admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-06-19T06:00:26.295582+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-06-19 06:00:29 +00:00
parent 84ae8b3d4b
commit 8ecbab46f5
20 changed files with 507 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
CVE-2023/CVE-2023-273xx/CVE-2023-27396.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2023-27396",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-19T05:15:09.187",
"lastModified": "2023-06-19T05:15:09.187",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues -- (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the system information may be retrieved from, the affected device. Affected products and versions are as follows: SYSMAC CS-series CPU Units, all versions, SYSMAC CJ-series CPU Units, all versions, SYSMAC CP-series CPU Units, all versions, SYSMAC NJ-series CPU Units, all versions, SYSMAC NX1P-series CPU Units, all versions, SYSMAC NX102-series CPU Units, all versions, and SYSMAC NX7 Database Connection CPU Units (Ver.1.16 or later)"
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/ta/JVNTA91513661/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://jvn.jp/ta/JVNTA91513661/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.fa.omron.co.jp/product/vulnerability/OMSR-2023-003_ja.pdf",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-003_en.pdf",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-02",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-03",
"source": "vultures@jpcert.or.jp"
}
]
}

28
CVE-2023/CVE-2023-307xx/CVE-2023-30759.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-30759",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-19T05:15:09.290",
"lastModified": "2023-06-19T05:15:09.290",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. If a non-administrative user modifies the driver installation package and runs it on the target PC, an arbitrary program may be executed with the administrative privilege."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU92207133/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000048-2023-000001",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2023-000001",
"source": "vultures@jpcert.or.jp"
}
]
}

24
CVE-2023/CVE-2023-312xx/CVE-2023-31239.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-31239",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-19T05:15:09.330",
"lastModified": "2023-06-19T05:15:09.330",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V-Server Lite v4.0.15.0 and earlier allows an attacker to execute arbitrary code by having user open a specially crafted VPR file."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU98818508/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php",
"source": "vultures@jpcert.or.jp"
}
]
}

24
CVE-2023/CVE-2023-322xx/CVE-2023-32201.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-32201",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-19T05:15:09.367",
"lastModified": "2023-06-19T05:15:09.367",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32273."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU98818508/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php",
"source": "vultures@jpcert.or.jp"
}
]
}

24
CVE-2023/CVE-2023-322xx/CVE-2023-32270.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-32270",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-19T05:15:09.407",
"lastModified": "2023-06-19T05:15:09.407",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Access of memory location after end of buffer issue exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU98818508/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php",
"source": "vultures@jpcert.or.jp"
}
]
}

24
CVE-2023/CVE-2023-322xx/CVE-2023-32273.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-32273",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-19T05:15:09.443",
"lastModified": "2023-06-19T05:15:09.443",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32201."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU98818508/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php",
"source": "vultures@jpcert.or.jp"
}
]
}

24
CVE-2023/CVE-2023-322xx/CVE-2023-32276.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-32276",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-19T05:15:09.480",
"lastModified": "2023-06-19T05:15:09.480",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU98818508/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php",
"source": "vultures@jpcert.or.jp"
}
]
}

24
CVE-2023/CVE-2023-322xx/CVE-2023-32288.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-32288",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-19T05:15:09.517",
"lastModified": "2023-06-19T05:15:09.517",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM file may lead to information disclosure and/or arbitrary code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU98818508/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php",
"source": "vultures@jpcert.or.jp"
}
]
}

24
CVE-2023/CVE-2023-325xx/CVE-2023-32538.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-32538",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-19T05:15:09.553",
"lastModified": "2023-06-19T05:15:09.553",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32273 and CVE-2023-32201."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU98818508/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php",
"source": "vultures@jpcert.or.jp"
}
]
}

24
CVE-2023/CVE-2023-325xx/CVE-2023-32542.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-32542",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-19T05:15:09.593",
"lastModified": "2023-06-19T05:15:09.593",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU98818508/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php",
"source": "vultures@jpcert.or.jp"
}
]
}

