admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-07-20T14:00:26.588446+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-07-20 14:00:30 +00:00
parent 83532e9754
commit 770fef9774
22 changed files with 1350 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2010/CVE-2010-38xx/CVE-2010-3856.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2010-3856",
"sourceIdentifier": "secalert@redhat.com",
"published": "2011-01-07T19:00:17.843",
"lastModified": "2023-07-19T20:15:09.733",
"lastModified": "2023-07-20T12:15:10.757",
"vulnStatus": "Modified",
"descriptions": [
{
@ -385,6 +385,10 @@
"url": "http://www.openwall.com/lists/oss-security/2023/07/19/9",
"source": "secalert@redhat.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/20/1",
"source": "secalert@redhat.com"
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2010-0872.html",
"source": "secalert@redhat.com"

6
CVE-2016/CVE-2016-100xx/CVE-2016-10009.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2016-10009",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-01-05T02:59:03.057",
"lastModified": "2023-07-19T20:15:09.867",
"lastModified": "2023-07-20T12:15:11.010",
"vulnStatus": "Modified",
"descriptions": [
{
@ -114,6 +114,10 @@
"url": "http://www.openwall.com/lists/oss-security/2023/07/19/9",
"source": "cve@mitre.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/20/1",
"source": "cve@mitre.org"
},
{
"url": "http://www.securityfocus.com/bid/94968",
"source": "cve@mitre.org"

8
CVE-2020/CVE-2020-241xx/CVE-2020-24188.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-24188",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-10-14T15:15:16.853",
"lastModified": "2023-05-12T11:15:12.613",
"vulnStatus": "Modified",
"lastModified": "2023-07-20T13:39:53.717",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -85,8 +85,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:unitedplanet:intrexx:*:*:*:*:professional:*:*:*",
"versionEndExcluding": "20.03",
"matchCriteriaId": "27B1AA35-BBF5-472A-9D79-5A203792D3B9"
"versionEndExcluding": "9.4.0",
"matchCriteriaId": "03F4BCCF-D974-42AE-BB11-F6B2EBC4871E"
}
]
}

16
CVE-2021/CVE-2021-454xx/CVE-2021-45450.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-45450",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-12-21T07:15:06.727",
"lastModified": "2023-01-13T20:05:59.537",
"lastModified": "2023-07-20T12:52:30.400",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -86,8 +86,18 @@
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.22.0",
"versionEndExcluding": "3.1.0",
"matchCriteriaId": "F47E6DB0-7FEC-4183-8EEB-840652128B24"
"versionEndExcluding": "2.28.0",
"matchCriteriaId": "E2B9B165-D661-4EED-95DD-4F470F9F3B83"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:mbed_tls:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6051CC9-0DB4-4282-8019-5C82A4DD2609"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:mbed_tls:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3DD74F-711E-44D1-9844-56FE73252E85"
}
]
}

