admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 10:42:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-25T22:00:29.350355+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-25 22:00:32 +00:00
parent cb4e4fa91e
commit 862b46c69a
47 changed files with 2266 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
CVE-2020/CVE-2020-183xx/CVE-2020-18378.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2020-18378",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:15:55.143",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-25T20:22:49.520",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webassembly:binaryen:1.38.26:*:*:*:*:*:*:*",
"matchCriteriaId": "DFEC4DA4-B057-4B2A-8126-17D04D8A66A5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/WebAssembly/binaryen/issues/1900",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

65
CVE-2020/CVE-2020-183xx/CVE-2020-18382.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2020-18382",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:15:55.203",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-25T20:22:32.513",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-opt."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webassembly:binaryen:1.38.26:*:*:*:*:*:*:*",
"matchCriteriaId": "DFEC4DA4-B057-4B2A-8126-17D04D8A66A5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/WebAssembly/binaryen/issues/1900",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

64
CVE-2020/CVE-2020-184xx/CVE-2020-18494.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2020-18494",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:15:55.267",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-25T21:05:28.003",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hdfgroup:hdf5:1.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C82BB0E-2A5E-4273-8CF6-A3ED216F95F2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/magicSwordsMan/PAAFS/tree/master/vul12",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

71
CVE-2020/CVE-2020-186xx/CVE-2020-18651.json
View File

@ -2,23 +2,84 @@
"id": "CVE-2020-18651",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:15:55.360",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-25T21:07:05.573",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2 frame."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:exempi_project:exempi:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.5.0",
"matchCriteriaId": "47385DDB-5C9C-4E98-848A-2951B90C7FCA"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.freedesktop.org/libopenraw/exempi/commit/fdd4765a699f9700850098b43b9798b933acb32f",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://gitlab.freedesktop.org/libopenraw/exempi/issues/13",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

71
CVE-2020/CVE-2020-186xx/CVE-2020-18652.json
View File

@ -2,23 +2,84 @@
"id": "CVE-2020-18652",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:15:55.423",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-25T20:46:09.600",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:exempi_project:exempi:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.5.0",
"matchCriteriaId": "47385DDB-5C9C-4E98-848A-2951B90C7FCA"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.freedesktop.org/libopenraw/exempi/commit/acee2894ceb91616543927c2a6e45050c60f98f7",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://gitlab.freedesktop.org/libopenraw/exempi/issues/12",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

65
CVE-2020/CVE-2020-187xx/CVE-2020-18768.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2020-18768",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:15:55.480",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-25T20:45:18.897",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libtiff:libtiff:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "16795F21-5D31-4F10-9843-32622643E2FE"
}
]
}
]
}
],
"references": [
{
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2848",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

65
CVE-2020/CVE-2020-187xx/CVE-2020-18770.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2020-18770",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:15:55.550",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-25T20:42:53.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in function zzip_disk_entry_to_file_header in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zziplib_project:zziplib:0.13.69:*:*:*:*:*:*:*",
"matchCriteriaId": "82DA4CCB-B3C3-4298-9277-8C295AAAD14A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/gdraheim/zziplib/issues/69",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

65
CVE-2020/CVE-2020-187xx/CVE-2020-18780.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2020-18780",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:15:55.740",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-25T20:39:31.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A Use After Free vulnerability in function new_Token in asm/preproc.c in nasm 2.14.02 allows attackers to cause a denial of service via crafted nasm command."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nasm:netwide_assembler:2.14.02:*:*:*:*:*:*:*",
"matchCriteriaId": "293A8515-6E92-4C28-A9B5-B5BF48B1A63C"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392634",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

65
CVE-2020/CVE-2020-187xx/CVE-2020-18781.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2020-18781",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:15:56.027",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-25T20:33:15.100",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow vulnerability in FilePOSIX::read in File.cpp in audiofile 0.3.6 may cause denial-of-service via a crafted wav file, this bug can be triggered by the executable sfconvert."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E74B2-432B-4CCD-873F-AA7E012D8C7F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/mpruett/audiofile/issues/56",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

66
CVE-2020/CVE-2020-216xx/CVE-2020-21686.json
View File

@ -2,19 +2,77 @@
"id": "CVE-2020-21686",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:14.327",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-25T20:23:55.037",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nasm:netwide_assembler:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.15.04",
"matchCriteriaId": "5EB7507D-CC9A-402E-89F7-F87DB59EEFD5"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392643",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

