admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-07-25T23:55:25.534260+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-07-25 23:55:28 +00:00
parent 31cdde3852
commit 74fb1f3e47
8 changed files with 361 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
CVE-2022/CVE-2022-314xx/CVE-2022-31457.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2022-31457",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-25T22:15:10.410",
"lastModified": "2023-07-25T22:15:10.410",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "RTX TRAP v1.0 allows attackers to perform a directory traversal via a crafted request sent to the endpoint /data/."
}
],
"metrics": {},
"references": [
{
"url": "https://medium.com/@rohitgautam26/cve-2022-31457-2027b7678af7",
"source": "cve@mitre.org"
}
]
}

10
CVE-2022/CVE-2022-419xx/CVE-2022-41906.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-41906",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-11-11T19:15:11.613",
"lastModified": "2022-11-16T17:08:30.367",
"vulnStatus": "Analyzed",
"lastModified": "2023-07-25T23:15:10.037",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin 2.2.0 and below could allow an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Notification plugin's intended scope. OpenSearch 2.2.1+ contains the fix for this issue. There are currently no recommended workarounds."
"value": "OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin starting in 2.0.0 and prior to 2.2.1 could allow an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Notification plugin's intended scope. OpenSearch 2.2.1+ contains the fix for this issue. There are currently no recommended workarounds. \n"
}
],
"metrics": {
@ -58,7 +58,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
@ -68,7 +68,7 @@
]
},
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

67
CVE-2023/CVE-2023-384xx/CVE-2023-38496.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-38496",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-25T22:15:10.503",
"lastModified": "2023-07-25T22:15:10.503",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Apptainer is an open source container platform. Version 1.2.0-rc.2 introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges, the attack surface is rather limited for users but an attacker could possibly craft a starter config to delete any directory on the host filesystems. A security fix has been included in Apptainer 1.2.1. There is no known workaround outside of upgrading to Apptainer 1.2.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
},
{
"lang": "en",
"value": "CWE-271"
}
]
}
],
"references": [
{
"url": "https://github.com/apptainer/apptainer/pull/1523",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/apptainer/apptainer/pull/1578",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/apptainer/apptainer/security/advisories/GHSA-mmx5-32m4-wxvx",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-385xx/CVE-2023-38501.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-38501",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-25T22:15:10.600",
"lastModified": "2023-07-25T22:15:10.600",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "copyparty is file server software. Prior to version 1.8.7, the application contains a reflected cross-site scripting via URL-parameter `?k304=...` and `?setck=...`. The worst-case outcome of this is being able to move or delete existing files on the server, or upload new files, using the account of the person who clicks the malicious link. It is recommended to change the passwords of one's copyparty accounts, unless one have inspected one's logs and found no trace of attacks. Version 1.8.7 contains a patch for the issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/9001/copyparty/commit/007d948cb982daa05bc6619cd20ee55b7e834c38",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/9001/copyparty/security/advisories/GHSA-f54q-j679-p9hh",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-385xx/CVE-2023-38502.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-38502",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-25T22:15:10.693",
"lastModified": "2023-07-25T22:15:10.693",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to version 3.0.7.1, TDengine DataBase crashes on UDF nested query. This issue affects TDengine Databases which let users connect and run arbitrary queries. Version 3.0.7.1 has a patch for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/taosdata/TDengine/security/advisories/GHSA-w23f-r2fm-27hf",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-385xx/CVE-2023-38503.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-38503",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-25T23:15:10.183",
"lastModified": "2023-07-25T23:15:10.183",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.3.0 and prior to version 10.5.0, the permission filters (i.e. `user_created IS $CURRENT_USER`) are not properly checked when using GraphQL subscription resulting in unauthorized users getting event on their subscription which they should not be receiving according to the permissions. This can be any collection but out-of-the box the `directus_users` collection is configured with such a permissions filter allowing you to get updates for other users when changes happen. Version 10.5.0 contains a patch. As a workaround, disable GraphQL subscriptions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/directus/directus/pull/19155",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/directus/directus/security/advisories/GHSA-gggm-66rh-pp98",
"source": "security-advisories@github.com"
}
]
}

84
CVE-2023/CVE-2023-39xx/CVE-2023-3945.json Normal file
View File

@ -0,0 +1,84 @@
{
"id": "CVE-2023-3945",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-25T22:15:10.780",
"lastModified": "2023-07-25T22:15:10.780",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in phpscriptpoint Lawyer 1.6. It has been classified as problematic. This affects an unknown part of the file search.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235401 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.235401",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.235401",
"source": "cna@vuldb.com"
}
]
}

