admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 11:07:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-06-14T10:00:30.376135+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-06-14 10:00:33 +00:00
parent eab02f41df
commit 7c63fccea7
19 changed files with 1019 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
CVE-2022/CVE-2022-471xx/CVE-2022-47184.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2022-47184",
"sourceIdentifier": "security@apache.org",
"published": "2023-06-14T08:15:08.633",
"lastModified": "2023-06-14T08:15:08.633",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: 8.0.0 to 9.2.0.\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs",
"source": "security@apache.org"
}
]
}

55
CVE-2023/CVE-2023-08xx/CVE-2023-0837.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-0837",
"sourceIdentifier": "psirt@teamviewer.com",
"published": "2023-06-14T08:15:08.703",
"lastModified": "2023-06-14T08:15:08.703",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An improper authorization check of local device settings in TeamViewer Remote between version 15.41 and 15.42.7 for Windows and macOS allows an unprivileged user to change basic local device settings even though the options were locked. This can result in unwanted changes to the configuration."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@teamviewer.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "psirt@teamviewer.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://www.teamviewer.com/en/trust-center/security-bulletins/tv-2023-1001/",
"source": "psirt@teamviewer.com"
}
]
}

55
CVE-2023/CVE-2023-10xx/CVE-2023-1049.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-1049",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2023-06-14T08:15:08.773",
"lastModified": "2023-06-14T08:15:08.773",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nA CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that\ncould cause execution of malicious code when an unsuspicious user loads a project file from the\nlocal filesystem into the HMI.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cybersecurity@se.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cybersecurity@se.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-164-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-164-01.pdf",
"source": "cybersecurity@se.com"
}
]
}

14
CVE-2023/CVE-2023-226xx/CVE-2023-22610.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-22610",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2023-01-31T17:15:08.827",
"lastModified": "2023-02-07T19:52:35.487",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-14T08:15:08.860",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A CWE-285: Improper Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA) (Versions prior to October 2022)"
"value": "\nA CWE-863: Incorrect Authorization vulnerability exists that could cause Denial of\nService against the Geo SCADA server when specific messages are sent to the server over the\ndatabase server TCP port. \n\n\n\n"
}
],
"metrics": {
@ -56,22 +56,22 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "cybersecurity@se.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-863"
}
]
},
{
"source": "cybersecurity@se.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
"value": "NVD-CWE-Other"
}
]
}

55
CVE-2023/CVE-2023-25xx/CVE-2023-2569.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-2569",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2023-06-14T08:15:09.113",
"lastModified": "2023-06-14T08:15:09.113",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nA CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service,\nelevation of privilege, and potentially kernel execution when a malicious actor with local user\naccess crafts a script/program using an IOCTL call in the Foxboro.sys driver.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cybersecurity@se.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cybersecurity@se.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-164-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-164-04.pdf",
"source": "cybersecurity@se.com"
}
]
}

55
CVE-2023/CVE-2023-25xx/CVE-2023-2570.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-2570",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2023-06-14T08:15:09.187",
"lastModified": "2023-06-14T08:15:09.187",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nA CWE-129: Improper Validation of Array Index vulnerability exists that could cause local\ndenial-of-service, and potentially kernel execution when a malicious actor with local user access\ncrafts a script/program using an unpredictable index to an IOCTL call in the Foxboro.sys driver.\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cybersecurity@se.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cybersecurity@se.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-129"
}
]
}
],
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-164-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-164-04.pdf",
"source": "cybersecurity@se.com"
}
]
}

18
CVE-2023/CVE-2023-280xx/CVE-2023-28069.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-28069",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-04-05T08:15:07.863",
"lastModified": "2023-04-11T14:44:43.673",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-14T08:15:08.997",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks."
"value": "\nDell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. A remote unauthenticated attacker can phish the legitimate user to redirect to malicious website leading to information disclosure and launch of phishing attacks.\n\n"
}
],
"metrics": {
@ -37,20 +37,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
"impactScore": 2.7
}
]
},

32
CVE-2023/CVE-2023-306xx/CVE-2023-30631.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-30631",
"sourceIdentifier": "security@apache.org",
"published": "2023-06-14T08:15:09.257",
"lastModified": "2023-06-14T08:15:09.257",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.\u00a0 The configuration option\u00a0proxy.config.http.push_method_enabled didn't function.\u00a0 However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0.\n\n8.x users should upgrade to 8.1.7 or later versions\n9.x users should upgrade to 9.2.1 or later versions\n\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs",
"source": "security@apache.org"
}
]
}

55
CVE-2023/CVE-2023-30xx/CVE-2023-3001.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-3001",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2023-06-14T08:15:09.577",
"lastModified": "2023-06-14T08:15:09.577",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nA CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that\ncould cause an interpretation of malicious payload data, potentially leading to remote code\nexecution when an attacker gets the user to open a malicious file. \n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cybersecurity@se.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cybersecurity@se.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-164-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-164-02.pdf",
"source": "cybersecurity@se.com"
}
]
}