65
CVE-2020/CVE-2020-353xx/CVE-2020-35342.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2020-35342",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:20.107",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-25T20:03:36.097",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-665"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.34",
"matchCriteriaId": "7FF09EA1-994B-4950-B853-1FB4F936A162"
}
]
}
]
}
],
"references": [
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=25319",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

24
CVE-2021/CVE-2021-279xx/CVE-2021-27932.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2021-27932",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T20:15:07.720",
"lastModified": "2023-08-25T20:15:07.720",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Stormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0 has Insecure Permissions."
}
],
"metrics": {},
"references": [
{
"url": "https://advisories.stormshield.eu",
"source": "cve@mitre.org"
},
{
"url": "https://advisories.stormshield.eu/2021-004/",
"source": "cve@mitre.org"
}
]
}

64
CVE-2022/CVE-2022-265xx/CVE-2022-26592.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2022-26592",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:22.240",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-25T20:09:46.200",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector::has_real_parent_ref function."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sass-lang:libsass:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "945F5630-C5D9-4A40-AF30-E994FC017A72"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/sass/libsass/issues/3174",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

69
CVE-2022/CVE-2022-370xx/CVE-2022-37051.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2022-37051",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:23.733",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-25T20:14:52.957",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-617"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freedesktop:poppler:22.07.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C423A5DA-DDB6-41EB-8E6B-4DFD4D03FE42"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/4631115647c1e4f0482ffe0491c2f38d2231337b",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1276",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

69
CVE-2022/CVE-2022-370xx/CVE-2022-37052.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2022-37052",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:23.800",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-25T20:17:15.717",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-617"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freedesktop:poppler:22.07.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C423A5DA-DDB6-41EB-8E6B-4DFD4D03FE42"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/8677500399fc2548fa816b619580c2c07915a98c",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1278",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

21
CVE-2022/CVE-2022-39xx/CVE-2022-3917.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-3917",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2022-12-14T22:15:11.627",
"lastModified": "2022-12-21T15:52:55.320",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-25T21:15:07.653",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Improper access control of bootloader function was discovered in Motorola Mobility Motorola e20 prior to version RONS31.267-38-8 allows attacker with local access to read partition or RAM data."
"value": "Improper access control of bootloader function\u00a0was discovered in Motorola Mobility Motorola e20 prior to version RONS31.267-38-8 allows attacker with local access to read partition or RAM data."
}
],
"metrics": {
@ -56,22 +56,22 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "psirt@lenovo.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-200"
}
]
},
{
"source": "psirt@lenovo.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
"value": "NVD-CWE-Other"
}
]
}
@ -108,11 +108,8 @@
],
"references": [
{
"url": "https://motorola-global-portal.custhelp.com/app/software-security-update_link/g_id/6853",
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
]
"url": "https://en-us.support.motorola.com/app/answers/detail/a_id/175333",
"source": "psirt@lenovo.com"
}
]
}

63
CVE-2022/CVE-2022-414xx/CVE-2022-41444.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2022-41444",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:28.320",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-25T20:33:50.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted POST request to graphs_new.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cacti:cacti:1.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "28AB6B4B-0233-4E2C-A924-CB2418528F77"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/enferas/9079535112e4f4ff2c1d2ce1c099d4c2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

70
CVE-2022/CVE-2022-485xx/CVE-2022-48541.json
View File

@ -2,19 +2,81 @@
"id": "CVE-2022-48541",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:31.443",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-25T20:43:51.253",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the \"identify -help\" command."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:imagemagick:imagemagick:6.9.11-22:*:*:*:*:*:*:*",
"matchCriteriaId": "C5EDF13D-9DE8-4890-82CD-E6977434E531"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:imagemagick:imagemagick:7.0.10-45:*:*:*:*:*:*:*",
"matchCriteriaId": "5B1BCBD9-F6D7-4FFA-9E4D-4DA0D4295CA8"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ImageMagick/ImageMagick/issues/2889",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

