admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-01T02:00:28.809930+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-01 02:00:32 +00:00
parent 9b89abd0ff
commit 75367a92a6
20 changed files with 898 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2021/CVE-2021-373xx/CVE-2021-37386.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2021-37386",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-17T17:15:09.377",
"lastModified": "2023-07-26T21:36:32.693",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-01T01:15:10.463",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Furukawa 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function."
"value": "Furukawa Electric LatAm 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function."
}
],
"metrics": {

64
CVE-2021/CVE-2021-394xx/CVE-2021-39421.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2021-39421",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-24T20:15:10.087",
"lastModified": "2023-07-25T13:01:09.337",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-01T00:54:48.313",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in SeedDMS v6.0.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:seeddms:seeddms:6.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4B5F2138-42C3-4677-AF17-65E89F3A0BE7"
}
]
}
]
}
],
"references": [
{
"url": "https://medium.com/@rohitgautam26/cve-2021-39421-76fa68817cd",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

77
CVE-2022/CVE-2022-468xx/CVE-2022-46898.json
View File

@ -2,23 +2,90 @@
"id": "CVE-2022-46898",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-25T20:15:12.887",
"lastModified": "2023-07-26T04:24:59.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-01T01:21:54.823",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal via the \"restore SQL data\" filename. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. The filename provided is not properly sanitized and allows for the inclusion of a path-traversal payload that can be used to escape the intended Vocera restoration directory. An attacker could exploit this vulnerability to point to a crafted ZIP archive that contains SQL commands that could be executed against the database."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vocera:report_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.8.0.135",
"matchCriteriaId": "61B697DE-2326-4850-B92B-363CA5CEA015"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vocera:voice_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.8.0.135",
"matchCriteriaId": "C24A19CF-9202-43AE-A82C-EF80E4BABAFD"
}
]
}
]
}
],
"references": [
{
"url": "https://www.stryker.com/us/en/about/governance/cyber-security/product-security/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://www.stryker.com/us/en/about/governance/cyber-security/product-security/vocera-report-server-vulnerabilities--cve-2022-46898--cve-2022-4.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

77
CVE-2022/CVE-2022-468xx/CVE-2022-46899.json
View File

@ -2,23 +2,90 @@
"id": "CVE-2022-46899",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-25T20:15:12.997",
"lastModified": "2023-07-26T04:24:59.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-01T01:28:42.690",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Arbitrary File Upload. The BaseController class, that each of the service controllers derives from, allows for the upload of arbitrary files. If the HTTP request is a multipart/form-data POST request, any parameters with a filename entry will have their content written to a file in the Vocera upload-staging directory with the specified filename in the parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vocera:report_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.8.0.135",
"matchCriteriaId": "61B697DE-2326-4850-B92B-363CA5CEA015"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vocera:voice_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.8.0.135",
"matchCriteriaId": "C24A19CF-9202-43AE-A82C-EF80E4BABAFD"
}
]
}
]
}
],
"references": [
{
"url": "https://www.stryker.com/us/en/about/governance/cyber-security/product-security/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://www.stryker.com/us/en/about/governance/cyber-security/product-security/vocera-report-server-vulnerabilities--cve-2022-46898--cve-2022-4.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

72
CVE-2022/CVE-2022-469xx/CVE-2022-46900.json
View File

@ -2,19 +2,83 @@
"id": "CVE-2022-46900",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-25T20:15:13.087",
"lastModified": "2023-07-26T04:24:59.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-01T01:30:08.263",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed on the server at specified intervals, e.g., backup, etc. An authenticated user has the ability to modify these entries and set the executable path and parameters."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vocera:report_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.8.0.135",
"matchCriteriaId": "61B697DE-2326-4850-B92B-363CA5CEA015"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vocera:voice_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.8.0.135",
"matchCriteriaId": "C24A19CF-9202-43AE-A82C-EF80E4BABAFD"
}
]
}
]
}
],
"references": [
{
"url": "https://www.stryker.com/us/en/about/governance/cyber-security/product-security/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
}
]
}

77
CVE-2022/CVE-2022-469xx/CVE-2022-46901.json
View File

@ -2,23 +2,90 @@
"id": "CVE-2022-46901",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-25T20:15:13.157",
"lastModified": "2023-07-26T04:24:59.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-01T01:32:04.767",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This includes system tasks, and backing up, loading, and clearing of the database."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vocera:report_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.8.0.135",
"matchCriteriaId": "61B697DE-2326-4850-B92B-363CA5CEA015"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vocera:voice_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.8.0.135",
"matchCriteriaId": "C24A19CF-9202-43AE-A82C-EF80E4BABAFD"
}
]
}
]
}
],
"references": [
{
"url": "https://www.stryker.com/us/en/about/governance/cyber-security/product-security/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://www.stryker.com/us/en/about/governance/cyber-security/product-security/vocera-report-server-vulnerabilities--cve-2022-46898--cve-2022-4.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

