admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-06-27T14:00:27.456279+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-06-27 14:00:30 +00:00
parent 41dc11e561
commit 8b23488a72
45 changed files with 2030 additions and 186 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2020/CVE-2020-230xx/CVE-2020-23064.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-23064",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-26T19:15:09.450",
"lastModified": "2023-06-26T22:13:28.460",
"lastModified": "2023-06-27T13:15:09.227",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in jQuery v.2.2.0 thru v.3.5.0 allows a remote attacker to execute arbitrary code via the <options> element."
"value": "Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the <options> element."
}
],
"metrics": {},

21
CVE-2022/CVE-2022-419xx/CVE-2022-41981.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-41981",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2022-12-22T22:15:15.893",
"lastModified": "2023-05-30T06:15:24.047",
"vulnStatus": "Modified",
"lastModified": "2023-06-27T13:32:16.863",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -58,22 +58,26 @@
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "nvd@nist.gov",
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
"value": "CWE-121"
}
]
}
@ -113,7 +117,10 @@
"references": [
{
"url": "https://security.gentoo.org/glsa/202305-33",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1628",

4
CVE-2022/CVE-2022-427xx/CVE-2022-42735.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-42735",
"sourceIdentifier": "security@apache.org",
"published": "2023-02-15T10:15:16.403",
"lastModified": "2023-02-24T14:11:01.343",
"lastModified": "2023-06-27T13:29:49.243",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -41,7 +41,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
"value": "CWE-269"
}
]
},

4
CVE-2022/CVE-2022-42xx/CVE-2022-4291.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-4291",
"sourceIdentifier": "security@nortonlifelock.com",
"published": "2022-12-08T00:15:10.610",
"lastModified": "2022-12-12T17:22:47.370",
"lastModified": "2023-06-27T13:23:00.127",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -61,7 +61,7 @@
"description": [
{
"lang": "en",
"value": "CWE-119"
"value": "CWE-787"
}
]
},

4
CVE-2022/CVE-2022-434xx/CVE-2022-43400.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-43400",
"sourceIdentifier": "productcert@siemens.com",
"published": "2022-10-21T14:15:09.483",
"lastModified": "2023-03-01T18:07:33.733",
"lastModified": "2023-06-27T13:23:45.353",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -45,7 +45,7 @@
"description": [
{
"lang": "en",
"value": "CWE-863"
"value": "CWE-287"
}
]
},

4
CVE-2022/CVE-2022-435xx/CVE-2022-43581.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-43581",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2022-12-07T18:15:10.033",
"lastModified": "2022-12-10T03:07:23.540",
"lastModified": "2023-06-27T13:23:11.277",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -61,7 +61,7 @@
"description": [
{
"lang": "en",
"value": "CWE-119"
"value": "CWE-862"
}
]
},

14
CVE-2022/CVE-2022-439xx/CVE-2022-43927.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-43927",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-02-17T17:15:11.333",
"lastModified": "2023-02-25T03:20:37.757",
"lastModified": "2023-06-27T13:33:24.577",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -56,8 +56,18 @@
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",

14
CVE-2022/CVE-2022-43xx/CVE-2022-4349.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-4349",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-12-08T08:15:09.693",
"lastModified": "2022-12-10T02:27:49.590",
"lastModified": "2023-06-27T13:22:39.333",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -56,8 +56,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",

4
CVE-2022/CVE-2022-43xx/CVE-2022-4366.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-4366",
"sourceIdentifier": "security@huntr.dev",
"published": "2022-12-08T19:15:10.157",
"lastModified": "2022-12-12T15:29:16.477",
"lastModified": "2023-06-27T13:19:39.043",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -63,7 +63,7 @@
"description": [
{
"lang": "en",
"value": "CWE-668"
"value": "CWE-862"
}
]
},

4
CVE-2022/CVE-2022-445xx/CVE-2022-44565.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-44565",
"sourceIdentifier": "support@hackerone.com",
"published": "2022-12-23T15:15:15.847",
"lastModified": "2023-01-04T18:15:27.317",
"lastModified": "2023-06-27T13:32:01.490",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -41,7 +41,7 @@
"description": [
{
"lang": "en",
"value": "CWE-863"
"value": "NVD-CWE-Other"
}
]
},

