admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-28T02:00:32.844445+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-28 02:00:36 +00:00
parent d37aaf8c31
commit 85d6530ab2
12 changed files with 545 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
CVE-2022/CVE-2022-439xx/CVE-2022-43904.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2022-43904",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-08-28T00:15:07.610",
"lastModified": "2023-08-28T00:15:07.610",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Guardium 11.3 and 11.4 could disclose sensitive information to an attacker due to improper restriction of excessive authentication attempts. IBM X-Force ID: 240895."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240895",
"source": "psirt@us.ibm.com"
},
{
"url": "https://https://www.ibm.com/support/pages/node/7028509",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2023/CVE-2023-228xx/CVE-2023-22877.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-22877",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-08-28T01:15:07.663",
"lastModified": "2023-08-28T01:15:07.663",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/244368",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/6988623",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2023/CVE-2023-234xx/CVE-2023-23473.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-23473",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-08-28T01:15:08.807",
"lastModified": "2023-08-28T01:15:08.807",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 245400."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/245400",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/6988169",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2023/CVE-2023-249xx/CVE-2023-24959.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-24959",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-08-28T01:15:08.973",
"lastModified": "2023-08-28T01:15:08.973",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. IBM X-Force ID: 246332."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/246332",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/6988615",
"source": "psirt@us.ibm.com"
}
]
}

47
CVE-2023/CVE-2023-262xx/CVE-2023-26270.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-26270",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-08-28T01:15:09.117",
"lastModified": "2023-08-28T01:15:09.117",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection flaw. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 248119."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/248119",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/6995161",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2023/CVE-2023-262xx/CVE-2023-26271.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-26271",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-08-28T01:15:09.263",
"lastModified": "2023-08-28T01:15:09.263",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 248126."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/248126",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/6995161",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2023/CVE-2023-262xx/CVE-2023-26272.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-26272",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-08-28T01:15:09.413",
"lastModified": "2023-08-28T01:15:09.413",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 248133."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-209"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/248133",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/6995161",
"source": "psirt@us.ibm.com"
}
]
}

11
CVE-2023/CVE-2023-33xx/CVE-2023-3330.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3330",
"sourceIdentifier": "psirt-info@cyber.jp.nec.com",
"published": "2023-06-28T02:15:49.523",
"lastModified": "2023-07-05T18:45:49.867",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-28T01:15:09.643",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -519,11 +519,8 @@
],
"references": [
{
"url": "https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html",
"source": "psirt-info@cyber.jp.nec.com",
"tags": [
"Broken Link"
]
"url": "https://jpn.nec.com/security-info/secinfo/nv23-007_en.html",
"source": "psirt-info@cyber.jp.nec.com"
}
]
}

6
CVE-2023/CVE-2023-386xx/CVE-2023-38633.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-38633",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-22T17:15:09.810",
"lastModified": "2023-08-17T19:15:12.727",
"lastModified": "2023-08-28T00:15:08.380",
"vulnStatus": "Modified",
"descriptions": [
{
@ -176,6 +176,10 @@
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5484",
"source": "cve@mitre.org"
}
]
}

59
CVE-2023/CVE-2023-45xx/CVE-2023-4560.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4560",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-08-28T01:15:10.793",
"lastModified": "2023-08-28T01:15:10.793",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization of Index Containing Sensitive Information in GitHub repository omeka/omeka-s prior to 4.0.4."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-612"
}
]
}
],
"references": [
{
"url": "https://github.com/omeka/omeka-s/commit/b3d8871f22e50ff96a7070fd0be18a0df7b6cbe7",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/86f06e28-ed8d-4f96-b4ad-e47f2fe94ba6",
"source": "security@huntr.dev"
}
]
}

59
CVE-2023/CVE-2023-45xx/CVE-2023-4561.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4561",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-08-28T01:15:11.000",
"lastModified": "2023-08-28T01:15:11.000",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.4."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/omeka/omeka-s/commit/4482f4fc0f3a66c5ef058c4be9fabf3c29a105af",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/d4302a0d-db62-4d76-93dd-e6e6473e057a",
"source": "security@huntr.dev"
}
]
}