231
CVE-2023/CVE-2023-243xx/CVE-2023-24329.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-24329",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-17T15:15:12.243",
"lastModified": "2023-06-16T04:15:12.660",
"vulnStatus": "Modified",
"lastModified": "2023-07-20T12:52:51.187",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -56,8 +56,96 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.11",
"matchCriteriaId": "1EF9B82E-4907-4A71-84B6-B076C7BEB569"
"versionEndExcluding": "3.7.17",
"matchCriteriaId": "CC324629-0240-4DC0-BAFA-D476D5FDDA61"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.8.0",
"versionEndExcluding": "3.8.17",
"matchCriteriaId": "0A6B1607-9E1F-4A14-918F-B1A1786D028E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.9.0",
"versionEndExcluding": "3.9.17",
"matchCriteriaId": "0287FC5A-256F-40EE-93D0-2DFFE38BB5A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.10.0",
"versionEndExcluding": "3.10.12",
"matchCriteriaId": "4AA7FA11-C746-4E69-94C2-18E745D82054"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.11.0",
"versionEndExcluding": "3.11.14",
"matchCriteriaId": "61BF5912-5AA2-4079-8148-5F9D4902CBD0"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86B51137-28D9-41F2-AFA2-3CC22B4954D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:management_services_for_netapp_hci:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4455CF3A-CC91-4BE4-A7AB-929AC82E34F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797"
}
]
}
@ -67,7 +155,10 @@
"references": [
{
"url": "https://github.com/python/cpython/issues/102153",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/python/cpython/pull/99421",
@ -78,87 +169,170 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PEVICI7YNGGMSL3UCMWGE66QFLATH72/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSL6NSOAXWBJJ67XPLSSC74MNKZF3BBO/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EM2XLZSTXG44TMFXF4E6VTGKR2MQCW3G/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2NY75GFDZ5T6YPN44D3VMFT5SUVTOTG/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GR5US3BYILYJ4SKBV6YBNPRUBAL5P2CN/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H23OSKC6UG6IWOQAUPW74YUHWRWVXJP7/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZTLGV2HYFF4AMYJL25VDIGAIHCU7UPA/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LWC4WGXER5P6Q75RFGL7QUTPP3N5JR7T/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZEHSXSCMA4WWQKXT6QV7AAR6SWNZ2VP/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5SP4RT3RRS434ZS2HQKQJ3VZW7YPKYR/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHHJHJRLEF3TDT2K3676CAUVRDD4CCMR/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEUN6T22UJFXR7J5F6UUHCXXPKJ2DVHI/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PURM5CFDABEWAIWZFD2MQ7ZJGCPYSQ44/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q3J5N24ECS4B6MJDRO6UAYU6GPLYBDCL/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRQHN7RWJQJHYP6E5EKESOYP5VDSHZG4/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RA2MBEEES6L46OD64OBSVUUMGKNGMOWW/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4IDB5OAR5Y4UK3HLMZBW4WEL2B7YFMJ/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZH26JGNZ5XYPZ5SAU3NKSBSPRE5OHTG/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2MZOJYGFCB5PPT6AKMAU72N7QOYWLBP/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UONZWLB4QVLQIY5CPDLEUEKH6WX4VQMC/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTOAUJNDWZDRWVSXJ354AYZYKRMT56HU/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://pointernull.com/security/python-url-parse-problem.html",
@ -172,7 +346,10 @@
},
{
"url": "https://security.netapp.com/advisory/ntap-20230324-0004/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

10
CVE-2023/CVE-2023-283xx/CVE-2023-28304.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-28304",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-04-11T21:15:28.043",
"lastModified": "2023-04-19T20:19:28.200",
"lastModified": "2023-07-20T12:51:39.963",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -64,15 +64,15 @@
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:odbc:*:*:*:*:*:sql_server:*:*",
"versionStartIncluding": "18.0",
"versionEndExcluding": "18.6.5",
"matchCriteriaId": "3294E48C-5E3E-4D62-95DD-EBDEF6B83D8A"
"versionEndExcluding": "18.2.1.1",
"matchCriteriaId": "082B2A88-8D5B-4CB4-B680-E67B4B3B7A20"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:ole_db:*:*:*:*:*:sql_server:*:*",
"versionStartIncluding": "18.0",
"versionEndExcluding": "18.2.1.1",
"matchCriteriaId": "D1D3ECFB-664B-4D71-BFCD-BF40688F3C75"
"versionEndExcluding": "18.6.5",
"matchCriteriaId": "E956B277-ACC8-4C60-9E64-C165C102EA53"
},
{
"vulnerable": true,

55
CVE-2023/CVE-2023-324xx/CVE-2023-32446.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32446",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-07-20T13:15:10.917",
"lastModified": "2023-07-20T13:15:10.917",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nDell Wyse ThinOS versions prior to 2303 (9.4.1141) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000215864/dsa-2023-247",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2023/CVE-2023-324xx/CVE-2023-32447.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32447",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-07-20T13:15:11.020",
"lastModified": "2023-07-20T13:15:11.020",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nDell Wyse ThinOS versions prior to 2306 (9.4.2103) contain a sensitive information disclosure vulnerability. A malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000215864/dsa-2023-247",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2023/CVE-2023-324xx/CVE-2023-32455.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32455",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-07-20T13:15:11.110",
"lastModified": "2023-07-20T13:15:11.110",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nDell Wyse ThinOS versions prior to 2208 (9.3.2102) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000215864/dsa-2023-247",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2023/CVE-2023-324xx/CVE-2023-32481.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32481",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-07-20T12:15:11.220",
"lastModified": "2023-07-20T12:15:11.220",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nWyse Management Suite versions prior to 4.0 contain a denial-of-service vulnerability. An authenticated malicious user can flood the configured SMTP server with numerous requests in order to deny access to the system.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000215351/dsa-2023-240-dell-wyse-management-suite",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2023/CVE-2023-324xx/CVE-2023-32482.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32482",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-07-20T12:15:11.313",
"lastModified": "2023-07-20T12:15:11.313",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nWyse Management Suite versions prior to 4.0 contain an improper authorization vulnerability. An authenticated malicious user with privileged access can push policies to unauthorized tenant group.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000215351/dsa-2023-240-dell-wyse-management-suite",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2023/CVE-2023-324xx/CVE-2023-32483.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32483",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-07-20T12:15:11.413",
"lastModified": "2023-07-20T12:15:11.413",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nWyse Management Suite versions prior to 4.0 contain a sensitive information disclosure vulnerability. An authenticated malicious user having local access to the system running the application could exploit this vulnerability to read sensitive information written to log files.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000215351/dsa-2023-240-dell-wyse-management-suite",
"source": "security_alert@emc.com"
}
]
}

