admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-06-02T06:00:26.272491+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-06-02 06:00:29 +00:00
parent e46f65adee
commit 7990cbb2d9
13 changed files with 483 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
CVE-2022/CVE-2022-459xx/CVE-2022-45938.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2022-45938",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-02T04:15:47.943",
"lastModified": "2023-06-02T04:15:47.943",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Comcast Defined Technologies microeisbss through 2021. An attacker can inject a stored XSS payload in the Device ID field under Inventory Management to achieve Remote Code Execution and privilege escalation.."
}
],
"metrics": {},
"references": [
{
"url": "https://my.xfinity.com/vulnerabilityreport",
"source": "cve@mitre.org"
},
{
"url": "https://pensecure.medium.com/cve-2022-45938-f4c0d441da6f",
"source": "cve@mitre.org"
}
]
}

59
CVE-2023/CVE-2023-20xx/CVE-2023-2060.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-2060",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2023-06-02T05:15:09.563",
"lastModified": "2023-06-02T05:15:09.563",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or password sniffing."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-521"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/vu/JVNVU92908006",
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
},
{
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2023-004.pdf",
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
}
]
}

59
CVE-2023/CVE-2023-20xx/CVE-2023-2061.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-2061",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2023-06-02T05:15:10.100",
"lastModified": "2023-06-02T05:15:10.100",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to obtain a hard-coded password and access to the module via FTP."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-259"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/vu/JVNVU92908006",
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
},
{
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2023-004.pdf",
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
}
]
}

59
CVE-2023/CVE-2023-20xx/CVE-2023-2062.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-2062",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2023-06-02T05:15:10.187",
"lastModified": "2023-06-02T05:15:10.187",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP. This vulnerability results in authentication bypass vulnerability, which allows the attacker to access MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP via FTP."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-549"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/vu/JVNVU92908006",
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
},
{
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2023-004.pdf",
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
}
]
}

59
CVE-2023/CVE-2023-20xx/CVE-2023-2063.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-2063",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2023-06-02T05:15:10.263",
"lastModified": "2023-06-02T05:15:10.263",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to cause information disclosure, tampering, deletion or destruction via file upload/download. As a result, the attacker may be able to exploit this for further attacks.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/vu/JVNVU92908006",
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
},
{
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2023-004.pdf",
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
}
]
}

59
CVE-2023/CVE-2023-22xx/CVE-2023-2201.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-2201",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-02T04:15:49.983",
"lastModified": "2023-06-02T04:15:49.983",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Web Directory Free for WordPress is vulnerable to SQL Injection via the \u2018post_id\u2019 parameter in versions up to, and including, 1.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/web-directory-free/tags/1.6.6/search/plugin/classes/search/search_forms_manager.php#L1425",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d831fa81-4714-4757-b75d-0a8f5edda910?source=cve",
"source": "security@wordfence.com"
}
]
}

24
CVE-2023/CVE-2023-277xx/CVE-2023-27744.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-27744",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-02T04:15:49.577",
"lastModified": "2023-06-02T04:15:49.577",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in South River Technologies TitanFTP NextGen server that allows for a vertical privilege escalation leading to remote code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://www.southrivertech.com/software/nextgen/titanftp/en/relnotes.pdf",
"source": "cve@mitre.org"
},
{
"url": "https://www.whiteoaksecurity.com/blog/titanftp-vulnerability-disclosure/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-277xx/CVE-2023-27745.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-27745",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-02T04:15:49.687",
"lastModified": "2023-06-02T04:15:49.687",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in South River Technologies TitanFTP Before v2.0.1.2102 allows attackers with low-level privileges to perform Administrative actions by sending requests to the user server."
}
],
"metrics": {},
"references": [
{
"url": "https://www.southrivertech.com/software/nextgen/titanftp/en/relnotes.pdf",
"source": "cve@mitre.org"
},
{
"url": "https://www.whiteoaksecurity.com/blog/titanftp-vulnerability-disclosure/",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-297xx/CVE-2023-29724.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-29724",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-02T04:15:49.803",
"lastModified": "2023-06-02T04:15:49.803",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker could tamper with this data to cause an escalation of privilege attack."
}
],
"metrics": {},
"references": [
{
"url": "http://bungaakpstudio007.com",
"source": "cve@mitre.org"
},
{
"url": "https://apkpure.com/cn/bt21-x-bts-wallpaper-hd-4k/com.bungaakp007.bt21wallpaperoffline130920/download/12-APK",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29724/CVE%20detail.md",
"source": "cve@mitre.org"
}
]
}

