admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 18:52:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-28T22:00:25.408660+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-28 22:00:28 +00:00
parent 71c75148bd
commit 7b212f532f
22 changed files with 1044 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2020/CVE-2020-122xx/CVE-2020-12272.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-12272",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-04-27T14:15:11.330",
"lastModified": "2022-11-16T03:20:50.287",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-28T20:15:07.633",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -130,6 +130,10 @@
}
],
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00035.html",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D4JGHMALEJEWWG56DKR5OZB22TK7W5B/",
"source": "cve@mitre.org",

64
CVE-2020/CVE-2020-216xx/CVE-2020-21699.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2020-21699",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:15.847",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-28T21:17:32.603",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:alibaba:tengine:2.2.2:*:*:*:*:nginx:*:*",
"matchCriteriaId": "B93765C2-94DC-442F-9D73-D32A947A313F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ZxDecide/Nginx-variants/blob/master/%E9%99%84%E4%BB%B6(Tengine).docx",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

75
CVE-2020/CVE-2020-241xx/CVE-2020-24113.json
View File

@ -2,19 +2,86 @@
"id": "CVE-2020-24113",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T22:15:08.080",
"lastModified": "2023-08-23T13:17:22.070",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-28T20:09:43.660",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability in Contacts File Upload Interface in Yealink W60B version 77.83.0.85, allows attackers to gain sensitive information and cause a denial of service (DoS)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:yealink:w60b_firmware:77.83.0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "C883A3A2-AAD9-4A86-B204-CCD8E83DF433"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:yealink:w60b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "594D7F97-0A65-4479-AD50-B0D0CEB340AF"
}
]
}
]
}
],
"references": [
{
"url": "https://fuo.fi/CVE-2020-24113/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

24
CVE-2020/CVE-2020-241xx/CVE-2020-24165.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2020-24165",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-28T21:15:07.510",
"lastModified": "2023-08-28T21:15:07.510",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS)."
}
],
"metrics": {},
"references": [
{
"url": "https://bugs.launchpad.net/qemu/+bug/1863025",
"source": "cve@mitre.org"
},
{
"url": "https://pastebin.com/iqCbjdT8",
"source": "cve@mitre.org"
}
]
}

70
CVE-2022/CVE-2022-485xx/CVE-2022-48538.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2022-48538",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:31.230",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-28T20:06:05.137",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cacti:cacti:1.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A4BB8CCB-5F52-4248-947C-3F4F1211EF53"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.cacti.net/Settings-Auth-LDAP.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Technical Description"
]
},
{
"url": "https://github.com/Cacti/cacti/issues/5189",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

63
CVE-2022/CVE-2022-485xx/CVE-2022-48545.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2022-48545",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:31.553",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-28T20:40:51.623",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-674"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.02:*:*:*:*:*:*:*",
"matchCriteriaId": "405F7593-5AB5-416A-A64D-846B3D9F5A94"
}
]
}
]
}
],
"references": [
{
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=42092",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-321xx/CVE-2023-32119.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32119",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-23T13:15:07.617",
"lastModified": "2023-08-23T13:17:18.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-28T21:24:05.680",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpo365:mail_integration_for_office_365_\\/_outlook:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.9.1",
"matchCriteriaId": "05341EB5-D9AE-4BA4-ABED-C888A60DB260"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mail-integration-365/wordpress-wpo365-mail-integration-for-office-365-outlook-plugin-1-9-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-357xx/CVE-2023-35785.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-35785",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-28T20:15:08.033",
"lastModified": "2023-08-28T20:15:08.033",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ADManager Plus through 7186 is vulnerable to 2FA bypass."
}
],
"metrics": {},
"references": [
{
"url": "https://manageengine.com",
"source": "cve@mitre.org"
},
{
"url": "https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html",
"source": "cve@mitre.org"
}
]
}