30
CVE-2023/CVE-2023-280xx/CVE-2023-28023.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-28023",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-07-18T20:15:09.593",
"lastModified": "2023-07-31T18:15:10.210",
"lastModified": "2023-08-01T01:15:10.603",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "HCL Verse is susceptible to a Stored Cross Site Scripting (XSS) vulnerability. An attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information.\n"
"value": "A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network).\u00a0\n"
}
],
"metrics": {
@ -37,20 +37,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH"
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5
"exploitabilityScore": 1.8,
"impactScore": 2.7
}
]
},
@ -86,7 +86,7 @@
],
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105904",
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123",
"source": "psirt@hcl.com"
}
]

6
CVE-2023/CVE-2023-301xx/CVE-2023-30151.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-30151",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-13T17:15:09.207",
"lastModified": "2023-07-21T15:03:17.500",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-01T01:15:10.693",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.1.10, allows remote authenticated users to execute arbitrary SQL commands via the `key` GET parameter."
"value": "A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.1.10, allows remote attackers to execute arbitrary SQL commands via the `key` GET parameter."
}
],
"metrics": {

64
CVE-2023/CVE-2023-347xx/CVE-2023-34798.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-34798",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-25T20:15:13.313",
"lastModified": "2023-07-26T04:24:59.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-01T01:38:58.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability in eoffice before v9.5 allows attackers to execute arbitrary code via uploading a crafted file."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:weaver:e-office:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.5",
"matchCriteriaId": "6A921F54-4147-4FC5-ADE6-25A27365D37A"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/Zhu013/e5e6e03613704a2a4107cc6456f1e8e2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-363xx/CVE-2023-36385.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36385",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-25T14:15:10.720",
"lastModified": "2023-07-25T17:22:14.780",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-01T00:45:15.787",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpxpo:postx:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.9.9",
"matchCriteriaId": "AD5DED81-868E-4242-B293-66765A0A7F1A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ultimate-post/wordpress-postx-gutenberg-post-grid-blocks-plugin-2-9-9-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-365xx/CVE-2023-36502.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36502",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-25T14:15:10.893",
"lastModified": "2023-07-25T17:22:14.780",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-01T00:47:08.160",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cththemes:balkon:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.3.2",
"matchCriteriaId": "7CF1BBA8-3BE4-4F60-B106-5422C603D443"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/balkon/wordpress-balkon-theme-1-3-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-365xx/CVE-2023-36503.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36503",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-07-25T14:15:10.980",
"lastModified": "2023-07-25T17:22:14.780",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-01T00:48:46.750",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +56,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +64,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:maxfoundry:maxbuttons:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "9.5.3",
"matchCriteriaId": "22C3DB4C-C94D-4326-814F-32F460E62BE9"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/maxbuttons/wordpress-wordpress-button-plugin-maxbuttons-plugin-9-5-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

43
CVE-2023/CVE-2023-374xx/CVE-2023-37496.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-37496",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-08-01T01:15:10.770",
"lastModified": "2023-08-01T01:15:10.770",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "HCL Verse is susceptible to a Stored Cross Site Scripting (XSS) vulnerability. An attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@hcl.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5
}
]
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105904",
"source": "psirt@hcl.com"
}
]
}

28
CVE-2023/CVE-2023-377xx/CVE-2023-37772.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-37772",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-01T01:15:10.850",
"lastModified": "2023-08-01T01:15:10.850",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability via the Email parameter at /shopping/login.php."
}
],
"metrics": {},
"references": [
{
"url": "http://phpgurukul.com/shopping-portal-free-download/",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/anky-123/CVE-2023-37772/blob/main/CVE-2",
"source": "cve@mitre.org"
},
{
"url": "https://phpgurukul.com/",
"source": "cve@mitre.org"
}
]
}

47
CVE-2023/CVE-2023-379xx/CVE-2023-37903.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37903",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-21T20:15:16.057",
"lastModified": "2023-07-24T13:09:06.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-01T01:51:31.417",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vm2_project:vm2:*:*:*:*:*:node.js:*:*",
"versionEndIncluding": "3.9.19",
"matchCriteriaId": "5F54A6F9-FD6B-4E23-A6B7-616952129C1C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-g644-9gfx-q4q4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-391xx/CVE-2023-39173.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39173",
"sourceIdentifier": "security@jetbrains.com",
"published": "2023-07-25T15:15:13.693",
"lastModified": "2023-07-25T17:22:14.780",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-01T01:02:33.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@jetbrains.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.05.2",
"matchCriteriaId": "01651650-50D9-4C0D-8234-B33AA70F82D8"
}
]
}
]
}
],
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "security@jetbrains.com"
"source": "security@jetbrains.com",
"tags": [
"Vendor Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-391xx/CVE-2023-39174.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39174",
"sourceIdentifier": "security@jetbrains.com",
"published": "2023-07-25T15:15:13.830",
"lastModified": "2023-07-25T17:22:14.780",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-01T01:10:49.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security@jetbrains.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.05.2",
"matchCriteriaId": "01651650-50D9-4C0D-8234-B33AA70F82D8"
}
]
}
]
}
],
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "security@jetbrains.com"
"source": "security@jetbrains.com",
"tags": [
"Vendor Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-391xx/CVE-2023-39175.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39175",
"sourceIdentifier": "security@jetbrains.com",
"published": "2023-07-25T15:15:13.917",
"lastModified": "2023-07-25T17:22:14.780",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-01T01:08:48.417",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@jetbrains.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.05.2",
"matchCriteriaId": "01651650-50D9-4C0D-8234-B33AA70F82D8"
}
]
}
]
}
],
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "security@jetbrains.com"
"source": "security@jetbrains.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-40xx/CVE-2023-4033.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4033",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-08-01T01:15:10.913",
"lastModified": "2023-08-01T01:15:10.913",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://github.com/mlflow/mlflow/commit/6dde93758d42455cb90ef324407919ed67668b9b",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/5312d6f8-67a5-4607-bd47-5e19966fa321",
"source": "security@huntr.dev"
}
]
}