32
CVE-2023/CVE-2023-297xx/CVE-2023-29725.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-29725",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-02T04:15:49.863",
"lastModified": "2023-06-02T04:15:49.863",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting data, the attacker can force the application to load malicious image URLs and display them in the UI. As the amount of data increases, it will eventually cause the application to trigger an OOM error and crash, resulting in a persistent denial of service attack."
}
],
"metrics": {},
"references": [
{
"url": "http://bungaakpstudio007.com",
"source": "cve@mitre.org"
},
{
"url": "https://apkpure.com/cn/bt21-x-bts-wallpaper-hd-4k/com.bungaakp007.bt21wallpaperoffline130920/download/12-APK",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29725/CVE%20detail.md",
"source": "cve@mitre.org"
},
{
"url": "https://play.google.com/store/apps/details?id=com.cuiet.blockCalls",
"source": "cve@mitre.org"
}
]
}

32
CVE-2023/CVE-2023-297xx/CVE-2023-29746.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-29746",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-02T04:15:49.923",
"lastModified": "2023-06-02T04:15:49.923",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue found in The Thaiger v.1.2 for Android allows unauthorized apps to cause a code execution attack by manipulating the SharedPreference files."
}
],
"metrics": {},
"references": [
{
"url": "https://apksos.com/app/story.saver.downloader.photo.video.repost.byrk",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29746/CVE%20detail.md",
"source": "cve@mitre.org"
},
{
"url": "https://play.google.com/store/apps/details?id=com.TheThaiger.android",
"source": "cve@mitre.org"
},
{
"url": "https://thethaiger.com/",
"source": "cve@mitre.org"
}
]
}

17
CVE-2023/CVE-2023-303xx/CVE-2023-30394.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-30394",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-11T19:15:09.497",
"lastModified": "2023-05-20T00:40:49.663",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-02T04:15:50.140",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "MoveIT v1.1.11 was discovered to contain a cross-site scripting (XSS) vulenrability via the API authentication function."
"value": "Progress Ipswitch MoveIT 1.1.11 was discovered to contain a cross-site scripting (XSS) vulenrability via the API authentication function."
}
],
"metrics": {
@ -64,13 +64,6 @@
}
],
"references": [
{
"url": "http://moveit.com",
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/M19O/Security-Advisories/tree/main/CVE-2023-30394",
"source": "cve@mitre.org",
@ -98,6 +91,10 @@
"tags": [
"Broken Link"
]
},
{
"url": "https://www.ipswitch.com/moveit",
"source": "cve@mitre.org"
}
]
}