58
CVE-2023/CVE-2023-36xx/CVE-2023-3699.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3699",
"sourceIdentifier": "security@asustor.com",
"published": "2023-08-22T19:16:39.707",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-28T21:12:52.317",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "security@asustor.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@asustor.com",
"type": "Secondary",
@ -46,10 +76,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:asustor:data_master:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.6.ris1",
"versionEndExcluding": "4.2.3.rk91",
"matchCriteriaId": "123C0519-ADFD-4072-89EF-020992A9EA7F"
}
]
}
]
}
],
"references": [
{
"url": "https://www.asustor.com/security/security_advisory_detail?id=29",
"source": "security@asustor.com"
"source": "security@asustor.com",
"tags": [
"Vendor Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-389xx/CVE-2023-38969.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-38969",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-28T21:15:07.667",
"lastModified": "2023-08-28T21:15:07.667",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the title parameter in the new book and edit book function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/anh91/uasoft-indonesia--badaso/blob/main/XSS2.md",
"source": "cve@mitre.org"
},
{
"url": "https://panda002.hashnode.dev/badaso-version-297-has-an-xss-vulnerability-in-add-books",
"source": "cve@mitre.org"
}
]
}

59
CVE-2023/CVE-2023-393xx/CVE-2023-39348.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-39348",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-28T20:15:08.107",
"lastModified": "2023-08-28T20:15:08.107",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log system, the risk is slightly higher than a \"low\" since token exposure could grant elevated access to repositories outside of control. If using READ restricted tokens, the exposure is such that the token itself could be used to access resources otherwise restricted from reads. This only affects users of GitHub Status Notifications. This issue has been addressed in pull request 1316. Users are advised to upgrade. Users unable to upgrade should disable GH Status Notifications, Filter their logs for Echo log data and use read-only tokens that are limited in scope."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://github.com/spinnaker/echo/pull/1316",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/spinnaker/spinnaker/security/advisories/GHSA-rq5c-hvw6-8pr7",
"source": "security-advisories@github.com"
}
]
}

20
CVE-2023/CVE-2023-395xx/CVE-2023-39578.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-39578",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-28T20:15:08.207",
"lastModified": "2023-08-28T20:15:08.207",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/anh91/Zenario-xss/issues/1",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-396xx/CVE-2023-39652.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-39652",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-28T21:15:07.723",
"lastModified": "2023-08-28T21:15:07.723",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "theme volty tvcmsvideotab up to v4.0.0 was discovered to contain a SQL injection vulnerability via the component TvcmsVideoTabConfirmDeleteModuleFrontController::run()."
}
],
"metrics": {},
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/08/24/tvcmsvideotab.html",
"source": "cve@mitre.org"
},
{
"url": "https://themevolty.com/",
"source": "cve@mitre.org"
}
]
}

59
CVE-2023/CVE-2023-399xx/CVE-2023-39968.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-39968",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-28T21:15:07.777",
"lastModified": "2023-08-28T21:15:07.777",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URLs. This issue has been addressed in commit `29036259` which is included in release 2.7.2. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://github.com/jupyter-server/jupyter_server/commit/290362593b2ffb23c59f8114d76f77875de4b925",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-r726-vmfq-j9j3",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-401xx/CVE-2023-40170.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-40170",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-28T21:15:07.873",
"lastModified": "2023-08-28T21:15:07.873",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on `/files/` URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via \"Open image in new tab\". This issue has been addressed in commit `87a49272728` which has been included in release `2.7.2`. Users are advised to upgrade. Users unable to upgrade may use the lower performance `--ContentsManager.files_handler_class=jupyter_server.files.handlers.FilesHandler`, which implements the correct checks."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
},
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://github.com/jupyter-server/jupyter_server/commit/87a4927272819f0b1cae1afa4c8c86ee2da002fd",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-64x5-55rw-9974",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2023/CVE-2023-410xx/CVE-2023-41098.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-41098",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-23T06:15:07.950",
"lastModified": "2023-08-23T13:17:18.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-28T21:21:37.023",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en MISP v2.4.174. En el fichero \"app/Controller/DashboardsController.php\" existe un problema de Cross-Site Scripting (XSS) reflejado a trav\u00e9s del par\u00e1metro \"id\" al editar un panel de control. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:misp:misp:2.4.174:*:*:*:*:*:*:*",
"matchCriteriaId": "41B6B5F0-5F19-48A8-BD25-08E4D3FD7665"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MISP/MISP/commit/09fb0cba65eab9341e81f1cbebc2ae10be34a2b7",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

