admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-16T18:00:25.654977+00:00

Browse Source
This commit is contained in:
René Helmke 2023-05-16 20:00:28 +02:00
parent 15b5f6d876
commit 7647f46925
53 changed files with 2395 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

429
CVE-2002/CVE-2002-200xx/CVE-2002-20001.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2002-20001",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-11-11T19:15:07.380",
"lastModified": "2022-11-09T18:15:10.340",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-05-16T16:15:29.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -77,6 +77,7 @@
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -90,48 +91,449 @@
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*",
"matchCriteriaId": "F13F07CC-739B-465C-9184-0E9D708BD4C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*",
"matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:*:*:*",
"matchCriteriaId": "70A029CD-2AC4-4877-B1A4-5C72B351BA27"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.1.0",
"versionEndIncluding": "17.1.0",
"matchCriteriaId": "CE73DAA2-9CCA-4BD6-B11A-9326F79D9ABB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.1.0",
"versionEndIncluding": "17.1.0",
"matchCriteriaId": "475E283C-8F3C-4051-B9E8-349845F8C528"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.1.0",
"versionEndIncluding": "17.1.0",
"matchCriteriaId": "956AC9F3-2042-4C21-A5E4-D2D4334D2FC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.1.0",
"versionEndIncluding": "17.1.0",
"matchCriteriaId": "E17DBD3E-F5AC-4A35-81E0-C4804CAD78F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.1.0",
"versionEndIncluding": "17.1.0",
"matchCriteriaId": "346B71B1-D583-4463-ADF8-BEE700B0CA3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.1.0",
"versionEndIncluding": "17.1.0",
"matchCriteriaId": "B2AA25BA-72C5-48A9-BDBC-CA108208011F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.1.0",
"versionEndIncluding": "17.1.0",
"matchCriteriaId": "308B0070-6716-4754-A5E4-C3D70CAB376B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.1.0",
"versionEndIncluding": "17.1.0",
"matchCriteriaId": "8F26AB06-7FEB-4A56-B722-DBDEEE628DB8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.1.0",
"versionEndIncluding": "17.1.0",
"matchCriteriaId": "EE48C9C9-6B84-4A4A-963D-6DFE0C2FB312"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.1.0",
"versionEndIncluding": "17.1.0",
"matchCriteriaId": "878CD8E6-6B9B-431D-BD15-F954C7B8076F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.1.0",
"versionEndIncluding": "17.1.0",
"matchCriteriaId": "4D9DB9B9-2959-448E-9B59-C873584A0E11"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.1.0",
"versionEndIncluding": "17.1.0",
"matchCriteriaId": "6AF04191-019B-4BC9-A9A7-7B7AA9B5B7D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.1.0",
"versionEndIncluding": "17.1.0",
"matchCriteriaId": "F62D754D-A4A1-4093-AB42-9F51C19976CA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.1.0",
"versionEndIncluding": "17.1.0",
"matchCriteriaId": "90084CD6-FA4B-4305-BC65-58237BAF714E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.1.0",
"versionEndIncluding": "17.1.0",
"matchCriteriaId": "BC9D4626-915F-42E5-81E0-6F8271084773"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.1.0",
"versionEndIncluding": "17.1.0",
"matchCriteriaId": "7056F1FA-24AC-4D9F-8DDC-B3CA4740BF5E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_service_proxy:1.6.0:*:*:*:*:kubernetes:*:*",
"matchCriteriaId": "BC5AC8C7-92BA-48D4-81A1-F5323DA952A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.1.0",
"versionEndIncluding": "17.1.0",
"matchCriteriaId": "E48AC50D-19B3-4E97-ADD2-B661BD891ED7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.1.0",
"versionEndIncluding": "17.1.0",
"matchCriteriaId": "B13C4244-BE15-4F2C-BBBA-35072571B041"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.1.0",
"versionEndIncluding": "17.1.0",
"matchCriteriaId": "C1B4FBF6-C23A-4BD2-ADFB-9617C03B603A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndIncluding": "8.2.0",
"matchCriteriaId": "360D8842-2C55-450F-9AFA-09CA34B12598"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-iq_centralized_management:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA0B396A-B5CE-4337-A33A-EF58C4589CB3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:f5os-a:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A3C86A-CA2F-4AC8-A43E-765829A96147"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:f5os-a:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03E01235-F9B0-4CCF-AA08-FECF61C62B21"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:f5os-c:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.3.0",
"versionEndIncluding": "1.3.2",
"matchCriteriaId": "3BFAE8EC-9A5F-421D-990D-B6D454DECAEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:f5os-c:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3EDB8D-5C16-49DF-BE48-C83744AD7788"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:f5os-c:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "12FEEABD-9A4A-4A33-9B74-7B053352C47D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:traffix_sdc:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "693DE548-00FA-4057-8FC9-6EB3761FBB24"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:traffix_sdc:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2D78E00-C168-4493-A279-699E480F59E2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.06.0000",
"versionEndExcluding": "10.06.0180",
"matchCriteriaId": "3B3AD582-9909-4FF5-B541-571F18E22356"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.07.0000",
"versionEndExcluding": "10.07.0030",
"matchCriteriaId": "21F81EB2-3916-4DC6-9600-B7FD17906B53"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.08.0000",
"versionEndExcluding": "10.08.0010",
"matchCriteriaId": "71284AA8-9E0E-4B2F-8464-B49E1D6965B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.09.0000",
"versionEndExcluding": "10.09.0002",
"matchCriteriaId": "F059E5A9-E613-4BE1-BF61-C477B3441175"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hpe:aruba_cx_4100i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7C2B56C-203F-4290-BCE7-8BD751DF9CEF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hpe:aruba_cx_6100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF1DD310-3D31-4204-92E0-70C33EE44F08"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hpe:aruba_cx_6200f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD1A83B-109B-4596-AE37-706751E2B57D"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hpe:aruba_cx_6200m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1218AAA5-01ED-4D89-A7AE-A600356ABD46"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hpe:aruba_cx_6300f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6F748F-89E9-45FB-8BE7-2201E5EB2755"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hpe:aruba_cx_6300m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8066A871-2683-4F74-9750-E73BF004209F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hpe:aruba_cx_6405:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D118A9A6-BBA4-4149-AE0D-1DA2EB45B53F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hpe:aruba_cx_6410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "790C5E7A-3405-4873-83E8-4D9C0FEC5E6D"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hpe:aruba_cx_8320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10B5F18A-28B0-49B4-8374-C681C2B48D2A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hpe:aruba_cx_8325-32c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59B7E2D3-0B72-4A78-AEFA-F106FAD38156"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hpe:aruba_cx_8325-48y8c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E87A92B-4EE5-4235-A0DA-195F27841DBB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hpe:aruba_cx_8360-12c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BC24E52-13C0-402F-9ABF-A1DE51719AEF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hpe:aruba_cx_8360-16y2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76EF979E-061A-42A3-B161-B835E92ED180"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hpe:aruba_cx_8360-24xf2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE04919C-9289-4FB3-938F-F8BB15EC6A74"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hpe:aruba_cx_8360-32y4c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B630C64B-C474-477D-A80B-A0FB73ACCC49"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hpe:aruba_cx_8360-48xt4c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53ABE8B8-A4F6-400B-A893-314BE24D06B8"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hpe:aruba_cx_8360-48y6c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C44383CC-3751-455E-B1AB-39B16F40DC76"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hpe:aruba_cx_8400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B25A9CD2-5E5F-4BDB-8707-5D6941411A2B"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://dheatattack.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/Balasys/dheater",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
"Product"
]
},
{
"url": "https://github.com/mozilla/ssl-config-generator/issues/162",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
"Issue Tracking"
]
},
{
"url": "https://support.f5.com/csp/article/K83120834",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.reddit.com/r/netsec/comments/qdoosy/server_overload_by_enforcing_dhe_key_exchange/",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
"Issue Tracking"
]
},
{
@ -139,12 +541,15 @@
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
"Technical Description"
]
},
{
"url": "https://www.suse.com/support/kb/doc/?id=000020510",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

