admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-06-21T04:00:26.011785+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-06-21 04:00:29 +00:00
parent bd80859aa0
commit 82b6972b48
15 changed files with 676 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2019/CVE-2019-65xx/CVE-2019-6502.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-6502",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-01-22T08:29:00.200",
"lastModified": "2020-08-24T17:37:01.140",
"lastModified": "2023-06-21T02:15:09.040",
"vulnStatus": "Modified",
"descriptions": [
{
@ -105,6 +105,10 @@
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html",
"source": "cve@mitre.org"
}
]
}

8
CVE-2021/CVE-2021-427xx/CVE-2021-42779.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-42779",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-04-18T17:15:16.177",
"lastModified": "2022-09-29T15:56:44.520",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-21T02:15:09.177",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -166,6 +166,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html",
"source": "secalert@redhat.com"
},
{
"url": "https://security.gentoo.org/glsa/202209-03",
"source": "secalert@redhat.com",

8
CVE-2021/CVE-2021-427xx/CVE-2021-42780.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-42780",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-04-18T17:15:16.243",
"lastModified": "2022-09-29T15:59:54.143",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-21T02:15:09.270",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -161,6 +161,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html",
"source": "secalert@redhat.com"
},
{
"url": "https://security.gentoo.org/glsa/202209-03",
"source": "secalert@redhat.com",

8
CVE-2021/CVE-2021-427xx/CVE-2021-42781.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-42781",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-04-18T17:15:16.303",
"lastModified": "2022-09-29T16:00:09.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-21T02:15:09.360",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -183,6 +183,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html",
"source": "secalert@redhat.com"
},
{
"url": "https://security.gentoo.org/glsa/202209-03",
"source": "secalert@redhat.com",

8
CVE-2021/CVE-2021-427xx/CVE-2021-42782.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-42782",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-04-18T17:15:16.380",
"lastModified": "2022-09-29T16:00:07.160",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-21T02:15:09.443",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -169,6 +169,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html",
"source": "secalert@redhat.com"
},
{
"url": "https://security.gentoo.org/glsa/202209-03",
"source": "secalert@redhat.com",

70
CVE-2023/CVE-2023-03xx/CVE-2023-0342.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0342",
"sourceIdentifier": "cna@mongodb.com",
"published": "2023-06-09T09:15:09.383",
"lastModified": "2023-06-09T13:03:24.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-21T02:00:33.950",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "cna@mongodb.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cna@mongodb.com",
"type": "Secondary",
@ -46,14 +76,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mongodb:ops_manager_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.0.21",
"matchCriteriaId": "5B1BE420-87B6-4D30-84DE-6106C65B7FC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mongodb:ops_manager_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.0.12",
"matchCriteriaId": "74F22467-A0D5-4611-80EF-EB5B7F149867"
}
]
}
]
}
],
"references": [
{
"url": "https://www.mongodb.com/docs/ops-manager/current/release-notes/application/#onprem-server-5-0-21",
"source": "cna@mongodb.com"
"source": "cna@mongodb.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.mongodb.com/docs/ops-manager/current/release-notes/application/#onprem-server-6-0-12",
"source": "cna@mongodb.com"
"source": "cna@mongodb.com",
"tags": [
"Release Notes"
]
}
]
}

8
CVE-2023/CVE-2023-29xx/CVE-2023-2977.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2977",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-06-01T01:15:17.917",
"lastModified": "2023-06-07T18:45:22.567",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-21T02:15:09.563",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -123,6 +123,10 @@
"tags": [
"Patch"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html",
"source": "secalert@redhat.com"
}
]
}

68
CVE-2023/CVE-2023-319xx/CVE-2023-31975.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-31975",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-09T13:15:18.590",
"lastModified": "2023-05-09T14:30:54.950",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-21T03:15:09.253",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tortall:yasm:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1453CF78-5025-49BF-A1A6-C62F948B5735"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/yasm/yasm/issues/210",
"url": "http://www.openwall.com/lists/oss-security/2023/06/20/6",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/yasm/yasm/issues/210",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

