admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-06-13T18:00:29.145813+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-06-13 18:00:32 +00:00
parent df2237f437
commit 8981dd4a84
93 changed files with 35181 additions and 364 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
CVE-2019/CVE-2019-251xx/CVE-2019-25144.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2019-25144",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:10.380",
"lastModified": "2023-06-07T02:45:10.733",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T16:05:14.823",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,14 +76,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codemiq:wp_html_mail:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.2.10",
"matchCriteriaId": "7565C6FA-44F4-498C-9B1D-4D36BE4CAF51"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-vulnerable-to-html-injection/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/946ba166-3309-4e47-8b6b-d3f017bbfcc8?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Broken Link",
"Third Party Advisory"
]
}
]
}

63
CVE-2019/CVE-2019-251xx/CVE-2019-25145.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2019-25145",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:10.447",
"lastModified": "2023-06-07T02:45:10.733",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T16:21:31.293",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,14 +76,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpforms:contact_form:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.5.1",
"matchCriteriaId": "7B757971-1D64-4731-9D8D-D2BA88DEC4BE"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/html-injection-vulnerability-in-wordpress-pirate-forms-plugin/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9e34c3f6-cc84-4e45-9948-6f7fd5cba8cd?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Broken Link",
"Third Party Advisory"
]
}
]
}

63
CVE-2019/CVE-2019-251xx/CVE-2019-25149.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2019-25149",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:10.700",
"lastModified": "2023-06-07T02:45:10.733",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T16:24:55.817",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,14 +76,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:robogallery:gallery_images_ape:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.6",
"matchCriteriaId": "CAB6EC6B-F83D-4AEC-819C-D64DB721B4D6"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-ape-gallery-plugin-fixed-authenticated-arbitrary-plugin-deactivation-vulnerability/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dfd6c2b8-b00c-49d1-930f-50397e742ac5?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Broken Link",
"Third Party Advisory"
]
}
]
}

67
CVE-2020/CVE-2020-367xx/CVE-2020-36719.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-36719",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:12.173",
"lastModified": "2023-06-07T02:45:04.330",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T16:10:00.893",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,18 +76,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cridio:listingpro:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.6.1",
"matchCriteriaId": "F4C3D187-FCC4-4E9E-BBE8-39D3EADB9C8A"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-listingpro-theme-fixed-a-critical-vulnerability/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://themeforest.net/item/listingpro-multipurpose-directory-theme/19386460",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a08fa649-3092-4c26-a009-2dd576b9b1ac?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2021/CVE-2021-43xx/CVE-2021-4344.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-4344",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:13.317",
"lastModified": "2023-06-07T02:44:59.217",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T16:05:37.887",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,14 +76,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "18.2",
"matchCriteriaId": "8616FA9B-9A91-4A32-B99B-0A89375EAC5C"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/28a7b2c9-5d8d-4b49-a47c-473e3288b563?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2021/CVE-2021-43xx/CVE-2021-4345.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-4345",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:13.377",
"lastModified": "2023-06-07T02:44:59.217",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T16:20:17.170",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,18 +76,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:stylemixthemes:ulisting:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.6.6",
"matchCriteriaId": "EE000334-7DBA-4256-8E71-EAF5235F251C"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2456786%40ulisting&new=2456786%40ulisting&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/44e112a7-8f51-4d2a-a4b3-74a47ef3aec7?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2021/CVE-2021-43xx/CVE-2021-4346.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-4346",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:13.440",
"lastModified": "2023-06-07T02:44:59.217",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T16:21:17.370",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,18 +76,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:stylemixthemes:ulisting:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.6.6",
"matchCriteriaId": "EE000334-7DBA-4256-8E71-EAF5235F251C"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2456786%40ulisting&new=2456786%40ulisting&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/41800ea9-1ace-42fc-9e7f-d760a126342b?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2021/CVE-2021-43xx/CVE-2021-4347.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-4347",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:13.523",
"lastModified": "2023-06-07T02:44:59.217",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T16:20:44.713",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,14 +76,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zorem:advanced_shipment_tracking_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.2.6",
"matchCriteriaId": "69B342B4-64BA-4001-BF10-1240EAEAC145"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-advanced-shipment-tracking-for-woocommerce-fixed-critical-vulnerability/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4174b47a-75d0-4ada-bd4d-efbaf0b1a049?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2021/CVE-2021-43xx/CVE-2021-4349.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-4349",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:13.670",
"lastModified": "2023-06-07T02:44:53.933",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T16:21:32.373",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,18 +76,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:coolplugins:process_steps_template_designer:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.1",
"matchCriteriaId": "B388BF29-BCA3-4E89-97D5-DDF138ADBB2B"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2473649/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2acd40d5-8a9c-4ca8-9c89-5bf639b1c66c?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2021/CVE-2021-43xx/CVE-2021-4350.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-4350",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:13.730",
"lastModified": "2023-06-07T02:44:53.933",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T16:22:45.280",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,14 +76,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "18.2",
"matchCriteriaId": "8616FA9B-9A91-4A32-B99B-0A89375EAC5C"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/49150180-9de0-4318-b21b-779daaeb7a52?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2021/CVE-2021-43xx/CVE-2021-4351.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-4351",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:13.797",
"lastModified": "2023-06-07T02:44:53.933",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T16:23:02.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,14 +76,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "18.2",
"matchCriteriaId": "8616FA9B-9A91-4A32-B99B-0A89375EAC5C"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5539aa79-66ad-43fa-967c-2bec877061e0?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2021/CVE-2021-43xx/CVE-2021-4352.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-4352",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:13.860",
"lastModified": "2023-06-07T02:44:53.933",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T16:22:27.613",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,18 +76,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eyecix:jobsearch_wp_job_board:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.8.1",
"matchCriteriaId": "19D7A456-5B97-4178-8D27-C6B4365EBDD0"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-jobsearch-wp-job-board-plugin-fixed-vulnerability/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://wpscan.com/vulnerability/ed7e664e-5a73-4d2d-a599-a0be89d6c2d1",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/59170f0a-975e-487c-bdb0-585c802b3127?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2021/CVE-2021-43xx/CVE-2021-4355.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-4355",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:13.987",
"lastModified": "2023-06-07T02:44:53.933",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T17:45:55.867",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,14 +76,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:collne:welcart_e-commerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.2.7",
"matchCriteriaId": "E0001C32-A260-43BD-8522-79783AC06CC9"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-welcart-e-commerce-plugin-fixed-vulnerabilities/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/671f5ba5-1f18-49fa-aa97-eaebdb3417bb?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2021/CVE-2021-43xx/CVE-2021-4356.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-4356",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:14.043",
"lastModified": "2023-06-07T02:44:53.933",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T17:45:41.730",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,18 +76,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "18.2",
"matchCriteriaId": "8616FA9B-9A91-4A32-B99B-0A89375EAC5C"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2554359%40nmedia-user-file-uploader&new=2554359%40nmedia-user-file-uploader&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/79e2011c-5e4d-4d02-831f-6b4dcfcaa51e?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

72
CVE-2021/CVE-2021-43xx/CVE-2021-4357.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-4357",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:14.107",
"lastModified": "2023-06-07T02:44:53.933",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T17:45:27.460",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,22 +76,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:stylemixthemes:ulisting:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.6.6",
"matchCriteriaId": "EE000334-7DBA-4256-8E71-EAF5235F251C"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2456786%40ulisting&new=2456786%40ulisting&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://wordpress.org/plugins/ulisting/#developers",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/71aa14b8-39bc-4b91-a7cf-9d203fdf44ea?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2021/CVE-2021-43xx/CVE-2021-4359.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-4359",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:14.230",
"lastModified": "2023-06-07T02:44:53.933",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T17:46:18.620",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,18 +76,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "18.2",
"matchCriteriaId": "8616FA9B-9A91-4A32-B99B-0A89375EAC5C"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2554359%40nmedia-user-file-uploader&new=2554359%40nmedia-user-file-uploader&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/84c61d00-20c1-4176-a74d-ea6ff6220f26?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