66
CVE-2022/CVE-2022-485xx/CVE-2022-48547.json
View File

@ -2,19 +2,77 @@
"id": "CVE-2022-48547",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:31.647",
"lastModified": "2023-08-22T20:10:36.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-25T20:37:04.547",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the \"ref\" parameter at auth_changepassword.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.8.7g",
"matchCriteriaId": "921BD859-6432-492B-887B-B9A172ED2113"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Cacti/cacti/issues/1882",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

28
CVE-2023/CVE-2023-246xx/CVE-2023-24620.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-24620",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T20:15:07.893",
"lastModified": "2023-08-25T20:15:07.893",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size, causing CPU and memory consumption, such as a Java Out-of-Memory exception."
}
],
"metrics": {},
"references": [
{
"url": "https://contrastsecurity.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Contrast-Security-OSS/yamlbeans/blob/main/SECURITY.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/EsotericSoftware",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-246xx/CVE-2023-24621.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-24621",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T20:15:07.983",
"lastModified": "2023-08-25T20:15:07.983",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed."
}
],
"metrics": {},
"references": [
{
"url": "https://contrastsecurity.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Contrast-Security-OSS/yamlbeans/blob/main/SECURITY.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/EsotericSoftware",
"source": "cve@mitre.org"
}
]
}

36
CVE-2023/CVE-2023-29xx/CVE-2023-2906.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-2906",
"sourceIdentifier": "cve@takeonme.org",
"published": "2023-08-25T21:15:07.963",
"lastModified": "2023-08-25T21:15:07.963",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack.\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "cve@takeonme.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-369"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19229",
"source": "cve@takeonme.org"
},
{
"url": "https://takeonme.org/cves/CVE-2023-2906.html",
"source": "cve@takeonme.org"
}
]
}

59
CVE-2023/CVE-2023-326xx/CVE-2023-32678.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-32678",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-25T21:15:08.060",
"lastModified": "2023-08-25T21:15:08.060",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that they used to have access to, if other relevant organization permissions allow these actions. For example, a user may be able to edit or delete their old messages they posted in such a private stream. An administrator will be able to delete old messages (that they had access to) from the private stream. This issue was fixed in Zulip Server version 7.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-q3wg-jm9p-35fj",
"source": "security-advisories@github.com"
},
{
"url": "https://zulip.readthedocs.io/en/latest/overview/changelog.html#zulip-server-7-3",
"source": "security-advisories@github.com"
}
]
}

20
CVE-2023/CVE-2023-361xx/CVE-2023-36198.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-36198",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T20:15:08.193",
"lastModified": "2023-08-25T20:15:08.193",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in skalenetwork sgxwallet v.1.9.0 allows an attacker to cause a denial of service via the trustedBlsSignMessage function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/skalenetwork/sgxwallet/issues/419",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-361xx/CVE-2023-36199.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-36199",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T20:15:08.253",
"lastModified": "2023-08-25T20:15:08.253",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in skalenetwork sgxwallet v.1.9.0 and below allows an attacker to cause a denial of service via the trustedGenerateEcdsaKey component."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/skalenetwork/sgxwallet/issues/419",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-372xx/CVE-2023-37249.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-37249",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T20:15:08.317",
"lastModified": "2023-08-25T20:15:08.317",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access."
}
],
"metrics": {},
"references": [
{
"url": "https://community.infoblox.com/t5/trending-kb-articles/nios-is-vulnerable-to-cve-2023-37249/ba-p/32190",
"source": "cve@mitre.org"
},
{
"url": "https://infoblox.com",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-387xx/CVE-2023-38710.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-38710",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T21:15:08.167",
"lastModified": "2023-08-25T21:15:08.167",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart. NOTE: the earliest affected version is 3.20."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/libreswan/libreswan/tags",
"source": "cve@mitre.org"
},
{
"url": "https://libreswan.org/security/CVE-2023-38710/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-387xx/CVE-2023-38711.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-38711",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T21:15:08.230",
"lastModified": "2023-08-25T21:15:08.230",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/libreswan/libreswan/tags",
"source": "cve@mitre.org"
},
{
"url": "https://libreswan.org/security/CVE-2023-38711/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-387xx/CVE-2023-38712.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-38712",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T21:15:08.293",
"lastModified": "2023-08-25T21:15:08.293",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/libreswan/libreswan/tags",
"source": "cve@mitre.org"
},
{
"url": "https://libreswan.org/security/CVE-2023-38712/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-396xx/CVE-2023-39600.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-39600",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T20:15:08.380",
"lastModified": "2023-08-25T20:15:08.380",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter."
}
],
"metrics": {},
"references": [
{
"url": "http://icewrap.com",
"source": "cve@mitre.org"
},
{
"url": "https://medium.com/@katikitala.sushmitha078/cross-site-scripting-reflected-xss-in-icewarp-server-cve-2023-39600-310a7e1c8817",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-397xx/CVE-2023-39707.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-39707",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T20:15:08.443",
"lastModified": "2023-08-25T20:15:08.443",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/Arajawat007/b94d7ce74fcf16014e282a9b525f4555#file-cve-2023-39707",
"source": "cve@mitre.org"
},
{
"url": "https://www.sourcecodester.com/",
"source": "cve@mitre.org"
},
{
"url": "https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-399xx/CVE-2023-39908.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39908",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-14T19:15:13.243",
"lastModified": "2023-08-22T14:42:30.963",
"vulnStatus": "Analyzed",
"lastModified": "2023-08-25T21:15:08.370",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -65,6 +65,10 @@
}
],
"references": [
{
"url": "https://blog.inhq.net/posts/yubico-yubihsm-pkcs-vuln/",
"source": "cve@mitre.org"
},
{
"url": "https://www.yubico.com/support/security-advisories/ysa-2023-01/",
"source": "cve@mitre.org",