40
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-06-02T04:00:24.374907+00:00
2023-06-02T06:00:26.272491+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-06-02T03:13:03.820000+00:00
2023-06-02T05:15:10.263000+00:00
```
### Last Data Feed Release
@ -29,37 +29,31 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
216655
216666
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `11`
* [CVE-2022-45938](CVE-2022/CVE-2022-459xx/CVE-2022-45938.json) (`2023-06-02T04:15:47.943`)
* [CVE-2023-27744](CVE-2023/CVE-2023-277xx/CVE-2023-27744.json) (`2023-06-02T04:15:49.577`)
* [CVE-2023-27745](CVE-2023/CVE-2023-277xx/CVE-2023-27745.json) (`2023-06-02T04:15:49.687`)
* [CVE-2023-29724](CVE-2023/CVE-2023-297xx/CVE-2023-29724.json) (`2023-06-02T04:15:49.803`)
* [CVE-2023-29725](CVE-2023/CVE-2023-297xx/CVE-2023-29725.json) (`2023-06-02T04:15:49.863`)
* [CVE-2023-29746](CVE-2023/CVE-2023-297xx/CVE-2023-29746.json) (`2023-06-02T04:15:49.923`)
* [CVE-2023-2201](CVE-2023/CVE-2023-22xx/CVE-2023-2201.json) (`2023-06-02T04:15:49.983`)
* [CVE-2023-2060](CVE-2023/CVE-2023-20xx/CVE-2023-2060.json) (`2023-06-02T05:15:09.563`)
* [CVE-2023-2061](CVE-2023/CVE-2023-20xx/CVE-2023-2061.json) (`2023-06-02T05:15:10.100`)
* [CVE-2023-2062](CVE-2023/CVE-2023-20xx/CVE-2023-2062.json) (`2023-06-02T05:15:10.187`)
* [CVE-2023-2063](CVE-2023/CVE-2023-20xx/CVE-2023-2063.json) (`2023-06-02T05:15:10.263`)
### CVEs modified in the last Commit
Recently modified CVEs: `18`
Recently modified CVEs: `1`
* [CVE-2022-24627](CVE-2022/CVE-2022-246xx/CVE-2022-24627.json) (`2023-06-02T03:04:38.043`)
* [CVE-2022-24628](CVE-2022/CVE-2022-246xx/CVE-2022-24628.json) (`2023-06-02T03:04:59.687`)
* [CVE-2022-24629](CVE-2022/CVE-2022-246xx/CVE-2022-24629.json) (`2023-06-02T03:05:17.787`)
* [CVE-2022-24630](CVE-2022/CVE-2022-246xx/CVE-2022-24630.json) (`2023-06-02T03:05:28.773`)
* [CVE-2022-24631](CVE-2022/CVE-2022-246xx/CVE-2022-24631.json) (`2023-06-02T03:05:37.630`)
* [CVE-2022-24632](CVE-2022/CVE-2022-246xx/CVE-2022-24632.json) (`2023-06-02T03:06:17.357`)
* [CVE-2023-2929](CVE-2023/CVE-2023-29xx/CVE-2023-2929.json) (`2023-06-02T03:06:53.850`)
* [CVE-2023-2930](CVE-2023/CVE-2023-29xx/CVE-2023-2930.json) (`2023-06-02T03:07:09.200`)
* [CVE-2023-2931](CVE-2023/CVE-2023-29xx/CVE-2023-2931.json) (`2023-06-02T03:09:23.077`)
* [CVE-2023-2932](CVE-2023/CVE-2023-29xx/CVE-2023-2932.json) (`2023-06-02T03:09:36.997`)
* [CVE-2023-2933](CVE-2023/CVE-2023-29xx/CVE-2023-2933.json) (`2023-06-02T03:09:49.437`)
* [CVE-2023-2934](CVE-2023/CVE-2023-29xx/CVE-2023-2934.json) (`2023-06-02T03:10:14.740`)
* [CVE-2023-2935](CVE-2023/CVE-2023-29xx/CVE-2023-2935.json) (`2023-06-02T03:10:27.333`)
* [CVE-2023-2936](CVE-2023/CVE-2023-29xx/CVE-2023-2936.json) (`2023-06-02T03:10:39.890`)
* [CVE-2023-2937](CVE-2023/CVE-2023-29xx/CVE-2023-2937.json) (`2023-06-02T03:11:34.323`)
* [CVE-2023-2938](CVE-2023/CVE-2023-29xx/CVE-2023-2938.json) (`2023-06-02T03:12:02.160`)
* [CVE-2023-2941](CVE-2023/CVE-2023-29xx/CVE-2023-2941.json) (`2023-06-02T03:12:36.803`)
* [CVE-2023-31873](CVE-2023/CVE-2023-318xx/CVE-2023-31873.json) (`2023-06-02T03:13:03.820`)
* [CVE-2023-30394](CVE-2023/CVE-2023-303xx/CVE-2023-30394.json) (`2023-06-02T04:15:50.140`)
## Download and Usage