admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 11:07:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-26T20:00:25.309564+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-26 20:00:29 +00:00
parent 0a8bedf7eb
commit 8b7ef78b69
14 changed files with 836 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
CVE-2015/CVE-2015-69xx/CVE-2015-6964.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2015-6964",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-25T05:15:10.243",
"lastModified": "2023-09-25T13:03:52.033",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T18:26:06.317",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "MultiBit HD anterior a la versi\u00f3n 0.1.2 permite a los atacantes realizar ataques de bit-flipping que insertan direcciones de Bitcoin no utilizables en la lista que utiliza MultiBit para enviar multas a los desarrolladores. (En realidad, los atacantes no pueden robar estas \"multas\" para s\u00ed mismos). Esto ocurre porque no existe un c\u00f3digo de autenticaci\u00f3n de mensajes (MAC)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-697"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:multibit:multibit_hd:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.1.2",
"matchCriteriaId": "C29BB444-01F8-4CBA-9BB4-9F59FE2455CB"
}
]
}
]
}
],
"references": [
{
"url": "https://web.archive.org/web/20160506095434/https://multibit.org/blog/2015/07/25/bit-flipping-attack.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

14
CVE-2021/CVE-2021-336xx/CVE-2021-33641.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-33641",
"sourceIdentifier": "securities@openeuler.org",
"published": "2023-01-20T21:15:10.803",
"lastModified": "2023-02-06T18:55:16.500",
"lastModified": "2023-09-26T19:53:49.097",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -17,19 +17,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]

14
CVE-2021/CVE-2021-336xx/CVE-2021-33642.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-33642",
"sourceIdentifier": "securities@openeuler.org",
"published": "2023-01-20T21:15:11.043",
"lastModified": "2023-02-02T17:27:38.693",
"lastModified": "2023-09-26T19:53:42.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -17,19 +17,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]

75
CVE-2022/CVE-2022-486xx/CVE-2022-48605.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2022-48605",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-09-25T13:15:10.590",
"lastModified": "2023-09-25T13:43:44.787",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T18:53:26.107",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Input verification vulnerability in the fingerprint module. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability."
},
{
"lang": "es",
"value": "Vulnerabilidad de verificaci\u00f3n de entrada en el m\u00f3dulo de huellas dactilares. La explotaci\u00f3n exitosa de esta vulnerabilidad afectar\u00e1 la confidencialidad, la integridad y la disponibilidad."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@huawei.com",
"type": "Secondary",
@ -23,14 +60,42 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71C1C232-EA33-47F5-8C50-353C1D310581"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "102432F7-CD53-49F4-BFFF-A7CEBB535DBB"
}
]
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/9/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

46
CVE-2023/CVE-2023-269xx/CVE-2023-26916.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26916",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-03T22:15:07.060",
"lastModified": "2023-04-14T03:15:10.860",
"vulnStatus": "Modified",
"lastModified": "2023-09-26T19:52:52.603",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,7 +17,7 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -25,12 +25,12 @@
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
"impactScore": 1.4
}
]
},
@ -63,6 +63,26 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
}
]
}
]
}
],
"references": [
@ -76,11 +96,19 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6NQZHCJG3SBMFOQNIPRZGKDK3ARHLTTB/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2VWGCMYKQH4BTFEHX5VYEXXOPIKKFHS/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-396xx/CVE-2023-39640.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39640",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-25T19:15:09.710",
"lastModified": "2023-09-26T12:45:55.280",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T19:31:58.313",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Se descubri\u00f3 que UpLight cookiebanner anterior a 1.5.1 contiene una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del componente Hook::getHookModuleExecList()."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:uplight:cookie_law:*:*:*:*:*:prestashop:*:*",
"versionEndExcluding": "1.5.1",
"matchCriteriaId": "9DF82D27-1935-488D-A82A-00AA56E150C9"
}
]
}
]
}
],
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/09/21/cookiebanner.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

