admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-06-20T08:51:49.899643+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-06-20 08:51:53 +00:00
parent f26352c93e
commit 7d7728e2cb
154 changed files with 1205 additions and 283 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2014/CVE-2014-1251xx/CVE-2014-125106.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2014-125106",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-17T22:15:09.267",
"lastModified": "2023-06-17T22:15:09.267",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Nanopb before 0.3.1 allows size_t overflows in pb_dec_bytes and pb_dec_string."
},
{
"lang": "es",
"value": "Nanopb antes de v0.3.1 permite desbordamientos \"size_t\" en \"pb_dec_bytes\" y \"pb_dec_string\". "
}
],
"metrics": {},

4
CVE-2019/CVE-2019-251xx/CVE-2019-25136.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2019-25136",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-19T11:15:09.430",
"lastModified": "2023-06-19T11:15:09.430",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-468xx/CVE-2022-46850.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-46850",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-19T13:15:09.493",
"lastModified": "2023-06-19T13:15:09.493",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-475xx/CVE-2022-47586.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-47586",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-19T12:15:09.340",
"lastModified": "2023-06-19T12:15:09.340",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-484xx/CVE-2022-48486.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48486",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-06-19T17:15:11.333",
"lastModified": "2023-06-19T17:15:11.333",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-484xx/CVE-2022-48487.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48487",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-06-19T17:15:11.383",
"lastModified": "2023-06-19T17:15:11.383",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-484xx/CVE-2022-48488.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48488",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-06-19T17:15:11.427",
"lastModified": "2023-06-19T17:15:11.427",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-484xx/CVE-2022-48489.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48489",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-06-19T17:15:11.467",
"lastModified": "2023-06-19T17:15:11.467",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-484xx/CVE-2022-48490.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48490",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-06-19T17:15:11.507",
"lastModified": "2023-06-19T17:15:11.507",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-484xx/CVE-2022-48491.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48491",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-06-19T17:15:11.547",
"lastModified": "2023-06-19T17:15:11.547",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-484xx/CVE-2022-48492.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48492",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-06-19T17:15:11.590",
"lastModified": "2023-06-19T17:15:11.590",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-484xx/CVE-2022-48493.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48493",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-06-19T17:15:11.633",
"lastModified": "2023-06-19T17:15:11.633",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-484xx/CVE-2022-48494.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48494",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-06-19T17:15:11.673",
"lastModified": "2023-06-19T17:15:11.673",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-484xx/CVE-2022-48495.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48495",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-06-19T17:15:11.710",
"lastModified": "2023-06-19T17:15:11.710",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-484xx/CVE-2022-48496.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48496",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-06-19T17:15:11.753",
"lastModified": "2023-06-19T17:15:11.753",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-484xx/CVE-2022-48497.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48497",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-06-19T17:15:11.793",
"lastModified": "2023-06-19T17:15:11.793",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-484xx/CVE-2022-48498.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48498",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-06-19T17:15:11.833",
"lastModified": "2023-06-19T17:15:11.833",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-484xx/CVE-2022-48499.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48499",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-06-19T17:15:11.880",
"lastModified": "2023-06-19T17:15:11.880",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-485xx/CVE-2022-48500.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48500",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-06-19T17:15:11.920",
"lastModified": "2023-06-19T17:15:11.920",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-485xx/CVE-2022-48501.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48501",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-06-19T17:15:11.960",
"lastModified": "2023-06-19T17:15:11.960",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2022/CVE-2022-485xx/CVE-2022-48506.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48506",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-19T16:15:09.640",
"lastModified": "2023-06-19T16:15:09.640",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-03xx/CVE-2023-0368.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0368",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-19T11:15:09.537",
"lastModified": "2023-06-19T11:15:09.537",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-04xx/CVE-2023-0489.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0489",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-19T11:15:09.607",
"lastModified": "2023-06-19T11:15:09.607",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-22xx/CVE-2023-2221.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2221",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-19T11:15:09.987",
"lastModified": "2023-06-19T11:15:09.987",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-23xx/CVE-2023-2359.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2359",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-19T11:15:10.043",
"lastModified": "2023-06-19T11:15:10.043",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-23xx/CVE-2023-2399.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2399",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-19T11:15:10.100",
"lastModified": "2023-06-19T11:15:10.100",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-24xx/CVE-2023-2401.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2401",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-19T11:15:10.153",
"lastModified": "2023-06-19T11:15:10.153",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-24xx/CVE-2023-2492.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2492",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-19T11:15:10.213",
"lastModified": "2023-06-19T11:15:10.213",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-257xx/CVE-2023-25733.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25733",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-19T11:15:09.670",
"lastModified": "2023-06-19T11:15:09.670",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-257xx/CVE-2023-25736.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25736",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-19T11:15:09.713",
"lastModified": "2023-06-19T11:15:09.713",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-257xx/CVE-2023-25747.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25747",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-19T11:15:09.753",
"lastModified": "2023-06-19T11:15:09.753",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-25xx/CVE-2023-2527.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2527",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-19T11:15:10.270",
"lastModified": "2023-06-19T11:15:10.270",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