88
CVE-2023/CVE-2023-32xx/CVE-2023-3237.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-3237",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-14T08:15:09.640",
"lastModified": "2023-06-14T08:15:09.640",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231508."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-259"
}
]
}
],
"references": [
{
"url": "https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20contains%20a%20weak%20default%20password%20which%20gives%20attackers%20to%20access%20backstage%20management%20system.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.231508",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.231508",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-32xx/CVE-2023-3238.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-3238",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-14T08:15:09.713",
"lastModified": "2023-06-14T08:15:09.713",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in OTCMS up to 6.62. This issue affects some unknown processing of the file /admin/read.php?mudi=getSignal. The manipulation of the argument signalUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231509 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20is%20vulnerable%20to%20Server-side%20request%20forgery%20(SSRF).md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.231509",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.231509",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-32xx/CVE-2023-3239.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-3239",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-14T09:15:09.333",
"lastModified": "2023-06-14T09:15:09.333",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62. Affected is an unknown function of the file admin/readDeal.php?mudi=readQrCode. The manipulation of the argument img leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-231510 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.7
},
"baseSeverity": "LOW",
"exploitabilityScore": 5.1,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-24"
}
]
}
],
"references": [
{
"url": "https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20was%20discovered%20obtain%20the%20web%20directory%20path%20and%20other%20information%20leaked%20.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.231510",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.231510",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-32xx/CVE-2023-3240.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-3240",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-14T09:15:09.717",
"lastModified": "2023-06-14T09:15:09.717",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file usersNews_deal.php. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231511."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.7
},
"baseSeverity": "LOW",
"exploitabilityScore": 5.1,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-24"
}
]
}
],
"references": [
{
"url": "https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20was%20discovered%20to%20contain%20an%20arbitrary%20file%20download%20vulenrability%20via%20the%20filename.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.231511",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.231511",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-32xx/CVE-2023-3241.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-3241",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-14T09:15:09.783",
"lastModified": "2023-06-14T09:15:09.783",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in OTCMS up to 6.62 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/read.php?mudi=announContent. The manipulation of the argument url leads to path traversal. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231512."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.7
},
"baseSeverity": "LOW",
"exploitabilityScore": 5.1,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20was%20discovered%20to%20contain%20an%20arbitrary%20file%20read%20vulenrability%20via%20the%20filename.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.231512",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.231512",
"source": "cna@vuldb.com"
}
]
}

32
CVE-2023/CVE-2023-339xx/CVE-2023-33933.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-33933",
"sourceIdentifier": "security@apache.org",
"published": "2023-06-14T08:15:09.323",
"lastModified": "2023-06-14T08:15:09.323",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0.\n\n8.x users should upgrade to 8.1.7 or later versions\n9.x users should upgrade to 9.2.1 or later versions\n\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs",
"source": "security@apache.org"
}
]
}

59
CVE-2023/CVE-2023-340xx/CVE-2023-34000.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-34000",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-14T08:15:09.377",
"lastModified": "2023-06-14T08:15:09.377",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unauth. IDOR vulnerability leading to PII Disclosure in\u00a0WooCommerce Stripe Payment Gateway plugin <= 7.4.0 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/articles/unauthenticated-idor-to-pii-disclosure-vulnerability-in-woocommerce-stripe-gateway-plugin?_s_id=cve",
"source": "audit@patchstack.com"
},
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-gateway-stripe/wordpress-woocommerce-stripe-payment-gateway-plugin-7-4-0-insecure-direct-object-references-idor-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-341xx/CVE-2023-34149.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34149",
"sourceIdentifier": "security@apache.org",
"published": "2023-06-14T08:15:09.450",
"lastModified": "2023-06-14T08:15:09.450",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2.\n\nUpgrade to Struts 2.5.31 or 6.1.2.1 or greater.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@apache.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://cwiki.apache.org/confluence/display/WW/S2-063",
"source": "security@apache.org"
}
]
}

55
CVE-2023/CVE-2023-343xx/CVE-2023-34396.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34396",
"sourceIdentifier": "security@apache.org",
"published": "2023-06-14T08:15:09.520",
"lastModified": "2023-06-14T08:15:09.520",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2.\n\nUpgrade to Struts 2.5.31 or 6.1.2.1 or greater\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@apache.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://cwiki.apache.org/confluence/display/WW/S2-064",
"source": "security@apache.org"
}
]
}

