admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-16T16:00:33.687780+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-16 16:00:37 +00:00
parent ed995057af
commit 9024f079dd
62 changed files with 1684 additions and 163 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CVE-2002/CVE-2002-200xx/CVE-2002-20001.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2002-20001",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-11-11T19:15:07.380",
"lastModified": "2023-07-19T00:55:30.610",
"lastModified": "2023-08-16T14:17:11.363",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -331,13 +331,13 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:traffix_sdc:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "693DE548-00FA-4057-8FC9-6EB3761FBB24"
"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42836A1C-81BB-4F80-9E32-EEE0DAA18D26"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:traffix_sdc:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2D78E00-C168-4493-A279-699E480F59E2"
"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4D5EC6-8099-4D0A-AD6F-BA3B37C2EBD8"
}
]
}

10
CVE-2015/CVE-2015-57xx/CVE-2015-5738.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2015-5738",
"sourceIdentifier": "cve@mitre.org",
"published": "2016-07-26T17:59:00.137",
"lastModified": "2020-11-10T14:04:23.653",
"lastModified": "2023-08-16T14:17:11.363",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -122,17 +122,17 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:traffix_sdc:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.3.2",
"versionEndIncluding": "3.5.1",
"matchCriteriaId": "7DC68E25-1473-44BD-BEEB-81461BA56C61"
"matchCriteriaId": "90B753A2-3CC6-46A2-82C4-F2B7A029E18C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:traffix_sdc:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndIncluding": "4.4.0",
"matchCriteriaId": "9410CA01-0951-4477-ABF0-A5D316E52C01"
"matchCriteriaId": "E0AAD5D5-E970-4875-8FDF-E940D9F00636"
}
]
}

6
CVE-2018/CVE-2018-13xx/CVE-2018-1320.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-1320",
"sourceIdentifier": "security@apache.org",
"published": "2019-01-07T17:29:00.360",
"lastModified": "2022-03-30T14:15:49.387",
"lastModified": "2023-08-16T14:17:11.363",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -116,10 +116,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:traffix_sdc:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.1.0",
"matchCriteriaId": "7243F50D-6EF8-4702-92C2-F512DC8E5C00"
"matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700"
}
]
}

6
CVE-2018/CVE-2018-144xx/CVE-2018-14462.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-14462",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-10-03T16:15:11.490",
"lastModified": "2020-01-20T13:15:12.793",
"lastModified": "2023-08-16T14:17:11.363",
"vulnStatus": "Modified",
"descriptions": [
{
@ -100,10 +100,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:traffix_sdc:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.1.0",
"matchCriteriaId": "7243F50D-6EF8-4702-92C2-F512DC8E5C00"
"matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700"
},
{
"vulnerable": true,

6
CVE-2018/CVE-2018-144xx/CVE-2018-14463.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-14463",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-10-03T16:15:11.570",
"lastModified": "2022-08-27T06:15:07.380",
"lastModified": "2023-08-16T14:17:11.363",
"vulnStatus": "Modified",
"descriptions": [
{
@ -100,10 +100,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:traffix_sdc:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.1.0",
"matchCriteriaId": "7243F50D-6EF8-4702-92C2-F512DC8E5C00"
"matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700"
},
{
"vulnerable": true,

6
CVE-2018/CVE-2018-144xx/CVE-2018-14465.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-14465",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-10-03T16:15:11.710",
"lastModified": "2020-01-20T13:15:13.170",
"lastModified": "2023-08-16T14:17:11.363",
"vulnStatus": "Modified",
"descriptions": [
{
@ -100,10 +100,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:traffix_sdc:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.1.0",
"matchCriteriaId": "7243F50D-6EF8-4702-92C2-F512DC8E5C00"
"matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700"
},
{
"vulnerable": true,

6
CVE-2018/CVE-2018-144xx/CVE-2018-14468.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-14468",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-10-03T16:15:11.930",
"lastModified": "2020-01-20T13:15:13.607",
"lastModified": "2023-08-16T14:17:11.363",
"vulnStatus": "Modified",
"descriptions": [
{
@ -670,10 +670,10 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:traffix_sdc:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.1.0",
"matchCriteriaId": "7243F50D-6EF8-4702-92C2-F512DC8E5C00"
"matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700"
}
]
}