60
CVE-2023/CVE-2023-411xx/CVE-2023-41100.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41100",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-23T06:15:09.220",
"lastModified": "2023-08-23T13:17:18.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-28T21:27:36.420",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -34,10 +54,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcaptcha_for_ext\\:form_project:hcaptcha_for_ext\\:form:*:*:*:*:*:typo3:*:*",
"versionEndExcluding": "2.1.2",
"matchCriteriaId": "6E550E30-E5A0-40A9-95E4-B8CF55BA9BAC"
}
]
}
]
}
],
"references": [
{
"url": "https://typo3.org/security/advisory/typo3-ext-sa-2023-007",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

108
CVE-2023/CVE-2023-411xx/CVE-2023-41104.json
View File

@ -2,27 +2,123 @@
"id": "CVE-2023-41104",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-23T07:15:08.417",
"lastModified": "2023-08-23T13:17:18.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-28T21:41:07.790",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL (Varnish Configuration Language) configuration in use."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.0.11",
"matchCriteriaId": "E51F4EF4-1AFE-4395-904D-FDDE83B19CFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.11:-:*:*:*:*:*:*",
"matchCriteriaId": "48190A61-CD4F-4C9D-8C82-13A14470BA58"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.11:r1:*:*:*:*:*:*",
"matchCriteriaId": "943E3FE8-EA6D-4500-8014-697A9A0CEF91"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.11:r2:*:*:*:*:*:*",
"matchCriteriaId": "F2CBF396-441D-44F2-BAFF-D3B2A981FBCD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.11:r3:*:*:*:*:*:*",
"matchCriteriaId": "136343D5-80C1-4F83-8471-2C26F9FD492A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.11:r4:*:*:*:*:*:*",
"matchCriteriaId": "A34B5F57-B86F-41CB-A3D8-9084960D3E45"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:varnish-software:vmod_digest:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.3",
"matchCriteriaId": "739EF024-4944-4B7B-8872-843CECF9F928"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.varnish-software.com/security/VSV00012/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
]
},
{
"url": "https://github.com/varnish/libvmod-digest/releases/tag/libvmod-digest-1.0.3",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.varnish-cache.org/security/VSV00012.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-411xx/CVE-2023-41109.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-41109",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-28T20:15:08.273",
"lastModified": "2023-08-28T20:15:08.273",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Command Injection."
}
],
"metrics": {},
"references": [
{
"url": "https://www.syss.de/",
"source": "cve@mitre.org"
},
{
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-019.txt",
"source": "cve@mitre.org"
}
]
}

66
CVE-2023/CVE-2023-44xx/CVE-2023-4404.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4404",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-23T02:15:08.887",
"lastModified": "2023-08-23T13:17:18.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-28T20:46:11.667",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,12 +35,32 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -48,16 +68,50 @@
"value": "CWE-269"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpcharitable:charitable:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.7.0.12",
"matchCriteriaId": "FF5A9FF4-AC5A-491F-9BAF-9A25859A0068"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/charitable/tags/1.7.0.12/includes/users/class-charitable-user.php#L866",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/522ecc1c-5834-4325-9234-79cf712213f3?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-44xx/CVE-2023-4475.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4475",
"sourceIdentifier": "security@asustor.com",
"published": "2023-08-22T19:16:41.753",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-28T20:33:24.607",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "security@asustor.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-552"
}
]
},
{
"source": "security@asustor.com",
"type": "Secondary",
@ -46,10 +76,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:asustor:data_master:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.6.ris1",
"versionEndExcluding": "4.2.2.ri61",
"matchCriteriaId": "DB0DBC18-2FD7-4870-AF9F-1B44EAB81B75"
}
]
}
]
}
],
"references": [
{
"url": "https://www.asustor.com/security/security_advisory_detail?id=30",
"source": "security@asustor.com"
"source": "security@asustor.com",
"tags": [
"Vendor Advisory"
]
}
]
}