33
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-27T23:55:26.121714+00:00
2023-08-28T02:00:32.844445+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-27T23:15:36.837000+00:00
2023-08-28T01:15:11+00:00
```
### Last Data Feed Release
@ -23,35 +23,36 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2023-08-27T00:00:13.567910+00:00
2023-08-28T00:00:13.578678+00:00
```
### Total Number of included CVEs
```plain
223512
223521
```
### CVEs added in the last Commit
Recently added CVEs: `10`
Recently added CVEs: `9`
* [CVE-2022-43907](CVE-2022/CVE-2022-439xx/CVE-2022-43907.json) (`2023-08-27T23:15:28.737`)
* [CVE-2022-43909](CVE-2022/CVE-2022-439xx/CVE-2022-43909.json) (`2023-08-27T23:15:33.633`)
* [CVE-2023-30435](CVE-2023/CVE-2023-304xx/CVE-2023-30435.json) (`2023-08-27T23:15:33.813`)
* [CVE-2023-30436](CVE-2023/CVE-2023-304xx/CVE-2023-30436.json) (`2023-08-27T23:15:33.973`)
* [CVE-2023-30437](CVE-2023/CVE-2023-304xx/CVE-2023-30437.json) (`2023-08-27T23:15:34.117`)
* [CVE-2023-33852](CVE-2023/CVE-2023-338xx/CVE-2023-33852.json) (`2023-08-27T23:15:34.230`)
* [CVE-2023-38730](CVE-2023/CVE-2023-387xx/CVE-2023-38730.json) (`2023-08-27T23:15:34.383`)
* [CVE-2023-4557](CVE-2023/CVE-2023-45xx/CVE-2023-4557.json) (`2023-08-27T23:15:35.040`)
* [CVE-2023-4558](CVE-2023/CVE-2023-45xx/CVE-2023-4558.json) (`2023-08-27T23:15:36.730`)
* [CVE-2023-4559](CVE-2023/CVE-2023-45xx/CVE-2023-4559.json) (`2023-08-27T23:15:36.837`)
* [CVE-2022-43904](CVE-2022/CVE-2022-439xx/CVE-2022-43904.json) (`2023-08-28T00:15:07.610`)
* [CVE-2023-22877](CVE-2023/CVE-2023-228xx/CVE-2023-22877.json) (`2023-08-28T01:15:07.663`)
* [CVE-2023-23473](CVE-2023/CVE-2023-234xx/CVE-2023-23473.json) (`2023-08-28T01:15:08.807`)
* [CVE-2023-24959](CVE-2023/CVE-2023-249xx/CVE-2023-24959.json) (`2023-08-28T01:15:08.973`)
* [CVE-2023-26270](CVE-2023/CVE-2023-262xx/CVE-2023-26270.json) (`2023-08-28T01:15:09.117`)
* [CVE-2023-26271](CVE-2023/CVE-2023-262xx/CVE-2023-26271.json) (`2023-08-28T01:15:09.263`)
* [CVE-2023-26272](CVE-2023/CVE-2023-262xx/CVE-2023-26272.json) (`2023-08-28T01:15:09.413`)
* [CVE-2023-4560](CVE-2023/CVE-2023-45xx/CVE-2023-4560.json) (`2023-08-28T01:15:10.793`)
* [CVE-2023-4561](CVE-2023/CVE-2023-45xx/CVE-2023-4561.json) (`2023-08-28T01:15:11.000`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `2`
* [CVE-2023-38633](CVE-2023/CVE-2023-386xx/CVE-2023-38633.json) (`2023-08-28T00:15:08.380`)
* [CVE-2023-3330](CVE-2023/CVE-2023-33xx/CVE-2023-3330.json) (`2023-08-28T01:15:09.643`)
## Download and Usage