194
CVE-2023/CVE-2023-410xx/CVE-2023-41048.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41048",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-21T15:15:10.667",
"lastModified": "2023-09-22T15:15:11.000",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T18:44:34.487",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -54,34 +84,178 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:plone:namedfile:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.6.1",
"matchCriteriaId": "6E9AB900-6A21-4C28-8894-9BAFCB82874F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:a:plone:plone:5.2:-:*:*:*:*:*:*",
"matchCriteriaId": "A59FAF1B-D7E6-4E0D-894B-3C0FB72AC709"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:plone:namedfile:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.0.3",
"matchCriteriaId": "95C190CC-16E1-445E-B459-729304DADA6C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndIncluding": "6.0.4",
"matchCriteriaId": "8285C132-76EC-49B2-A91B-6EC5669A6CB5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:plone:namedfile:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1.0",
"versionEndExcluding": "6.1.3",
"matchCriteriaId": "44357938-13EE-488F-BEB8-B2E3704E94CF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:a:plone:plone:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8E612230-2BA8-4AC1-8EA2-D33E008F66AC"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:a:plone:plone:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BC97446F-B030-47D8-A7B7-C1D38EAB8BAA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:plone:namedfile:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "82190457-CDB2-4347-80CA-6937AA3F42FA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:a:plone:plone:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E7C2BC43-9BFB-4147-BDE8-615D4B6C6F32"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://github.com/plone/Products.PloneHotfix20210518",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/plone/plone.namedfile/commit/188f66a4577021cf8f2bf7c0f5150f9b9573f167",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/plone/plone.namedfile/commit/217d6ce847b7171bf1b73fcb6c08010eb449216a",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/plone/plone.namedfile/commit/f0f911f2a72b2e5c923dc2ab9179319cc47788f9",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/plone/plone.namedfile/commit/ff5269fb4c79f4eb91dd934561b8824a49a03b60",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/plone/plone.namedfile/security/advisories/GHSA-jj7c-jrv4-c65x",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-412xx/CVE-2023-41295.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41295",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-09-25T12:15:10.897",
"lastModified": "2023-09-25T13:03:52.033",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T19:50:32.080",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,78 @@
"value": "Vulnerabilidad de gesti\u00f3n inadecuada de permisos en el m\u00f3dulo displayengine. La explotaci\u00f3n exitosa de esta vulnerabilidad puede hacer que la pantalla se aten\u00fae."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71C1C232-EA33-47F5-8C50-353C1D310581"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "102432F7-CD53-49F4-BFFF-A7CEBB535DBB"
}
]
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/9/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

109
CVE-2023/CVE-2023-41xx/CVE-2023-4156.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4156",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-25T18:15:11.013",
"lastModified": "2023-09-25T18:22:53.047",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T19:39:17.100",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un error de lectura fuera de l\u00edmites en el paquete gawk de buildin.c. Este problema puede provocar un bloqueo y podr\u00eda utilizarse para leer informaci\u00f3n confidencial."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -34,14 +58,91 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnu:gawk:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.1.1",
"matchCriteriaId": "C6912557-C46F-4E23-A0D3-D53169BE85F0"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4156",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Release Notes",
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215930",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Release Notes",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-431xx/CVE-2023-43131.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-43131",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-25T15:15:10.567",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T19:08:13.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "General Device Manager 2.5.2.2 is vulnerable to Buffer Overflow."
},
{
"lang": "es",
"value": "General Device Manager 2.5.2.2 es vulnerable al desbordamiento del b\u00fafer."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:maxiguvenlik:general_device_manager:2.5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C39FE2D4-8C5F-44A1-81B9-E62A7A70073A"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.exploit-db.com/exploits/51641",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

12
CVE-2023/CVE-2023-48xx/CVE-2023-4806.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-4806",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-18T17:15:55.813",
"lastModified": "2023-09-22T13:44:01.787",
"lastModified": "2023-09-26T19:54:11.657",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -17,19 +17,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"exploitabilityScore": 2.2,
"impactScore": 3.6
},
{

66
CVE-2023/CVE-2023-48xx/CVE-2023-4892.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4892",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-25T16:15:15.530",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T18:59:31.087",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Teedy v1.11 has a vulnerability in its text editor that allows events\n\nto be executed in HTML tags that an attacker could manipulate. Thanks\n\nto this, it is possible to execute malicious JavaScript in the webapp.\n\n\n\n"
},
{
"lang": "es",
"value": "Teedy v1.11 tiene una vulnerabilidad en su editor de texto que permite ejecutar eventos en etiquetas HTML que un atacante podr\u00eda manipular. Gracias a esto, es posible ejecutar JavaScript malicioso en la aplicaci\u00f3n web.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sismics:teedy:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7008DF-9901-48D2-9079-D4F89F4E810E"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/freebird",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://teedy.io",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

93
CVE-2023/CVE-2023-51xx/CVE-2023-5143.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5143",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-24T23:15:10.210",
"lastModified": "2023-09-25T01:35:47.210",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T18:19:16.740",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-7000 up to 20151231. This issue affects some unknown processing of the file /log/webmailattach.php. The manipulation of the argument table_name leads to an unknown weakness. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240239. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced."
},
{
"lang": "es",
"value": "** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO ** ** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO ** Se encontr\u00f3 una vulnerabilidad clasificada como cr\u00edtica en D-Link DAR-7000 hasta 20151231. Este problema afecta un procesamiento desconocido del archivo /log/webmailattach .php. La manipulaci\u00f3n del argumento nombre_tabla conduce a una debilidad desconocida. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-240239. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el mantenedor. NOTA: Se contact\u00f3 primeramente con el proveedor y se confirm\u00f3 de inmediato que el producto ha llegado al final de su vida \u00fatil. Deber\u00eda retirarse y reemplazarse."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -59,22 +85,77 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dar-7000_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "20151231",
"matchCriteriaId": "4836497D-D886-4025-B250-F70132145453"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dar-7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1500AB3C-D11B-4683-86AC-FEB6AF6AD69F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ggg48966/cve/blob/main/D-LINK%20-DAR-7000_rce_%20webmailattach.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10354",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.240239",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.240239",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

