admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-24T02:00:27.385077+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-05-24 02:00:31 +00:00
parent d9e451c32a
commit 8a3e45f3d7
31 changed files with 1734 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2021/CVE-2021-243xx/CVE-2021-24383.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-24383",
"sourceIdentifier": "contact@wpscan.com",
"published": "2021-06-21T20:15:09.330",
"lastModified": "2021-06-25T01:42:48.747",
"lastModified": "2023-05-24T00:49:51.630",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -94,9 +94,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codecabin:wp_google_maps:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:codecabin:wp_go_maps:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "8.1.12",
"matchCriteriaId": "EBCF094C-E6E5-4EF0-98BE-0D6CDC514059"
"matchCriteriaId": "7652BEAB-05E0-4EC3-B1ED-433583C812A9"
}
]
}

6
CVE-2022/CVE-2022-475xx/CVE-2022-47595.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-47595",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-03-14T07:15:12.900",
"lastModified": "2023-03-17T04:02:45.393",
"lastModified": "2023-05-24T00:48:39.567",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -75,9 +75,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpgmaps:wp_go_maps:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:codecabin:wp_go_maps:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "9.0.15",
"matchCriteriaId": "462FE61F-2A08-4C0E-BABF-D0A0813D1092"
"matchCriteriaId": "2CED4D6E-46BA-47A0-B0FF-5D1256A1520C"
}
]
}

74
CVE-2022/CVE-2022-480xx/CVE-2022-48020.json
View File

@ -2,27 +2,89 @@
"id": "CVE-2022-48020",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-12T16:15:09.340",
"lastModified": "2023-05-15T12:54:45.023",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-24T00:59:39.260",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vinteo VCC v2.36.4 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the conference parameter. This vulnerability allows attackers to inject arbitrary code which will be executed by the victim user's browser."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vinteo:video_core:2.36.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA55BED-57E1-47B0-8ED4-EE6BA0188AB1"
}
]
}
]
}
],
"references": [
{
"url": "https://seq.team/en/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://seq.team/en/blog/reflected-cross-site-scripting-xss-in-vinteo-vcc/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.linkedin.com/in/dmitry-kiryukhin-b5741421b/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
}
]
}

47
CVE-2023/CVE-2023-19xx/CVE-2023-1934.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1934",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-05-12T14:15:09.653",
"lastModified": "2023-05-12T14:21:53.020",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-24T01:24:00.233",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sdg:pnpscada:2.200816204020:*:*:*:*:*:*:*",
"matchCriteriaId": "AAECB1B3-BA16-4DBE-A85E-D1EAB0DE60DB"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-12",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

64
CVE-2023/CVE-2023-209xx/CVE-2023-20914.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-20914",
"sourceIdentifier": "security@android.com",
"published": "2023-05-15T22:15:11.473",
"lastModified": "2023-05-16T10:46:36.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-24T00:14:55.697",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In onSetRuntimePermissionGrantStateByDeviceAdmin of AdminRestrictedPermissionsUtils.java, there is a possible way for the work profile to read SMS messages due to a permissions bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-189942529"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-05-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-209xx/CVE-2023-20930.json
View File

@ -2,19 +2,90 @@
"id": "CVE-2023-20930",
"sourceIdentifier": "security@android.com",
"published": "2023-05-15T22:15:11.513",
"lastModified": "2023-05-16T10:46:36.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-24T00:15:11.830",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In pushDynamicShortcut of ShortcutPackage.java, there is a possible way to get the device into a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-250576066"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-05-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-211xx/CVE-2023-21102.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-21102",
"sourceIdentifier": "security@android.com",
"published": "2023-05-15T22:15:11.623",
"lastModified": "2023-05-16T10:46:36.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-24T00:15:29.453",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-260821414References: Upstream kernel"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-05-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-211xx/CVE-2023-21103.json
View File