59
CVE-2023/CVE-2023-264xx/CVE-2023-26427.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-26427",
"sourceIdentifier": "security@open-xchange.com",
"published": "2023-06-20T08:15:09.073",
"lastModified": "2023-06-20T08:15:09.073",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@open-xchange.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.2,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.5,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@open-xchange.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"references": [
{
"url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0002.json",
"source": "security@open-xchange.com"
},
{
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6219_7.10.6_2023-03-20.pdf",
"source": "security@open-xchange.com"
}
]
}

59
CVE-2023/CVE-2023-264xx/CVE-2023-26428.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-26428",
"sourceIdentifier": "security@open-xchange.com",
"published": "2023-06-20T08:15:09.163",
"lastModified": "2023-06-20T08:15:09.163",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. Signatures of other users could be read even though they are not explicitly shared. We improved permission handling when requesting snippets that are not explicitly shared with other users. No publicly available exploits are known.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@open-xchange.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@open-xchange.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0002.json",
"source": "security@open-xchange.com"
},
{
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6219_7.10.6_2023-03-20.pdf",
"source": "security@open-xchange.com"
}
]
}

59
CVE-2023/CVE-2023-264xx/CVE-2023-26429.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-26429",
"sourceIdentifier": "security@open-xchange.com",
"published": "2023-06-20T08:15:09.230",
"lastModified": "2023-06-20T08:15:09.230",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Control characters were not removed when exporting user feedback content. This allowed attackers to include unexpected content via user feedback and potentially break the exported data structure. We now drop all control characters that are not whitespace character during the export. No publicly available exploits are known.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@open-xchange.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@open-xchange.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0002.json",
"source": "security@open-xchange.com"
},
{
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6219_7.10.6_2023-03-20.pdf",
"source": "security@open-xchange.com"
}
]
}

59
CVE-2023/CVE-2023-264xx/CVE-2023-26431.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-26431",
"sourceIdentifier": "security@open-xchange.com",
"published": "2023-06-20T08:15:09.297",
"lastModified": "2023-06-20T08:15:09.297",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IPv4-mapped IPv6 addresses did not get recognized as \"local\" by the code and a connection attempt is made. Attackers with access to user accounts could use this to bypass existing deny-list functionality and trigger requests to restricted network infrastructure to gain insight about topology and running services. We now respect possible IPV4-mapped IPv6 addresses when checking if contained in a deny-list. No publicly available exploits are known.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@open-xchange.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@open-xchange.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0002.json",
"source": "security@open-xchange.com"
},
{
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6219_7.10.6_2023-03-20.pdf",
"source": "security@open-xchange.com"
}
]
}

59
CVE-2023/CVE-2023-264xx/CVE-2023-26432.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-26432",
"sourceIdentifier": "security@open-xchange.com",
"published": "2023-06-20T08:15:09.360",
"lastModified": "2023-06-20T08:15:09.360",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "When adding an external mail account, processing of SMTP \"capabilities\" responses are not limited to plausible sizes. Attacker with access to a rogue SMTP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted SMTP server response to reasonable length/size. No publicly available exploits are known.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@open-xchange.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@open-xchange.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0002.json",
"source": "security@open-xchange.com"
},
{
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6219_7.10.6_2023-03-20.pdf",
"source": "security@open-xchange.com"
}
]
}

59
CVE-2023/CVE-2023-264xx/CVE-2023-26433.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-26433",
"sourceIdentifier": "security@open-xchange.com",
"published": "2023-06-20T08:15:09.427",
"lastModified": "2023-06-20T08:15:09.427",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "When adding an external mail account, processing of IMAP \"capabilities\" responses are not limited to plausible sizes. Attacker with access to a rogue IMAP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted IMAP server response to reasonable length/size. No publicly available exploits are known.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@open-xchange.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@open-xchange.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0002.json",
"source": "security@open-xchange.com"
},
{
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6219_7.10.6_2023-03-20.pdf",
"source": "security@open-xchange.com"
}
]
}