10
CVE-2022/CVE-2022-451xx/CVE-2022-45143.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-45143",
"sourceIdentifier": "security@apache.org",
"published": "2023-01-03T19:15:10.403",
"lastModified": "2023-06-27T02:42:19.317",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-27T13:15:09.350",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -36,7 +36,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "security@apache.org",
"type": "Primary",
"description": [
{
@ -46,12 +46,12 @@
]
},
{
"source": "security@apache.org",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-74"
"value": "CWE-116"
}
]
}

12
CVE-2022/CVE-2022-453xx/CVE-2022-45378.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-45378",
"sourceIdentifier": "security@apache.org",
"published": "2022-11-14T14:15:10.200",
"lastModified": "2023-06-27T02:41:33.980",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-27T13:15:09.483",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED **In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
"value": "** UNSUPPPORTED WHEN ASSIGNED ** In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": {
@ -36,7 +36,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "security@apache.org",
"type": "Primary",
"description": [
{
@ -46,12 +46,12 @@
]
},
{
"source": "security@apache.org",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
"value": "CWE-306"
}
]
}

18
CVE-2022/CVE-2022-471xx/CVE-2022-47194.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-47194",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-01-19T18:15:13.553",
"lastModified": "2023-01-27T14:54:40.440",
"lastModified": "2023-06-27T13:31:29.440",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -58,8 +58,22 @@
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1188"
},
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",

47
CVE-2022/CVE-2022-475xx/CVE-2022-47586.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-47586",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-19T12:15:09.340",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T13:52:24.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themefic:ultimate_addons_for_contact_form_7:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.1.24",
"matchCriteriaId": "0C01788C-79DC-474A-87D3-BE12E9713ED9"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ultimate-addons-for-contact-form-7/wordpress-ultimate-addons-for-contact-form-7-plugin-3-1-23-sql-injection?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-24xx/CVE-2023-2431.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2431",
"sourceIdentifier": "jordan@liggitt.net",
"published": "2023-06-16T08:15:08.770",
"lastModified": "2023-06-16T12:47:18.707",
"lastModified": "2023-06-27T13:15:09.597",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -54,6 +54,10 @@
{
"url": "https://groups.google.com/g/kubernetes-security-announce/c/QHmx0HOQa10",
"source": "jordan@liggitt.net"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBX4RL4UOC7JHWWYB2AJCKSUM7EG5Y5G/",
"source": "jordan@liggitt.net"
}
]
}

6
CVE-2023/CVE-2023-24xx/CVE-2023-2480.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-2480",
"sourceIdentifier": "security@m-files.com",
"published": "2023-05-25T14:15:10.120",
"lastModified": "2023-06-02T18:34:51.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-27T13:15:09.690",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Missing access permissions checks in M-Files Client before 23.5.12598.0 allows elevation of privilege via UI extension applications"
"value": "Missing access permissions checks in M-Files Client before 23.5.12598.0 (excluding 23.2 SR2 and newer) allows elevation of privilege via UI extension applications"
}
],
"metrics": {

110
CVE-2023/CVE-2023-279xx/CVE-2023-27992.json
View File

@ -2,8 +2,12 @@
"id": "CVE-2023-27992",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-06-19T12:15:09.433",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T12:49:34.573",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2023-06-23",
"cisaActionDue": "2023-07-14",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Zyxel Multiple NAS Devices Command Injection Vulnerability",
"descriptions": [
{
"lang": "en",
@ -35,6 +39,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "security@zyxel.com.tw",
"type": "Secondary",
@ -46,10 +60,100 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nas326_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.21\\(aazf.13\\)c0",
"matchCriteriaId": "E1C7EF7A-7A3B-4DAB-B42A-2C84F861A5D2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nas326:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0A01B19-4A91-4FBC-8447-2E854346DAC5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nas540_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.21\\(aatb.10\\)c0",
"matchCriteriaId": "0E8018F0-97F9-46E1-954B-08BA1BCE33AB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nas540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2F7264C-D32A-4EE9-BADC-78518D762BCA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nas542_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.21\\(abag.10\\)c0",
"matchCriteriaId": "1F106841-EEF2-4EFA-BD32-514AF9C74F22"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nas542:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31C4DD0F-28D0-4BF7-897B-5EEC32AA7277"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products",
"source": "security@zyxel.com.tw"
"source": "security@zyxel.com.tw",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-27xx/CVE-2023-2779.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-2779",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-19T11:15:10.653",
"lastModified": "2023-06-21T18:15:12.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T12:56:39.960",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,14 +46,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:heator:social_share\\,_social_login_and_social_comments:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "7.13.52",
"matchCriteriaId": "175C9183-DD97-42FF-8822-4E966C27C578"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/173053/WordPress-Super-Socializer-7.13.52-Cross-Site-Scripting.html",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://wpscan.com/vulnerability/fe9b7696-3b0e-42e2-9dbc-55167605f5c5",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit"
]
}
]
}