107
CVE-2023/CVE-2023-32xx/CVE-2023-3214.json
View File

@ -2,31 +2,124 @@
"id": "CVE-2023-3214",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-06-13T18:15:22.170",
"lastModified": "2023-06-20T02:15:43.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-21T02:24:53.437",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "114.0.5735.133",
"matchCriteriaId": "E6AD45B6-EE3E-4378-B98D-40E0C3C3A089"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1450568",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O362DC3ZCFRXVHOXMPIL73YOWABQEUYD/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5428",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

108
CVE-2023/CVE-2023-32xx/CVE-2023-3215.json
View File

@ -2,31 +2,125 @@
"id": "CVE-2023-3215",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-06-13T18:15:22.223",
"lastModified": "2023-06-20T02:15:43.477",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-21T02:29:33.547",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "114.0.5735.133",
"matchCriteriaId": "E6AD45B6-EE3E-4378-B98D-40E0C3C3A089"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1446274",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O362DC3ZCFRXVHOXMPIL73YOWABQEUYD/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5428",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

108
CVE-2023/CVE-2023-32xx/CVE-2023-3216.json
View File

@ -2,31 +2,125 @@
"id": "CVE-2023-3216",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-06-13T18:15:22.273",
"lastModified": "2023-06-20T02:15:43.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-21T02:34:10.360",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "114.0.5735.133",
"matchCriteriaId": "E6AD45B6-EE3E-4378-B98D-40E0C3C3A089"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1450114",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O362DC3ZCFRXVHOXMPIL73YOWABQEUYD/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5428",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-342xx/CVE-2023-34212.json
View File

@ -2,18 +2,41 @@
"id": "CVE-2023-34212",
"sourceIdentifier": "security@apache.org",
"published": "2023-06-12T16:15:10.043",
"lastModified": "2023-06-12T21:15:22.797",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-21T02:15:20.727",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from a remote location.\n\nThe resolution validates the JNDI URL and restricts locations to a set of allowed schemes.\n\nYou are recommended to upgrade to version 1.22.0 or later which fixes this issue.\n\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -21,20 +44,61 @@
"value": "CWE-502"
}
]
},
{
"source": "security@apache.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.8.0",
"versionEndIncluding": "1.21.0",
"matchCriteriaId": "7999A951-01F9-4056-B544-250A3F215FE7"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/06/12/2",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread/w5rm46fxmvxy216tglf0dv83wo6gnzr5",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://nifi.apache.org/security.html#CVE-2023-34212",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-344xx/CVE-2023-34468.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-34468",
"sourceIdentifier": "security@apache.org",
"published": "2023-06-12T16:15:10.130",
"lastModified": "2023-06-12T21:15:22.863",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-21T02:20:04.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.\n\nThe resolution validates the Database URL and rejects H2 JDBC locations.\n\nYou are recommended to upgrade to version 1.22.0 or later which fixes this issue.\n\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
@ -23,18 +46,49 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.0.2",
"versionEndExcluding": "1.22.0",
"matchCriteriaId": "9AE066CD-D3B6-4260-B776-3715D427A433"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/06/12/3",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://nifi.apache.org/security.html#CVE-2023-34468",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-348xx/CVE-2023-34855.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-34855",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-12T13:15:11.093",
"lastModified": "2023-06-12T13:28:17.260",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-21T02:11:43.127",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A Cross Site Scripting (XSS) vulnerability in Youxun Electronic Equipment (Shanghai) Co., Ltd AC Centralized Management Platform v1.02.040 allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /upfile.cgi."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ac_centralized_management_platform_project:ac_centralized_management_platform:1.02.040:*:*:*:*:*:*:*",
"matchCriteriaId": "7D9D37A5-23E2-42B2-91EE-CE3A5B2A50EC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/hashshfza/Vulnerability/issues/1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