@ -2,19 +2,90 @@
"id": "CVE-2023-21103",
"sourceIdentifier": "security@android.com",
"published": "2023-05-15T22:15:11.687",
"lastModified": "2023-05-16T10:46:36.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-24T00:15:42.343",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In registerPhoneAccount of PhoneAccountRegistrar.java, uncaught exceptions in parsing persisted user data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-259064622"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-05-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-211xx/CVE-2023-21104.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-21104",
"sourceIdentifier": "security@android.com",
"published": "2023-05-15T22:15:11.737",
"lastModified": "2023-05-16T10:46:36.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-24T00:16:17.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-259938771"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-05-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-211xx/CVE-2023-21106.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-21106",
"sourceIdentifier": "security@android.com",
"published": "2023-05-15T22:15:11.777",
"lastModified": "2023-05-16T10:46:36.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-24T00:16:34.480",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In adreno_set_param of adreno_gpu.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-265016072References: Upstream kernel"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-415"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-05-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-211xx/CVE-2023-21107.json
View File

@ -2,19 +2,90 @@
"id": "CVE-2023-21107",
"sourceIdentifier": "security@android.com",
"published": "2023-05-15T22:15:11.830",
"lastModified": "2023-05-16T10:46:36.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-24T00:17:10.547",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-259385017"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-05-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-211xx/CVE-2023-21109.json
View File

@ -2,19 +2,90 @@
"id": "CVE-2023-21109",
"sourceIdentifier": "security@android.com",
"published": "2023-05-15T22:15:11.870",
"lastModified": "2023-05-16T10:46:36.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-24T00:17:22.613",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261589597"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-05-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-211xx/CVE-2023-21110.json
View File

@ -2,19 +2,90 @@
"id": "CVE-2023-21110",
"sourceIdentifier": "security@android.com",
"published": "2023-05-15T22:15:11.910",
"lastModified": "2023-05-16T10:46:36.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-24T00:17:35.097",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In several functions of SnoozeHelper.java, there is a possible way to grant notifications access due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258422365"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-05-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-211xx/CVE-2023-21111.json
View File

@ -2,19 +2,90 @@
"id": "CVE-2023-21111",
"sourceIdentifier": "security@android.com",
"published": "2023-05-15T22:15:11.950",
"lastModified": "2023-05-16T10:46:36.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-24T00:17:46.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In several functions of PhoneAccountRegistrar.java, there is a possible way to prevent an access to emergency services due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256819769"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-05-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-211xx/CVE-2023-21112.json
View File

@ -2,19 +2,90 @@
"id": "CVE-2023-21112",
"sourceIdentifier": "security@android.com",
"published": "2023-05-15T22:15:11.987",
"lastModified": "2023-05-16T10:46:36.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-24T00:17:58.943",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In AnalyzeMfcResp of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-252763983"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-05-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-211xx/CVE-2023-21116.json
View File

@ -2,19 +2,90 @@
"id": "CVE-2023-21116",
"sourceIdentifier": "security@android.com",
"published": "2023-05-15T22:15:12.027",
"lastModified": "2023-05-16T10:46:36.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-24T00:19:34.900",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256202273"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-05-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-211xx/CVE-2023-21117.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-21117",
"sourceIdentifier": "security@android.com",
"published": "2023-05-15T22:15:12.067",
"lastModified": "2023-05-16T10:46:36.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-24T00:19:55.867",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In registerReceiverWithFeature of ActivityManagerService.java, there is a possible way for isolated processes to register a broadcast receiver due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-263358101"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-05-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-211xx/CVE-2023-21118.json
View File

@ -2,19 +2,90 @@
"id": "CVE-2023-21118",
"sourceIdentifier": "security@android.com",
"published": "2023-05-15T22:15:12.107",
"lastModified": "2023-05-16T10:46:36.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-24T00:20:11.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-269014004"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-05-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-24xx/CVE-2023-2494.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-2494",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-05-24T00:15:09.243",
"lastModified": "2023-05-24T00:15:09.243",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_postdata' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to modify access to the plugin when it should only be the administrator's privilege."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://codecanyon.net/item/go-pricing-wordpress-responsive-pricing-tables/3725820",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5779914a-a168-4835-8aea-e0ab2b3be4f6?source=cve",
"source": "security@wordfence.com"
}
]
}