42
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-06-14T08:00:27.416894+00:00
2023-06-14T10:00:30.376135+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-06-14T07:15:09.580000+00:00
2023-06-14T09:15:09.783000+00:00
```
### Last Data Feed Release
@ -29,33 +29,37 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
217691
217707
```
### CVEs added in the last Commit
Recently added CVEs: `11`
Recently added CVEs: `16`
* [CVE-2023-3189](CVE-2023/CVE-2023-31xx/CVE-2023-3189.json) (`2023-06-14T06:15:08.507`)
* [CVE-2023-3227](CVE-2023/CVE-2023-32xx/CVE-2023-3227.json) (`2023-06-14T06:15:08.720`)
* [CVE-2023-3228](CVE-2023/CVE-2023-32xx/CVE-2023-3228.json) (`2023-06-14T06:15:08.800`)
* [CVE-2023-3229](CVE-2023/CVE-2023-32xx/CVE-2023-3229.json) (`2023-06-14T06:15:08.877`)
* [CVE-2023-3230](CVE-2023/CVE-2023-32xx/CVE-2023-3230.json) (`2023-06-14T06:15:08.937`)
* [CVE-2023-3231](CVE-2023/CVE-2023-32xx/CVE-2023-3231.json) (`2023-06-14T06:15:09.007`)
* [CVE-2023-3232](CVE-2023/CVE-2023-32xx/CVE-2023-3232.json) (`2023-06-14T06:15:09.080`)
* [CVE-2023-3233](CVE-2023/CVE-2023-32xx/CVE-2023-3233.json) (`2023-06-14T07:15:09.337`)
* [CVE-2023-3234](CVE-2023/CVE-2023-32xx/CVE-2023-3234.json) (`2023-06-14T07:15:09.437`)
* [CVE-2023-3235](CVE-2023/CVE-2023-32xx/CVE-2023-3235.json) (`2023-06-14T07:15:09.510`)
* [CVE-2023-3236](CVE-2023/CVE-2023-32xx/CVE-2023-3236.json) (`2023-06-14T07:15:09.580`)
* [CVE-2022-47184](CVE-2022/CVE-2022-471xx/CVE-2022-47184.json) (`2023-06-14T08:15:08.633`)
* [CVE-2023-0837](CVE-2023/CVE-2023-08xx/CVE-2023-0837.json) (`2023-06-14T08:15:08.703`)
* [CVE-2023-1049](CVE-2023/CVE-2023-10xx/CVE-2023-1049.json) (`2023-06-14T08:15:08.773`)
* [CVE-2023-2569](CVE-2023/CVE-2023-25xx/CVE-2023-2569.json) (`2023-06-14T08:15:09.113`)
* [CVE-2023-2570](CVE-2023/CVE-2023-25xx/CVE-2023-2570.json) (`2023-06-14T08:15:09.187`)
* [CVE-2023-30631](CVE-2023/CVE-2023-306xx/CVE-2023-30631.json) (`2023-06-14T08:15:09.257`)
* [CVE-2023-33933](CVE-2023/CVE-2023-339xx/CVE-2023-33933.json) (`2023-06-14T08:15:09.323`)
* [CVE-2023-34000](CVE-2023/CVE-2023-340xx/CVE-2023-34000.json) (`2023-06-14T08:15:09.377`)
* [CVE-2023-34149](CVE-2023/CVE-2023-341xx/CVE-2023-34149.json) (`2023-06-14T08:15:09.450`)
* [CVE-2023-34396](CVE-2023/CVE-2023-343xx/CVE-2023-34396.json) (`2023-06-14T08:15:09.520`)
* [CVE-2023-3001](CVE-2023/CVE-2023-30xx/CVE-2023-3001.json) (`2023-06-14T08:15:09.577`)
* [CVE-2023-3237](CVE-2023/CVE-2023-32xx/CVE-2023-3237.json) (`2023-06-14T08:15:09.640`)
* [CVE-2023-3238](CVE-2023/CVE-2023-32xx/CVE-2023-3238.json) (`2023-06-14T08:15:09.713`)
* [CVE-2023-3239](CVE-2023/CVE-2023-32xx/CVE-2023-3239.json) (`2023-06-14T09:15:09.333`)
* [CVE-2023-3240](CVE-2023/CVE-2023-32xx/CVE-2023-3240.json) (`2023-06-14T09:15:09.717`)
* [CVE-2023-3241](CVE-2023/CVE-2023-32xx/CVE-2023-3241.json) (`2023-06-14T09:15:09.783`)
### CVEs modified in the last Commit
Recently modified CVEs: `3`
Recently modified CVEs: `2`
* [CVE-2022-40022](CVE-2022/CVE-2022-400xx/CVE-2022-40022.json) (`2023-06-14T07:15:08.870`)
* [CVE-2023-3184](CVE-2023/CVE-2023-31xx/CVE-2023-3184.json) (`2023-06-14T07:15:09.120`)
* [CVE-2023-3187](CVE-2023/CVE-2023-31xx/CVE-2023-3187.json) (`2023-06-14T07:15:09.257`)
* [CVE-2023-22610](CVE-2023/CVE-2023-226xx/CVE-2023-22610.json) (`2023-06-14T08:15:08.860`)
* [CVE-2023-28069](CVE-2023/CVE-2023-280xx/CVE-2023-28069.json) (`2023-06-14T08:15:08.997`)
## Download and Usage