32
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-06-21T02:00:27.455448+00:00
2023-06-21T04:00:26.011785+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-06-21T01:55:59.977000+00:00
2023-06-21T03:15:09.253000+00:00
```
### Last Data Feed Release
@ -40,20 +40,22 @@ Recently added CVEs: `0`
### CVEs modified in the last Commit
Recently modified CVEs: `12`
Recently modified CVEs: `14`
* [CVE-2020-12762](CVE-2020/CVE-2020-127xx/CVE-2020-12762.json) (`2023-06-21T00:15:09.887`)
* [CVE-2022-22307](CVE-2022/CVE-2022-223xx/CVE-2022-22307.json) (`2023-06-21T00:00:39.417`)
* [CVE-2022-33159](CVE-2022/CVE-2022-331xx/CVE-2022-33159.json) (`2023-06-21T01:21:02.900`)
* [CVE-2022-33163](CVE-2022/CVE-2022-331xx/CVE-2022-33163.json) (`2023-06-21T01:21:30.867`)
* [CVE-2022-33168](CVE-2022/CVE-2022-331xx/CVE-2022-33168.json) (`2023-06-21T01:21:46.097`)
* [CVE-2022-32752](CVE-2022/CVE-2022-327xx/CVE-2022-32752.json) (`2023-06-21T01:22:07.243`)
* [CVE-2022-32757](CVE-2022/CVE-2022-327xx/CVE-2022-32757.json) (`2023-06-21T01:22:29.450`)
* [CVE-2022-33166](CVE-2022/CVE-2022-331xx/CVE-2022-33166.json) (`2023-06-21T01:22:50.790`)
* [CVE-2023-2745](CVE-2023/CVE-2023-27xx/CVE-2023-2745.json) (`2023-06-21T01:15:08.760`)
* [CVE-2023-25683](CVE-2023/CVE-2023-256xx/CVE-2023-25683.json) (`2023-06-21T01:20:43.117`)
* [CVE-2023-34239](CVE-2023/CVE-2023-342xx/CVE-2023-34239.json) (`2023-06-21T01:48:49.047`)
* [CVE-2023-34364](CVE-2023/CVE-2023-343xx/CVE-2023-34364.json) (`2023-06-21T01:55:59.977`)
* [CVE-2019-6502](CVE-2019/CVE-2019-65xx/CVE-2019-6502.json) (`2023-06-21T02:15:09.040`)
* [CVE-2021-42779](CVE-2021/CVE-2021-427xx/CVE-2021-42779.json) (`2023-06-21T02:15:09.177`)
* [CVE-2021-42780](CVE-2021/CVE-2021-427xx/CVE-2021-42780.json) (`2023-06-21T02:15:09.270`)
* [CVE-2021-42781](CVE-2021/CVE-2021-427xx/CVE-2021-42781.json) (`2023-06-21T02:15:09.360`)
* [CVE-2021-42782](CVE-2021/CVE-2021-427xx/CVE-2021-42782.json) (`2023-06-21T02:15:09.443`)
* [CVE-2023-0342](CVE-2023/CVE-2023-03xx/CVE-2023-0342.json) (`2023-06-21T02:00:33.950`)
* [CVE-2023-34855](CVE-2023/CVE-2023-348xx/CVE-2023-34855.json) (`2023-06-21T02:11:43.127`)
* [CVE-2023-2977](CVE-2023/CVE-2023-29xx/CVE-2023-2977.json) (`2023-06-21T02:15:09.563`)
* [CVE-2023-34212](CVE-2023/CVE-2023-342xx/CVE-2023-34212.json) (`2023-06-21T02:15:20.727`)
* [CVE-2023-34468](CVE-2023/CVE-2023-344xx/CVE-2023-34468.json) (`2023-06-21T02:20:04.797`)
* [CVE-2023-3214](CVE-2023/CVE-2023-32xx/CVE-2023-3214.json) (`2023-06-21T02:24:53.437`)
* [CVE-2023-3215](CVE-2023/CVE-2023-32xx/CVE-2023-3215.json) (`2023-06-21T02:29:33.547`)
* [CVE-2023-3216](CVE-2023/CVE-2023-32xx/CVE-2023-3216.json) (`2023-06-21T02:34:10.360`)
* [CVE-2023-31975](CVE-2023/CVE-2023-319xx/CVE-2023-31975.json) (`2023-06-21T03:15:09.253`)
## Download and Usage