72
CVE-2021/CVE-2021-43xx/CVE-2021-4360.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-4360",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:14.293",
"lastModified": "2023-06-07T02:44:53.933",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T17:04:38.770",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,22 +76,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpruby:controlled_admin_access:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.5.5",
"matchCriteriaId": "B6FDF6FD-64C0-4EFD-8137-76072D0AB5A5"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-controlled-admin-access-plugin/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://plugins.svn.wordpress.org/controlled-admin-access/trunk/readme.txt",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://wpscan.com/vulnerability/5ddc0a9d-c081-4bef-aa87-3b10d037379c",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8c57211a-f59d-4379-b09e-7c6049a6b04d?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2021/CVE-2021-43xx/CVE-2021-4361.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-4361",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:14.363",
"lastModified": "2023-06-07T02:44:53.933",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T17:04:10.577",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,18 +76,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eyecix:jobsearch_wp_job_board:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.8.1",
"matchCriteriaId": "19D7A456-5B97-4178-8D27-C6B4365EBDD0"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/wordpress-jobsearch-wp-job-board-plugin-fixed-vulnerability/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://wpscan.com/vulnerability/a69aa52f-9876-4180-97a4-713459b43f24",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/839a0cc0-a656-4107-a748-4ad85e950237?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

66
CVE-2021/CVE-2021-43xx/CVE-2021-4378.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2021-4378",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-07T02:15:15.407",
"lastModified": "2023-06-07T02:44:48.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T17:03:37.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with minimal permissions like subscribers, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El plugin WP Quick FrontEnd Editor para WordPress es vulnerable a Cross-Site Scripting Almacenado en versiones hasta la v5.5 inclusive, debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida. Esto hace posible que atacantes autenticados, con permisos m\u00ednimos como suscriptores, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webdevocean:wp_quick_frontend_editor:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.5",
"matchCriteriaId": "E76D1951-AE12-4213-973A-F50E270DB47D"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-wp-quick-frontend-editor-plugin-unpatched/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ed137706-1313-4bff-882b-13d9fa11498c?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

20
CVE-2022/CVE-2022-316xx/CVE-2022-31635.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2022-31635",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2023-06-13T17:15:12.567",
"lastModified": "2023-06-13T17:15:12.567",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
}
],
"metrics": {},
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814",
"source": "hp-security-alert@hp.com"
}
]
}

20
CVE-2022/CVE-2022-316xx/CVE-2022-31636.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2022-31636",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2023-06-13T17:15:12.640",
"lastModified": "2023-06-13T17:15:12.640",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
}
],
"metrics": {},
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814",
"source": "hp-security-alert@hp.com"
}
]
}

20
CVE-2022/CVE-2022-316xx/CVE-2022-31637.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2022-31637",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2023-06-13T17:15:12.700",
"lastModified": "2023-06-13T17:15:12.700",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
}
],
"metrics": {},
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814",
"source": "hp-security-alert@hp.com"
}
]
}

20
CVE-2022/CVE-2022-316xx/CVE-2022-31638.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2022-31638",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2023-06-13T17:15:12.753",
"lastModified": "2023-06-13T17:15:12.753",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
}
],
"metrics": {},
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814",
"source": "hp-security-alert@hp.com"
}
]
}

20
CVE-2022/CVE-2022-316xx/CVE-2022-31639.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2022-31639",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2023-06-13T17:15:12.807",
"lastModified": "2023-06-13T17:15:12.807",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
}
],
"metrics": {},
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814",
"source": "hp-security-alert@hp.com"
}
]
}

6
CVE-2022/CVE-2022-31xx/CVE-2022-3109.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-3109",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-12-16T15:15:09.483",
"lastModified": "2023-05-01T06:15:11.897",
"lastModified": "2023-06-13T17:15:12.900",
"vulnStatus": "Modified",
"descriptions": [
{
@ -91,6 +91,10 @@
"Patch"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00016.html",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOMB6WRUC55VWV25IKJTV22KARBUGWGQ/",
"source": "secalert@redhat.com"

1960
CVE-2022/CVE-2022-332xx/CVE-2022-33227.json
View File

File diff suppressed because it is too large Load Diff

1231
CVE-2022/CVE-2022-332xx/CVE-2022-33230.json
View File

File diff suppressed because it is too large Load Diff

287
CVE-2022/CVE-2022-332xx/CVE-2022-33240.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-33240",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2023-06-06T08:15:10.437",
"lastModified": "2023-06-06T12:50:56.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T16:52:40.600",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "product-security@qualcomm.com",
"type": "Secondary",
@ -34,10 +54,271 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-704"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qca6595_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "643EC76D-2836-48E6-81DA-78C4883C33CA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qca6595:-:*:*:*:*:*:*:*",
"matchCriteriaId": "477F6529-4CE1-44FC-B6EE-D24D44C71AE7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "288F637F-22F8-47CF-B67F-C798A730A1BD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qca6595au:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0996EA3-1C92-4933-BE34-9CF625E59FE7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0AE207DB-9770-40ED-961D-FDA75965826F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qca6696:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E23922D-C37F-476F-A623-4C1458A9156F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "054F77D6-FC66-4151-9005-DC7ECDB5C722"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa6150p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED3F589-16D9-46A7-A539-C9862473EE0D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC40C14-3B2D-4E00-9E0F-86E6BDBF2D81"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0514D433-162C-4680-8912-721D19BE6201"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A71D74B0-0963-49FD-8E97-148C8993B263"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa8145p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "910CBFA4-50F7-4C7A-B9B9-B88C8A919827"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69C1B02F-8D2D-42E7-B70D-41F4D9844FD1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa8150p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3FEACAA9-C061-4713-9A54-37D8BFC0B00B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8648B38-2597-401A-8F53-D582FA911569"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa8155p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A01CD59B-8F21-4CD6-8A1A-7B37547A8715"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51BC0A66-493B-43BE-B51F-640BDF2FF32E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa8195p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8DA4D12-7ABF-4A04-B44E-E1D68C8E58AB"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
"source": "product-security@qualcomm.com"
"source": "product-security@qualcomm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