65
CVE-2020/CVE-2020-233xx/CVE-2020-23362.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2020-23362",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-09T16:15:13.963",
"lastModified": "2023-05-09T17:37:00.247",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-16T17:17:58.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Insecure Permissons vulnerability found in Shop_CMS YerShop all versions allows a remote attacker to escalate privileges via the cover_id parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yershop_project:yershop:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA9478C-AE02-4BEA-9ECF-CBE71D8FB501"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/huyiwill/shopcms_lang/issues/1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

47
CVE-2022/CVE-2022-468xx/CVE-2022-46819.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-46819",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-10T10:15:10.437",
"lastModified": "2023-05-10T13:06:16.563",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-16T16:17:27.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gopiplus:continuous_announcement_scroller:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "13.0",
"matchCriteriaId": "1454894D-AA5A-4AD0-B6E6-8467FE64F140"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/continuous-announcement-scroller/wordpress-continuous-announcement-scroller-plugin-13-0-cross-site-scripting-xss?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2022/CVE-2022-468xx/CVE-2022-46861.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-46861",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-10T10:15:10.537",
"lastModified": "2023-05-10T13:06:16.563",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-16T16:17:13.987",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:web-settler:custom_login_page_styler:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "6.2",
"matchCriteriaId": "6F2C7872-13E1-445E-ADA2-5974105715DB"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/login-page-styler/wordpress-login-page-styler-plugin-6-2-cross-site-scripting-xss?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-249xx/CVE-2023-24953.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-24953",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:13.203",
"lastModified": "2023-05-09T18:23:25.203",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-16T16:16:11.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -34,10 +34,83 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "40C15EDD-98D4-4D06-BA06-21AE0F33C72D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "FF177984-A906-43FA-BF60-298133FBBD6B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*",
"matchCriteriaId": "40961B9E-80B6-42E0-A876-58B3CE056E4E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:*:*",
"matchCriteriaId": "6C9D7C93-E8CB-4A8A-BA15-093B03ACC62F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*",
"matchCriteriaId": "BF0E8112-5B6F-4E55-8E40-38ADCF6FC654"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E98AE986-FA31-4301-8025-E8915BA4AC5E"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24953",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