24
CVE-2023/CVE-2023-346xx/CVE-2023-34641.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-34641",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-19T05:15:09.630",
"lastModified": "2023-06-19T05:15:09.630",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print() which can then be used to open an unprivileged command prompt."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/huntergregal/CVE/tree/main/TBD-KIOWARE-001",
"source": "cve@mitre.org"
},
{
"url": "https://www.kioware.com/versionhistory.aspx?pid=15",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-346xx/CVE-2023-34642.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-34642",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-19T05:15:09.670",
"lastModified": "2023-06-19T05:15:09.670",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function showDirectoryPicker() which can then be used to open an unprivileged command prompt."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/huntergregal/CVE/tree/main/TBD-KIOWARE-002",
"source": "cve@mitre.org"
},
{
"url": "https://www.kioware.com/versionhistory.aspx?pid=15",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-346xx/CVE-2023-34657.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-34657",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-19T04:15:10.873",
"lastModified": "2023-06-19T04:15:10.873",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the web_recordnum parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/weng-xianhu/eyoucms/issues/43",
"source": "cve@mitre.org"
}
]
}

32
CVE-2023/CVE-2023-358xx/CVE-2023-35852.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-35852",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-19T04:15:11.217",
"lastModified": "2023-06-19T04:15:11.217",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/OISF/suricata/commit/735f5aa9ca3b28cfacc7a443f93a44387fbacf17",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/OISF/suricata/commit/aee1523b4591430ebed1ded0bb95508e6717a335",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/OISF/suricata/compare/suricata-6.0.12...suricata-6.0.13",
"source": "cve@mitre.org"
},
{
"url": "https://www.stamus-networks.com/stamus-labs",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-358xx/CVE-2023-35853.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-35853",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-19T04:15:11.287",
"lastModified": "2023-06-19T04:15:11.287",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/OISF/suricata/commit/b95bbcc66db526ffcc880eb439dbe8abc87a81da",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/OISF/suricata/compare/suricata-6.0.12...suricata-6.0.13",
"source": "cve@mitre.org"
},
{
"url": "https://www.stamus-networks.com/stamus-labs",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-358xx/CVE-2023-35855.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-35855",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-19T04:15:11.363",
"lastModified": "2023-06-19T04:15:11.363",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client's machine by modifying the lservercfgfile console variable."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MikeIsAStar/Counter-Strike-Remote-Code-Execution",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-358xx/CVE-2023-35856.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-35856",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-19T04:15:11.430",
"lastModified": "2023-06-19T04:15:11.430",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow in Nintendo Mario Kart Wii RMCP01, RMCE01, RMCJ01, and RMCK01 can be exploited by a game client to execute arbitrary code on a client's machine via a crafted packet."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MikeIsAStar/Mario-Kart-Wii-Remote-Code-Execution",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-358xx/CVE-2023-35857.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-35857",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-19T04:15:11.497",
"lastModified": "2023-06-19T04:15:11.497",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In Siren Investigate before 13.2.2, session keys remain active even after logging out."
}
],
"metrics": {},
"references": [
{
"url": "https://community.siren.io/c/announcements",
"source": "cve@mitre.org"
},
{
"url": "https://docs.support.siren.io/siren-platform-user-guide/13.2/release-notes.html",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-358xx/CVE-2023-35862.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-35862",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-19T05:15:09.713",
"lastModified": "2023-06-19T05:15:09.713",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "libcoap 4.3.1 contains a buffer over-read via the function coap_parse_oscore_conf_mem at coap_oscore.c."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/obgm/libcoap/issues/1117",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/obgm/libcoap/pull/1118",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/obgm/libcoap/tags",
"source": "cve@mitre.org"
}
]
}