81
CVE-2023/CVE-2023-400xx/CVE-2023-40021.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40021",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-16T21:15:09.880",
"lastModified": "2023-08-17T12:53:44.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-25T20:08:17.657",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,22 +80,59 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oppia:oppia:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.1.0",
"versionEndExcluding": "3.3.2",
"matchCriteriaId": "87F65B5D-6454-4E3C-A7A5-F1FEEC6DC78C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oppia:oppia:3.3.2:-:*:*:*:*:*:*",
"matchCriteriaId": "7B0060B6-6E1F-4B0F-8A6B-3437450C94C3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/oppia/oppia/blob/3a05c3558a292f3db9e658e60e708c266c003fd0/core/controllers/base.py#L964-L990",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/oppia/oppia/commit/b89bf808378c1236874b5797a7bda32c77b4af23",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/oppia/oppia/pull/18769",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/oppia/oppia/security/advisories/GHSA-49jp-pjc3-2532",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-400xx/CVE-2023-40031.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-40031",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-25T20:15:08.517",
"lastModified": "2023-08-25T21:15:08.473",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer write overflow in `Utf8_16_Read::convert`. This issue may lead to arbitrary code execution. As of time of publication, no known patches are available in existing versions of Notepad++."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
},
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-400xx/CVE-2023-40036.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-40036",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-25T20:15:08.637",
"lastModified": "2023-08-25T21:15:08.580",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `CharDistributionAnalysis::HandleOneChar`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-401xx/CVE-2023-40164.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-40164",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-25T21:15:08.687",
"lastModified": "2023-08-25T21:15:08.687",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `nsCodingStateMachine::NextStater`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-401xx/CVE-2023-40166.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-40166",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-25T21:15:08.777",
"lastModified": "2023-08-25T21:15:08.777",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer read overflow in `FileManager::detectLanguageFromTextBegining `. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
},
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/",
"source": "security-advisories@github.com"
}
]
}

15
CVE-2023/CVE-2023-405xx/CVE-2023-40568.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2023-40568",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-25T20:15:08.737",
"lastModified": "2023-08-25T20:15:08.737",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "** REJECT ** GitHub has been informed that the requestor is working with another CNA for these vulnerabilities."
}
],
"metrics": {},
"references": []
}