6
CVE-2018/CVE-2018-144xx/CVE-2018-14469.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-14469",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-10-03T16:15:11.990",
"lastModified": "2020-01-20T13:15:13.937",
"lastModified": "2023-08-16T14:17:11.363",
"vulnStatus": "Modified",
"descriptions": [
{
@ -100,10 +100,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:traffix_sdc:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.1.0",
"matchCriteriaId": "7243F50D-6EF8-4702-92C2-F512DC8E5C00"
"matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700"
},
{
"vulnerable": true,

6
CVE-2018/CVE-2018-148xx/CVE-2018-14879.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-14879",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-10-03T16:15:12.133",
"lastModified": "2020-01-20T13:15:14.280",
"lastModified": "2023-08-16T14:17:11.363",
"vulnStatus": "Modified",
"descriptions": [
{
@ -84,10 +84,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:traffix_sdc:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.1.0",
"matchCriteriaId": "7243F50D-6EF8-4702-92C2-F512DC8E5C00"
"matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700"
},
{
"vulnerable": true,

6
CVE-2018/CVE-2018-148xx/CVE-2018-14880.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-14880",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-10-03T16:15:12.210",
"lastModified": "2020-01-20T13:15:14.437",
"lastModified": "2023-08-16T14:17:11.363",
"vulnStatus": "Modified",
"descriptions": [
{
@ -670,10 +670,10 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:traffix_sdc:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.1.0",
"matchCriteriaId": "7243F50D-6EF8-4702-92C2-F512DC8E5C00"
"matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700"
}
]
}

6
CVE-2018/CVE-2018-148xx/CVE-2018-14882.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-14882",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-10-03T16:15:12.337",
"lastModified": "2020-01-20T13:15:14.810",
"lastModified": "2023-08-16T14:17:11.363",
"vulnStatus": "Modified",
"descriptions": [
{
@ -100,10 +100,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:traffix_sdc:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.1.0",
"matchCriteriaId": "7243F50D-6EF8-4702-92C2-F512DC8E5C00"
"matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700"
},
{
"vulnerable": true,

6
CVE-2018/CVE-2018-162xx/CVE-2018-16229.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-16229",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-10-03T16:15:12.490",
"lastModified": "2020-01-20T13:15:15.233",
"lastModified": "2023-08-16T14:17:11.363",
"vulnStatus": "Modified",
"descriptions": [
{
@ -100,10 +100,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:traffix_sdc:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.1.0",
"matchCriteriaId": "7243F50D-6EF8-4702-92C2-F512DC8E5C00"
"matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700"
},
{
"vulnerable": true,

6
CVE-2019/CVE-2019-114xx/CVE-2019-11477.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-11477",
"sourceIdentifier": "security@ubuntu.com",
"published": "2019-06-19T00:15:12.640",
"lastModified": "2023-01-17T21:28:26.170",
"lastModified": "2023-08-16T14:17:11.363",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -852,10 +852,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:traffix_sdc:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.1.0",
"matchCriteriaId": "7243F50D-6EF8-4702-92C2-F512DC8E5C00"
"matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700"
}
]
}

6
CVE-2019/CVE-2019-114xx/CVE-2019-11478.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-11478",
"sourceIdentifier": "security@ubuntu.com",
"published": "2019-06-19T00:15:12.687",
"lastModified": "2021-07-15T19:16:09.750",
"lastModified": "2023-08-16T14:17:11.363",
"vulnStatus": "Modified",
"descriptions": [
{
@ -842,10 +842,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:traffix_sdc:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.1.0",
"matchCriteriaId": "7243F50D-6EF8-4702-92C2-F512DC8E5C00"
"matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700"
}
]
}

6
CVE-2019/CVE-2019-114xx/CVE-2019-11479.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-11479",
"sourceIdentifier": "security@ubuntu.com",
"published": "2019-06-19T00:15:12.767",
"lastModified": "2020-10-20T22:15:29.437",
"lastModified": "2023-08-16T14:17:11.363",
"vulnStatus": "Modified",
"descriptions": [
{
@ -928,10 +928,10 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:traffix_sdc:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.1.0",
"matchCriteriaId": "7243F50D-6EF8-4702-92C2-F512DC8E5C00"
"matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700"
}
]
}

6
CVE-2019/CVE-2019-90xx/CVE-2019-9070.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-9070",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-02-24T00:29:00.237",
"lastModified": "2021-12-10T19:22:40.440",
"lastModified": "2023-08-16T14:17:11.363",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -134,10 +134,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:traffix_sdc:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.1.0",
"matchCriteriaId": "7243F50D-6EF8-4702-92C2-F512DC8E5C00"
"matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700"
}
]
}