33
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-07-31T23:55:26.158758+00:00
2023-08-01T02:00:28.809930+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-07-31T23:15:10.437000+00:00
2023-08-01T01:51:31.417000+00:00
```
### Last Data Feed Release
@ -23,29 +23,44 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2023-07-31T00:00:13.543710+00:00
2023-08-01T00:00:13.547072+00:00
```
### Total Number of included CVEs
```plain
221347
221350
```
### CVEs added in the last Commit
Recently added CVEs: `3`
* [CVE-2023-39122](CVE-2023/CVE-2023-391xx/CVE-2023-39122.json) (`2023-07-31T23:15:10.297`)
* [CVE-2023-3462](CVE-2023/CVE-2023-34xx/CVE-2023-3462.json) (`2023-07-31T23:15:10.360`)
* [CVE-2023-3825](CVE-2023/CVE-2023-38xx/CVE-2023-3825.json) (`2023-07-31T23:15:10.437`)
* [CVE-2023-37496](CVE-2023/CVE-2023-374xx/CVE-2023-37496.json) (`2023-08-01T01:15:10.770`)
* [CVE-2023-37772](CVE-2023/CVE-2023-377xx/CVE-2023-37772.json) (`2023-08-01T01:15:10.850`)
* [CVE-2023-4033](CVE-2023/CVE-2023-40xx/CVE-2023-4033.json) (`2023-08-01T01:15:10.913`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `16`
* [CVE-2023-36884](CVE-2023/CVE-2023-368xx/CVE-2023-36884.json) (`2023-07-31T23:15:10.167`)
* [CVE-2021-39421](CVE-2021/CVE-2021-394xx/CVE-2021-39421.json) (`2023-08-01T00:54:48.313`)
* [CVE-2021-37386](CVE-2021/CVE-2021-373xx/CVE-2021-37386.json) (`2023-08-01T01:15:10.463`)
* [CVE-2022-46898](CVE-2022/CVE-2022-468xx/CVE-2022-46898.json) (`2023-08-01T01:21:54.823`)
* [CVE-2022-46899](CVE-2022/CVE-2022-468xx/CVE-2022-46899.json) (`2023-08-01T01:28:42.690`)
* [CVE-2022-46900](CVE-2022/CVE-2022-469xx/CVE-2022-46900.json) (`2023-08-01T01:30:08.263`)
* [CVE-2022-46901](CVE-2022/CVE-2022-469xx/CVE-2022-46901.json) (`2023-08-01T01:32:04.767`)
* [CVE-2023-36385](CVE-2023/CVE-2023-363xx/CVE-2023-36385.json) (`2023-08-01T00:45:15.787`)
* [CVE-2023-36502](CVE-2023/CVE-2023-365xx/CVE-2023-36502.json) (`2023-08-01T00:47:08.160`)
* [CVE-2023-36503](CVE-2023/CVE-2023-365xx/CVE-2023-36503.json) (`2023-08-01T00:48:46.750`)
* [CVE-2023-39173](CVE-2023/CVE-2023-391xx/CVE-2023-39173.json) (`2023-08-01T01:02:33.797`)
* [CVE-2023-39175](CVE-2023/CVE-2023-391xx/CVE-2023-39175.json) (`2023-08-01T01:08:48.417`)
* [CVE-2023-39174](CVE-2023/CVE-2023-391xx/CVE-2023-39174.json) (`2023-08-01T01:10:49.157`)
* [CVE-2023-28023](CVE-2023/CVE-2023-280xx/CVE-2023-28023.json) (`2023-08-01T01:15:10.603`)
* [CVE-2023-30151](CVE-2023/CVE-2023-301xx/CVE-2023-30151.json) (`2023-08-01T01:15:10.693`)
* [CVE-2023-34798](CVE-2023/CVE-2023-347xx/CVE-2023-34798.json) (`2023-08-01T01:38:58.997`)
* [CVE-2023-37903](CVE-2023/CVE-2023-379xx/CVE-2023-37903.json) (`2023-08-01T01:51:31.417`)
## Download and Usage