2041
CVE-2022/CVE-2022-332xx/CVE-2022-33251.json
View File

File diff suppressed because it is too large Load Diff

1366
CVE-2022/CVE-2022-332xx/CVE-2022-33263.json
View File

File diff suppressed because it is too large Load Diff

6577
CVE-2022/CVE-2022-332xx/CVE-2022-33264.json
View File

File diff suppressed because it is too large Load Diff

1474
CVE-2022/CVE-2022-332xx/CVE-2022-33267.json
View File

File diff suppressed because it is too large Load Diff

611
CVE-2022/CVE-2022-333xx/CVE-2022-33303.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-33303",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2023-06-06T08:15:10.903",
"lastModified": "2023-06-06T12:50:56.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T16:43:54.770",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "product-security@qualcomm.com",
"type": "Secondary",
@ -34,10 +54,595 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wcn685x-5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A3CF46D-E1CB-447E-8371-15C3F49B1AA9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wcn685x-5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B74FDAF1-82D0-4136-BF97-25C56FCEE77C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wcn685x-1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A07C2049-B227-4849-85D0-B53D690C7697"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wcn685x-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88D2DB07-B72B-4D44-A373-0C7EAB35F388"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wcn785x-1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C41266FF-5555-4522-AD55-6A7CF8BA33D5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wcn785x-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E9C428C-7470-4178-9029-3234086D93F1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wcn785x-5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04EA12D4-24E2-4FE9-8CD6-06A8E36DEB2F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wcn785x-5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2AED978B-0330-4B9B-B662-AA8E9E621996"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D527E2B1-2A46-4FBA-9F7A-F5543677C8FB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8374DDB3-D484-4141-AE0C-42333D2721F6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "288F637F-22F8-47CF-B67F-C798A730A1BD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qca6595au:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0996EA3-1C92-4933-BE34-9CF625E59FE7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0AE207DB-9770-40ED-961D-FDA75965826F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qca6696:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E23922D-C37F-476F-A623-4C1458A9156F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C66671C1-AE1A-44BE-9DB2-0B09FF4417DB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa6145p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74AA3929-3F80-4D54-B13A-9B070D5C03BB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "054F77D6-FC66-4151-9005-DC7ECDB5C722"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa6150p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED3F589-16D9-46A7-A539-C9862473EE0D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC40C14-3B2D-4E00-9E0F-86E6BDBF2D81"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0514D433-162C-4680-8912-721D19BE6201"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A71D74B0-0963-49FD-8E97-148C8993B263"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa8145p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "910CBFA4-50F7-4C7A-B9B9-B88C8A919827"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69C1B02F-8D2D-42E7-B70D-41F4D9844FD1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa8150p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3FEACAA9-C061-4713-9A54-37D8BFC0B00B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8648B38-2597-401A-8F53-D582FA911569"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa8155p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A01CD59B-8F21-4CD6-8A1A-7B37547A8715"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51BC0A66-493B-43BE-B51F-640BDF2FF32E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa8195p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8DA4D12-7ABF-4A04-B44E-E1D68C8E58AB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sm8450_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A38C0AFD-D666-423C-8903-BB026965D97C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sm8450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59DBE92C-D428-4952-B94F-B46B3A627DFD"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sm8350_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B0798E6-68B1-4C0E-BF5B-5BC8033351A5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sm8350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E70D909-40D1-4B66-AEA3-034F2C53FB0F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sm8350-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D77AA64D-A9B5-473F-98FC-E5859142881D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sm8350-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "066C3D8A-DC4C-415C-AFC1-0400325B0B10"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70292B01-617F-44AD-AF77-1AFC1450523D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA94C6D6-85DB-4031-AAF4-C399019AE16D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92B17201-8185-47F1-9720-5AB4ECD11B22"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1FA2EB9-416F-4D69-8786-386CC73978AE"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11B69595-E488-4590-A150-CE5BE08B5E13"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF680174-5FA6-47D9-8EAB-CC2A37A7BD42"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F80BC68E-7476-4A40-9F48-53722FE9A5BF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B36F4B2-BAA3-45AD-9967-0EB482C99708"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
"source": "product-security@qualcomm.com"
"source": "product-security@qualcomm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

3013
CVE-2022/CVE-2022-333xx/CVE-2022-33307.json
View File

File diff suppressed because it is too large Load Diff

8
CVE-2022/CVE-2022-33xx/CVE-2022-3341.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-3341",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2023-01-12T15:15:10.007",
"lastModified": "2023-01-20T20:08:55.323",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-13T17:15:13.013",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -91,6 +91,10 @@
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00016.html",
"source": "patrick@puiterwijk.org"
}
]
}

6577
CVE-2022/CVE-2022-405xx/CVE-2022-40507.json
View File

File diff suppressed because it is too large Load Diff

6577
CVE-2022/CVE-2022-405xx/CVE-2022-40521.json
View File

File diff suppressed because it is too large Load Diff

14
CVE-2022/CVE-2022-410xx/CVE-2022-41051.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-41051",
"sourceIdentifier": "secure@microsoft.com",
"published": "2022-11-09T22:15:19.757",
"lastModified": "2022-11-15T16:22:48.070",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-13T17:15:13.173",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Azure RTOS GUIX Studio Remote Code Execution Vulnerability."
"value": "Azure RTOS GUIX Studio Remote Code Execution Vulnerability"
}
],
"metrics": {
@ -65,12 +65,8 @@
],
"references": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41051",
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41051",
"source": "secure@microsoft.com"
}
]
}

18
CVE-2022/CVE-2022-410xx/CVE-2022-41078.json
View File

@ -2,18 +2,18 @@
"id": "CVE-2022-41078",
"sourceIdentifier": "secure@microsoft.com",
"published": "2022-11-09T22:15:21.330",
"lastModified": "2022-12-15T17:28:37.617",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-13T17:15:13.390",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is unique from CVE-2022-41079."
"value": "Microsoft Exchange Server Spoofing Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -33,7 +33,7 @@
"impactScore": 5.9
},
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -105,12 +105,8 @@
],
"references": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41078",
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41078",
"source": "secure@microsoft.com"
}
]
}

18
CVE-2022/CVE-2022-410xx/CVE-2022-41079.json
View File

@ -2,18 +2,18 @@
"id": "CVE-2022-41079",
"sourceIdentifier": "secure@microsoft.com",
"published": "2022-11-09T22:15:21.440",
"lastModified": "2022-12-15T17:28:43.267",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-13T17:15:13.490",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is unique from CVE-2022-41078."
"value": "Microsoft Exchange Server Spoofing Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -33,7 +33,7 @@
"impactScore": 5.9
},
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -105,12 +105,8 @@
],
"references": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41079",
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2022/CVE-2022-410xx/CVE-2022-41080.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-41080",
"sourceIdentifier": "secure@microsoft.com",
"published": "2022-11-09T22:15:21.550",
"lastModified": "2022-11-10T06:26:47.787",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-13T17:15:13.577",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-01-10",
"cisaActionDue": "2023-01-31",
"cisaRequiredAction": "Apply updates per vendor instructions.",
@ -11,34 +11,14 @@
"descriptions": [
{
"lang": "en",
"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41123."
"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
@ -55,6 +35,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -109,12 +109,8 @@
],
"references": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41080",
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41080",
"source": "secure@microsoft.com"
}
]
}

14
CVE-2022/CVE-2022-411xx/CVE-2022-41123.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-41123",
"sourceIdentifier": "secure@microsoft.com",
"published": "2022-11-09T22:15:25.183",
"lastModified": "2022-11-10T06:26:39.380",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-13T17:15:13.950",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41080."
"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
],
"metrics": {
@ -80,12 +80,8 @@
],
"references": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41123",
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41123",
"source": "secure@microsoft.com"
}
]
}

4
CVE-2022/CVE-2022-428xx/CVE-2022-42880.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-42880",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-13T15:15:11.607",
"lastModified": "2023-06-13T15:15:11.607",
"vulnStatus": "Received",
"lastModified": "2023-06-13T16:54:51.953",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

69
CVE-2022/CVE-2022-45xx/CVE-2022-4569.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-4569",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-06-05T21:15:10.413",
"lastModified": "2023-06-06T12:50:56.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T16:56:50.710",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@lenovo.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@lenovo.com",
"type": "Secondary",
@ -46,10 +76,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:thinkpad_hybrid_usb-c_with_usb-a_dock_firmware:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "1.0.35_v2",
"matchCriteriaId": "A2688053-9035-434B-B91A-D65053997264"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkpad_hybrid_usb-c_with_usb-a_dock:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84E3B238-F3FA-47ED-AB7C-724007ECF450"
}
]
}
]
}
],
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-103544",
"source": "psirt@lenovo.com"
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
]
}
]
}