137
CVE-2023/CVE-2023-249xx/CVE-2023-24954.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-24954",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-09T18:15:13.260",
"lastModified": "2023-05-09T18:23:25.203",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-16T16:10:02.777",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -34,10 +34,141 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.19926",
"matchCriteriaId": "0855C3A7-36C3-4398-9208-1FC8A02F40D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.5921",
"matchCriteriaId": "BAB00F09-4CCF-4AB6-85CE-07298A21C1D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.4377",
"matchCriteriaId": "DAF1C808-45D2-4C43-81F0-0E3DC697A31A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19042.2965",
"matchCriteriaId": "8B7C959F-A277-4B18-B7D8-6CC8A5D01469"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.2965",
"matchCriteriaId": "B1DB7F7A-A2CA-462C-A75C-A6739899C14B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.2965",
"matchCriteriaId": "A7450AB6-B09E-4C37-82FD-274675C0F8AF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.1936",
"matchCriteriaId": "7E42EF0F-F78C-49E8-BC26-09AF1C0730E0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.1702",
"matchCriteriaId": "C8267EF4-E3E6-4FA1-8090-965AE770B313"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "9C082CC4-6128-475D-BC19-B239E348FDB2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*",
"matchCriteriaId": "AC8BB33F-44C4-41FE-8B17-68E3C4B38142"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24954",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-258xx/CVE-2023-25833.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25833",
"sourceIdentifier": "psirt@esri.com",
"published": "2023-05-10T02:15:08.933",
"lastModified": "2023-05-10T02:29:55.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-16T17:50:14.373",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -13,8 +13,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@esri.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "psirt@esri.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "psirt@esri.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "psirt@esri.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +76,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:*",
"versionEndIncluding": "11.0",
"matchCriteriaId": "6BE67D5A-F389-4819-BEF6-F17CE6114D54"
}
]
}
]
}
],
"references": [
{
"url": "https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8095",
"source": "psirt@esri.com"
"source": "psirt@esri.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2023-update-1-patch-is-now-available/",
"source": "psirt@esri.com"
"source": "psirt@esri.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-258xx/CVE-2023-25834.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25834",
"sourceIdentifier": "psirt@esri.com",
"published": "2023-05-09T16:15:14.263",
"lastModified": "2023-05-09T17:37:00.247",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-16T17:26:50.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -13,8 +13,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@esri.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "psirt@esri.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
@ -46,14 +66,41 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.7.1",
"versionEndIncluding": "10.9.1",
"matchCriteriaId": "92E7BFF6-A949-45B0-BC21-4D219732F6FE"
}
]
}
]
}
],
"references": [
{
"url": "https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8095",
"source": "psirt@esri.com"
"source": "psirt@esri.com",
"tags": [
"Patch",
"Release Notes"
]
},
{
"url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2023-update-1-patch-is-now-available/",
"source": "psirt@esri.com"
"source": "psirt@esri.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-27xx/CVE-2023-2739.json Normal file
View File

@ -0,0 +1,84 @@
{
"id": "CVE-2023-2739",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-16T16:15:10.027",
"lastModified": "2023-05-16T16:15:10.027",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Gira HomeServer up to 4.12.0.220829 beta. This vulnerability affects unknown code of the file /hslist. The manipulation of the argument lst with the input debug%27\"><img%20src=x%20onerror=alert(document.cookie)> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-229150 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.229150",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.229150",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-27xx/CVE-2023-2740.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-2740",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-16T17:15:11.433",
"lastModified": "2023-05-16T17:15:11.433",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in SourceCodester Guest Management System 1.0. Affected by this issue is some unknown functionality of the file dateTest.php of the component GET Parameter Handler. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229160."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/xryj920/CVE/blob/main/XSS.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.229160",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.229160",
"source": "cna@vuldb.com"
}
]
}

55
CVE-2023/CVE-2023-280xx/CVE-2023-28076.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-28076",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-05-16T16:15:09.513",
"lastModified": "2023-05-16T16:15:09.513",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nCloudLink 7.1.2 and all prior versions contain a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability leading to some information disclosure.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-327"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000212095/dsa-2023-121-dell-cloudlink-security-update-for-aes-gcm-ciphers-vulnerability",
"source": "security_alert@emc.com"
}
]
}

75
CVE-2023/CVE-2023-300xx/CVE-2023-30086.json
View File

@ -2,27 +2,90 @@
"id": "CVE-2023-30086",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-09T16:15:14.507",
"lastModified": "2023-05-09T17:37:00.247",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-16T17:11:01.003",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libtiff:libtiff:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FE968DD2-24BE-4417-A6DF-D79E40E07766"
}
]
}
]
}
],
"references": [
{
"url": "http://libtiff-release-v4-0-7.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "http://tiffcp.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://gitlab.com/libtiff/libtiff/-/issues/538",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-300xx/CVE-2023-30087.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-30087",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-09T16:15:14.547",
"lastModified": "2023-05-09T17:36:56.357",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-16T17:06:52.870",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_mk_string function in mjs.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cesanta:mjs:1.26:*:*:*:*:*:*:*",
"matchCriteriaId": "25C97820-C80A-41CE-B510-F292D2AF665E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/cesanta/mjs/issues/244",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