62
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-28T20:00:25.281014+00:00
2023-08-28T22:00:25.408660+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-28T19:55:42.107000+00:00
2023-08-28T21:41:07.790000+00:00
```
### Last Data Feed Release
@ -29,50 +29,40 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
223567
223576
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `9`
* [CVE-2020-27366](CVE-2020/CVE-2020-273xx/CVE-2020-27366.json) (`2023-08-28T18:15:08.593`)
* [CVE-2023-39062](CVE-2023/CVE-2023-390xx/CVE-2023-39062.json) (`2023-08-28T18:15:08.863`)
* [CVE-2023-40590](CVE-2023/CVE-2023-405xx/CVE-2023-40590.json) (`2023-08-28T18:15:08.937`)
* [CVE-2023-39562](CVE-2023/CVE-2023-395xx/CVE-2023-39562.json) (`2023-08-28T19:15:07.747`)
* [CVE-2023-39709](CVE-2023/CVE-2023-397xx/CVE-2023-39709.json) (`2023-08-28T19:15:07.830`)
* [CVE-2023-39810](CVE-2023/CVE-2023-398xx/CVE-2023-39810.json) (`2023-08-28T19:15:07.893`)
* [CVE-2020-24165](CVE-2020/CVE-2020-241xx/CVE-2020-24165.json) (`2023-08-28T21:15:07.510`)
* [CVE-2023-35785](CVE-2023/CVE-2023-357xx/CVE-2023-35785.json) (`2023-08-28T20:15:08.033`)
* [CVE-2023-39348](CVE-2023/CVE-2023-393xx/CVE-2023-39348.json) (`2023-08-28T20:15:08.107`)
* [CVE-2023-39578](CVE-2023/CVE-2023-395xx/CVE-2023-39578.json) (`2023-08-28T20:15:08.207`)
* [CVE-2023-41109](CVE-2023/CVE-2023-411xx/CVE-2023-41109.json) (`2023-08-28T20:15:08.273`)
* [CVE-2023-38969](CVE-2023/CVE-2023-389xx/CVE-2023-38969.json) (`2023-08-28T21:15:07.667`)
* [CVE-2023-39652](CVE-2023/CVE-2023-396xx/CVE-2023-39652.json) (`2023-08-28T21:15:07.723`)
* [CVE-2023-39968](CVE-2023/CVE-2023-399xx/CVE-2023-39968.json) (`2023-08-28T21:15:07.777`)
* [CVE-2023-40170](CVE-2023/CVE-2023-401xx/CVE-2023-40170.json) (`2023-08-28T21:15:07.873`)
### CVEs modified in the last Commit
Recently modified CVEs: `44`
Recently modified CVEs: `12`
* [CVE-2023-40759](CVE-2023/CVE-2023-407xx/CVE-2023-40759.json) (`2023-08-28T19:28:54.367`)
* [CVE-2023-40760](CVE-2023/CVE-2023-407xx/CVE-2023-40760.json) (`2023-08-28T19:28:54.367`)
* [CVE-2023-40761](CVE-2023/CVE-2023-407xx/CVE-2023-40761.json) (`2023-08-28T19:28:54.367`)
* [CVE-2023-40762](CVE-2023/CVE-2023-407xx/CVE-2023-40762.json) (`2023-08-28T19:28:54.367`)
* [CVE-2023-40763](CVE-2023/CVE-2023-407xx/CVE-2023-40763.json) (`2023-08-28T19:28:54.367`)
* [CVE-2023-40764](CVE-2023/CVE-2023-407xx/CVE-2023-40764.json) (`2023-08-28T19:28:54.367`)
* [CVE-2023-40765](CVE-2023/CVE-2023-407xx/CVE-2023-40765.json) (`2023-08-28T19:28:54.367`)
* [CVE-2023-40766](CVE-2023/CVE-2023-407xx/CVE-2023-40766.json) (`2023-08-28T19:28:54.367`)