59
CVE-2023/CVE-2023-24xx/CVE-2023-2496.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-2496",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-05-24T00:15:09.317",
"lastModified": "2023-05-24T00:15:09.317",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability check on the 'validate_upload' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to upload arbitrary files on the affected site's server which may make remote code execution possible."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://codecanyon.net/item/go-pricing-wordpress-responsive-pricing-tables/3725820",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/477c6fa2-16a8-4461-b4d4-d087e13e3ca7?source=cve",
"source": "security@wordfence.com"
}
]
}

59
CVE-2023/CVE-2023-24xx/CVE-2023-2498.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-2498",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-05-24T00:15:09.387",
"lastModified": "2023-05-24T00:15:09.387",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.19 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://codecanyon.net/item/go-pricing-wordpress-responsive-pricing-tables/3725820",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1c3d4c96-63a7-4f3b-a9ac-095be241f840?source=cve",
"source": "security@wordfence.com"
}
]
}

56
CVE-2023/CVE-2023-26xx/CVE-2023-2682.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2682",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-12T13:15:09.477",
"lastModified": "2023-05-12T14:21:53.020",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-24T01:06:31.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,14 +93,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:catontechnology:caton_live:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2023-04-26",
"matchCriteriaId": "D0E2982A-126E-436C-8F1F-44B0D37C4CCE"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.228911",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.228911",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-278xx/CVE-2023-27823.json
View File

@ -2,23 +2,94 @@
"id": "CVE-2023-27823",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-12T14:15:09.727",
"lastModified": "2023-05-12T14:21:53.020",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-24T01:27:36.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:optoma:1080pstx:c02:*:*:*:*:*:*:*",
"matchCriteriaId": "59CEA818-372F-4C7D-82ED-BE14C2353E11"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:optoma:1080pstx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0149B13-3CD1-45A2-B0F5-B47B20B68923"
}
]
}
]
}
],
"references": [
{
"url": "http://optoma.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://packetstormsecurity.com/files/172276/Optoma-1080PSTX-Firmware-C02-Authentication-Bypass.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

89
CVE-2023/CVE-2023-292xx/CVE-2023-29242.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29242",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-12T15:15:09.313",
"lastModified": "2023-05-15T12:54:48.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-24T01:34:24.577",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -34,10 +54,73 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:oneapi_ai_analytics_toolkit:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2021.1",
"matchCriteriaId": "9BB97D76-E753-4720-A303-930A47FABCDF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:oneapi_base_toolkit:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2021.1",
"matchCriteriaId": "DC453B68-40CF-4B6C-990C-CD911DB0890F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:oneapi_dl_framework_developer_toolkit:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2021.1",
"matchCriteriaId": "299D356A-50E6-4E3B-8BA9-751257289AC2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:oneapi_hpc_toolkit:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2021.1",
"matchCriteriaId": "02496E24-E23D-4B6A-B323-2F168660A105"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:oneapi_iot_toolkit:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2021.1",
"matchCriteriaId": "572F1F03-A0C1-4E2B-82D7-3151CF481A7F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:oneapi_rendering_toolkit:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2021.1",
"matchCriteriaId": "F5D01C91-4B80-45F9-B3C8-66C27EE39C2D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00551.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-307xx/CVE-2023-30763.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30763",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-12T15:15:09.367",
"lastModified": "2023-05-15T12:54:48.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-24T01:36:38.743",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -34,10 +54,56 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:battery_life_diagnostic_tool:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2",
"matchCriteriaId": "CC8C277B-6D48-41DE-B225-8F8787902F3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:oneapi_base_toolkit:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2021.4.0",
"matchCriteriaId": "5079B85D-BAA0-42B6-AB94-BA36C10FD483"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:soc_watch:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2021.1",
"matchCriteriaId": "91F068DA-EFDC-4997-9A96-C8E4E12B5A8B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00547.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-317xx/CVE-2023-31759.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-31759",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-24T00:15:09.450",
"lastModified": "2023-05-24T00:15:09.450",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Weak Security in the 433MHz keyfob of Kerui W18 Alarm System v1.0 allows attackers to gain full access via a code replay attack."
}
],
"metrics": {},
"references": [
{
"url": "https://ashallen.net/wireless-alarm-system-vulnerability-disclosure",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-317xx/CVE-2023-31761.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-31761",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-24T00:15:09.497",
"lastModified": "2023-05-24T00:15:09.497",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Weak security in the transmitter of Blitzwolf BW-IS22 Smart Home Security Alarm v1.0 allows attackers to gain full access to the system via a code replay attack."
}
],
"metrics": {},
"references": [
{
"url": "https://ashallen.net/wireless-alarm-system-vulnerability-disclosure",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-317xx/CVE-2023-31762.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-31762",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-24T00:15:09.543",
"lastModified": "2023-05-24T00:15:09.543",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Weak security in the transmitter of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to gain full access to the system via a code replay attack."
}
],
"metrics": {},
"references": [
{
"url": "https://ashallen.net/wireless-alarm-system-vulnerability-disclosure",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-317xx/CVE-2023-31763.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-31763",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-24T00:15:09.583",
"lastModified": "2023-05-24T00:15:09.583",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Weak security in the transmitter of AGShome Smart Alarm v1.0 allows attackers to gain full access to the system via a code replay attack."
}
],
"metrics": {},
"references": [
{
"url": "https://ashallen.net/wireless-alarm-system-vulnerability-disclosure",
"source": "cve@mitre.org"
}
]
}