59
CVE-2023/CVE-2023-264xx/CVE-2023-26434.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-26434",
"sourceIdentifier": "security@open-xchange.com",
"published": "2023-06-20T08:15:09.487",
"lastModified": "2023-06-20T08:15:09.487",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "When adding an external mail account, processing of POP3 \"capabilities\" responses are not limited to plausible sizes. Attacker with access to a rogue POP3 service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted POP3 server response to reasonable length/size. No publicly available exploits are known.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@open-xchange.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@open-xchange.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0002.json",
"source": "security@open-xchange.com"
},
{
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6219_7.10.6_2023-03-20.pdf",
"source": "security@open-xchange.com"
}
]
}

59
CVE-2023/CVE-2023-264xx/CVE-2023-26435.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-26435",
"sourceIdentifier": "security@open-xchange.com",
"published": "2023-06-20T08:15:09.547",
"lastModified": "2023-06-20T08:15:09.547",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "It was possible to call filesystem and network references using the local LibreOffice instance using manipulated ODT documents. Attackers could discover restricted network topology and services as well as including local files with read permissions of the open-xchange system user. This was limited to specific file-types, like images. We have improved existing content filters and validators to avoid including any local resources. No publicly available exploits are known.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@open-xchange.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@open-xchange.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0002.json",
"source": "security@open-xchange.com"
},
{
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6219_7.10.6_2023-03-20.pdf",
"source": "security@open-xchange.com"
}
]
}

59
CVE-2023/CVE-2023-264xx/CVE-2023-26436.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-26436",
"sourceIdentifier": "security@open-xchange.com",
"published": "2023-06-20T08:15:09.607",
"lastModified": "2023-06-20T08:15:09.607",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Attackers with access to the \"documentconverterws\" API were able to inject serialized Java objects, that were not properly checked during deserialization. Access to this API endpoint is restricted to local networks by default. Arbitrary code could be injected that is being executed when processing the request. A check has been introduced to restrict processing of legal and expected classes for this API. We now log a warning in case there are attempts to inject illegal classes. No publicly available exploits are known.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@open-xchange.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 0.5,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@open-xchange.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0002.json",
"source": "security@open-xchange.com"
},
{
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6219_7.10.6_2023-03-20.pdf",
"source": "security@open-xchange.com"
}
]
}