82
CVE-2023/CVE-2023-311xx/CVE-2023-31136.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31136",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-09T14:15:13.520",
"lastModified": "2023-05-09T14:30:54.950",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-16T16:43:07.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,38 +66,80 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vapor:postgresnio:*:*:*:*:*:postgresql:*:*",
"versionEndExcluding": "1.14.2",
"matchCriteriaId": "F30C6121-3F39-47E8-8EDF-DB10D6A63BDB"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/advisories/GHSA-467w-rrqc-395f",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://github.com/advisories/GHSA-735f-7qx4-jqq5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://github.com/apple/swift-nio/pull/2419",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/vapor/postgres-nio/commit/2df54bc94607f44584ae6ffa74e3cd754fffafc7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/vapor/postgres-nio/releases/tag/1.14.2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/vapor/postgres-nio/security/advisories/GHSA-9cfh-vx93-84vv",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.postgresql.org/support/security/CVE-2021-23214/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://www.postgresql.org/support/security/CVE-2021-23222/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
]
}
]
}

57
CVE-2023/CVE-2023-311xx/CVE-2023-31137.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31137",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-09T14:15:13.607",
"lastModified": "2023-05-09T14:30:54.950",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-16T16:47:46.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +66,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:maradns:maradns:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.5.0024",
"matchCriteriaId": "7CE5BE73-8D74-4618-AECC-3D28D3E70521"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/samboy/MaraDNS/blob/08b21ea20d80cedcb74aa8f14979ec7c61846663/dns/Decompress.c#L886",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/samboy/MaraDNS/commit/bab062bde40b2ae8a91eecd522e84d8b993bab58",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/samboy/MaraDNS/security/advisories/GHSA-58m7-826v-9c3c",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

77
CVE-2023/CVE-2023-311xx/CVE-2023-31139.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31139",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-09T15:15:10.233",
"lastModified": "2023-05-09T17:37:00.247",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-16T16:50:03.370",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,22 +66,67 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dhis2:dhis_2:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.37.0",
"versionEndExcluding": "2.37.9.1",
"matchCriteriaId": "C9B6C005-C18C-465C-871B-81E6574421D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dhis2:dhis_2:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.38.0",
"versionEndExcluding": "2.38.3.1",
"matchCriteriaId": "BBFE0152-8392-4ECC-93FA-D6FEC9475846"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dhis2:dhis_2:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.39.0",
"versionEndExcluding": "2.39.1.2",
"matchCriteriaId": "9306C196-9620-47A0-AC31-84A85FB60BA0"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/dhis2/dhis2-core/security/advisories/GHSA-44g3-9mp4-prv3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/dhis2/dhis2-releases/blob/master/releases/2.37/ReleaseNote-2.37.9.1.md",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/dhis2/dhis2-releases/blob/master/releases/2.38/ReleaseNote-2.38.3.1.md",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/dhis2/dhis2-releases/blob/master/releases/2.39/ReleaseNote-2.39.1.2.md",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
}
]
}

53
CVE-2023/CVE-2023-311xx/CVE-2023-31143.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31143",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-09T15:15:10.303",
"lastModified": "2023-05-09T17:37:00.247",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-16T16:56:16.440",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +66,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mage:mage-ai:*:*:*:*:*:python:*:*",
"versionStartIncluding": "0.8.34",
"versionEndExcluding": "0.8.72",
"matchCriteriaId": "ADC4138D-0C19-4231-AB14-FBF575748E57"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/mage-ai/mage-ai/commit/f63cd00f6a3be372397d37a4c9a49bfaf50d7650",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/mage-ai/mage-ai/security/advisories/GHSA-c6mm-2g84-v4m7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-318xx/CVE-2023-31890.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-31890",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-16T16:15:10.343",
"lastModified": "2023-05-16T16:15:10.343",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An XML Deserialization vulnerability in glazedlists v1.11.0 allows an attacker to execute arbitrary code via the BeanXMLByteCoder.decode() parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/glazedlists/glazedlists/issues/709",
"source": "cve@mitre.org"
}
]
}

74
CVE-2023/CVE-2023-320xx/CVE-2023-32060.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32060",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-09T15:15:10.367",
"lastModified": "2023-05-09T17:37:00.247",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-16T17:04:16.300",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,10 +80,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dhis2:dhis_2:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.35.0",
"versionEndExcluding": "2.36.13",
"matchCriteriaId": "74791199-BB09-41D9-A1F8-AF5496A2599C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dhis2:dhis_2:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.37.0",
"versionEndExcluding": "2.37.8",
"matchCriteriaId": "94F6CC42-75F0-4E51-9E92-0FE0EC14B08F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dhis2:dhis_2:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.38.0",
"versionEndExcluding": "2.38.2",
"matchCriteriaId": "083AAA85-872D-4A80-9420-F0DE48B3E9FD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/dhis2/dhis2-core/security/advisories/GHSA-7pwm-6rh2-2388",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-320xx/CVE-2023-32069.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32069",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-09T16:15:15.230",
"lastModified": "2023-05-09T17:36:56.357",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-16T17:34:32.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +66,51 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.4",
"versionEndExcluding": "14.10.4",
"matchCriteriaId": "BA7FCE38-8843-4EDE-AC01-DA70DC141AAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:3.3:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "ED1AD3A5-E286-47E6-9DD5-023F165A8263"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/commit/de72760d4a3e1e9be64a10660a0c19e9534e2ec4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-36fm-j33w-c25f",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-20566",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

