admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-10T10:00:30.243663+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-10 10:00:33 +00:00
parent 6f098bed6b
commit 770bb7f83d
7 changed files with 146 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
CVE-2022/CVE-2022-303xx/CVE-2022-30308.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-30308",
"sourceIdentifier": "info@cert.vde.com",
"published": "2022-06-13T14:15:09.097",
"lastModified": "2023-07-21T16:56:05.973",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-10T08:15:09.227",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \"cecc-x-web-viewer-request-on\" POST request doesn\u00e2\u20ac\u2122t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection."
"value": "In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \"cecc-x-web-viewer-request-on\" POST request doesn\u2019t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.\n\n"
},
{
"lang": "es",
@ -65,7 +65,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
@ -79,9 +79,13 @@
]
},
{
"source": "info@cert.vde.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
},
{
"lang": "en",
"value": "CWE-863"

14
CVE-2022/CVE-2022-303xx/CVE-2022-30309.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-30309",
"sourceIdentifier": "info@cert.vde.com",
"published": "2022-06-13T14:15:09.163",
"lastModified": "2023-07-21T16:55:49.477",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-10T08:15:09.527",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \"cecc-x-web-viewer-request-off\" POST request doesn\u00e2\u20ac\u2122t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection."
"value": "In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \"cecc-x-web-viewer-request-off\" POST request doesn\u2019t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.\n\n"
},
{
"lang": "es",
@ -65,7 +65,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
@ -79,9 +79,13 @@
]
},
{
"source": "info@cert.vde.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
},
{
"lang": "en",
"value": "CWE-863"

18
CVE-2022/CVE-2022-303xx/CVE-2022-30310.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-30310",
"sourceIdentifier": "info@cert.vde.com",
"published": "2022-06-13T14:15:09.227",
"lastModified": "2023-07-21T16:56:15.323",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-10T08:15:09.683",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \"cecc-x-acknerr-request\" POST request doesn\u00e2\u20ac\u2122t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection."
"value": "In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \"cecc-x-acknerr-request\" POST request doesn\u2019t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.\n\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -37,7 +37,7 @@
"impactScore": 5.9
},
{
"source": "info@cert.vde.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -85,7 +85,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
@ -99,9 +99,13 @@
]
},
{
"source": "info@cert.vde.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
},
{
"lang": "en",
"value": "CWE-863"

14
CVE-2022/CVE-2022-303xx/CVE-2022-30311.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-30311",
"sourceIdentifier": "info@cert.vde.com",
"published": "2022-06-13T14:15:09.300",
"lastModified": "2023-07-21T16:56:12.163",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-10T08:15:09.837",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \"cecc-x-refresh-request\" POST request doesn\u00e2\u20ac\u2122t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection."
"value": "In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \"cecc-x-refresh-request\" POST request doesn\u2019t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.\n\n"
},
{
"lang": "es",
@ -65,7 +65,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
@ -79,9 +79,13 @@
]
},
{
"source": "info@cert.vde.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
},
{
"lang": "en",
"value": "CWE-863"

43
CVE-2023/CVE-2023-263xx/CVE-2023-26309.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-26309",
"sourceIdentifier": "security@oppo.com",
"published": "2023-08-10T09:15:09.623",
"lastModified": "2023-08-10T09:15:09.623",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability in the webview component of OnePlus Mall app.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@oppo.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 3.7
}
]
},
"references": [
{
"url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1689464826201645056",
"source": "security@oppo.com"
}
]
}

55
CVE-2023/CVE-2023-312xx/CVE-2023-31209.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31209",
"sourceIdentifier": "security@checkmk.com",
"published": "2023-08-10T09:15:12.123",
"lastModified": "2023-08-10T09:15:12.123",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@checkmk.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@checkmk.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"references": [
{
"url": "https://checkmk.com/werk/15194",
"source": "security@checkmk.com"
}
]
}

17
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-10T08:00:28.903345+00:00
2023-08-10T10:00:30.243663+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-10T07:15:37.797000+00:00
2023-08-10T09:15:12.123000+00:00
```
### Last Data Feed Release
@ -29,22 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
222241
222243
```
### CVEs added in the last Commit
Recently added CVEs: `2`
* [CVE-2023-4276](CVE-2023/CVE-2023-42xx/CVE-2023-4276.json) (`2023-08-10T07:15:37.463`)
* [CVE-2023-4277](CVE-2023/CVE-2023-42xx/CVE-2023-4277.json) (`2023-08-10T07:15:37.797`)
* [CVE-2023-26309](CVE-2023/CVE-2023-263xx/CVE-2023-26309.json) (`2023-08-10T09:15:09.623`)
* [CVE-2023-31209](CVE-2023/CVE-2023-312xx/CVE-2023-31209.json) (`2023-08-10T09:15:12.123`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `4`
* [CVE-2023-3772](CVE-2023/CVE-2023-37xx/CVE-2023-3772.json) (`2023-08-10T06:15:42.903`)
* [CVE-2022-30308](CVE-2022/CVE-2022-303xx/CVE-2022-30308.json) (`2023-08-10T08:15:09.227`)
* [CVE-2022-30309](CVE-2022/CVE-2022-303xx/CVE-2022-30309.json) (`2023-08-10T08:15:09.527`)
* [CVE-2022-30310](CVE-2022/CVE-2022-303xx/CVE-2022-30310.json) (`2023-08-10T08:15:09.683`)
* [CVE-2022-30311](CVE-2022/CVE-2022-303xx/CVE-2022-30311.json) (`2023-08-10T08:15:09.837`)
## Download and Usage