59
CVE-2023/CVE-2023-405xx/CVE-2023-40571.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-40571",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-25T21:15:08.880",
"lastModified": "2023-08-25T21:15:08.880",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "weblogic-framework is a tool for detecting weblogic vulnerabilities. Versions 0.2.3 and prior do not verify the returned data packets, and there is a deserialization vulnerability which may lead to remote code execution. When weblogic-framework gets the command echo, it directly deserializes the data returned by the server without verifying it. At the same time, the classloader loads a lot of deserialization calls. In this case, the malicious serialized data returned by the server will cause remote code execution. Version 0.2.4 contains a patch for this issue.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://github.com/dream0x01/weblogic-framework/releases/tag/v0.2.4",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/dream0x01/weblogic-framework/security/advisories/GHSA-hjwj-4f3q-44h3",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-405xx/CVE-2023-40579.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-40579",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-25T20:15:08.800",
"lastModified": "2023-08-25T20:15:08.800",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. Some end users of OpenFGA v1.3.0 or earlier are vulnerable to authorization bypass when calling the ListObjects API. The vulnerability affects customers using `ListObjects` with specific models. The affected models contain expressions of type `rel1 from type1`. This issue has been patched in version 1.3.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://github.com/openfga/openfga/releases/tag/v1.3.1",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/openfga/openfga/security/advisories/GHSA-jcf2-mxr2-gmqp",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-405xx/CVE-2023-40580.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-40580",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-25T20:15:08.913",
"lastModified": "2023-08-25T20:15:08.913",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Freighter is a Stellar chrome extension. It may be possible for a malicious website to access the recovery mnemonic phrase when the Freighter wallet is unlocked. This vulnerability impacts access control to the mnemonic recovery phrase. This issue was patched in version 5.3.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/stellar/freighter/commit/81f78ba008c41ce631a3d0f9e4449f4bbd90baee",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/stellar/freighter/pull/948",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/stellar/freighter/security/advisories/GHSA-vqr6-hwg2-775w",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2023/CVE-2023-405xx/CVE-2023-40583.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-40583",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-25T21:15:09.000",
"lastModified": "2023-08-25T21:15:09.000",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other tools to use. In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node\u2019s memory. This memory does not get garbage collected and so the victim can run out of memory and crash. If users of go-libp2p in production are not monitoring memory consumption over time, it could be a silent attack i.e. the attacker could bring down nodes over a period of time (how long depends on the node resources i.e. a go-libp2p node on a virtual server with 4 gb of memory takes about 90 sec to bring down; on a larger server, it might take a bit longer.) This issue was patched in version 0.27.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://github.com/libp2p/go-libp2p/commit/45d3c6fff662ddd6938982e7e9309ad5fa2ad8dd",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/libp2p/go-libp2p/releases/tag/v0.27.4",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/libp2p/go-libp2p/releases/tag/v0.27.7",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/libp2p/go-libp2p/security/advisories/GHSA-gcq9-qqwx-rgj3",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-405xx/CVE-2023-40585.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-40585",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-25T21:15:09.103",
"lastModified": "2023-08-25T21:15:09.103",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ironic-image is a container image to run OpenStack Ironic as part of Metal\u00b3. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listening in host network. In case the node is not behind a firewall, the API could be accessed by anyone via network without authentication. By default, Ironic API in Metal3 is protected by TLS and basic authentication, so this vulnerability requires operator to configure API without TLS for it to be vulnerable. TLS and authentication however should not be coupled as they are in versions prior to capm3-v1.4.3. A patch exists in versions capm3-v1.4.3 and newer. Some workarounds are available. Either configure TLS for Ironic API (`deploy.sh -t ...`, `IRONIC_TLS_SETUP=true`) or split Ironic API and Conductor via configuration change (old implementation, not recommended). With both workarounds, services are configured with httpd front-end, which has proper authentication configuration in place."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://github.com/metal3-io/ironic-image/commit/f64bb6ce0945bbfb30d9965f98149ea183311de9",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/metal3-io/ironic-image/security/advisories/GHSA-jwpr-9fwh-m4g7",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-405xx/CVE-2023-40586.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-40586",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-25T21:15:09.197",
"lastModified": "2023-08-25T21:15:09.197",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of `log.Fatalf`, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious request that triggers an error in `mime.ParseMediaType`. This issue was patched in version 3.0.1.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://github.com/corazawaf/coraza/commit/a5239ba3ce839e14d9b4f9486e1b4a403dcade8c",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/corazawaf/coraza/security/advisories/GHSA-c2pj-v37r-2p6h",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2023/CVE-2023-405xx/CVE-2023-40587.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-40587",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-25T21:15:09.290",
"lastModified": "2023-08-25T21:15:09.290",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a `index.html` file that is located exactly one directory above the location of the static view's file system path. No further path traversal exists, and the only file that could be disclosed accidentally is `index.html`. Pyramid version 2.0.2 rejects any path that contains a null-byte out of caution. While valid in directory/file names, we would strongly consider it a mistake to use null-bytes in naming files/directories. Secondly, Python 3.11, and 3.12 has fixed the underlying issue in `os.path.normpath` to no longer truncate on the first `0x00` found, returning the behavior to pre-3.11 Python, un an as of yet unreleased version. Fixes will be available in:Python 3.12.0rc2 and 3.11.5. Some workarounds are available. Use a version of Python 3 that is not affected, downgrade to Python 3.10 series temporarily, or wait until Python 3.11.5 is released and upgrade to the latest version of Python 3.11 series."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/Pylons/pyramid/commit/347d7750da6f45c7436dd0c31468885cc9343c85",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Pylons/pyramid/security/advisories/GHSA-j8g2-6fc7-q8f8",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/python/cpython/issues/106242",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/python/cpython/pull/106816",
"source": "security-advisories@github.com"
}
]
}