87
CVE-2023/CVE-2023-320xx/CVE-2023-32071.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32071",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-09T16:15:15.297",
"lastModified": "2023-05-09T17:36:56.357",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-16T17:41:40.890",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,22 +80,65 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.3",
"versionEndExcluding": "14.4.8",
"matchCriteriaId": "E0A4507D-89A9-4E23-960D-B04AFEC2D9C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.5.0",
"versionEndExcluding": "14.10.4",
"matchCriteriaId": "AB27526E-A5F9-4592-9F16-A55A2253A22D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:2.2:milestone1:*:*:*:*:*:*",
"matchCriteriaId": "C5DB4CA3-913F-48F6-95A9-25F350DDB537"
}
]
}
]
}
],
"references": [
{
"url": "https://app.intigriti.com/company/submissions/e95a7ad5-7029-4627-abf0-3e3e3ea0b4ce/XWIKI-E93DFEYK",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/28905f7f518cc6f21ea61fe37e9e1ed97ef36f01",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j9h5-vcgv-2jfm",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-20340",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-329xx/CVE-2023-32977.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-32977",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T16:15:10.507",
"lastModified": "2023-05-16T17:15:11.553",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-329xx/CVE-2023-32978.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-32978",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T16:15:10.610",
"lastModified": "2023-05-16T17:15:11.610",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins LDAP Plugin allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3046",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-329xx/CVE-2023-32979.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-32979",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T16:15:10.673",
"lastModified": "2023-05-16T17:15:11.657",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3088%20(1)",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-329xx/CVE-2023-32980.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-32980",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T16:15:10.753",
"lastModified": "2023-05-16T17:15:11.703",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3088%20(2)",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-329xx/CVE-2023-32981.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-32981",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T16:15:10.833",
"lastModified": "2023-05-16T16:15:10.833",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-329xx/CVE-2023-32982.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-32982",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T16:15:10.920",
"lastModified": "2023-05-16T16:15:10.920",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3017",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-329xx/CVE-2023-32983.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-32983",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T16:15:10.980",
"lastModified": "2023-05-16T16:15:10.980",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3017",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-329xx/CVE-2023-32984.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-32984",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T16:15:11.033",
"lastModified": "2023-05-16T16:15:11.033",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin's test information pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a crafted TestNG report file."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3047",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-329xx/CVE-2023-32985.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-32985",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T16:15:11.090",
"lastModified": "2023-05-16T16:15:11.090",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3125",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-329xx/CVE-2023-32986.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-32986",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T16:15:11.147",
"lastModified": "2023-05-16T16:15:11.147",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Jenkins File Parameter Plugin 285.v757c5b_67a_c25 and earlier does not restrict the name (and resulting uploaded file name) of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3123",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-329xx/CVE-2023-32987.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-32987",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T16:15:11.200",
"lastModified": "2023-05-16T16:15:11.200",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3002",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-329xx/CVE-2023-32988.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-32988",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T16:15:11.257",
"lastModified": "2023-05-16T16:15:11.257",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2855%20(1)",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-329xx/CVE-2023-32989.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-32989",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T16:15:11.310",
"lastModified": "2023-05-16T16:15:11.310",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2855%20(2)",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-329xx/CVE-2023-32990.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-32990",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T17:15:11.753",
"lastModified": "2023-05-16T17:15:11.753",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2855%20(2)",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-329xx/CVE-2023-32991.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-32991",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T17:15:11.803",
"lastModified": "2023-05-16T17:15:11.803",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2993",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-329xx/CVE-2023-32992.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-32992",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T17:15:11.850",
"lastModified": "2023-05-16T17:15:11.850",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing permission checks in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2993",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-329xx/CVE-2023-32993.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-32993",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T17:15:11.893",
"lastModified": "2023-05-16T17:15:11.893",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3001%20(1)",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-329xx/CVE-2023-32994.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-32994",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T17:15:11.937",
"lastModified": "2023-05-16T17:15:11.937",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 and earlier unconditionally disables SSL/TLS certificate validation for connections to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3001%20(2)",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-329xx/CVE-2023-32995.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-32995",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T17:15:11.980",
"lastModified": "2023-05-16T17:15:11.980",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2994",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-329xx/CVE-2023-32996.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-32996",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T17:15:12.027",
"lastModified": "2023-05-16T17:15:12.027",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2994",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-329xx/CVE-2023-32997.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-32997",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T17:15:12.067",
"lastModified": "2023-05-16T17:15:12.067",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3000",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-329xx/CVE-2023-32998.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-32998",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T17:15:12.110",
"lastModified": "2023-05-16T17:15:12.110",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3121",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-329xx/CVE-2023-32999.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-32999",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T17:15:12.160",
"lastModified": "2023-05-16T17:15:12.160",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3121",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-330xx/CVE-2023-33000.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-33000",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T17:15:12.207",
"lastModified": "2023-05-16T17:15:12.207",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier does not mask credentials displayed on the configuration form, increasing the potential for attackers to observe and capture them."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2962",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-330xx/CVE-2023-33001.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-33001",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T17:15:12.250",
"lastModified": "2023-05-16T17:15:12.250",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3077",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-330xx/CVE-2023-33002.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-33002",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T17:15:12.293",
"lastModified": "2023-05-16T17:15:12.293",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2892",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-330xx/CVE-2023-33003.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-33003",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T17:15:12.340",
"lastModified": "2023-05-16T17:15:12.340",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers to reset profiler statistics."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3083",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-330xx/CVE-2023-33004.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-33004",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T17:15:12.377",
"lastModified": "2023-05-16T17:15:12.377",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A missing permission check in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers with Overall/Read permission to reset profiler statistics."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3083",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-330xx/CVE-2023-33005.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-33005",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T17:15:12.420",
"lastModified": "2023-05-16T17:15:12.420",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2991",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-330xx/CVE-2023-33006.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-33006",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T17:15:12.467",
"lastModified": "2023-05-16T17:15:12.467",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2990",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-330xx/CVE-2023-33007.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-33007",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-05-16T17:15:12.507",
"lastModified": "2023-05-16T17:15:12.507",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Jenkins LoadComplete support Plugin 1.0 and earlier does not escape the LoadComplete test name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2903",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