6
CVE-2019/CVE-2019-90xx/CVE-2019-9077.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-9077",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-02-24T00:29:00.597",
"lastModified": "2021-12-10T19:13:18.007",
"lastModified": "2023-08-16T14:17:11.363",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -129,10 +129,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:traffix_sdc:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.1.0",
"matchCriteriaId": "7243F50D-6EF8-4702-92C2-F512DC8E5C00"
"matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700"
}
]
}

64
CVE-2020/CVE-2020-205xx/CVE-2020-20523.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2020-20523",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:10.047",
"lastModified": "2023-08-11T15:18:19.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-16T15:37:11.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in adm_user parameter in Gila CMS version 1.11.3, allows remote attackers to execute arbitrary code during the Gila CMS installation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gilacms:gila_cms:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "834ED48E-B0F1-4AE8-8837-82582D7A652B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/GilaCMS/gila/issues/41",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

65
CVE-2020/CVE-2020-240xx/CVE-2020-24075.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2020-24075",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:10.177",
"lastModified": "2023-08-11T15:18:19.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-16T15:38:26.680",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laborator:kalium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.4",
"matchCriteriaId": "6EEF0358-1DA2-4253-99C4-35720A05F817"
}
]
}
]
}
],
"references": [
{
"url": "https://documentation.laborator.co/kb/kalium/kalium-changelog/#version-3-0-4-jun-23-2020",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

63
CVE-2020/CVE-2020-248xx/CVE-2020-24872.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2020-24872",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:10.500",
"lastModified": "2023-08-11T15:18:19.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-16T15:36:30.877",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lepton-cms:leptoncms:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6EEDC302-4B45-4071-BBBD-1932394EFE36"
}
]
}
]
}
],
"references": [
{
"url": "https://lepton-cms.org/posts/new-security-release-144.php",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2020/CVE-2020-259xx/CVE-2020-25915.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2020-25915",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:10.763",
"lastModified": "2023-08-11T15:18:06.983",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-16T15:38:13.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted user_login."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:thinkcmf:thinkcmf:5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "35A7FAC9-1D3C-4602-9EB8-2C72787A6CEA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/thinkcmf/thinkcmf/issues/675",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2020/CVE-2020-260xx/CVE-2020-26037.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-26037",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-16T13:15:10.413",
"lastModified": "2023-08-16T13:15:10.413",
"vulnStatus": "Received",
"lastModified": "2023-08-16T15:17:05.683",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

70
CVE-2020/CVE-2020-274xx/CVE-2020-27449.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2020-27449",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:10.840",
"lastModified": "2023-08-11T15:18:06.983",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-16T15:37:52.250",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.1:build_11101:*:*:*:*:*:*",
"matchCriteriaId": "564A39DB-D202-4223-97E9-E6378CE69013"
}
]
}
]
}
],
"references": [
{
"url": "https://bugbounty.zoho.com/bb/#/bug/101000003619211",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Vendor Advisory"
]
},
{
"url": "https://www.manageengine.com/products/passwordmanagerpro/release-notes.html#pmp11002",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
]
}
]
}

14
CVE-2020/CVE-2020-360xx/CVE-2020-36082.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-36082",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:11.770",
"lastModified": "2023-08-15T20:46:32.290",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-08-16T14:04:42.477",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,19 +17,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]

73
CVE-2020/CVE-2020-361xx/CVE-2020-36138.json
View File

@ -2,27 +2,88 @@
"id": "CVE-2020-36138",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:11.910",
"lastModified": "2023-08-11T15:18:06.983",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-16T15:20:17.433",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "11B518F8-B4A9-44CC-A440-EB95E41C4B2A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FFmpeg/FFmpeg/commit/292e41ce650a7b5ca5de4ae87fff0d6a90d9fc97",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://lists.ffmpeg.org/pipermail/ffmpeg-devel/2020-November/272001.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://trac.ffmpeg.org/ticket/8960",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

6
CVE-2020/CVE-2020-58xx/CVE-2020-5854.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-5854",
"sourceIdentifier": "f5sirt@f5.com",
"published": "2020-02-06T16:15:12.417",
"lastModified": "2021-07-21T11:39:23.747",
"lastModified": "2023-08-16T14:17:11.363",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -659,10 +659,10 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:traffix_sdc:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.1.0",
"matchCriteriaId": "7243F50D-6EF8-4702-92C2-F512DC8E5C00"
"matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700"
}
]
}