134
CVE-2023/CVE-2023-281xx/CVE-2023-28191.json
View File

@ -2,39 +2,155 @@
"id": "CVE-2023-28191",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-06-23T18:15:11.240",
"lastModified": "2023-06-23T19:24:43.457",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T12:47:58.410",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.5",
"matchCriteriaId": "A4021D9E-B688-4FBC-B43A-D3C28FD38E67"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.5",
"matchCriteriaId": "CFA59B02-43A5-4865-8560-AA32D69E5C5E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0.0",
"versionEndExcluding": "11.7.7",
"matchCriteriaId": "912B06DB-2C35-43B1-B0E4-250335139BE0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.6.6",
"matchCriteriaId": "057C3BDA-4822-4256-A016-4B32A05DD3B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.4",
"matchCriteriaId": "DA07361B-D827-471F-9443-4BE4265D6A3B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.5",
"matchCriteriaId": "D36613A6-BD83-4A57-8EE1-C186EB69DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.5",
"matchCriteriaId": "BE5DB973-7B51-4232-8E1D-231078FE275C"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213757",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213758",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213759",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213760",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213761",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213764",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-28xx/CVE-2023-2805.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-2805",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-19T11:15:10.710",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T13:12:41.560",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[] parameter in the set_add_agent_leaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:supportcandy:supportcandy:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.1.7",
"matchCriteriaId": "7AA91086-CCE7-4F66-8DBB-4D95EEC36BC2"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/bdb75c8c-87e2-4358-ad3b-f4236e9a43c0",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-28xx/CVE-2023-2811.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-2811",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-19T11:15:10.763",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T13:14:25.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:quantumcloud:ai_chatbot:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.5.6",
"matchCriteriaId": "5C1827CA-ABF7-4DA2-B3FA-1DB66B324C2A"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/82a81721-0435-45a6-bd5b-dc90186cf803",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-28xx/CVE-2023-2812.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-2812",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-19T11:15:10.813",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T13:23:06.547",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Dashboard WordPress plugin before 3.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ultimate_dashboard_project:ultimate_dashboard:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.7.6",
"matchCriteriaId": "20CD0772-A9DF-43BC-A314-0628B4DB2414"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/7de4c313-359e-4450-85f5-d29f3c2f046a",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-28xx/CVE-2023-2899.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-2899",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-19T11:15:10.867",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T13:39:17.767",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Google Map Shortcode WordPress plugin through 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:web-argument:google_map_shortcode:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.1.2",
"matchCriteriaId": "B35AF7C5-A052-46C6-B35A-B847DA292C2E"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/92dcbeb3-17db-4d10-8ae7-c99acdb48c78",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-322xx/CVE-2023-32220.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32220",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2023-06-12T21:15:22.673",
"lastModified": "2023-06-13T13:00:53.777",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T13:10:22.060",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
@ -34,10 +54,54 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:milesight:ncr\\/camera_firmware:71.8.0.6-r5:*:*:*:*:*:*:*",
"matchCriteriaId": "932A78A4-FA43-4247-9F25-A4AE5FDDC9A6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:milesight:ncr\\/camera:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88745DC8-B8DA-4CF1-A03D-4913809A8715"
}
]
}
]
}
],
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"source": "cna@cyber.gov.il"
"source": "cna@cyber.gov.il",
"tags": [
"Third Party Advisory"
]
}
]
}

108
CVE-2023/CVE-2023-323xx/CVE-2023-32372.json
View File

@ -2,31 +2,125 @@
"id": "CVE-2023-32372",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-06-23T18:15:11.963",
"lastModified": "2023-06-23T19:24:39.577",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T12:45:16.263",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. Processing an image may result in disclosure of process memory"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.5",
"matchCriteriaId": "A4021D9E-B688-4FBC-B43A-D3C28FD38E67"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.5",
"matchCriteriaId": "CFA59B02-43A5-4865-8560-AA32D69E5C5E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.4",
"matchCriteriaId": "DA07361B-D827-471F-9443-4BE4265D6A3B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.5",
"matchCriteriaId": "D36613A6-BD83-4A57-8EE1-C186EB69DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.5",
"matchCriteriaId": "BE5DB973-7B51-4232-8E1D-231078FE275C"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213757",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213758",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213761",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213764",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