35
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-26T18:00:25.251929+00:00
2023-09-26T20:00:25.309564+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-26T17:57:04.753000+00:00
2023-09-26T19:54:11.657000+00:00
```
### Last Data Feed Release
@ -40,24 +40,21 @@ Recently added CVEs: `0`
### CVEs modified in the last Commit
Recently modified CVEs: `16`
Recently modified CVEs: `13`
* [CVE-2020-35466](CVE-2020/CVE-2020-354xx/CVE-2020-35466.json) (`2023-09-26T17:46:20.060`)
* [CVE-2022-4039](CVE-2022/CVE-2022-40xx/CVE-2022-4039.json) (`2023-09-26T16:15:18.963`)
* [CVE-2023-34319](CVE-2023/CVE-2023-343xx/CVE-2023-34319.json) (`2023-09-26T16:11:56.963`)
* [CVE-2023-1260](CVE-2023/CVE-2023-12xx/CVE-2023-1260.json) (`2023-09-26T16:21:06.823`)
* [CVE-2023-3547](CVE-2023/CVE-2023-35xx/CVE-2023-3547.json) (`2023-09-26T16:24:21.143`)
* [CVE-2023-32653](CVE-2023/CVE-2023-326xx/CVE-2023-32653.json) (`2023-09-26T16:26:41.753`)
* [CVE-2023-39453](CVE-2023/CVE-2023-394xx/CVE-2023-39453.json) (`2023-09-26T16:30:18.753`)
* [CVE-2023-35002](CVE-2023/CVE-2023-350xx/CVE-2023-35002.json) (`2023-09-26T16:31:56.727`)
* [CVE-2023-3550](CVE-2023/CVE-2023-35xx/CVE-2023-3550.json) (`2023-09-26T16:37:10.613`)
* [CVE-2023-3664](CVE-2023/CVE-2023-36xx/CVE-2023-3664.json) (`2023-09-26T16:39:08.500`)
* [CVE-2023-43141](CVE-2023/CVE-2023-431xx/CVE-2023-43141.json) (`2023-09-26T16:55:26.053`)
* [CVE-2023-43457](CVE-2023/CVE-2023-434xx/CVE-2023-43457.json) (`2023-09-26T17:03:01.700`)
* [CVE-2023-4258](CVE-2023/CVE-2023-42xx/CVE-2023-4258.json) (`2023-09-26T17:19:08.510`)
* [CVE-2023-38907](CVE-2023/CVE-2023-389xx/CVE-2023-38907.json) (`2023-09-26T17:34:40.213`)
* [CVE-2023-1633](CVE-2023/CVE-2023-16xx/CVE-2023-1633.json) (`2023-09-26T17:46:42.743`)
* [CVE-2023-1636](CVE-2023/CVE-2023-16xx/CVE-2023-1636.json) (`2023-09-26T17:57:04.753`)
* [CVE-2015-6964](CVE-2015/CVE-2015-69xx/CVE-2015-6964.json) (`2023-09-26T18:26:06.317`)
* [CVE-2021-33642](CVE-2021/CVE-2021-336xx/CVE-2021-33642.json) (`2023-09-26T19:53:42.067`)
* [CVE-2021-33641](CVE-2021/CVE-2021-336xx/CVE-2021-33641.json) (`2023-09-26T19:53:49.097`)
* [CVE-2022-48605](CVE-2022/CVE-2022-486xx/CVE-2022-48605.json) (`2023-09-26T18:53:26.107`)
* [CVE-2023-5143](CVE-2023/CVE-2023-51xx/CVE-2023-5143.json) (`2023-09-26T18:19:16.740`)
* [CVE-2023-41048](CVE-2023/CVE-2023-410xx/CVE-2023-41048.json) (`2023-09-26T18:44:34.487`)
* [CVE-2023-4892](CVE-2023/CVE-2023-48xx/CVE-2023-4892.json) (`2023-09-26T18:59:31.087`)
* [CVE-2023-43131](CVE-2023/CVE-2023-431xx/CVE-2023-43131.json) (`2023-09-26T19:08:13.463`)
* [CVE-2023-39640](CVE-2023/CVE-2023-396xx/CVE-2023-39640.json) (`2023-09-26T19:31:58.313`)
* [CVE-2023-4156](CVE-2023/CVE-2023-41xx/CVE-2023-4156.json) (`2023-09-26T19:39:17.100`)
* [CVE-2023-41295](CVE-2023/CVE-2023-412xx/CVE-2023-41295.json) (`2023-09-26T19:50:32.080`)
* [CVE-2023-26916](CVE-2023/CVE-2023-269xx/CVE-2023-26916.json) (`2023-09-26T19:52:52.603`)
* [CVE-2023-4806](CVE-2023/CVE-2023-48xx/CVE-2023-4806.json) (`2023-09-26T19:54:11.657`)
## Download and Usage