32
CVE-2023/CVE-2023-410xx/CVE-2023-41080.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-41080",
"sourceIdentifier": "security@apache.org",
"published": "2023-08-25T21:15:09.397",
"lastModified": "2023-08-25T21:15:09.397",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.\n\nThe vulnerability is limited to the ROOT (default) web application."
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f",
"source": "security@apache.org"
}
]
}

83
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-25T20:00:33.871247+00:00
2023-08-25T22:00:29.350355+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-25T19:55:41.143000+00:00
2023-08-25T21:15:09.397000+00:00
```
### Last Data Feed Release
@ -29,47 +29,64 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
223458
223484
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `26`
* [CVE-2019-13689](CVE-2019/CVE-2019-136xx/CVE-2019-13689.json) (`2023-08-25T19:15:07.920`)
* [CVE-2019-13690](CVE-2019/CVE-2019-136xx/CVE-2019-13690.json) (`2023-08-25T19:15:08.117`)
* [CVE-2023-25848](CVE-2023/CVE-2023-258xx/CVE-2023-25848.json) (`2023-08-25T19:15:08.670`)
* [CVE-2023-24620](CVE-2023/CVE-2023-246xx/CVE-2023-24620.json) (`2023-08-25T20:15:07.893`)
* [CVE-2023-24621](CVE-2023/CVE-2023-246xx/CVE-2023-24621.json) (`2023-08-25T20:15:07.983`)
* [CVE-2023-36198](CVE-2023/CVE-2023-361xx/CVE-2023-36198.json) (`2023-08-25T20:15:08.193`)
* [CVE-2023-36199](CVE-2023/CVE-2023-361xx/CVE-2023-36199.json) (`2023-08-25T20:15:08.253`)
* [CVE-2023-37249](CVE-2023/CVE-2023-372xx/CVE-2023-37249.json) (`2023-08-25T20:15:08.317`)
* [CVE-2023-39600](CVE-2023/CVE-2023-396xx/CVE-2023-39600.json) (`2023-08-25T20:15:08.380`)
* [CVE-2023-39707](CVE-2023/CVE-2023-397xx/CVE-2023-39707.json) (`2023-08-25T20:15:08.443`)
* [CVE-2023-40568](CVE-2023/CVE-2023-405xx/CVE-2023-40568.json) (`2023-08-25T20:15:08.737`)
* [CVE-2023-40579](CVE-2023/CVE-2023-405xx/CVE-2023-40579.json) (`2023-08-25T20:15:08.800`)
* [CVE-2023-40580](CVE-2023/CVE-2023-405xx/CVE-2023-40580.json) (`2023-08-25T20:15:08.913`)
* [CVE-2023-2906](CVE-2023/CVE-2023-29xx/CVE-2023-2906.json) (`2023-08-25T21:15:07.963`)
* [CVE-2023-32678](CVE-2023/CVE-2023-326xx/CVE-2023-32678.json) (`2023-08-25T21:15:08.060`)
* [CVE-2023-38710](CVE-2023/CVE-2023-387xx/CVE-2023-38710.json) (`2023-08-25T21:15:08.167`)
* [CVE-2023-38711](CVE-2023/CVE-2023-387xx/CVE-2023-38711.json) (`2023-08-25T21:15:08.230`)
* [CVE-2023-38712](CVE-2023/CVE-2023-387xx/CVE-2023-38712.json) (`2023-08-25T21:15:08.293`)
* [CVE-2023-40031](CVE-2023/CVE-2023-400xx/CVE-2023-40031.json) (`2023-08-25T20:15:08.517`)