96
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-05-16T16:00:26.016591+00:00
2023-05-16T18:00:25.654977+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-05-16T15:35:50.050000+00:00
2023-05-16T17:50:14.373000+00:00
```
### Last Data Feed Release
@ -29,53 +29,71 @@ Download and Changelog: [Click](releases/latest)
### Total Number of included CVEs
```plain
215360
215395
```
### CVEs added in the last Commit
Recently added CVEs: `8`
Recently added CVEs: `35`
* [CVE-2023-2738](CVE-2023/CVE-2023-27xx/CVE-2023-2738.json) (`2023-05-16T15:15:09.110`)
* [CVE-2023-29439](CVE-2023/CVE-2023-294xx/CVE-2023-29439.json) (`2023-05-16T15:15:08.983`)
* [CVE-2023-31519](CVE-2023/CVE-2023-315xx/CVE-2023-31519.json) (`2023-05-16T15:15:09.217`)
* [CVE-2023-31572](CVE-2023/CVE-2023-315xx/CVE-2023-31572.json) (`2023-05-16T14:15:09.540`)
* [CVE-2023-31576](CVE-2023/CVE-2023-315xx/CVE-2023-31576.json) (`2023-05-16T14:15:09.603`)
* [CVE-2023-31587](CVE-2023/CVE-2023-315xx/CVE-2023-31587.json) (`2023-05-16T15:15:09.277`)
* [CVE-2023-31856](CVE-2023/CVE-2023-318xx/CVE-2023-31856.json) (`2023-05-16T15:15:09.350`)
* [CVE-2023-31857](CVE-2023/CVE-2023-318xx/CVE-2023-31857.json) (`2023-05-16T15:15:09.467`)
* [CVE-2023-2739](CVE-2023/CVE-2023-27xx/CVE-2023-2739.json) (`2023-05-16T16:15:10.027`)
* [CVE-2023-2740](CVE-2023/CVE-2023-27xx/CVE-2023-2740.json) (`2023-05-16T17:15:11.433`)
* [CVE-2023-28076](CVE-2023/CVE-2023-280xx/CVE-2023-28076.json) (`2023-05-16T16:15:09.513`)
* [CVE-2023-31890](CVE-2023/CVE-2023-318xx/CVE-2023-31890.json) (`2023-05-16T16:15:10.343`)
* [CVE-2023-32977](CVE-2023/CVE-2023-329xx/CVE-2023-32977.json) (`2023-05-16T16:15:10.507`)
* [CVE-2023-32978](CVE-2023/CVE-2023-329xx/CVE-2023-32978.json) (`2023-05-16T16:15:10.610`)
* [CVE-2023-32979](CVE-2023/CVE-2023-329xx/CVE-2023-32979.json) (`2023-05-16T16:15:10.673`)
* [CVE-2023-32980](CVE-2023/CVE-2023-329xx/CVE-2023-32980.json) (`2023-05-16T16:15:10.753`)
* [CVE-2023-32981](CVE-2023/CVE-2023-329xx/CVE-2023-32981.json) (`2023-05-16T16:15:10.833`)
* [CVE-2023-32982](CVE-2023/CVE-2023-329xx/CVE-2023-32982.json) (`2023-05-16T16:15:10.920`)
* [CVE-2023-32983](CVE-2023/CVE-2023-329xx/CVE-2023-32983.json) (`2023-05-16T16:15:10.980`)
* [CVE-2023-32984](CVE-2023/CVE-2023-329xx/CVE-2023-32984.json) (`2023-05-16T16:15:11.033`)
* [CVE-2023-32985](CVE-2023/CVE-2023-329xx/CVE-2023-32985.json) (`2023-05-16T16:15:11.090`)
* [CVE-2023-32986](CVE-2023/CVE-2023-329xx/CVE-2023-32986.json) (`2023-05-16T16:15:11.147`)
* [CVE-2023-32987](CVE-2023/CVE-2023-329xx/CVE-2023-32987.json) (`2023-05-16T16:15:11.200`)
* [CVE-2023-32988](CVE-2023/CVE-2023-329xx/CVE-2023-32988.json) (`2023-05-16T16:15:11.257`)
* [CVE-2023-32989](CVE-2023/CVE-2023-329xx/CVE-2023-32989.json) (`2023-05-16T16:15:11.310`)
* [CVE-2023-32990](CVE-2023/CVE-2023-329xx/CVE-2023-32990.json) (`2023-05-16T17:15:11.753`)