65
CVE-2021/CVE-2021-257xx/CVE-2021-25786.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2021-25786",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:11.987",
"lastModified": "2023-08-11T15:18:06.983",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-16T15:21:03.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qpdf_project:qpdf:10.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7717C7-1395-4C1E-A59D-2E3B29B20D88"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/qpdf/qpdf/issues/492",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
]
}
]
}

64
CVE-2021/CVE-2021-258xx/CVE-2021-25856.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2021-25856",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:12.047",
"lastModified": "2023-08-11T15:18:06.983",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-16T15:06:10.420",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in pcmt superMicro-CMS version 3.11, allows attackers to delete files via crafted image file in images.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:supermicro-cms_project:supermicro-cms:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "13D5BFF3-D7E7-4AEA-B1B9-188BE577E314"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pcmt/superMicro-CMS/issues/1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

64
CVE-2021/CVE-2021-258xx/CVE-2021-25857.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2021-25857",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-11T14:15:12.117",
"lastModified": "2023-08-11T15:18:01.437",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-16T15:01:25.317",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in pcmt superMicro-CMS version 3.11, allows authenticated attackers to execute arbitrary code via the font_type parameter to setup.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:supermicro-cms_project:supermicro-cms:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "13D5BFF3-D7E7-4AEA-B1B9-188BE577E314"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pcmt/superMicro-CMS/issues/2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

55
CVE-2023/CVE-2023-324xx/CVE-2023-32486.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32486",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-08-16T14:15:10.837",
"lastModified": "2023-08-16T15:17:05.683",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell PowerScale OneFS 9.5.x version contain a privilege escalation vulnerability. A low privilege local attacker could potentially exploit this vulnerability, leading to escalation of privileges.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-250"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000216717/dsa-2023-269-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2023/CVE-2023-324xx/CVE-2023-32487.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32487",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-08-16T14:15:11.047",
"lastModified": "2023-08-16T15:17:05.683",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell PowerScale OneFS, 8.2.x - 9.5.0.x, contains an elevation of privilege vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service, code execution and information disclosure. \n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000216717/dsa-2023-269-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2023/CVE-2023-324xx/CVE-2023-32488.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32488",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-08-16T14:15:11.133",
"lastModified": "2023-08-16T15:17:05.683",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell PowerScale OneFS, 8.2.x-9.5.0.x, contains an information disclosure vulnerability in NFS. A low privileged attacker could potentially exploit this vulnerability, leading to information disclosure.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1230"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000216717/dsa-2023-269-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2023/CVE-2023-324xx/CVE-2023-32489.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32489",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-08-16T14:15:11.237",
"lastModified": "2023-08-16T15:17:05.683",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell PowerScale OneFS 8.2x -9.5x contains a privilege escalation vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, to bypass mode protections and gain elevated privileges. \u00a0\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-280"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000216717/dsa-2023-269-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2023/CVE-2023-324xx/CVE-2023-32490.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32490",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-08-16T14:15:11.343",
"lastModified": "2023-08-16T15:17:05.683",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell PowerScale OneFS 8.2x -9.5x contains an improper privilege management vulnerability. A high privilege local attacker could potentially exploit this vulnerability, leading to system takeover. \n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000216717/dsa-2023-269-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2023/CVE-2023-324xx/CVE-2023-32491.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32491",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-08-16T14:15:11.437",
"lastModified": "2023-08-16T15:17:05.683",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell PowerScale OneFS 9.5.0.x, contains an insertion of sensitive information into log file vulnerability in SNMPv3. A low privileges user could potentially exploit this vulnerability, leading to information disclosure.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000216717/dsa-2023-269-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2023/CVE-2023-324xx/CVE-2023-32492.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32492",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-08-16T14:15:11.543",
"lastModified": "2023-08-16T15:17:05.683",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell PowerScale OneFS 9.5.0.x contains an incorrect default permissions vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to information disclosure or allowing to modify files.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000216717/dsa-2023-269-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2023/CVE-2023-324xx/CVE-2023-32493.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32493",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-08-16T14:15:11.663",
"lastModified": "2023-08-16T15:17:05.683",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell PowerScale OneFS, 9.5.0.x, contains a protection mechanism bypass vulnerability. An unprivileged, remote attacker could potentially exploit this vulnerability, leading to denial of service, information disclosure and remote execution.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-693"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000216717/dsa-2023-269-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