* [CVE-2023-40036](CVE-2023/CVE-2023-400xx/CVE-2023-40036.json) (`2023-08-25T20:15:08.637`)
* [CVE-2023-40164](CVE-2023/CVE-2023-401xx/CVE-2023-40164.json) (`2023-08-25T21:15:08.687`)
* [CVE-2023-40166](CVE-2023/CVE-2023-401xx/CVE-2023-40166.json) (`2023-08-25T21:15:08.777`)
* [CVE-2023-40571](CVE-2023/CVE-2023-405xx/CVE-2023-40571.json) (`2023-08-25T21:15:08.880`)
* [CVE-2023-40583](CVE-2023/CVE-2023-405xx/CVE-2023-40583.json) (`2023-08-25T21:15:09.000`)
* [CVE-2023-40585](CVE-2023/CVE-2023-405xx/CVE-2023-40585.json) (`2023-08-25T21:15:09.103`)
* [CVE-2023-40586](CVE-2023/CVE-2023-405xx/CVE-2023-40586.json) (`2023-08-25T21:15:09.197`)
* [CVE-2023-40587](CVE-2023/CVE-2023-405xx/CVE-2023-40587.json) (`2023-08-25T21:15:09.290`)
* [CVE-2023-41080](CVE-2023/CVE-2023-410xx/CVE-2023-41080.json) (`2023-08-25T21:15:09.397`)
### CVEs modified in the last Commit
Recently modified CVEs: `32`
Recently modified CVEs: `20`
* [CVE-2020-21722](CVE-2020/CVE-2020-217xx/CVE-2020-21722.json) (`2023-08-25T18:21:24.527`)
* [CVE-2020-21687](CVE-2020/CVE-2020-216xx/CVE-2020-21687.json) (`2023-08-25T18:30:42.440`)
* [CVE-2020-22219](CVE-2020/CVE-2020-222xx/CVE-2020-22219.json) (`2023-08-25T19:05:32.963`)
* [CVE-2020-22570](CVE-2020/CVE-2020-225xx/CVE-2020-22570.json) (`2023-08-25T19:06:16.767`)
* [CVE-2020-22628](CVE-2020/CVE-2020-226xx/CVE-2020-22628.json) (`2023-08-25T19:07:04.110`)
* [CVE-2020-23804](CVE-2020/CVE-2020-238xx/CVE-2020-23804.json) (`2023-08-25T19:08:14.600`)
* [CVE-2020-25887](CVE-2020/CVE-2020-258xx/CVE-2020-25887.json) (`2023-08-25T19:09:07.537`)
* [CVE-2021-40265](CVE-2021/CVE-2021-402xx/CVE-2021-40265.json) (`2023-08-25T18:07:07.530`)
* [CVE-2021-40264](CVE-2021/CVE-2021-402xx/CVE-2021-40264.json) (`2023-08-25T18:07:41.327`)
* [CVE-2021-40262](CVE-2021/CVE-2021-402xx/CVE-2021-40262.json) (`2023-08-25T18:11:00.690`)
* [CVE-2021-40266](CVE-2021/CVE-2021-402xx/CVE-2021-40266.json) (`2023-08-25T19:10:40.183`)
* [CVE-2021-40211](CVE-2021/CVE-2021-402xx/CVE-2021-40211.json) (`2023-08-25T19:22:18.900`)
* [CVE-2021-32292](CVE-2021/CVE-2021-322xx/CVE-2021-32292.json) (`2023-08-25T19:34:03.133`)
* [CVE-2021-46174](CVE-2021/CVE-2021-461xx/CVE-2021-46174.json) (`2023-08-25T19:40:48.257`)
* [CVE-2021-46179](CVE-2021/CVE-2021-461xx/CVE-2021-46179.json) (`2023-08-25T19:52:59.843`)
* [CVE-2021-30047](CVE-2021/CVE-2021-300xx/CVE-2021-30047.json) (`2023-08-25T19:55:41.143`)
* [CVE-2022-29654](CVE-2022/CVE-2022-296xx/CVE-2022-29654.json) (`2023-08-25T19:14:18.403`)