53
CVE-2022/CVE-2022-461xx/CVE-2022-46165.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-46165",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-06T18:15:10.100",
"lastModified": "2023-06-06T18:33:59.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T16:26:07.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +66,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:syncthing:syncthing:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.23.5",
"matchCriteriaId": "DF5DEFA6-C51C-4649-AD75-0E00E44B1301"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/syncthing/syncthing/commit/73c52eafb6566435dffd979c3c49562b6d5a4238",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/syncthing/syncthing/security/advisories/GHSA-9rp6-23gf-4c3h",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-208xx/CVE-2023-20867.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-20867",
"sourceIdentifier": "security@vmware.com",
"published": "2023-06-13T17:15:14.070",
"lastModified": "2023-06-13T17:15:14.070",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@vmware.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@vmware.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0013.html",
"source": "security@vmware.com"
}
]
}

106
CVE-2023/CVE-2023-21xx/CVE-2023-2132.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2132",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-06-06T17:15:14.090",
"lastModified": "2023-06-06T18:33:59.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T16:36:26.880",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -34,18 +54,94 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "15.4.0",
"versionEndExcluding": "15.10.8",
"matchCriteriaId": "FF09675D-DF86-415B-AF42-7A6F43100C53"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "15.4.0",
"versionEndExcluding": "15.10.8",
"matchCriteriaId": "3939EBF5-9026-48D1-AAAF-1658A5A28388"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "15.11.0",
"versionEndExcluding": "15.11.7",
"matchCriteriaId": "C612DD9C-BFBD-49A3-9936-BB7D2C7ADBED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "15.11.0",
"versionEndExcluding": "15.11.7",
"matchCriteriaId": "A6944880-86FD-4D58-8217-667BD48B019A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.0.0",
"versionEndExcluding": "16.0.2",
"matchCriteriaId": "C060C573-5005-487A-8AB2-DE66531685A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.0.0",
"versionEndExcluding": "16.0.2",
"matchCriteriaId": "D19BAB29-C57C-4410-A093-44AFFF3984DF"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2132.json",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/407586",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/1934711",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

93
CVE-2023/CVE-2023-21xx/CVE-2023-2183.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2023-2183",
"sourceIdentifier": "security@grafana.com",
"published": "2023-06-06T19:15:11.277",
"lastModified": "2023-06-07T02:45:20.120",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T16:30:57.630",
"vulnStatus": "Analyzed",
"evaluatorComment": "Impact ",
"descriptions": [
{
"lang": "en",
@ -12,6 +13,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "security@grafana.com",
"type": "Secondary",
@ -35,6 +56,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security@grafana.com",
"type": "Secondary",
@ -46,14 +77,68 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.5.26",
"matchCriteriaId": "48AB6EAA-1211-4E49-938E-7A6C57914A5B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.2.19",
"matchCriteriaId": "60ED286C-003F-4D81-B26C-8B39A33B1327"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.3.0",
"versionEndExcluding": "9.3.15",
"matchCriteriaId": "C45A8C03-0871-4F08-8285-EA8EF5B91132"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.4.0",
"versionEndExcluding": "9.4.12",
"matchCriteriaId": "F7E1DC65-AEE9-4296-98A8-B0F8C0794B39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.5.0",
"versionEndExcluding": "9.5.3",
"matchCriteriaId": "109E940E-B6B4-4E5A-A580-C58A26CD4392"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-cvm3-pp2j-chr3",
"source": "security@grafana.com"
"source": "security@grafana.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://grafana.com/security/security-advisories/cve-2023-2183/",
"source": "security@grafana.com"
"source": "security@grafana.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-238xx/CVE-2023-23831.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23831",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-13T15:15:12.523",
"lastModified": "2023-06-13T15:15:12.523",
"vulnStatus": "Received",
"lastModified": "2023-06-13T16:54:51.953",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

16
CVE-2023/CVE-2023-248xx/CVE-2023-24880.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-24880",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-03-14T17:15:17.683",
"lastModified": "2023-03-21T17:59:45.877",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-13T17:15:14.197",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-03-14",
"cisaActionDue": "2023-04-04",
"cisaRequiredAction": "Apply updates per vendor instructions.",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -37,12 +37,12 @@
"impactScore": 2.5
},
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
@ -50,10 +50,10 @@
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"exploitabilityScore": 1.8,
"impactScore": 2.5
}
]

4
CVE-2023/CVE-2023-259xx/CVE-2023-25964.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25964",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-13T15:15:12.960",
"lastModified": "2023-06-13T15:15:12.960",
"vulnStatus": "Received",
"lastModified": "2023-06-13T16:54:51.953",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-259xx/CVE-2023-25978.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25978",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-13T16:15:12.693",
"lastModified": "2023-06-13T16:54:51.953",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nate Reist Protected Posts Logout Button plugin <=\u00a01.4.5 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/protected-posts-logout-button/wordpress-protected-posts-logout-button-plugin-1-4-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

53
CVE-2023/CVE-2023-25xx/CVE-2023-2503.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-2503",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-05T14:15:10.300",
"lastModified": "2023-06-05T14:22:20.397",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T16:50:13.987",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The 10Web Social Post Feed WordPress plugin before 1.2.9 does not sanitise and escape some parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:10web:10web_social_post_feed:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.2.9",
"matchCriteriaId": "2A0AEC24-2681-4648-83B7-8E92F45DAE48"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/07b1caf1-d00b-4075-b71a-0516d5604286",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-25xx/CVE-2023-2571.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-2571",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-05T14:15:10.363",
"lastModified": "2023-06-05T14:22:20.397",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T16:50:40.203",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Quiz Maker WordPress plugin before 6.4.2.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ays-pro:quiz_maker:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "6.4.2.7",
"matchCriteriaId": "234A20A4-0A95-4CDF-A174-EE86D508E52A"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/2dc02e5c-1c89-4053-a6a7-29ee7b996183",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-25xx/CVE-2023-2572.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-2572",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-05T14:15:10.423",
"lastModified": "2023-06-05T14:22:20.397",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T16:26:40.197",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Survey Maker WordPress plugin before 3.4.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ays-pro:survey_maker:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.4.7",
"matchCriteriaId": "379B7454-0DAA-4FDB-9BB9-CD3281DEC369"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/2f7fe6e6-c3d0-4e27-8222-572d7a420153",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-265xx/CVE-2023-26528.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26528",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-13T15:15:13.663",
"lastModified": "2023-06-13T15:15:13.663",
"vulnStatus": "Received",
"lastModified": "2023-06-13T16:54:51.953",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-265xx/CVE-2023-26538.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26538",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-13T15:15:13.907",
"lastModified": "2023-06-13T15:15:13.907",
"vulnStatus": "Received",
"lastModified": "2023-06-13T16:54:51.953",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-276xx/CVE-2023-27624.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-27624",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-13T16:15:12.847",
"lastModified": "2023-06-13T16:54:51.953",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcelotorres Redirect After Login plugin <=\u00a00.1.9 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/redirect-after-login/wordpress-redirect-after-login-plugin-0-1-9-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

20
CVE-2023/CVE-2023-278xx/CVE-2023-27837.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-27837",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-13T17:15:14.327",
"lastModified": "2023-06-13T17:15:14.327",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the key parameter in the function sub_ 40A774."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/lzd521/IOT/tree/main/TP-Link%20WPA8630P",
"source": "cve@mitre.org"
}
]
}