4
CVE-2023/CVE-2023-324xx/CVE-2023-32494.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32494",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-08-16T13:15:10.867",
"lastModified": "2023-08-16T13:15:10.867",
"vulnStatus": "Received",
"lastModified": "2023-08-16T15:17:05.683",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-324xx/CVE-2023-32495.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32495",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-08-16T14:15:11.777",
"lastModified": "2023-08-16T15:17:05.683",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell PowerScale OneFS, 8.2.x-9.5.x, contains a exposure of sensitive information to an unauthorized Actor vulnerability. An authorized local attacker could potentially exploit this vulnerability, leading to escalation of privileges.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000216717/dsa-2023-269-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

24
CVE-2023/CVE-2023-336xx/CVE-2023-33663.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-33663",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-16T14:15:11.863",
"lastModified": "2023-08-16T15:16:57.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the module \u201cCustomization fields fee for your store\u201d (aicustomfee) from ai-dev module for PrestaShop, an attacker can perform SQL injection up to 0.2.0. Release 0.2.1 fixed this security issue."
}
],
"metrics": {},
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/08/16/aicustomfee.html",
"source": "cve@mitre.org"
},
{
"url": "https://www.boutique.ai-dev.fr/en/customization/62-customization-fee.html",
"source": "cve@mitre.org"
}
]
}

47
CVE-2023/CVE-2023-343xx/CVE-2023-34374.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34374",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-10T12:15:10.973",
"lastModified": "2023-08-10T12:43:50.693",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-16T14:11:01.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:anspress:anspress:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.3.0",
"matchCriteriaId": "D474341A-5330-4693-AABE-6805202B7023"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/anspress-question-answer/wordpress-anspress-question-and-answer-plugin-4-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-389xx/CVE-2023-38904.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-38904",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-16T14:15:11.927",
"lastModified": "2023-08-16T15:16:57.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Cross Site Scripting (XSS) vulnerability in Netlify CMS v.2.10.192 allows a remote attacker to execute arbitrary code via a crafted payload to the body parameter of the new post function."
}
],
"metrics": {},
"references": [
{
"url": "https://www.exploit-db.com/exploits/51576",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-391xx/CVE-2023-39115.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-39115",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-16T15:15:11.113",
"lastModified": "2023-08-16T15:16:57.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document."
}
],
"metrics": {},
"references": [
{
"url": "http://packetstormsecurity.com/files/173950/Campcodes-Online-Matrimonial-Website-System-3.3-Cross-Site-Scripting.html",
"source": "cve@mitre.org"
},
{
"url": "https://www.campcodes.com/projects/php/online-matrimonial-website-system-script-in-php/",
"source": "cve@mitre.org"
}
]
}

58
CVE-2023/CVE-2023-393xx/CVE-2023-39342.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39342",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-08T18:15:24.133",
"lastModified": "2023-08-08T18:32:54.523",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-16T15:35:33.843",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +66,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freedom:dangerzone:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.4.2",
"matchCriteriaId": "CE5B94EF-57EA-41FC-B9C6-124E61ABC14D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/freedomofpress/dangerzone/pull/491",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/freedomofpress/dangerzone/releases/tag/v0.4.2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/freedomofpress/dangerzone/security/advisories/GHSA-pvwq-6vpp-2632",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