32
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-06-19T04:00:26.707456+00:00
2023-06-19T06:00:26.295582+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-06-19T03:15:09.370000+00:00
2023-06-19T05:15:09.713000+00:00
```
### Last Data Feed Release
@ -29,18 +29,32 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
217998
218017
```
### CVEs added in the last Commit
Recently added CVEs: `5`
Recently added CVEs: `19`
* [CVE-2023-35844](CVE-2023/CVE-2023-358xx/CVE-2023-35844.json) (`2023-06-19T02:15:08.903`)
* [CVE-2023-35846](CVE-2023/CVE-2023-358xx/CVE-2023-35846.json) (`2023-06-19T03:15:09.227`)
* [CVE-2023-35847](CVE-2023/CVE-2023-358xx/CVE-2023-35847.json) (`2023-06-19T03:15:09.280`)
* [CVE-2023-35848](CVE-2023/CVE-2023-358xx/CVE-2023-35848.json) (`2023-06-19T03:15:09.327`)
* [CVE-2023-35849](CVE-2023/CVE-2023-358xx/CVE-2023-35849.json) (`2023-06-19T03:15:09.370`)
* [CVE-2023-34657](CVE-2023/CVE-2023-346xx/CVE-2023-34657.json) (`2023-06-19T04:15:10.873`)
* [CVE-2023-35852](CVE-2023/CVE-2023-358xx/CVE-2023-35852.json) (`2023-06-19T04:15:11.217`)
* [CVE-2023-35853](CVE-2023/CVE-2023-358xx/CVE-2023-35853.json) (`2023-06-19T04:15:11.287`)
* [CVE-2023-35855](CVE-2023/CVE-2023-358xx/CVE-2023-35855.json) (`2023-06-19T04:15:11.363`)
* [CVE-2023-35856](CVE-2023/CVE-2023-358xx/CVE-2023-35856.json) (`2023-06-19T04:15:11.430`)
* [CVE-2023-35857](CVE-2023/CVE-2023-358xx/CVE-2023-35857.json) (`2023-06-19T04:15:11.497`)
* [CVE-2023-27396](CVE-2023/CVE-2023-273xx/CVE-2023-27396.json) (`2023-06-19T05:15:09.187`)
* [CVE-2023-30759](CVE-2023/CVE-2023-307xx/CVE-2023-30759.json) (`2023-06-19T05:15:09.290`)
* [CVE-2023-31239](CVE-2023/CVE-2023-312xx/CVE-2023-31239.json) (`2023-06-19T05:15:09.330`)
* [CVE-2023-32201](CVE-2023/CVE-2023-322xx/CVE-2023-32201.json) (`2023-06-19T05:15:09.367`)
* [CVE-2023-32270](CVE-2023/CVE-2023-322xx/CVE-2023-32270.json) (`2023-06-19T05:15:09.407`)
* [CVE-2023-32273](CVE-2023/CVE-2023-322xx/CVE-2023-32273.json) (`2023-06-19T05:15:09.443`)
* [CVE-2023-32276](CVE-2023/CVE-2023-322xx/CVE-2023-32276.json) (`2023-06-19T05:15:09.480`)
* [CVE-2023-32288](CVE-2023/CVE-2023-322xx/CVE-2023-32288.json) (`2023-06-19T05:15:09.517`)
* [CVE-2023-32538](CVE-2023/CVE-2023-325xx/CVE-2023-32538.json) (`2023-06-19T05:15:09.553`)
* [CVE-2023-32542](CVE-2023/CVE-2023-325xx/CVE-2023-32542.json) (`2023-06-19T05:15:09.593`)
* [CVE-2023-34641](CVE-2023/CVE-2023-346xx/CVE-2023-34641.json) (`2023-06-19T05:15:09.630`)
* [CVE-2023-34642](CVE-2023/CVE-2023-346xx/CVE-2023-34642.json) (`2023-06-19T05:15:09.670`)
* [CVE-2023-35862](CVE-2023/CVE-2023-358xx/CVE-2023-35862.json) (`2023-06-19T05:15:09.713`)
### CVEs modified in the last Commit