* [CVE-2023-40767](CVE-2023/CVE-2023-407xx/CVE-2023-40767.json) (`2023-08-28T19:28:54.367`)
* [CVE-2023-39708](CVE-2023/CVE-2023-397xx/CVE-2023-39708.json) (`2023-08-28T19:28:54.367`)
* [CVE-2023-40846](CVE-2023/CVE-2023-408xx/CVE-2023-40846.json) (`2023-08-28T19:28:54.367`)
* [CVE-2023-1997](CVE-2023/CVE-2023-19xx/CVE-2023-1997.json) (`2023-08-28T19:28:54.367`)
* [CVE-2023-39560](CVE-2023/CVE-2023-395xx/CVE-2023-39560.json) (`2023-08-28T19:28:54.367`)
* [CVE-2023-40748](CVE-2023/CVE-2023-407xx/CVE-2023-40748.json) (`2023-08-28T19:28:54.370`)
* [CVE-2023-40749](CVE-2023/CVE-2023-407xx/CVE-2023-40749.json) (`2023-08-28T19:28:54.370`)
* [CVE-2023-40750](CVE-2023/CVE-2023-407xx/CVE-2023-40750.json) (`2023-08-28T19:28:54.370`)
* [CVE-2023-40751](CVE-2023/CVE-2023-407xx/CVE-2023-40751.json) (`2023-08-28T19:28:54.370`)
* [CVE-2023-40752](CVE-2023/CVE-2023-407xx/CVE-2023-40752.json) (`2023-08-28T19:28:54.370`)
* [CVE-2023-40753](CVE-2023/CVE-2023-407xx/CVE-2023-40753.json) (`2023-08-28T19:28:54.370`)
* [CVE-2023-40754](CVE-2023/CVE-2023-407xx/CVE-2023-40754.json) (`2023-08-28T19:28:54.370`)
* [CVE-2023-38668](CVE-2023/CVE-2023-386xx/CVE-2023-38668.json) (`2023-08-28T19:38:54.383`)
* [CVE-2023-38667](CVE-2023/CVE-2023-386xx/CVE-2023-38667.json) (`2023-08-28T19:40:03.987`)
* [CVE-2023-38666](CVE-2023/CVE-2023-386xx/CVE-2023-38666.json) (`2023-08-28T19:46:35.200`)
* [CVE-2023-33850](CVE-2023/CVE-2023-338xx/CVE-2023-33850.json) (`2023-08-28T19:51:25.020`)
* [CVE-2023-4427](CVE-2023/CVE-2023-44xx/CVE-2023-4427.json) (`2023-08-28T19:55:42.107`)
* [CVE-2020-24113](CVE-2020/CVE-2020-241xx/CVE-2020-24113.json) (`2023-08-28T20:09:43.660`)
* [CVE-2020-12272](CVE-2020/CVE-2020-122xx/CVE-2020-12272.json) (`2023-08-28T20:15:07.633`)
* [CVE-2020-21699](CVE-2020/CVE-2020-216xx/CVE-2020-21699.json) (`2023-08-28T21:17:32.603`)
* [CVE-2022-48538](CVE-2022/CVE-2022-485xx/CVE-2022-48538.json) (`2023-08-28T20:06:05.137`)
* [CVE-2022-48545](CVE-2022/CVE-2022-485xx/CVE-2022-48545.json) (`2023-08-28T20:40:51.623`)
* [CVE-2023-4475](CVE-2023/CVE-2023-44xx/CVE-2023-4475.json) (`2023-08-28T20:33:24.607`)
* [CVE-2023-4404](CVE-2023/CVE-2023-44xx/CVE-2023-4404.json) (`2023-08-28T20:46:11.667`)
* [CVE-2023-3699](CVE-2023/CVE-2023-36xx/CVE-2023-3699.json) (`2023-08-28T21:12:52.317`)
* [CVE-2023-41098](CVE-2023/CVE-2023-410xx/CVE-2023-41098.json) (`2023-08-28T21:21:37.023`)
* [CVE-2023-32119](CVE-2023/CVE-2023-321xx/CVE-2023-32119.json) (`2023-08-28T21:24:05.680`)
* [CVE-2023-41100](CVE-2023/CVE-2023-411xx/CVE-2023-41100.json) (`2023-08-28T21:27:36.420`)
* [CVE-2023-41104](CVE-2023/CVE-2023-411xx/CVE-2023-41104.json) (`2023-08-28T21:41:07.790`)
## Download and Usage