28
CVE-2023/CVE-2023-399xx/CVE-2023-39975.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-39975",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-16T15:15:11.277",
"lastModified": "2023-08-16T15:16:57.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/krb5/krb5/compare/krb5-1.21.1-final...krb5-1.21.2-final",
"source": "cve@mitre.org"
},
{
"url": "https://web.mit.edu/kerberos/www/advisories/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-403xx/CVE-2023-40336.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40336",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-08-16T15:15:11.347",
"lastModified": "2023-08-16T15:16:57.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy folders."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3106",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-403xx/CVE-2023-40337.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40337",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-08-16T15:15:11.420",
"lastModified": "2023-08-16T15:16:57.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy a view inside a folder."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3105",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-403xx/CVE-2023-40338.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40338",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-08-16T15:15:11.483",
"lastModified": "2023-08-16T15:16:57.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3109",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-403xx/CVE-2023-40339.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40339",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-08-16T15:15:11.547",
"lastModified": "2023-08-16T15:16:57.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3090",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-403xx/CVE-2023-40340.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40340",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-08-16T15:15:11.620",
"lastModified": "2023-08-16T15:16:57.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Jenkins NodeJS Plugin 1.6.0 and earlier does not properly mask (i.e., replace with asterisks) credentials specified in the Npm config file in Pipeline build logs."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3196",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-403xx/CVE-2023-40341.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40341",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-08-16T15:15:11.683",
"lastModified": "2023-08-16T15:16:57.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3116",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-403xx/CVE-2023-40342.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40342",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-08-16T15:15:11.753",
"lastModified": "2023-08-16T15:16:57.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3223",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-403xx/CVE-2023-40343.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40343",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-08-16T15:15:11.817",
"lastModified": "2023-08-16T15:16:57.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3229",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-403xx/CVE-2023-40344.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40344",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-08-16T15:15:11.880",
"lastModified": "2023-08-16T15:16:57.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3214%20(1)",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-403xx/CVE-2023-40345.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40345",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-08-16T15:15:11.937",
"lastModified": "2023-08-16T15:16:57.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3214%20(2)",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-403xx/CVE-2023-40346.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40346",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-08-16T15:15:12.000",
"lastModified": "2023-08-16T15:16:57.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure shortcut jobs."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3071",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-403xx/CVE-2023-40347.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40347",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-08-16T15:15:12.060",
"lastModified": "2023-08-16T15:16:57.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3153",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-403xx/CVE-2023-40348.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40348",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-08-16T15:15:12.127",
"lastModified": "2023-08-16T15:16:57.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-2894",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-403xx/CVE-2023-40349.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40349",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-08-16T15:15:12.187",
"lastModified": "2023-08-16T15:16:57.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-2894",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-403xx/CVE-2023-40350.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40350",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-08-16T15:15:12.250",
"lastModified": "2023-08-16T15:16:57.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control responses from Docker."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-2811",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2023/CVE-2023-403xx/CVE-2023-40351.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40351",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-08-16T15:15:12.313",
"lastModified": "2023-08-16T15:16:57.723",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite View Plugin 5.v77a_37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3201",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