41
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-07-25T22:00:27.797414+00:00
2023-07-25T23:55:25.534260+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-07-25T21:15:11.177000+00:00
2023-07-25T23:15:10.183000+00:00
```
### Last Data Feed Release
@ -29,43 +29,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
221028
221034
```
### CVEs added in the last Commit
Recently added CVEs: `20`
Recently added CVEs: `6`
* [CVE-2020-35698](CVE-2020/CVE-2020-356xx/CVE-2020-35698.json) (`2023-07-25T20:15:12.643`)
* [CVE-2022-31458](CVE-2022/CVE-2022-314xx/CVE-2022-31458.json) (`2023-07-25T20:15:12.783`)
* [CVE-2022-46898](CVE-2022/CVE-2022-468xx/CVE-2022-46898.json) (`2023-07-25T20:15:12.887`)
* [CVE-2022-46899](CVE-2022/CVE-2022-468xx/CVE-2022-46899.json) (`2023-07-25T20:15:12.997`)
* [CVE-2022-46900](CVE-2022/CVE-2022-469xx/CVE-2022-46900.json) (`2023-07-25T20:15:13.087`)
* [CVE-2022-46901](CVE-2022/CVE-2022-469xx/CVE-2022-46901.json) (`2023-07-25T20:15:13.157`)
* [CVE-2022-46902](CVE-2022/CVE-2022-469xx/CVE-2022-46902.json) (`2023-07-25T20:15:13.227`)
* [CVE-2023-34798](CVE-2023/CVE-2023-347xx/CVE-2023-34798.json) (`2023-07-25T20:15:13.313`)
* [CVE-2023-37257](CVE-2023/CVE-2023-372xx/CVE-2023-37257.json) (`2023-07-25T20:15:13.423`)
* [CVE-2023-37258](CVE-2023/CVE-2023-372xx/CVE-2023-37258.json) (`2023-07-25T20:15:13.560`)
* [CVE-2023-37460](CVE-2023/CVE-2023-374xx/CVE-2023-37460.json) (`2023-07-25T20:15:13.703`)
* [CVE-2023-37677](CVE-2023/CVE-2023-376xx/CVE-2023-37677.json) (`2023-07-25T20:15:13.823`)
* [CVE-2023-3944](CVE-2023/CVE-2023-39xx/CVE-2023-3944.json) (`2023-07-25T20:15:14.027`)
* [CVE-2023-37902](CVE-2023/CVE-2023-379xx/CVE-2023-37902.json) (`2023-07-25T21:15:10.550`)
* [CVE-2023-37907](CVE-2023/CVE-2023-379xx/CVE-2023-37907.json) (`2023-07-25T21:15:10.647`)
* [CVE-2023-37919](CVE-2023/CVE-2023-379xx/CVE-2023-37919.json) (`2023-07-25T21:15:10.733`)
* [CVE-2023-37920](CVE-2023/CVE-2023-379xx/CVE-2023-37920.json) (`2023-07-25T21:15:10.827`)
* [CVE-2023-38493](CVE-2023/CVE-2023-384xx/CVE-2023-38493.json) (`2023-07-25T21:15:10.913`)
* [CVE-2023-38499](CVE-2023/CVE-2023-384xx/CVE-2023-38499.json) (`2023-07-25T21:15:10.997`)
* [CVE-2023-38500](CVE-2023/CVE-2023-385xx/CVE-2023-38500.json) (`2023-07-25T21:15:11.083`)
* [CVE-2022-31457](CVE-2022/CVE-2022-314xx/CVE-2022-31457.json) (`2023-07-25T22:15:10.410`)
* [CVE-2023-38496](CVE-2023/CVE-2023-384xx/CVE-2023-38496.json) (`2023-07-25T22:15:10.503`)
* [CVE-2023-38501](CVE-2023/CVE-2023-385xx/CVE-2023-38501.json) (`2023-07-25T22:15:10.600`)
* [CVE-2023-38502](CVE-2023/CVE-2023-385xx/CVE-2023-38502.json) (`2023-07-25T22:15:10.693`)
* [CVE-2023-3945](CVE-2023/CVE-2023-39xx/CVE-2023-3945.json) (`2023-07-25T22:15:10.780`)
* [CVE-2023-38503](CVE-2023/CVE-2023-385xx/CVE-2023-38503.json) (`2023-07-25T23:15:10.183`)
### CVEs modified in the last Commit
Recently modified CVEs: `4`
Recently modified CVEs: `1`
* [CVE-2023-38403](CVE-2023/CVE-2023-384xx/CVE-2023-38403.json) (`2023-07-25T20:15:13.897`)
* [CVE-2023-20593](CVE-2023/CVE-2023-205xx/CVE-2023-20593.json) (`2023-07-25T21:15:10.333`)
* [CVE-2023-35936](CVE-2023/CVE-2023-359xx/CVE-2023-35936.json) (`2023-07-25T21:15:10.427`)
* [CVE-2023-38745](CVE-2023/CVE-2023-387xx/CVE-2023-38745.json) (`2023-07-25T21:15:11.177`)
* [CVE-2022-41906](CVE-2022/CVE-2022-419xx/CVE-2022-41906.json) (`2023-07-25T23:15:10.037`)
## Download and Usage