64
CVE-2023/CVE-2023-319xx/CVE-2023-31922.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-31922",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-12T14:15:10.043",
"lastModified": "2023-05-12T14:21:53.020",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-24T01:30:08.417",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "QuickJS commit 2788d71 was discovered to contain a stack-overflow via the component js_proxy_isArray at quickjs.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:quickjs_project:quickjs:2022-03-06:*:*:*:*:*:*:*",
"matchCriteriaId": "99632CE3-97CF-4901-BADD-4E8A8A659528"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/bellard/quickjs/issues/178",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

47
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-05-23T23:55:26.031701+00:00
2023-05-24T02:00:27.385077+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-05-23T23:15:09.337000+00:00
2023-05-24T01:36:38.743000+00:00
```
### Last Data Feed Release
@ -23,30 +23,55 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2023-05-23T00:00:13.549817+00:00
2023-05-24T00:00:13.562662+00:00
```
### Total Number of included CVEs
```plain
215881
215888
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `7`
* [CVE-2023-28015](CVE-2023/CVE-2023-280xx/CVE-2023-28015.json) (`2023-05-23T22:15:09.120`)
* [CVE-2023-31726](CVE-2023/CVE-2023-317xx/CVE-2023-31726.json) (`2023-05-23T22:15:09.643`)
* [CVE-2023-31747](CVE-2023/CVE-2023-317xx/CVE-2023-31747.json) (`2023-05-23T23:15:09.270`)
* [CVE-2023-32697](CVE-2023/CVE-2023-326xx/CVE-2023-32697.json) (`2023-05-23T23:15:09.337`)
* [CVE-2023-2494](CVE-2023/CVE-2023-24xx/CVE-2023-2494.json) (`2023-05-24T00:15:09.243`)
* [CVE-2023-2496](CVE-2023/CVE-2023-24xx/CVE-2023-2496.json) (`2023-05-24T00:15:09.317`)
* [CVE-2023-2498](CVE-2023/CVE-2023-24xx/CVE-2023-2498.json) (`2023-05-24T00:15:09.387`)
* [CVE-2023-31759](CVE-2023/CVE-2023-317xx/CVE-2023-31759.json) (`2023-05-24T00:15:09.450`)
* [CVE-2023-31761](CVE-2023/CVE-2023-317xx/CVE-2023-31761.json) (`2023-05-24T00:15:09.497`)
* [CVE-2023-31762](CVE-2023/CVE-2023-317xx/CVE-2023-31762.json) (`2023-05-24T00:15:09.543`)
* [CVE-2023-31763](CVE-2023/CVE-2023-317xx/CVE-2023-31763.json) (`2023-05-24T00:15:09.583`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `23`