43
CVE-2023/CVE-2023-283xx/CVE-2023-28303.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-28303",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-06-13T17:15:14.380",
"lastModified": "2023-06-13T17:15:14.380",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Windows Snipping Tool Information Disclosure Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28303",
"source": "secure@microsoft.com"
}
]
}

81
CVE-2023/CVE-2023-283xx/CVE-2023-28352.json
View File

@ -2,23 +2,94 @@
"id": "CVE-2023-28352",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T00:15:10.063",
"lastModified": "2023-05-31T13:02:26.480",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T17:32:41.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Faronics Insight 10.0.19045 on Windows. By abusing the Insight UDP broadcast discovery system, an attacker-controlled artificial Student Console can connect to and attack a Teacher Console even after Enhanced Security Mode has been enabled."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:faronics:insight:10.0.19045:*:*:*:*:*:*:*",
"matchCriteriaId": "492CED5D-9EF5-4D18-BD58-60EE07CB06C2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://research.nccgroup.com/?research=Technical%20advisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-283xx/CVE-2023-28353.json
View File

@ -2,23 +2,94 @@
"id": "CVE-2023-28353",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T00:15:10.107",
"lastModified": "2023-05-31T13:02:26.480",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T16:04:19.173",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker is able to upload any type of file to any location on the Teacher Console's computer, enabling a variety of different exploitation paths including code execution. It is also possible for the attacker to chain this vulnerability with others to cause a deployed DLL file to immediately execute as NT AUTHORITY/SYSTEM."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:faronics:insight:10.0.19045:*:*:*:*:*:*:*",
"matchCriteriaId": "492CED5D-9EF5-4D18-BD58-60EE07CB06C2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://research.nccgroup.com/?research=Technical%20advisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

43
CVE-2023/CVE-2023-285xx/CVE-2023-28598.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-28598",
"sourceIdentifier": "security@zoom.us",
"published": "2023-06-13T17:15:14.467",
"lastModified": "2023-06-13T17:15:14.467",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. If a victim starts a chat with a malicious user it could result in a Zoom application crash."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zoom.us",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
}
]
}

43
CVE-2023/CVE-2023-285xx/CVE-2023-28599.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-28599",
"sourceIdentifier": "security@zoom.us",
"published": "2023-06-13T17:15:14.537",
"lastModified": "2023-06-13T17:15:14.537",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. A malicious user could inject HTML into their display name potentially leading a victim to a malicious website during meeting creation.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zoom.us",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
}
]
}

4
CVE-2023/CVE-2023-286xx/CVE-2023-28620.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28620",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-13T15:15:14.043",
"lastModified": "2023-06-13T15:15:14.043",
"vulnStatus": "Received",
"lastModified": "2023-06-13T16:54:51.953",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

65
CVE-2023/CVE-2023-28xx/CVE-2023-2801.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2801",
"sourceIdentifier": "security@grafana.com",
"published": "2023-06-06T19:15:11.413",
"lastModified": "2023-06-07T02:45:20.120",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T16:33:49.213",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
},
{
"source": "security@grafana.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-662"
}
]
},
{
"source": "security@grafana.com",
"type": "Secondary",
@ -46,10 +76,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.4.0",
"versionEndExcluding": "9.4.12",
"matchCriteriaId": "F7E1DC65-AEE9-4296-98A8-B0F8C0794B39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.5.0",
"versionEndExcluding": "9.5.3",
"matchCriteriaId": "109E940E-B6B4-4E5A-A580-C58A26CD4392"
}
]
}
]
}
],
"references": [
{
"url": "https://grafana.com/security/security-advisories/cve-2023-2801/",
"source": "security@grafana.com"
"source": "security@grafana.com",
"tags": [
"Vendor Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-296xx/CVE-2023-29629.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29629",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-05T21:15:10.687",
"lastModified": "2023-06-06T12:50:56.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T16:19:16.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -34,10 +54,42 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jmsthemelayout_project:jmsthemelayout:2.5.5:*:*:*:*:prestashop:*:*",
"matchCriteriaId": "3D8EBD85-0102-4F06-97A2-44CD765ED16C"
}
]
}
]
}
],
"references": [
{
"url": "https://friends-of-presta.github.io/security-advisories/modules/2023/03/13/jmsthemelayout.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-301xx/CVE-2023-30179.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-30179",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-13T17:15:14.600",
"lastModified": "2023-06-13T17:15:14.600",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). An authenticated attacker can inject Twig Template to User Photo Location field when setting User Photo Location in User Settings, lead to Remote Code Execution."
}
],
"metrics": {},
"references": [
{
"url": "https://datnlq.gitbook.io/cve/craft-cms/cve-2023-30179-server-side-template-injection",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#442---2023-03-14",
"source": "cve@mitre.org"
}
]
}

63
CVE-2023/CVE-2023-30xx/CVE-2023-3044.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3044",
"sourceIdentifier": "xpdf@xpdfreader.com",
"published": "2023-06-02T23:15:09.580",
"lastModified": "2023-06-05T13:03:17.903",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T17:55:45.267",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "xpdf@xpdfreader.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-369"
}
]
},
{
"source": "xpdf@xpdfreader.com",
"type": "Secondary",
@ -46,14 +76,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.05",
"matchCriteriaId": "70492207-C977-44E7-BA29-17CAC6333E30"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/baker221/poc-xpdf",
"source": "xpdf@xpdfreader.com"
"source": "xpdf@xpdfreader.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.xpdfreader.com/security-bug/CVE-2023-3044.html",
"source": "xpdf@xpdfreader.com"
"source": "xpdf@xpdfreader.com",
"tags": [
"Vendor Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-30xx/CVE-2023-3064.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3064",
"sourceIdentifier": "vulnerability@ncsc.ch",
"published": "2023-06-05T09:15:09.413",
"lastModified": "2023-06-05T13:02:53.787",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T16:41:22.930",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "vulnerability@ncsc.ch",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
},
{
"source": "vulnerability@ncsc.ch",
"type": "Secondary",
@ -46,10 +76,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mobatime:amxgt_100:*:*:*:*:*:android:*:*",
"versionEndIncluding": "1.3.20",
"matchCriteriaId": "45B1027A-BEC2-444D-B088-15581FB1CA24"
}
]
}
]
}
],
"references": [
{
"url": "https://borelenzo.github.io/stuff/2023/06/02/cve-2023-3064_65_66.html",
"source": "vulnerability@ncsc.ch"
"source": "vulnerability@ncsc.ch",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-30xx/CVE-2023-3065.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3065",
"sourceIdentifier": "vulnerability@ncsc.ch",
"published": "2023-06-05T09:15:09.530",
"lastModified": "2023-06-05T13:02:53.787",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T17:32:12.733",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "vulnerability@ncsc.ch",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "vulnerability@ncsc.ch",
"type": "Secondary",
@ -46,10 +76,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mobatime:amxgt_100:*:*:*:*:*:android:*:*",
"versionEndIncluding": "1.3.20",
"matchCriteriaId": "45B1027A-BEC2-444D-B088-15581FB1CA24"
}
]
}
]
}
],
"references": [
{
"url": "https://borelenzo.github.io/stuff/2023/06/02/cve-2023-3064_65_66.html",
"source": "vulnerability@ncsc.ch"
"source": "vulnerability@ncsc.ch",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-30xx/CVE-2023-3096.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3096",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-05T06:15:09.227",
"lastModified": "2023-06-05T13:02:53.787",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T17:45:20.013",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -61,8 +83,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -71,18 +103,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kylinos:kylin-software-properties:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.0.1-130",
"matchCriteriaId": "BE12B778-539E-4F9D-A6AD-78F937E15325"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/i900008/vulndb/blob/main/kylinos_vul1.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.230686",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.230686",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-30xx/CVE-2023-3097.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3097",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-05T06:15:09.463",
"lastModified": "2023-06-05T13:02:53.787",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T17:46:09.980",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kylinos:kylin-software-properties:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.0.1-130",
"matchCriteriaId": "BE12B778-539E-4F9D-A6AD-78F937E15325"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/i900008/vulndb/blob/main/kylinos_vul2.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.230687",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.230687",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-30xx/CVE-2023-3098.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3098",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-05T07:15:09.420",
"lastModified": "2023-06-05T13:02:53.787",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T17:47:45.300",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -61,8 +83,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -71,18 +103,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ubuntukylin:youker-assistant:*:*:*:*:*:kylinos:*:*",
"versionEndExcluding": "3.0.2-0kylin6k70-23",
"matchCriteriaId": "A36B8412-8110-4EE8-8C73-CF78E98E01CE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/i900008/vulndb/blob/main/kylinos_vul3.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.230688",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.230688",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-30xx/CVE-2023-3099.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3099",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-05T07:15:11.143",
"lastModified": "2023-06-05T13:02:53.787",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T17:49:43.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -61,8 +83,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -71,18 +103,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ubuntukylin:youker-assistant:*:*:*:*:*:kylinos:*:*",
"versionEndExcluding": "3.0.2-0kylin6k70-23",
"matchCriteriaId": "A36B8412-8110-4EE8-8C73-CF78E98E01CE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/i900008/vulndb/blob/main/kylinos_vul4.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.230689",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.230689",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