102
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-16T14:00:31.746165+00:00
2023-08-16T16:00:33.687780+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-16T13:59:24.893000+00:00
2023-08-16T15:38:26.680000+00:00
```
### Last Data Feed Release
@ -29,61 +29,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
222796
222825
```
### CVEs added in the last Commit
Recently added CVEs: `17`
Recently added CVEs: `29`
* [CVE-2020-26037](CVE-2020/CVE-2020-260xx/CVE-2020-26037.json) (`2023-08-16T13:15:10.413`)
* [CVE-2022-4782](CVE-2022/CVE-2022-47xx/CVE-2022-4782.json) (`2023-08-16T12:15:11.540`)
* [CVE-2023-0058](CVE-2023/CVE-2023-00xx/CVE-2023-0058.json) (`2023-08-16T12:15:11.977`)
* [CVE-2023-0274](CVE-2023/CVE-2023-02xx/CVE-2023-0274.json) (`2023-08-16T12:15:12.067`)
* [CVE-2023-0551](CVE-2023/CVE-2023-05xx/CVE-2023-0551.json) (`2023-08-16T12:15:12.150`)
* [CVE-2023-0579](CVE-2023/CVE-2023-05xx/CVE-2023-0579.json) (`2023-08-16T12:15:12.233`)
* [CVE-2023-1110](CVE-2023/CVE-2023-11xx/CVE-2023-1110.json) (`2023-08-16T12:15:12.337`)
* [CVE-2023-1465](CVE-2023/CVE-2023-14xx/CVE-2023-1465.json) (`2023-08-16T12:15:12.420`)
* [CVE-2023-1977](CVE-2023/CVE-2023-19xx/CVE-2023-1977.json) (`2023-08-16T12:15:12.510`)
* [CVE-2023-2122](CVE-2023/CVE-2023-21xx/CVE-2023-2122.json) (`2023-08-16T12:15:12.607`)
* [CVE-2023-2123](CVE-2023/CVE-2023-21xx/CVE-2023-2123.json) (`2023-08-16T12:15:12.700`)
* [CVE-2023-2225](CVE-2023/CVE-2023-22xx/CVE-2023-2225.json) (`2023-08-16T12:15:12.797`)
* [CVE-2023-2254](CVE-2023/CVE-2023-22xx/CVE-2023-2254.json) (`2023-08-16T12:15:12.887`)
* [CVE-2023-2271](CVE-2023/CVE-2023-22xx/CVE-2023-2271.json) (`2023-08-16T12:15:12.967`)
* [CVE-2023-2272](CVE-2023/CVE-2023-22xx/CVE-2023-2272.json) (`2023-08-16T12:15:13.053`)
* [CVE-2023-4381](CVE-2023/CVE-2023-43xx/CVE-2023-4381.json) (`2023-08-16T12:15:13.973`)
* [CVE-2023-32494](CVE-2023/CVE-2023-324xx/CVE-2023-32494.json) (`2023-08-16T13:15:10.867`)
* [CVE-2023-40336](CVE-2023/CVE-2023-403xx/CVE-2023-40336.json) (`2023-08-16T15:15:11.347`)
* [CVE-2023-40337](CVE-2023/CVE-2023-403xx/CVE-2023-40337.json) (`2023-08-16T15:15:11.420`)
* [CVE-2023-40338](CVE-2023/CVE-2023-403xx/CVE-2023-40338.json) (`2023-08-16T15:15:11.483`)
* [CVE-2023-40339](CVE-2023/CVE-2023-403xx/CVE-2023-40339.json) (`2023-08-16T15:15:11.547`)
* [CVE-2023-40340](CVE-2023/CVE-2023-403xx/CVE-2023-40340.json) (`2023-08-16T15:15:11.620`)
* [CVE-2023-40341](CVE-2023/CVE-2023-403xx/CVE-2023-40341.json) (`2023-08-16T15:15:11.683`)
* [CVE-2023-40342](CVE-2023/CVE-2023-403xx/CVE-2023-40342.json) (`2023-08-16T15:15:11.753`)
* [CVE-2023-40343](CVE-2023/CVE-2023-403xx/CVE-2023-40343.json) (`2023-08-16T15:15:11.817`)
* [CVE-2023-40344](CVE-2023/CVE-2023-403xx/CVE-2023-40344.json) (`2023-08-16T15:15:11.880`)
* [CVE-2023-40345](CVE-2023/CVE-2023-403xx/CVE-2023-40345.json) (`2023-08-16T15:15:11.937`)
* [CVE-2023-40346](CVE-2023/CVE-2023-403xx/CVE-2023-40346.json) (`2023-08-16T15:15:12.000`)
* [CVE-2023-40347](CVE-2023/CVE-2023-403xx/CVE-2023-40347.json) (`2023-08-16T15:15:12.060`)
* [CVE-2023-40348](CVE-2023/CVE-2023-403xx/CVE-2023-40348.json) (`2023-08-16T15:15:12.127`)
* [CVE-2023-40349](CVE-2023/CVE-2023-403xx/CVE-2023-40349.json) (`2023-08-16T15:15:12.187`)
* [CVE-2023-40350](CVE-2023/CVE-2023-403xx/CVE-2023-40350.json) (`2023-08-16T15:15:12.250`)
* [CVE-2023-40351](CVE-2023/CVE-2023-403xx/CVE-2023-40351.json) (`2023-08-16T15:15:12.313`)
* [CVE-2023-32486](CVE-2023/CVE-2023-324xx/CVE-2023-32486.json) (`2023-08-16T14:15:10.837`)