* [CVE-2022-25024](CVE-2022/CVE-2022-250xx/CVE-2022-25024.json) (`2023-08-25T19:20:05.170`)
* [CVE-2023-40033](CVE-2023/CVE-2023-400xx/CVE-2023-40033.json) (`2023-08-25T18:10:15.893`)
* [CVE-2023-40352](CVE-2023/CVE-2023-403xx/CVE-2023-40352.json) (`2023-08-25T18:15:49.973`)
* [CVE-2023-4456](CVE-2023/CVE-2023-44xx/CVE-2023-4456.json) (`2023-08-25T18:25:09.557`)
* [CVE-2023-20221](CVE-2023/CVE-2023-202xx/CVE-2023-20221.json) (`2023-08-25T18:26:44.460`)
* [CVE-2023-20217](CVE-2023/CVE-2023-202xx/CVE-2023-20217.json) (`2023-08-25T18:27:11.443`)
* [CVE-2023-20197](CVE-2023/CVE-2023-201xx/CVE-2023-20197.json) (`2023-08-25T18:27:24.600`)
* [CVE-2023-22815](CVE-2023/CVE-2023-228xx/CVE-2023-22815.json) (`2023-08-25T19:15:08.300`)
* [CVE-2020-35342](CVE-2020/CVE-2020-353xx/CVE-2020-35342.json) (`2023-08-25T20:03:36.097`)
* [CVE-2020-18382](CVE-2020/CVE-2020-183xx/CVE-2020-18382.json) (`2023-08-25T20:22:32.513`)
* [CVE-2020-18378](CVE-2020/CVE-2020-183xx/CVE-2020-18378.json) (`2023-08-25T20:22:49.520`)
* [CVE-2020-21686](CVE-2020/CVE-2020-216xx/CVE-2020-21686.json) (`2023-08-25T20:23:55.037`)
* [CVE-2020-18781](CVE-2020/CVE-2020-187xx/CVE-2020-18781.json) (`2023-08-25T20:33:15.100`)
* [CVE-2020-18780](CVE-2020/CVE-2020-187xx/CVE-2020-18780.json) (`2023-08-25T20:39:31.917`)
* [CVE-2020-18770](CVE-2020/CVE-2020-187xx/CVE-2020-18770.json) (`2023-08-25T20:42:53.077`)
* [CVE-2020-18768](CVE-2020/CVE-2020-187xx/CVE-2020-18768.json) (`2023-08-25T20:45:18.897`)
* [CVE-2020-18652](CVE-2020/CVE-2020-186xx/CVE-2020-18652.json) (`2023-08-25T20:46:09.600`)
* [CVE-2020-18494](CVE-2020/CVE-2020-184xx/CVE-2020-18494.json) (`2023-08-25T21:05:28.003`)
* [CVE-2020-18651](CVE-2020/CVE-2020-186xx/CVE-2020-18651.json) (`2023-08-25T21:07:05.573`)
* [CVE-2022-26592](CVE-2022/CVE-2022-265xx/CVE-2022-26592.json) (`2023-08-25T20:09:46.200`)
* [CVE-2022-37051](CVE-2022/CVE-2022-370xx/CVE-2022-37051.json) (`2023-08-25T20:14:52.957`)
* [CVE-2022-37052](CVE-2022/CVE-2022-370xx/CVE-2022-37052.json) (`2023-08-25T20:17:15.717`)
* [CVE-2022-41444](CVE-2022/CVE-2022-414xx/CVE-2022-41444.json) (`2023-08-25T20:33:50.993`)
* [CVE-2022-48547](CVE-2022/CVE-2022-485xx/CVE-2022-48547.json) (`2023-08-25T20:37:04.547`)
* [CVE-2022-48541](CVE-2022/CVE-2022-485xx/CVE-2022-48541.json) (`2023-08-25T20:43:51.253`)
* [CVE-2022-3917](CVE-2022/CVE-2022-39xx/CVE-2022-3917.json) (`2023-08-25T21:15:07.653`)
* [CVE-2023-40021](CVE-2023/CVE-2023-400xx/CVE-2023-40021.json) (`2023-08-25T20:08:17.657`)
* [CVE-2023-39908](CVE-2023/CVE-2023-399xx/CVE-2023-39908.json) (`2023-08-25T21:15:08.370`)
## Download and Usage