28
CVE-2023/CVE-2023-314xx/CVE-2023-31437.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-31437",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-13T17:15:14.657",
"lastModified": "2023-06-13T17:15:14.657",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/kastel-security/Journald",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/systemd/systemd/releases",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-314xx/CVE-2023-31438.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-31438",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-13T17:15:14.707",
"lastModified": "2023-06-13T17:15:14.707",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/kastel-security/Journald",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/systemd/systemd/releases",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-314xx/CVE-2023-31439.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-31439",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-13T17:15:14.753",
"lastModified": "2023-06-13T17:15:14.753",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/kastel-security/Journald",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/systemd/systemd/releases",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-315xx/CVE-2023-31541.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-31541",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-13T17:15:14.810",
"lastModified": "2023-06-13T17:15:14.810",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A unrestricted file upload vulnerability was discovered in the \u2018Browse and upload images\u2019 feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server."
}
],
"metrics": {},
"references": [
{
"url": "http://redmine.com",
"source": "cve@mitre.org"
},
{
"url": "http://redmineckeditor.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/DreamD2v/CVE-2023-31541/blob/main/CVE-2023-31541.md",
"source": "cve@mitre.org"
}
]
}

74
CVE-2023/CVE-2023-326xx/CVE-2023-32682.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32682",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-06T19:15:11.743",
"lastModified": "2023-06-07T02:45:20.120",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T16:32:56.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,30 +66,68 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:matrix:synapse:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.85.0",
"matchCriteriaId": "57D26682-77B5-428E-B7F8-50A0D2CB3C2E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/matrix-org/synapse/pull/15624",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/matrix-org/synapse/pull/15634",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-26c5-ppr8-f33p",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#create-or-modify-account",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://matrix-org.github.io/synapse/latest/jwt.html",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#password_config",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
}
]
}

8
CVE-2023/CVE-2023-327xx/CVE-2023-32731.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-32731",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-06-09T11:15:09.303",
"lastModified": "2023-06-09T13:03:24.613",
"lastModified": "2023-06-13T16:15:12.917",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in\u00a0 https://github.com/grpc/grpc/pull/32309 https://github.com/grpc/grpc/pull/32309 \n"
"value": "When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in\u00a0 https://github.com/grpc/grpc/pull/33005 https://github.com/grpc/grpc/pull/33005 \n"
}
],
"metrics": {
@ -50,6 +50,10 @@
{
"url": "https://github.com/grpc/grpc/pull/32309",
"source": "cve-coordination@google.com"
},
{
"url": "https://github.com/grpc/grpc/pull/33005",
"source": "cve-coordination@google.com"
}
]
}

76
CVE-2023/CVE-2023-334xx/CVE-2023-33476.json
View File

@ -2,27 +2,91 @@
"id": "CVE-2023-33476",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-02T14:15:09.437",
"lastModified": "2023-06-02T14:32:29.847",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T16:49:19.823",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the length of the allocated buffer, resulting in out-of-bounds read/write."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:readymedia_project:readymedia:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.1.15",
"versionEndIncluding": "1.3.2",
"matchCriteriaId": "E82430F4-2EB8-4A94-8946-E80D5C330F1B"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.coffinsec.com/0day/2023/05/31/minidlna-heap-overflow-rca.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://sourceforge.net/p/minidlna/git/ci/9bd58553fae5aef3e6dd22f51642d2c851225aec/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://sourceforge.net/projects/minidlna/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

4
CVE-2023/CVE-2023-335xx/CVE-2023-33568.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33568",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-13T15:15:14.147",
"lastModified": "2023-06-13T15:15:14.147",
"vulnStatus": "Received",
"lastModified": "2023-06-13T16:54:51.953",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

28
CVE-2023/CVE-2023-336xx/CVE-2023-33620.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-33620",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-13T17:15:14.863",
"lastModified": "2023-06-13T17:15:14.863",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack."
}
],
"metrics": {},
"references": [
{
"url": "http://gl-ar750s-ext.com",
"source": "cve@mitre.org"
},
{
"url": "http://glinet.com",
"source": "cve@mitre.org"
},
{
"url": "https://justinapplegate.me/2023/glinet-CVE-2023-33620/",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-336xx/CVE-2023-33621.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-33621",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-13T16:15:13.027",
"lastModified": "2023-06-13T16:54:51.953",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session replay."
}
],
"metrics": {},
"references": [
{
"url": "http://gl-ar750s-ext.com",
"source": "cve@mitre.org"
},
{
"url": "http://glinet.com",
"source": "cve@mitre.org"
},
{
"url": "https://justinapplegate.me/2023/glinet-CVE-2023-33621/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-336xx/CVE-2023-33695.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-33695",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-13T16:15:13.077",
"lastModified": "2023-06-13T16:54:51.953",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/dromara/hutool/issues/3103",
"source": "cve@mitre.org"
}
]
}

