVE-2023-33850.json) (`2023-08-28T19:51:25.020`)
|
||||
* [CVE-2023-4427](CVE-2023/CVE-2023-44xx/CVE-2023-4427.json) (`2023-08-28T19:55:42.107`)
|
||||
|
||||
|
||||
## Download and Usage
|
||||
|
Loading…
x
Reference in New Issue
Block a user