* [CVE-2023-32991](CVE-2023/CVE-2023-329xx/CVE-2023-32991.json) (`2023-05-16T17:15:11.803`)
* [CVE-2023-32992](CVE-2023/CVE-2023-329xx/CVE-2023-32992.json) (`2023-05-16T17:15:11.850`)
* [CVE-2023-32993](CVE-2023/CVE-2023-329xx/CVE-2023-32993.json) (`2023-05-16T17:15:11.893`)
* [CVE-2023-32994](CVE-2023/CVE-2023-329xx/CVE-2023-32994.json) (`2023-05-16T17:15:11.937`)
* [CVE-2023-32995](CVE-2023/CVE-2023-329xx/CVE-2023-32995.json) (`2023-05-16T17:15:11.980`)
* [CVE-2023-32996](CVE-2023/CVE-2023-329xx/CVE-2023-32996.json) (`2023-05-16T17:15:12.027`)
* [CVE-2023-32997](CVE-2023/CVE-2023-329xx/CVE-2023-32997.json) (`2023-05-16T17:15:12.067`)
* [CVE-2023-32998](CVE-2023/CVE-2023-329xx/CVE-2023-32998.json) (`2023-05-16T17:15:12.110`)
* [CVE-2023-32999](CVE-2023/CVE-2023-329xx/CVE-2023-32999.json) (`2023-05-16T17:15:12.160`)
* [CVE-2023-33000](CVE-2023/CVE-2023-330xx/CVE-2023-33000.json) (`2023-05-16T17:15:12.207`)
* [CVE-2023-33001](CVE-2023/CVE-2023-330xx/CVE-2023-33001.json) (`2023-05-16T17:15:12.250`)
* [CVE-2023-33002](CVE-2023/CVE-2023-330xx/CVE-2023-33002.json) (`2023-05-16T17:15:12.293`)
* [CVE-2023-33003](CVE-2023/CVE-2023-330xx/CVE-2023-33003.json) (`2023-05-16T17:15:12.340`)
* [CVE-2023-33004](CVE-2023/CVE-2023-330xx/CVE-2023-33004.json) (`2023-05-16T17:15:12.377`)
* [CVE-2023-33005](CVE-2023/CVE-2023-330xx/CVE-2023-33005.json) (`2023-05-16T17:15:12.420`)
* [CVE-2023-33006](CVE-2023/CVE-2023-330xx/CVE-2023-33006.json) (`2023-05-16T17:15:12.467`)
* [CVE-2023-33007](CVE-2023/CVE-2023-330xx/CVE-2023-33007.json) (`2023-05-16T17:15:12.507`)
### CVEs modified in the last Commit
Recently modified CVEs: `26`
Recently modified CVEs: `17`
* [CVE-2022-32528](CVE-2022/CVE-2022-325xx/CVE-2022-32528.json) (`2023-05-16T14:15:09.230`)
* [CVE-2022-32970](CVE-2022/CVE-2022-329xx/CVE-2022-32970.json) (`2023-05-16T14:11:13.267`)
* [CVE-2023-0514](CVE-2023/CVE-2023-05xx/CVE-2023-0514.json) (`2023-05-16T14:34:45.023`)
* [CVE-2023-0526](CVE-2023/CVE-2023-05xx/CVE-2023-0526.json) (`2023-05-16T14:39:41.193`)
* [CVE-2023-0537](CVE-2023/CVE-2023-05xx/CVE-2023-0537.json) (`2023-05-16T14:56:07.530`)
* [CVE-2023-0542](CVE-2023/CVE-2023-05xx/CVE-2023-0542.json) (`2023-05-16T14:49:36.910`)
* [CVE-2023-1408](CVE-2023/CVE-2023-14xx/CVE-2023-1408.json) (`2023-05-16T14:45:16.247`)
* [CVE-2023-22813](CVE-2023/CVE-2023-228xx/CVE-2023-22813.json) (`2023-05-16T15:01:02.637`)
* [CVE-2023-23543](CVE-2023/CVE-2023-235xx/CVE-2023-23543.json) (`2023-05-16T14:09:57.577`)
* [CVE-2023-23786](CVE-2023/CVE-2023-237xx/CVE-2023-23786.json) (`2023-05-16T14:18:31.467`)
* [CVE-2023-24392](CVE-2023/CVE-2023-243xx/CVE-2023-24392.json) (`2023-05-16T14:17:51.043`)
* [CVE-2023-24418](CVE-2023/CVE-2023-244xx/CVE-2023-24418.json) (`2023-05-16T14:17:01.533`)