53
CVE-2023/CVE-2023-340xx/CVE-2023-34097.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34097",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-05T21:15:11.290",
"lastModified": "2023-06-06T12:50:56.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T17:20:19.417",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +66,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hoppscotch:hoppscotch:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.4.5",
"matchCriteriaId": "972DADE9-2C4F-43EF-888F-CC45177A10EB"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/hoppscotch/hoppscotch/commit/15424903ede20b155d764abf4c4f7c2c84c11247",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-qpx8-wq6q-r833",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-341xx/CVE-2023-34104.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34104",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-06T18:15:11.643",
"lastModified": "2023-06-06T18:33:59.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T16:26:54.877",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,14 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fast-xml-parser_project:fast-xml-parser:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "4.2.4",
"matchCriteriaId": "D11D7415-214B-458D-B675-CD7E0F3D8248"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/39b0e050bb909e8499478657f84a3076e39ce76c",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-6w63-h3fj-q4vw",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-341xx/CVE-2023-34111.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34111",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-06T17:15:15.210",
"lastModified": "2023-06-06T18:33:59.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-13T16:35:51.807",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,18 +76,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tdengine:grafana:*:*:*:*:*:tdengine:*:*",
"versionEndIncluding": "2023-05-22",
"matchCriteriaId": "E70AB561-6889-4997-ACA9-AE4A3CF4257C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/taosdata/grafanaplugin/blob/master/.github/workflows/release-pr-merged.yaml#L25",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/taosdata/grafanaplugin/security/advisories/GHSA-23wp-p848-hcgr",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://securitylab.github.com/research/github-actions-untrusted-input/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-342xx/CVE-2023-34247.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-34247",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-13T17:15:14.920",
"lastModified": "2023-06-13T17:15:14.920",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Keystone is a content management system for Node.JS. There is an open redirect in the `@keystone-6/auth` package versions 7.0.0 and prior, where the redirect leading `/` filter can be bypassed. Users may be redirected to domains other than the relative host, thereby it might be used by attackers to re-direct users to an unexpected location. To mitigate this issue, one may apply a patch from pull request 8626 or avoid using the `@keystone-6/auth` package."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://github.com/keystonejs/keystone/pull/8626",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/keystonejs/keystone/security/advisories/GHSA-jqxr-vjvv-899m",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-342xx/CVE-2023-34249.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-34249",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-13T17:15:15.003",
"lastModified": "2023-06-13T17:15:15.003",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "benjjvi/PyBB is an open source bulletin board. Prior to commit dcaeccd37198ecd3e41ea766d1099354b60d69c2, benjjvi/PyBB is vulnerable to SQL Injection. This vulnerability has been fixed as of commit dcaeccd37198ecd3e41ea766d1099354b60d69c2. As a workaround, a user may be able to update the software manually to avoid this problem by sanitizing user queries to `BulletinDatabaseModule.py`."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/benjjvi/PyBB/commit/dcaeccd37198ecd3e41ea766d1099354b60d69c2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/benjjvi/PyBB/security/advisories/GHSA-5qrx-fgxq-95gg",
"source": "security-advisories@github.com"
}
]
}

4
CVE-2023/CVE-2023-350xx/CVE-2023-35064.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35064",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-06-13T15:15:14.257",
"lastModified": "2023-06-13T15:15:14.257",
"vulnStatus": "Received",
"lastModified": "2023-06-13T16:54:51.953",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