144
CVE-2023/CVE-2023-323xx/CVE-2023-32373.json
View File

@ -2,39 +2,165 @@
"id": "CVE-2023-32373",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-06-23T18:15:12.007",
"lastModified": "2023-06-23T19:24:39.577",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T12:47:29.253",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2023-05-22",
"cisaActionDue": "2023-06-12",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Apple Multiple Products WebKit Use-After-Free Vulnerability",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.5",
"matchCriteriaId": "21B2F081-D602-4C84-8343-6327B23176D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.7.6",
"matchCriteriaId": "4EC9E481-57D3-4F4D-A8D2-7DA0272F0706"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.0",
"versionEndExcluding": "16.5",
"matchCriteriaId": "830FA87A-4E89-4E04-A8AF-A1FF08D77B2E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0.0",
"versionEndExcluding": "15.7.6",
"matchCriteriaId": "377397F0-7A43-442A-BC27-40CE0F04432D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.0",
"versionEndExcluding": "16.5",
"matchCriteriaId": "424F077B-6678-4CE3-A216-C98E6D48F8AC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.4",
"matchCriteriaId": "ADD1755A-5CD2-4EED-8C6C-4729FADFA3F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.5",
"matchCriteriaId": "D36613A6-BD83-4A57-8EE1-C186EB69DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.5",
"matchCriteriaId": "BE5DB973-7B51-4232-8E1D-231078FE275C"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213757",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213758",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213761",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213762",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213764",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213765",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

92
CVE-2023/CVE-2023-323xx/CVE-2023-32387.json
View File

@ -2,27 +2,107 @@
"id": "CVE-2023-32387",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-06-23T18:15:12.373",
"lastModified": "2023-06-23T19:24:39.577",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T12:52:14.023",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A remote attacker may be able to cause unexpected app termination or arbitrary code execution"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0.0",
"versionEndExcluding": "11.7.7",
"matchCriteriaId": "912B06DB-2C35-43B1-B0E4-250335139BE0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.6.6",
"matchCriteriaId": "057C3BDA-4822-4256-A016-4B32A05DD3B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.4",
"matchCriteriaId": "DA07361B-D827-471F-9443-4BE4265D6A3B"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213758",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213759",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213760",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-32xx/CVE-2023-3206.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3206",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-12T15:15:09.887",
"lastModified": "2023-06-12T16:20:33.897",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T13:07:57.660",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -61,8 +83,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -71,18 +103,57 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:feiyuxing:vec40g_firmware:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C841EC2-FFCE-4745-811D-E2ED558279BC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:feiyuxing:vec40g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F97F764F-98AA-4B0B-9053-8F92BAD1A31A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/shulao2020/cve/blob/main/Flying%20Fish.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.231229",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.231229",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-32xx/CVE-2023-3208.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3208",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-12T15:15:09.987",
"lastModified": "2023-06-12T16:20:33.897",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T13:09:52.753",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:roadflow:roadflow:2.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F495A0-7719-48F7-B242-3412A788F37F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/yangxixx/vulhub/blob/master/activemq/RoadFlow.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.231230",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.231230",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-32xx/CVE-2023-3220.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-3220",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-06-20T20:15:09.737",
"lastModified": "2023-06-21T12:29:48.917",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T12:44:47.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel through 6.1-rc8. dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() and will cause the NULL Pointer Dereference."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -23,10 +56,33 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3",
"matchCriteriaId": "3769AA63-B0A8-4EF1-96F9-6A6A6B305A02"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=93340e10b9c5fc86730d149636e0aa8b47bb5a34",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
]
}
]
}