4
CVE-2023/CVE-2023-26xx/CVE-2023-2600.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2600",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-19T11:15:10.327",
"lastModified": "2023-06-19T11:15:10.327",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-26xx/CVE-2023-2654.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2654",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-19T11:15:10.380",
"lastModified": "2023-06-19T11:15:10.380",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-26xx/CVE-2023-2684.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2684",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-19T11:15:10.433",
"lastModified": "2023-06-19T11:15:10.433",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-273xx/CVE-2023-27396.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27396",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-19T05:15:09.187",
"lastModified": "2023-06-19T05:15:09.187",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-279xx/CVE-2023-27992.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27992",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-06-19T12:15:09.433",
"lastModified": "2023-06-19T12:15:09.433",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-27xx/CVE-2023-2719.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2719",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-19T11:15:10.487",
"lastModified": "2023-06-19T11:15:10.487",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-27xx/CVE-2023-2742.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2742",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-19T11:15:10.543",
"lastModified": "2023-06-19T11:15:10.543",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-27xx/CVE-2023-2751.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2751",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-19T11:15:10.600",
"lastModified": "2023-06-19T11:15:10.600",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-27xx/CVE-2023-2779.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2779",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-19T11:15:10.653",
"lastModified": "2023-06-19T11:15:10.653",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-28xx/CVE-2023-2805.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2805",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-19T11:15:10.710",
"lastModified": "2023-06-19T11:15:10.710",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-28xx/CVE-2023-2811.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2811",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-19T11:15:10.763",
"lastModified": "2023-06-19T11:15:10.763",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-28xx/CVE-2023-2812.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2812",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-19T11:15:10.813",
"lastModified": "2023-06-19T11:15:10.813",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-28xx/CVE-2023-2899.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2899",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-19T11:15:10.867",
"lastModified": "2023-06-19T11:15:10.867",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-291xx/CVE-2023-29158.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29158",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-06-19T21:15:42.033",
"lastModified": "2023-06-19T21:15:42.033",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-295xx/CVE-2023-29531.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29531",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-19T10:15:09.373",
"lastModified": "2023-06-19T10:15:09.373",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-295xx/CVE-2023-29532.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29532",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-19T10:15:09.430",
"lastModified": "2023-06-19T10:15:09.430",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-295xx/CVE-2023-29534.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29534",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-19T11:15:09.797",
"lastModified": "2023-06-19T11:15:09.797",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-295xx/CVE-2023-29542.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29542",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-19T11:15:09.847",
"lastModified": "2023-06-19T11:15:09.847",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-295xx/CVE-2023-29545.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29545",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-19T11:15:09.890",
"lastModified": "2023-06-19T11:15:09.890",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-295xx/CVE-2023-29546.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29546",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-19T11:15:09.943",
"lastModified": "2023-06-19T11:15:09.943",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-29xx/CVE-2023-2907.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2907",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-06-19T13:15:09.580",
"lastModified": "2023-06-19T13:15:09.580",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-307xx/CVE-2023-30759.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30759",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-19T05:15:09.290",
"lastModified": "2023-06-19T05:15:09.290",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-30xx/CVE-2023-3022.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3022",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-06-19T18:15:09.870",
"lastModified": "2023-06-19T18:15:09.870",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-312xx/CVE-2023-31239.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31239",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-19T05:15:09.330",
"lastModified": "2023-06-19T05:15:09.330",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-314xx/CVE-2023-31410.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31410",
"sourceIdentifier": "psirt@sick.de",
"published": "2023-06-19T15:15:09.173",
"lastModified": "2023-06-19T15:15:09.173",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-314xx/CVE-2023-31411.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31411",
"sourceIdentifier": "psirt@sick.de",
"published": "2023-06-19T15:15:09.230",
"lastModified": "2023-06-19T15:15:09.230",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-322xx/CVE-2023-32201.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32201",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-19T05:15:09.367",
"lastModified": "2023-06-19T05:15:09.367",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-322xx/CVE-2023-32208.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32208",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-19T10:15:09.480",
"lastModified": "2023-06-19T10:15:09.480",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-322xx/CVE-2023-32209.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32209",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-19T10:15:09.523",
"lastModified": "2023-06-19T10:15:09.523",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-322xx/CVE-2023-32210.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32210",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-19T10:15:09.573",
"lastModified": "2023-06-19T10:15:09.573",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-322xx/CVE-2023-32214.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32214",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-19T10:15:09.613",
"lastModified": "2023-06-19T10:15:09.613",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-322xx/CVE-2023-32216.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32216",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-19T10:15:09.660",
"lastModified": "2023-06-19T10:15:09.660",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-322xx/CVE-2023-32270.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32270",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-19T05:15:09.407",
"lastModified": "2023-06-19T05:15:09.407",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-322xx/CVE-2023-32273.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32273",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-19T05:15:09.443",
"lastModified": "2023-06-19T05:15:09.443",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-322xx/CVE-2023-32276.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32276",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-19T05:15:09.480",
"lastModified": "2023-06-19T05:15:09.480",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-322xx/CVE-2023-32288.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32288",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-19T05:15:09.517",
"lastModified": "2023-06-19T05:15:09.517",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-325xx/CVE-2023-32538.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32538",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-19T05:15:09.553",
"lastModified": "2023-06-19T05:15:09.553",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-325xx/CVE-2023-32542.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32542",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-19T05:15:09.593",
"lastModified": "2023-06-19T05:15:09.593",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-326xx/CVE-2023-32659.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32659",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-06-19T21:15:42.113",
"lastModified": "2023-06-19T21:15:42.113",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

6
CVE-2023/CVE-2023-32xx/CVE-2023-3214.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3214",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-06-13T18:15:22.170",
"lastModified": "2023-06-16T04:15:14.263",
"lastModified": "2023-06-20T02:15:43.417",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -20,6 +20,10 @@
"url": "https://crbug.com/1450568",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O362DC3ZCFRXVHOXMPIL73YOWABQEUYD/",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://www.debian.org/security/2023/dsa-5428",
"source": "chrome-cve-admin@google.com"

6
CVE-2023/CVE-2023-32xx/CVE-2023-3215.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3215",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-06-13T18:15:22.223",
"lastModified": "2023-06-16T04:15:14.337",
"lastModified": "2023-06-20T02:15:43.477",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -20,6 +20,10 @@
"url": "https://crbug.com/1446274",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O362DC3ZCFRXVHOXMPIL73YOWABQEUYD/",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://www.debian.org/security/2023/dsa-5428",
"source": "chrome-cve-admin@google.com"