90
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-06-13T16:00:54.390350+00:00
2023-06-13T18:00:29.145813+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-06-13T15:56:42.397000+00:00
2023-06-13T17:55:45.267000+00:00
```
### Last Data Feed Release
@ -29,52 +29,66 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
217560
217582
```
### CVEs added in the last Commit
Recently added CVEs: `8`
Recently added CVEs: `22`
* [CVE-2022-42880](CVE-2022/CVE-2022-428xx/CVE-2022-42880.json) (`2023-06-13T15:15:11.607`)
* [CVE-2023-23831](CVE-2023/CVE-2023-238xx/CVE-2023-23831.json) (`2023-06-13T15:15:12.523`)
* [CVE-2023-25964](CVE-2023/CVE-2023-259xx/CVE-2023-25964.json) (`2023-06-13T15:15:12.960`)
* [CVE-2023-26528](CVE-2023/CVE-2023-265xx/CVE-2023-26528.json) (`2023-06-13T15:15:13.663`)
* [CVE-2023-26538](CVE-2023/CVE-2023-265xx/CVE-2023-26538.json) (`2023-06-13T15:15:13.907`)
* [CVE-2023-28620](CVE-2023/CVE-2023-286xx/CVE-2023-28620.json) (`2023-06-13T15:15:14.043`)
* [CVE-2023-33568](CVE-2023/CVE-2023-335xx/CVE-2023-33568.json) (`2023-06-13T15:15:14.147`)
* [CVE-2023-35064](CVE-2023/CVE-2023-350xx/CVE-2023-35064.json) (`2023-06-13T15:15:14.257`)
* [CVE-2022-31635](CVE-2022/CVE-2022-316xx/CVE-2022-31635.json) (`2023-06-13T17:15:12.567`)
* [CVE-2022-31636](CVE-2022/CVE-2022-316xx/CVE-2022-31636.json) (`2023-06-13T17:15:12.640`)
* [CVE-2022-31637](CVE-2022/CVE-2022-316xx/CVE-2022-31637.json) (`2023-06-13T17:15:12.700`)
* [CVE-2022-31638](CVE-2022/CVE-2022-316xx/CVE-2022-31638.json) (`2023-06-13T17:15:12.753`)
* [CVE-2022-31639](CVE-2022/CVE-2022-316xx/CVE-2022-31639.json) (`2023-06-13T17:15:12.807`)
* [CVE-2023-25978](CVE-2023/CVE-2023-259xx/CVE-2023-25978.json) (`2023-06-13T16:15:12.693`)
* [CVE-2023-27624](CVE-2023/CVE-2023-276xx/CVE-2023-27624.json) (`2023-06-13T16:15:12.847`)
* [CVE-2023-33621](CVE-2023/CVE-2023-336xx/CVE-2023-33621.json) (`2023-06-13T16:15:13.027`)
* [CVE-2023-33695](CVE-2023/CVE-2023-336xx/CVE-2023-33695.json) (`2023-06-13T16:15:13.077`)
* [CVE-2023-20867](CVE-2023/CVE-2023-208xx/CVE-2023-20867.json) (`2023-06-13T17:15:14.070`)
* [CVE-2023-27837](CVE-2023/CVE-2023-278xx/CVE-2023-27837.json) (`2023-06-13T17:15:14.327`)
* [CVE-2023-28303](CVE-2023/CVE-2023-283xx/CVE-2023-28303.json) (`2023-06-13T17:15:14.380`)
* [CVE-2023-28598](CVE-2023/CVE-2023-285xx/CVE-2023-28598.json) (`2023-06-13T17:15:14.467`)
* [CVE-2023-28599](CVE-2023/CVE-2023-285xx/CVE-2023-28599.json) (`2023-06-13T17:15:14.537`)
* [CVE-2023-30179](CVE-2023/CVE-2023-301xx/CVE-2023-30179.json) (`2023-06-13T17:15:14.600`)
* [CVE-2023-31437](CVE-2023/CVE-2023-314xx/CVE-2023-31437.json) (`2023-06-13T17:15:14.657`)
* [CVE-2023-31438](CVE-2023/CVE-2023-314xx/CVE-2023-31438.json) (`2023-06-13T17:15:14.707`)
* [CVE-2023-31439](CVE-2023/CVE-2023-314xx/CVE-2023-31439.json) (`2023-06-13T17:15:14.753`)
* [CVE-2023-31541](CVE-2023/CVE-2023-315xx/CVE-2023-31541.json) (`2023-06-13T17:15:14.810`)
* [CVE-2023-33620](CVE-2023/CVE-2023-336xx/CVE-2023-33620.json) (`2023-06-13T17:15:14.863`)
* [CVE-2023-34247](CVE-2023/CVE-2023-342xx/CVE-2023-34247.json) (`2023-06-13T17:15:14.920`)
* [CVE-2023-34249](CVE-2023/CVE-2023-342xx/CVE-2023-34249.json) (`2023-06-13T17:15:15.003`)
### CVEs modified in the last Commit
Recently modified CVEs: `31`
Recently modified CVEs: `70`
* [CVE-2020-36720](CVE-2020/CVE-2020-367xx/CVE-2020-36720.json) (`2023-06-13T15:24:02.663`)
* [CVE-2020-36729](CVE-2020/CVE-2020-367xx/CVE-2020-36729.json) (`2023-06-13T15:46:08.890`)
* [CVE-2020-36730](CVE-2020/CVE-2020-367xx/CVE-2020-36730.json) (`2023-06-13T15:49:40.423`)
* [CVE-2021-4371](CVE-2021/CVE-2021-43xx/CVE-2021-4371.json) (`2023-06-13T14:42:13.740`)
* [CVE-2021-4341](CVE-2021/CVE-2021-43xx/CVE-2021-4341.json) (`2023-06-13T14:44:07.323`)
* [CVE-2021-4340](CVE-2021/CVE-2021-43xx/CVE-2021-4340.json) (`2023-06-13T14:45:59.050`)
* [CVE-2021-4370](CVE-2021/CVE-2021-43xx/CVE-2021-4370.json) (`2023-06-13T14:52:03.017`)
* [CVE-2021-4369](CVE-2021/CVE-2021-43xx/CVE-2021-4369.json) (`2023-06-13T14:52:28.660`)
* [CVE-2021-4339](CVE-2021/CVE-2021-43xx/CVE-2021-4339.json) (`2023-06-13T14:56:25.750`)
* [CVE-2021-4368](CVE-2021/CVE-2021-43xx/CVE-2021-4368.json) (`2023-06-13T15:03:50.253`)
* [CVE-2021-4362](CVE-2021/CVE-2021-43xx/CVE-2021-4362.json) (`2023-06-13T15:04:16.103`)
* [CVE-2021-4363](CVE-2021/CVE-2021-43xx/CVE-2021-4363.json) (`2023-06-13T15:05:14.453`)
* [CVE-2021-4364](CVE-2021/CVE-2021-43xx/CVE-2021-4364.json) (`2023-06-13T15:09:05.753`)
* [CVE-2021-4367](CVE-2021/CVE-2021-43xx/CVE-2021-4367.json) (`2023-06-13T15:09:21.410`)
* [CVE-2021-4365](CVE-2021/CVE-2021-43xx/CVE-2021-4365.json) (`2023-06-13T15:09:35.313`)
* [CVE-2021-4338](CVE-2021/CVE-2021-43xx/CVE-2021-4338.json) (`2023-06-13T15:56:23.340`)
* [CVE-2021-4343](CVE-2021/CVE-2021-43xx/CVE-2021-4343.json) (`2023-06-13T15:56:42.397`)
* [CVE-2023-0152](CVE-2023/CVE-2023-01xx/CVE-2023-0152.json) (`2023-06-13T14:56:26.733`)
* [CVE-2023-2598](CVE-2023/CVE-2023-25xx/CVE-2023-2598.json) (`2023-06-13T15:11:05.637`)
* [CVE-2023-0545](CVE-2023/CVE-2023-05xx/CVE-2023-0545.json) (`2023-06-13T15:11:32.837`)
* [CVE-2023-33569](CVE-2023/CVE-2023-335xx/CVE-2023-33569.json) (`2023-06-13T15:17:31.487`)
* [CVE-2023-33781](CVE-2023/CVE-2023-337xx/CVE-2023-33781.json) (`2023-06-13T15:20:48.590`)
* [CVE-2023-33782](CVE-2023/CVE-2023-337xx/CVE-2023-33782.json) (`2023-06-13T15:23:21.023`)
* [CVE-2023-28350](CVE-2023/CVE-2023-283xx/CVE-2023-28350.json) (`2023-06-13T15:32:19.533`)
* [CVE-2023-28351](CVE-2023/CVE-2023-283xx/CVE-2023-28351.json) (`2023-06-13T15:51:13.697`)
* [CVE-2023-2183](CVE-2023/CVE-2023-21xx/CVE-2023-2183.json) (`2023-06-13T16:30:57.630`)
* [CVE-2023-32682](CVE-2023/CVE-2023-326xx/CVE-2023-32682.json) (`2023-06-13T16:32:56.227`)
* [CVE-2023-2801](CVE-2023/CVE-2023-28xx/CVE-2023-2801.json) (`2023-06-13T16:33:49.213`)
* [CVE-2023-34111](CVE-2023/CVE-2023-341xx/CVE-2023-34111.json) (`2023-06-13T16:35:51.807`)
* [CVE-2023-2132](CVE-2023/CVE-2023-21xx/CVE-2023-2132.json) (`2023-06-13T16:36:26.880`)
* [CVE-2023-3064](CVE-2023/CVE-2023-30xx/CVE-2023-3064.json) (`2023-06-13T16:41:22.930`)
* [CVE-2023-33476](CVE-2023/CVE-2023-334xx/CVE-2023-33476.json) (`2023-06-13T16:49:19.823`)
* [CVE-2023-2503](CVE-2023/CVE-2023-25xx/CVE-2023-2503.json) (`2023-06-13T16:50:13.987`)
* [CVE-2023-2571](CVE-2023/CVE-2023-25xx/CVE-2023-2571.json) (`2023-06-13T16:50:40.203`)
* [CVE-2023-23831](CVE-2023/CVE-2023-238xx/CVE-2023-23831.json) (`2023-06-13T16:54:51.953`)
* [CVE-2023-25964](CVE-2023/CVE-2023-259xx/CVE-2023-25964.json) (`2023-06-13T16:54:51.953`)
* [CVE-2023-26528](CVE-2023/CVE-2023-265xx/CVE-2023-26528.json) (`2023-06-13T16:54:51.953`)
* [CVE-2023-26538](CVE-2023/CVE-2023-265xx/CVE-2023-26538.json) (`2023-06-13T16:54:51.953`)
* [CVE-2023-28620](CVE-2023/CVE-2023-286xx/CVE-2023-28620.json) (`2023-06-13T16:54:51.953`)
* [CVE-2023-33568](CVE-2023/CVE-2023-335xx/CVE-2023-33568.json) (`2023-06-13T16:54:51.953`)
* [CVE-2023-35064](CVE-2023/CVE-2023-350xx/CVE-2023-35064.json) (`2023-06-13T16:54:51.953`)
* [CVE-2023-24880](CVE-2023/CVE-2023-248xx/CVE-2023-24880.json) (`2023-06-13T17:15:14.197`)
* [CVE-2023-34097](CVE-2023/CVE-2023-340xx/CVE-2023-34097.json) (`2023-06-13T17:20:19.417`)
* [CVE-2023-3065](CVE-2023/CVE-2023-30xx/CVE-2023-3065.json) (`2023-06-13T17:32:12.733`)
* [CVE-2023-28352](CVE-2023/CVE-2023-283xx/CVE-2023-28352.json) (`2023-06-13T17:32:41.937`)
* [CVE-2023-3096](CVE-2023/CVE-2023-30xx/CVE-2023-3096.json) (`2023-06-13T17:45:20.013`)
* [CVE-2023-3097](CVE-2023/CVE-2023-30xx/CVE-2023-3097.json) (`2023-06-13T17:46:09.980`)
* [CVE-2023-3098](CVE-2023/CVE-2023-30xx/CVE-2023-3098.json) (`2023-06-13T17:47:45.300`)
* [CVE-2023-3099](CVE-2023/CVE-2023-30xx/CVE-2023-3099.json) (`2023-06-13T17:49:43.407`)
* [CVE-2023-3044](CVE-2023/CVE-2023-30xx/CVE-2023-3044.json) (`2023-06-13T17:55:45.267`)
## Download and Usage