82
CVE-2023/CVE-2023-335xx/CVE-2023-33584.json
View File

@ -2,31 +2,99 @@
"id": "CVE-2023-33584",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-21T13:15:10.117",
"lastModified": "2023-06-21T15:14:56.427",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T12:41:36.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enrollment_system_project:enrollment_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA4C226-CCBD-4783-9C9F-13367724AE51"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/172718/Enrollment-System-Project-1.0-Authentication-Bypass-SQL-Injection.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/sudovivek/CVE/blob/main/CVE-2023-33584/CVE-2023-33584.txt",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://packetstormsecurity.com/files/cve/CVE-2023-33584",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.sourcecodester.com/php/14444/enrollment-system-project-source-code-using-phpmysql.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

64
CVE-2023/CVE-2023-33xx/CVE-2023-3312.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-3312",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-06-19T18:15:09.920",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T12:44:33.867",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. This flaw, during device unbind will lead to double release problem leading to denial of service."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-415"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -23,10 +56,33 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4",
"matchCriteriaId": "18D12E25-2947-44E7-989D-24450E013A1F"
}
]
}
]
}
],
"references": [
{
"url": "https://patchwork.kernel.org/project/linux-pm/patch/20230323174026.950622-1-krzysztof.kozlowski@linaro.org/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-33xx/CVE-2023-3316.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3316",
"sourceIdentifier": "reefs@jfrog.com",
"published": "2023-06-19T12:15:09.520",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T12:49:10.240",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "reefs@jfrog.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
},
{
"source": "reefs@jfrog.com",
"type": "Secondary",
@ -46,10 +76,36 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libtiff:libtiff:3.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7D0901DF-4C9A-46A6-A5F9-6CFC945B39AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libtiff:libtiff:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A8246A12-73A8-4171-847E-D894E0B17DAE"
}
]
}
]
}
],
"references": [
{
"url": "https://research.jfrog.com/vulnerabilities/libtiff-nullderef-dos-xray-522144/",
"source": "reefs@jfrog.com"
"source": "reefs@jfrog.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-33xx/CVE-2023-3339.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3339",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-21T07:15:42.667",
"lastModified": "2023-06-21T12:29:48.917",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T12:42:05.453",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:agro-school_management_system_project:agro-school_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96ADB127-DE0B-4CD5-B718-C3E50D8AFDD5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/6rignard/CveReport/blob/main/Agro-School%20Management%20System%20exam-delete.php%20has%20Sqlinjection.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.232015",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.232015",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

36
CVE-2023/CVE-2023-343xx/CVE-2023-34395.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-34395",
"sourceIdentifier": "security@apache.org",
"published": "2023-06-27T12:15:13.187",
"lastModified": "2023-06-27T12:15:13.187",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Software Foundation Apache Airflow ODBC Provider.\nIn OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of arbitrary dynamic-link libraries, resulting in command execution.\nStarting version 4.0.0 driver can be set only from the hook constructor.\nThis issue affects Apache Airflow ODBC Provider: before 4.0.0.\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-88"
}
]
}
],
"references": [
{
"url": "https://github.com/apache/airflow/pull/31713",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/l26yykftzbhc9tgcph8cso88bc2lqwwd",
"source": "security@apache.org"
}
]
}

69
CVE-2023/CVE-2023-346xx/CVE-2023-34641.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-34641",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-19T05:15:09.630",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T12:50:42.143",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print() which can then be used to open an unprivileged command prompt."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kioware:kioware:*:*:*:*:*:windows:*:*",
"versionEndIncluding": "8.33",
"matchCriteriaId": "064FCB8D-FB5D-482C-9C07-7619E3EF6685"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/huntergregal/CVE/tree/main/TBD-KIOWARE-001",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://www.kioware.com/versionhistory.aspx?pid=15",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

69
CVE-2023/CVE-2023-346xx/CVE-2023-34642.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-34642",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-19T05:15:09.670",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T12:50:28.597",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function showDirectoryPicker() which can then be used to open an unprivileged command prompt."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kioware:kioware:*:*:*:*:*:windows:*:*",
"versionEndIncluding": "8.33",
"matchCriteriaId": "064FCB8D-FB5D-482C-9C07-7619E3EF6685"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/huntergregal/CVE/tree/main/TBD-KIOWARE-002",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://www.kioware.com/versionhistory.aspx?pid=15",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