* [CVE-2022-45770](CVE-2022/CVE-2022-457xx/CVE-2022-45770.json) (`2023-05-23T23:15:09.093`)
* [CVE-2021-24383](CVE-2021/CVE-2021-243xx/CVE-2021-24383.json) (`2023-05-24T00:49:51.630`)
* [CVE-2022-47595](CVE-2022/CVE-2022-475xx/CVE-2022-47595.json) (`2023-05-24T00:48:39.567`)
* [CVE-2022-48020](CVE-2022/CVE-2022-480xx/CVE-2022-48020.json) (`2023-05-24T00:59:39.260`)
* [CVE-2023-20914](CVE-2023/CVE-2023-209xx/CVE-2023-20914.json) (`2023-05-24T00:14:55.697`)
* [CVE-2023-20930](CVE-2023/CVE-2023-209xx/CVE-2023-20930.json) (`2023-05-24T00:15:11.830`)
* [CVE-2023-21102](CVE-2023/CVE-2023-211xx/CVE-2023-21102.json) (`2023-05-24T00:15:29.453`)
* [CVE-2023-21103](CVE-2023/CVE-2023-211xx/CVE-2023-21103.json) (`2023-05-24T00:15:42.343`)
* [CVE-2023-21104](CVE-2023/CVE-2023-211xx/CVE-2023-21104.json) (`2023-05-24T00:16:17.847`)
* [CVE-2023-21106](CVE-2023/CVE-2023-211xx/CVE-2023-21106.json) (`2023-05-24T00:16:34.480`)
* [CVE-2023-21107](CVE-2023/CVE-2023-211xx/CVE-2023-21107.json) (`2023-05-24T00:17:10.547`)
* [CVE-2023-21109](CVE-2023/CVE-2023-211xx/CVE-2023-21109.json) (`2023-05-24T00:17:22.613`)
* [CVE-2023-21110](CVE-2023/CVE-2023-211xx/CVE-2023-21110.json) (`2023-05-24T00:17:35.097`)
* [CVE-2023-21111](CVE-2023/CVE-2023-211xx/CVE-2023-21111.json) (`2023-05-24T00:17:46.907`)
* [CVE-2023-21112](CVE-2023/CVE-2023-211xx/CVE-2023-21112.json) (`2023-05-24T00:17:58.943`)
* [CVE-2023-21116](CVE-2023/CVE-2023-211xx/CVE-2023-21116.json) (`2023-05-24T00:19:34.900`)
* [CVE-2023-21117](CVE-2023/CVE-2023-211xx/CVE-2023-21117.json) (`2023-05-24T00:19:55.867`)
* [CVE-2023-21118](CVE-2023/CVE-2023-211xx/CVE-2023-21118.json) (`2023-05-24T00:20:11.947`)
* [CVE-2023-2682](CVE-2023/CVE-2023-26xx/CVE-2023-2682.json) (`2023-05-24T01:06:31.557`)
* [CVE-2023-1934](CVE-2023/CVE-2023-19xx/CVE-2023-1934.json) (`2023-05-24T01:24:00.233`)
* [CVE-2023-27823](CVE-2023/CVE-2023-278xx/CVE-2023-27823.json) (`2023-05-24T01:27:36.207`)
* [CVE-2023-31922](CVE-2023/CVE-2023-319xx/CVE-2023-31922.json) (`2023-05-24T01:30:08.417`)
* [CVE-2023-29242](CVE-2023/CVE-2023-292xx/CVE-2023-29242.json) (`2023-05-24T01:34:24.577`)
* [CVE-2023-30763](CVE-2023/CVE-2023-307xx/CVE-2023-30763.json) (`2023-05-24T01:36:38.743`)
## Download and Usage