6
CVE-2023/CVE-2023-32xx/CVE-2023-3216.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3216",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-06-13T18:15:22.273",
"lastModified": "2023-06-16T04:15:14.393",
"lastModified": "2023-06-20T02:15:43.513",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -20,6 +20,10 @@
"url": "https://crbug.com/1450114",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O362DC3ZCFRXVHOXMPIL73YOWABQEUYD/",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://www.debian.org/security/2023/dsa-5428",
"source": "chrome-cve-admin@google.com"

6
CVE-2023/CVE-2023-32xx/CVE-2023-3217.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3217",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-06-13T18:15:22.320",
"lastModified": "2023-06-16T04:15:14.453",
"lastModified": "2023-06-20T02:15:43.550",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -20,6 +20,10 @@
"url": "https://crbug.com/1450601",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O362DC3ZCFRXVHOXMPIL73YOWABQEUYD/",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://www.debian.org/security/2023/dsa-5428",
"source": "chrome-cve-admin@google.com"

4
CVE-2023/CVE-2023-332xx/CVE-2023-33213.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33213",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-19T13:15:09.743",
"lastModified": "2023-06-19T13:15:09.743",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-33xx/CVE-2023-3305.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3305",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-18T08:15:09.023",
"lastModified": "2023-06-18T08:15:09.023",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-33xx/CVE-2023-3306.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3306",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-18T08:15:09.287",
"lastModified": "2023-06-18T08:15:09.287",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-33xx/CVE-2023-3307.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-3307",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-18T09:15:09.330",
"lastModified": "2023-06-18T09:15:09.330",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in miniCal 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /booking/show_bookings/. The manipulation of the argument search_query leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231803. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en miniCal v1.0.0. Se ha calificado como cr\u00edtica. Este problema afecta a alg\u00fan procesamiento desconocido del archivo \"/booking/show_bookings/\". La manipulaci\u00f3n del argumento \"search_query\" conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit ha sido revelado al p\u00fablico y puede ser utilizado. El identificador asociado a esta vulnerabilidad es VDB-231803. NOTA: Se contact\u00f3 con el proveedor con antelaci\u00f3n acerca de esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera. "
}
],
"metrics": {

4
CVE-2023/CVE-2023-33xx/CVE-2023-3308.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3308",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-18T09:15:09.677",
"lastModified": "2023-06-18T09:15:09.677",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-33xx/CVE-2023-3309.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3309",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-18T12:15:09.267",
"lastModified": "2023-06-19T08:15:09.270",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-33xx/CVE-2023-3310.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3310",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-18T12:15:09.347",
"lastModified": "2023-06-18T12:15:09.347",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-33xx/CVE-2023-3311.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3311",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-18T15:15:11.660",
"lastModified": "2023-06-19T15:15:10.560",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-33xx/CVE-2023-3312.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3312",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-06-19T18:15:09.920",
"lastModified": "2023-06-19T18:15:09.920",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-33xx/CVE-2023-3315.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3315",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-06-19T21:15:42.177",
"lastModified": "2023-06-19T21:15:42.177",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-33xx/CVE-2023-3316.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3316",
"sourceIdentifier": "reefs@jfrog.com",
"published": "2023-06-19T12:15:09.520",
"lastModified": "2023-06-19T12:15:09.520",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-33xx/CVE-2023-3318.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3318",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-19T13:15:10.173",
"lastModified": "2023-06-19T15:15:10.617",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

59
CVE-2023/CVE-2023-33xx/CVE-2023-3320.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-3320",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-20T03:15:09.100",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation in the ~/admin/views/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2926150%40wp-sticky-social&new=2926150%40wp-sticky-social",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a272e12b-97a2-421a-a703-3acce2ed8313?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2023/CVE-2023-33xx/CVE-2023-3325.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-3325",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-20T05:15:09.170",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the '_cmsc_public_key' in the plugin config, providing access to the plugin's remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation. This can only be exploited if the plugin has not been configured yet, however, if combined with another arbitrary plugin installation and activation vulnerability, the impact can be severe."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/cms-commander-client/tags/2.287/init.php#L88",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2927811/cms-commander-client",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ca37d453-9f9a-46b2-a17f-65a16e3e2ed1?source=cve",
"source": "security@wordfence.com"
}
]
}

4
CVE-2023/CVE-2023-341xx/CVE-2023-34155.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34155",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-06-19T17:15:12.007",
"lastModified": "2023-06-19T17:15:12.007",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-341xx/CVE-2023-34156.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34156",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-06-19T17:15:12.050",
"lastModified": "2023-06-19T17:15:12.050",
"vulnStatus": "Received",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

Some files were not shown because too many files have changed in this diff Show More