150
CVE-2023/CVE-2023-338xx/CVE-2023-33879.json
View File

@ -2,19 +2,161 @@
"id": "CVE-2023-33879",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-07-12T09:15:12.123",
"lastModified": "2023-07-12T12:46:30.047",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T13:25:16.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In music service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

150
CVE-2023/CVE-2023-338xx/CVE-2023-33880.json
View File

@ -2,19 +2,161 @@
"id": "CVE-2023-33880",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-07-12T09:15:12.163",
"lastModified": "2023-07-12T12:46:30.047",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T13:33:28.540",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In music service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

99
CVE-2023/CVE-2023-33xx/CVE-2023-3354.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3354",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-11T17:15:13.387",
"lastModified": "2023-07-12T12:46:51.683",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T12:58:14.863",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -34,14 +54,85 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9E0C78-9678-4CEE-9389-962CF618A51F"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52600BF-9E87-4CD2-91F3-685AFE478C1E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*",
"matchCriteriaId": "053C1B35-3869-41C2-9551-044182DE0A64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*",
"matchCriteriaId": "3AA08768-75AF-4791-B229-AE938C780959"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-3354",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216478",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
]
}
]
}

85
CVE-2023/CVE-2023-368xx/CVE-2023-36824.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36824",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-11T17:15:13.223",
"lastModified": "2023-07-19T06:15:13.107",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-07-20T12:56:43.903",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,22 +70,75 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.12",
"matchCriteriaId": "661F8BF5-5B21-47DB-9571-59408CDF5048"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/redis/redis/releases/tag/7.0.12",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/redis/redis/security/advisories/GHSA-4cfx-h9gq-xpx3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MIF5MAGYARYUMRFK7PQI7HYXMK2HZE5T/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDNNH2ONMVNBQ6LUIAOAGDNFPKXNST5K/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-379xx/CVE-2023-37960.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-37960",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-07-12T16:15:13.940",
"lastModified": "2023-07-13T23:15:12.117",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T13:41:26.547",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jenkins MathWorks Polyspace Plugin 1.0.5 and earlier allows attackers with Item/Configure permission to send emails with arbitrary files from the Jenkins controller file systems."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:mathworks_polyspace:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "1.0.5",
"matchCriteriaId": "AC30ECD4-4F64-4E63-9AFB-73B9A11A2BB9"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/12/2",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3124",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-379xx/CVE-2023-37963.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-37963",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-07-12T16:15:14.097",
"lastModified": "2023-07-13T23:15:12.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T13:50:37.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A missing permission check in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, `.csv`, and `.ycsb` files on the Jenkins controller file system."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:benchmark_evaluator:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "1.0.1",
"matchCriteriaId": "4413D0DB-25F4-4D2F-9A30-40E875EFA13F"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/12/2",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3119",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-379xx/CVE-2023-37965.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-37965",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-07-12T16:15:14.197",
"lastModified": "2023-07-13T23:15:12.397",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-20T13:57:42.343",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A missing permission check in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:elasticbox_ci:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "5.0.1",
"matchCriteriaId": "15545E15-F619-4031-BF03-6E6159C7A3EA"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/12/2",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3131",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