36
CVE-2023/CVE-2023-357xx/CVE-2023-35798.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-35798",
"sourceIdentifier": "security@apache.org",
"published": "2023-06-27T12:15:13.340",
"lastModified": "2023-06-27T12:15:13.340",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This\u00a0vulnerability is considered low since it requires DAG code to use `get_sqlalchemy_connection` and someone with access to connection resources specifically\u00a0updating the connection to exploit it.\n\nThis issue affects Apache Airflow ODBC Provider: before 4.0.0; Apache Airflow MSSQL Provider: before 3.4.1.\n\nIt is recommended to\u00a0upgrade to a version that is not affected\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/apache/airflow/pull/31984",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/951rb9m7wwox5p30tdvcfjxq8j1mp4pj",
"source": "security@apache.org"
}
]
}

75
CVE-2023/CVE-2023-358xx/CVE-2023-35862.json
View File

@ -2,27 +2,90 @@
"id": "CVE-2023-35862",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-19T05:15:09.713",
"lastModified": "2023-06-20T07:12:55.493",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T12:50:18.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "libcoap 4.3.1 contains a buffer over-read via the function coap_parse_oscore_conf_mem at coap_oscore.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libcoap:libcoap:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73BB8531-9A00-4B86-B31F-3D4896A1E15E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/obgm/libcoap/issues/1117",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://github.com/obgm/libcoap/pull/1118",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/obgm/libcoap/tags",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

47
CVE-2023/CVE-2023-358xx/CVE-2023-35884.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35884",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-20T07:15:08.993",
"lastModified": "2023-06-20T13:03:08.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T12:44:17.220",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:metagauss:eventprime:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.0.5",
"matchCriteriaId": "C45CBF14-9F23-43C1-A044-968AB24B2443"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/eventprime-event-calendar-management/wordpress-eventprime-plugin-3-0-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-362xx/CVE-2023-36271.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-36271",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-23T15:15:10.027",
"lastModified": "2023-06-23T15:49:09.940",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T12:18:30.333",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnu:libredwg:0.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B002438-509E-462D-B17E-129197C3E4B3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/LibreDWG/libredwg/issues/681#BUG2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-362xx/CVE-2023-36272.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-36272",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-23T15:15:10.103",
"lastModified": "2023-06-23T15:49:09.940",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T12:18:19.927",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnu:libredwg:0.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B002438-509E-462D-B17E-129197C3E4B3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/LibreDWG/libredwg/issues/681#BUG1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-362xx/CVE-2023-36273.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-36273",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-23T15:15:10.160",
"lastModified": "2023-06-23T15:49:09.940",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T12:42:21.960",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnu:libredwg:0.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B002438-509E-462D-B17E-129197C3E4B3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/LibreDWG/libredwg/issues/677#BUG1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-362xx/CVE-2023-36274.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-36274",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-23T15:15:10.213",
"lastModified": "2023-06-23T15:49:09.940",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-27T12:41:05.803",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnu:libredwg:0.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B002438-509E-462D-B17E-129197C3E4B3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/LibreDWG/libredwg/issues/677#BUG2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