* [CVE-2023-24955](CVE-2023/CVE-2023-249xx/CVE-2023-24955.json) (`2023-05-16T15:13:10.220`)
* [CVE-2023-2534](CVE-2023/CVE-2023-25xx/CVE-2023-2534.json) (`2023-05-16T14:13:26.960`)
* [CVE-2023-2609](CVE-2023/CVE-2023-26xx/CVE-2023-2609.json) (`2023-05-16T15:11:22.003`)
* [CVE-2023-2614](CVE-2023/CVE-2023-26xx/CVE-2023-2614.json) (`2023-05-16T14:19:23.913`)
* [CVE-2023-2615](CVE-2023/CVE-2023-26xx/CVE-2023-2615.json) (`2023-05-16T14:26:36.560`)
* [CVE-2023-29338](CVE-2023/CVE-2023-293xx/CVE-2023-29338.json) (`2023-05-16T15:22:50.140`)
* [CVE-2023-29343](CVE-2023/CVE-2023-293xx/CVE-2023-29343.json) (`2023-05-16T14:57:54.693`)
* [CVE-2023-30237](CVE-2023/CVE-2023-302xx/CVE-2023-30237.json) (`2023-05-16T15:12:00.423`)
* [CVE-2023-30608](CVE-2023/CVE-2023-306xx/CVE-2023-30608.json) (`2023-05-16T14:15:09.417`)
* [CVE-2023-31138](CVE-2023/CVE-2023-311xx/CVE-2023-31138.json) (`2023-05-16T15:35:50.050`)
* [CVE-2023-31976](CVE-2023/CVE-2023-319xx/CVE-2023-31976.json) (`2023-05-16T15:21:24.530`)
* [CVE-2023-31979](CVE-2023/CVE-2023-319xx/CVE-2023-31979.json) (`2023-05-16T15:29:41.787`)
* [CVE-2023-31981](CVE-2023/CVE-2023-319xx/CVE-2023-31981.json) (`2023-05-16T15:27:52.140`)
* [CVE-2023-31982](CVE-2023/CVE-2023-319xx/CVE-2023-31982.json) (`2023-05-16T15:29:03.337`)
* [CVE-2002-20001](CVE-2002/CVE-2002-200xx/CVE-2002-20001.json) (`2023-05-16T16:15:29.937`)
* [CVE-2020-23362](CVE-2020/CVE-2020-233xx/CVE-2020-23362.json) (`2023-05-16T17:17:58.727`)
* [CVE-2022-46819](CVE-2022/CVE-2022-468xx/CVE-2022-46819.json) (`2023-05-16T16:17:27.237`)
* [CVE-2022-46861](CVE-2022/CVE-2022-468xx/CVE-2022-46861.json) (`2023-05-16T16:17:13.987`)
* [CVE-2023-24953](CVE-2023/CVE-2023-249xx/CVE-2023-24953.json) (`2023-05-16T16:16:11.117`)
* [CVE-2023-24954](CVE-2023/CVE-2023-249xx/CVE-2023-24954.json) (`2023-05-16T16:10:02.777`)
* [CVE-2023-25833](CVE-2023/CVE-2023-258xx/CVE-2023-25833.json) (`2023-05-16T17:50:14.373`)
* [CVE-2023-25834](CVE-2023/CVE-2023-258xx/CVE-2023-25834.json) (`2023-05-16T17:26:50.917`)
* [CVE-2023-30086](CVE-2023/CVE-2023-300xx/CVE-2023-30086.json) (`2023-05-16T17:11:01.003`)
* [CVE-2023-30087](CVE-2023/CVE-2023-300xx/CVE-2023-30087.json) (`2023-05-16T17:06:52.870`)
* [CVE-2023-31136](CVE-2023/CVE-2023-311xx/CVE-2023-31136.json) (`2023-05-16T16:43:07.007`)
* [CVE-2023-31137](CVE-2023/CVE-2023-311xx/CVE-2023-31137.json) (`2023-05-16T16:47:46.977`)
* [CVE-2023-31139](CVE-2023/CVE-2023-311xx/CVE-2023-31139.json) (`2023-05-16T16:50:03.370`)
* [CVE-2023-31143](CVE-2023/CVE-2023-311xx/CVE-2023-31143.json) (`2023-05-16T16:56:16.440`)
* [CVE-2023-32060](CVE-2023/CVE-2023-320xx/CVE-2023-32060.json) (`2023-05-16T17:04:16.300`)
* [CVE-2023-32069](CVE-2023/CVE-2023-320xx/CVE-2023-32069.json) (`2023-05-16T17:34:32.947`)
* [CVE-2023-32071](CVE-2023/CVE-2023-320xx/CVE-2023-32071.json) (`2023-05-16T17:41:40.890`)
## Download and Usage