92
CVE-2023/CVE-2023-37xx/CVE-2023-3786.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2023-3786",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-20T13:15:11.200",
"lastModified": "2023-07-20T13:15:11.200",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in Aures Komet up to 20230509. This affects an unknown part of the component Kiosk Mode. The manipulation leads to improper access controls. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-235053 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://seclists.org/fulldisclosure/2023/Jul/40",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.235053",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.235053",
"source": "cna@vuldb.com"
},
{
"url": "https://www.vulnerability-lab.com/get_content.php?id=2323",
"source": "cna@vuldb.com"
}
]
}

6
CVE-2023/CVE-2023-384xx/CVE-2023-38408.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-38408",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-20T03:15:10.170",
"lastModified": "2023-07-20T11:19:25.143",
"lastModified": "2023-07-20T12:15:11.507",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -12,6 +12,10 @@
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/20/1",
"source": "cve@mitre.org"
},
{
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent",
"source": "cve@mitre.org"

58
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-07-20T12:00:25.297263+00:00
2023-07-20T14:00:26.588446+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-07-20T11:19:25.143000+00:00
2023-07-20T13:57:42.343000+00:00
```
### Last Data Feed Release
@ -29,46 +29,40 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
220721
220728
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `7`
* [CVE-2023-37290](CVE-2023/CVE-2023-372xx/CVE-2023-37290.json) (`2023-07-20T11:15:10.887`)
* [CVE-2023-3785](CVE-2023/CVE-2023-37xx/CVE-2023-3785.json) (`2023-07-20T11:15:10.997`)
* [CVE-2023-32481](CVE-2023/CVE-2023-324xx/CVE-2023-32481.json) (`2023-07-20T12:15:11.220`)
* [CVE-2023-32482](CVE-2023/CVE-2023-324xx/CVE-2023-32482.json) (`2023-07-20T12:15:11.313`)
* [CVE-2023-32483](CVE-2023/CVE-2023-324xx/CVE-2023-32483.json) (`2023-07-20T12:15:11.413`)
* [CVE-2023-32446](CVE-2023/CVE-2023-324xx/CVE-2023-32446.json) (`2023-07-20T13:15:10.917`)
* [CVE-2023-32447](CVE-2023/CVE-2023-324xx/CVE-2023-32447.json) (`2023-07-20T13:15:11.020`)
* [CVE-2023-32455](CVE-2023/CVE-2023-324xx/CVE-2023-32455.json) (`2023-07-20T13:15:11.110`)
* [CVE-2023-3786](CVE-2023/CVE-2023-37xx/CVE-2023-3786.json) (`2023-07-20T13:15:11.200`)
### CVEs modified in the last Commit
Recently modified CVEs: `31`
Recently modified CVEs: `14`
* [CVE-2023-24568](CVE-2023/CVE-2023-245xx/CVE-2023-24568.json) (`2023-07-20T11:15:10.710`)
* [CVE-2023-37748](CVE-2023/CVE-2023-377xx/CVE-2023-37748.json) (`2023-07-20T11:19:25.143`)
* [CVE-2023-37733](CVE-2023/CVE-2023-377xx/CVE-2023-37733.json) (`2023-07-20T11:19:25.143`)
* [CVE-2023-3466](CVE-2023/CVE-2023-34xx/CVE-2023-3466.json) (`2023-07-20T11:19:25.143`)
* [CVE-2023-3467](CVE-2023/CVE-2023-34xx/CVE-2023-3467.json) (`2023-07-20T11:19:25.143`)