46
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-06-27T12:00:25.713818+00:00
2023-06-27T14:00:27.456279+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-06-27T10:58:40.580000+00:00
2023-06-27T13:52:24.327000+00:00
```
### Last Data Feed Release
@ -29,28 +29,46 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
218623
218625
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `2`
* [CVE-2023-34395](CVE-2023/CVE-2023-343xx/CVE-2023-34395.json) (`2023-06-27T12:15:13.187`)
* [CVE-2023-35798](CVE-2023/CVE-2023-357xx/CVE-2023-35798.json) (`2023-06-27T12:15:13.340`)
### CVEs modified in the last Commit
Recently modified CVEs: `9`
Recently modified CVEs: `42`
* [CVE-2022-46718](CVE-2022/CVE-2022-467xx/CVE-2022-46718.json) (`2023-06-27T10:51:37.977`)
* [CVE-2022-46715](CVE-2022/CVE-2022-467xx/CVE-2022-46715.json) (`2023-06-27T10:52:49.890`)
* [CVE-2022-42860](CVE-2022/CVE-2022-428xx/CVE-2022-42860.json) (`2023-06-27T10:53:11.793`)
* [CVE-2022-42792](CVE-2022/CVE-2022-427xx/CVE-2022-42792.json) (`2023-06-27T10:56:49.913`)
* [CVE-2023-27940](CVE-2023/CVE-2023-279xx/CVE-2023-27940.json) (`2023-06-27T10:41:22.243`)
* [CVE-2023-27930](CVE-2023/CVE-2023-279xx/CVE-2023-27930.json) (`2023-06-27T10:42:32.663`)
* [CVE-2023-23516](CVE-2023/CVE-2023-235xx/CVE-2023-23516.json) (`2023-06-27T10:50:59.907`)
* [CVE-2023-32384](CVE-2023/CVE-2023-323xx/CVE-2023-32384.json) (`2023-06-27T10:58:14.053`)
* [CVE-2023-32385](CVE-2023/CVE-2023-323xx/CVE-2023-32385.json) (`2023-06-27T10:58:40.580`)
* [CVE-2023-33584](CVE-2023/CVE-2023-335xx/CVE-2023-33584.json) (`2023-06-27T12:41:36.247`)
* [CVE-2023-3339](CVE-2023/CVE-2023-33xx/CVE-2023-3339.json) (`2023-06-27T12:42:05.453`)
* [CVE-2023-36273](CVE-2023/CVE-2023-362xx/CVE-2023-36273.json) (`2023-06-27T12:42:21.960`)
* [CVE-2023-35884](CVE-2023/CVE-2023-358xx/CVE-2023-35884.json) (`2023-06-27T12:44:17.220`)
* [CVE-2023-3312](CVE-2023/CVE-2023-33xx/CVE-2023-3312.json) (`2023-06-27T12:44:33.867`)
* [CVE-2023-3220](CVE-2023/CVE-2023-32xx/CVE-2023-3220.json) (`2023-06-27T12:44:47.967`)
* [CVE-2023-32372](CVE-2023/CVE-2023-323xx/CVE-2023-32372.json) (`2023-06-27T12:45:16.263`)
* [CVE-2023-32373](CVE-2023/CVE-2023-323xx/CVE-2023-32373.json) (`2023-06-27T12:47:29.253`)
* [CVE-2023-28191](CVE-2023/CVE-2023-281xx/CVE-2023-28191.json) (`2023-06-27T12:47:58.410`)
* [CVE-2023-3316](CVE-2023/CVE-2023-33xx/CVE-2023-3316.json) (`2023-06-27T12:49:10.240`)
* [CVE-2023-27992](CVE-2023/CVE-2023-279xx/CVE-2023-27992.json) (`2023-06-27T12:49:34.573`)
* [CVE-2023-35862](CVE-2023/CVE-2023-358xx/CVE-2023-35862.json) (`2023-06-27T12:50:18.327`)
* [CVE-2023-34642](CVE-2023/CVE-2023-346xx/CVE-2023-34642.json) (`2023-06-27T12:50:28.597`)
* [CVE-2023-34641](CVE-2023/CVE-2023-346xx/CVE-2023-34641.json) (`2023-06-27T12:50:42.143`)
* [CVE-2023-32387](CVE-2023/CVE-2023-323xx/CVE-2023-32387.json) (`2023-06-27T12:52:14.023`)
* [CVE-2023-2779](CVE-2023/CVE-2023-27xx/CVE-2023-2779.json) (`2023-06-27T12:56:39.960`)
* [CVE-2023-3206](CVE-2023/CVE-2023-32xx/CVE-2023-3206.json) (`2023-06-27T13:07:57.660`)
* [CVE-2023-3208](CVE-2023/CVE-2023-32xx/CVE-2023-3208.json) (`2023-06-27T13:09:52.753`)
* [CVE-2023-32220](CVE-2023/CVE-2023-322xx/CVE-2023-32220.json) (`2023-06-27T13:10:22.060`)
* [CVE-2023-2805](CVE-2023/CVE-2023-28xx/CVE-2023-2805.json) (`2023-06-27T13:12:41.560`)
* [CVE-2023-2811](CVE-2023/CVE-2023-28xx/CVE-2023-2811.json) (`2023-06-27T13:14:25.397`)
* [CVE-2023-2431](CVE-2023/CVE-2023-24xx/CVE-2023-2431.json) (`2023-06-27T13:15:09.597`)
* [CVE-2023-2480](CVE-2023/CVE-2023-24xx/CVE-2023-2480.json) (`2023-06-27T13:15:09.690`)
* [CVE-2023-2812](CVE-2023/CVE-2023-28xx/CVE-2023-2812.json) (`2023-06-27T13:23:06.547`)
* [CVE-2023-2899](CVE-2023/CVE-2023-28xx/CVE-2023-2899.json) (`2023-06-27T13:39:17.767`)
## Download and Usage