* [CVE-2023-3674](CVE-2023/CVE-2023-36xx/CVE-2023-3674.json) (`2023-07-20T11:19:25.143`)
* [CVE-2023-37276](CVE-2023/CVE-2023-372xx/CVE-2023-37276.json) (`2023-07-20T11:19:25.143`)
* [CVE-2023-37899](CVE-2023/CVE-2023-378xx/CVE-2023-37899.json) (`2023-07-20T11:19:25.143`)
* [CVE-2023-3722](CVE-2023/CVE-2023-37xx/CVE-2023-3722.json) (`2023-07-20T11:19:25.143`)
* [CVE-2023-26217](CVE-2023/CVE-2023-262xx/CVE-2023-26217.json) (`2023-07-20T11:19:25.143`)
* [CVE-2023-3782](CVE-2023/CVE-2023-37xx/CVE-2023-3782.json) (`2023-07-20T11:19:25.143`)
* [CVE-2023-32657](CVE-2023/CVE-2023-326xx/CVE-2023-32657.json) (`2023-07-20T11:19:25.143`)
* [CVE-2023-34394](CVE-2023/CVE-2023-343xx/CVE-2023-34394.json) (`2023-07-20T11:19:25.143`)
* [CVE-2023-34429](CVE-2023/CVE-2023-344xx/CVE-2023-34429.json) (`2023-07-20T11:19:25.143`)
* [CVE-2023-35134](CVE-2023/CVE-2023-351xx/CVE-2023-35134.json) (`2023-07-20T11:19:25.143`)
* [CVE-2023-36853](CVE-2023/CVE-2023-368xx/CVE-2023-36853.json) (`2023-07-20T11:19:25.143`)
* [CVE-2023-37362](CVE-2023/CVE-2023-373xx/CVE-2023-37362.json) (`2023-07-20T11:19:25.143`)
* [CVE-2023-3072](CVE-2023/CVE-2023-30xx/CVE-2023-3072.json) (`2023-07-20T11:19:25.143`)
* [CVE-2023-3299](CVE-2023/CVE-2023-32xx/CVE-2023-3299.json) (`2023-07-20T11:19:25.143`)
* [CVE-2023-3300](CVE-2023/CVE-2023-33xx/CVE-2023-3300.json) (`2023-07-20T11:19:25.143`)
* [CVE-2023-37289](CVE-2023/CVE-2023-372xx/CVE-2023-37289.json) (`2023-07-20T11:19:25.143`)
* [CVE-2023-38408](CVE-2023/CVE-2023-384xx/CVE-2023-38408.json) (`2023-07-20T11:19:25.143`)
* [CVE-2023-3779](CVE-2023/CVE-2023-37xx/CVE-2023-3779.json) (`2023-07-20T11:19:25.143`)
* [CVE-2023-3783](CVE-2023/CVE-2023-37xx/CVE-2023-3783.json) (`2023-07-20T11:19:25.143`)
* [CVE-2023-3784](CVE-2023/CVE-2023-37xx/CVE-2023-3784.json) (`2023-07-20T11:19:25.143`)
* [CVE-2010-3856](CVE-2010/CVE-2010-38xx/CVE-2010-3856.json) (`2023-07-20T12:15:10.757`)
* [CVE-2016-10009](CVE-2016/CVE-2016-100xx/CVE-2016-10009.json) (`2023-07-20T12:15:11.010`)
* [CVE-2020-24188](CVE-2020/CVE-2020-241xx/CVE-2020-24188.json) (`2023-07-20T13:39:53.717`)
* [CVE-2021-45450](CVE-2021/CVE-2021-454xx/CVE-2021-45450.json) (`2023-07-20T12:52:30.400`)
* [CVE-2023-38408](CVE-2023/CVE-2023-384xx/CVE-2023-38408.json) (`2023-07-20T12:15:11.507`)
* [CVE-2023-28304](CVE-2023/CVE-2023-283xx/CVE-2023-28304.json) (`2023-07-20T12:51:39.963`)
* [CVE-2023-24329](CVE-2023/CVE-2023-243xx/CVE-2023-24329.json) (`2023-07-20T12:52:51.187`)
* [CVE-2023-36824](CVE-2023/CVE-2023-368xx/CVE-2023-36824.json) (`2023-07-20T12:56:43.903`)
* [CVE-2023-3354](CVE-2023/CVE-2023-33xx/CVE-2023-3354.json) (`2023-07-20T12:58:14.863`)
* [CVE-2023-33879](CVE-2023/CVE-2023-338xx/CVE-2023-33879.json) (`2023-07-20T13:25:16.117`)
* [CVE-2023-33880](CVE-2023/CVE-2023-338xx/CVE-2023-33880.json) (`2023-07-20T13:33:28.540`)
* [CVE-2023-37960](CVE-2023/CVE-2023-379xx/CVE-2023-37960.json) (`2023-07-20T13:41:26.547`)
* [CVE-2023-37963](CVE-2023/CVE-2023-379xx/CVE-2023-37963.json) (`2023-07-20T13:50:37.857`)
* [CVE-2023-37965](CVE-2023/CVE-2023-379xx/CVE-2023-37965.json) (`2023-07-20T13:57:42.343`)
## Download and Usage