* [CVE-2023-32487](CVE-2023/CVE-2023-324xx/CVE-2023-32487.json) (`2023-08-16T14:15:11.047`)
* [CVE-2023-32488](CVE-2023/CVE-2023-324xx/CVE-2023-32488.json) (`2023-08-16T14:15:11.133`)
* [CVE-2023-32489](CVE-2023/CVE-2023-324xx/CVE-2023-32489.json) (`2023-08-16T14:15:11.237`)
* [CVE-2023-32490](CVE-2023/CVE-2023-324xx/CVE-2023-32490.json) (`2023-08-16T14:15:11.343`)
* [CVE-2023-32491](CVE-2023/CVE-2023-324xx/CVE-2023-32491.json) (`2023-08-16T14:15:11.437`)
* [CVE-2023-32492](CVE-2023/CVE-2023-324xx/CVE-2023-32492.json) (`2023-08-16T14:15:11.543`)
* [CVE-2023-32493](CVE-2023/CVE-2023-324xx/CVE-2023-32493.json) (`2023-08-16T14:15:11.663`)
* [CVE-2023-32495](CVE-2023/CVE-2023-324xx/CVE-2023-32495.json) (`2023-08-16T14:15:11.777`)
### CVEs modified in the last Commit
Recently modified CVEs: `30`
Recently modified CVEs: `32`
* [CVE-2023-26140](CVE-2023/CVE-2023-261xx/CVE-2023-26140.json) (`2023-08-16T12:02:41.873`)
* [CVE-2023-3958](CVE-2023/CVE-2023-39xx/CVE-2023-3958.json) (`2023-08-16T12:02:41.873`)
* [CVE-2023-4374](CVE-2023/CVE-2023-43xx/CVE-2023-4374.json) (`2023-08-16T12:02:41.873`)
* [CVE-2023-39507](CVE-2023/CVE-2023-395xx/CVE-2023-39507.json) (`2023-08-16T12:02:41.873`)
* [CVE-2023-30473](CVE-2023/CVE-2023-304xx/CVE-2023-30473.json) (`2023-08-16T12:02:41.873`)
* [CVE-2023-30782](CVE-2023/CVE-2023-307xx/CVE-2023-30782.json) (`2023-08-16T12:02:41.873`)
* [CVE-2023-30784](CVE-2023/CVE-2023-307xx/CVE-2023-30784.json) (`2023-08-16T12:02:41.873`)
* [CVE-2023-30785](CVE-2023/CVE-2023-307xx/CVE-2023-30785.json) (`2023-08-16T12:02:41.873`)
* [CVE-2023-30786](CVE-2023/CVE-2023-307xx/CVE-2023-30786.json) (`2023-08-16T12:02:41.873`)
* [CVE-2023-30779](CVE-2023/CVE-2023-307xx/CVE-2023-30779.json) (`2023-08-16T12:02:41.873`)
* [CVE-2023-30871](CVE-2023/CVE-2023-308xx/CVE-2023-30871.json) (`2023-08-16T12:02:41.873`)
* [CVE-2023-4241](CVE-2023/CVE-2023-42xx/CVE-2023-4241.json) (`2023-08-16T12:02:41.873`)
* [CVE-2023-31448](CVE-2023/CVE-2023-314xx/CVE-2023-31448.json) (`2023-08-16T12:15:13.193`)
* [CVE-2023-31449](CVE-2023/CVE-2023-314xx/CVE-2023-31449.json) (`2023-08-16T12:15:13.380`)
* [CVE-2023-31450](CVE-2023/CVE-2023-314xx/CVE-2023-31450.json) (`2023-08-16T12:15:13.460`)
* [CVE-2023-31452](CVE-2023/CVE-2023-314xx/CVE-2023-31452.json) (`2023-08-16T12:15:13.540`)
* [CVE-2023-32781](CVE-2023/CVE-2023-327xx/CVE-2023-32781.json) (`2023-08-16T12:15:13.637`)
* [CVE-2023-32782](CVE-2023/CVE-2023-327xx/CVE-2023-32782.json) (`2023-08-16T12:15:13.717`)
* [CVE-2023-37581](CVE-2023/CVE-2023-375xx/CVE-2023-37581.json) (`2023-08-16T12:15:13.800`)
* [CVE-2023-32560](CVE-2023/CVE-2023-325xx/CVE-2023-32560.json) (`2023-08-16T13:04:36.617`)
* [CVE-2023-32561](CVE-2023/CVE-2023-325xx/CVE-2023-32561.json) (`2023-08-16T13:04:53.757`)
* [CVE-2023-39963](CVE-2023/CVE-2023-399xx/CVE-2023-39963.json) (`2023-08-16T13:39:48.010`)
* [CVE-2023-40224](CVE-2023/CVE-2023-402xx/CVE-2023-40224.json) (`2023-08-16T13:40:53.350`)
* [CVE-2023-39962](CVE-2023/CVE-2023-399xx/CVE-2023-39962.json) (`2023-08-16T13:54:56.917`)
* [CVE-2023-36530](CVE-2023/CVE-2023-365xx/CVE-2023-36530.json) (`2023-08-16T13:59:24.893`)
* [CVE-2018-14469](CVE-2018/CVE-2018-144xx/CVE-2018-14469.json) (`2023-08-16T14:17:11.363`)
* [CVE-2018-14879](CVE-2018/CVE-2018-148xx/CVE-2018-14879.json) (`2023-08-16T14:17:11.363`)
* [CVE-2018-14880](CVE-2018/CVE-2018-148xx/CVE-2018-14880.json) (`2023-08-16T14:17:11.363`)
* [CVE-2018-14882](CVE-2018/CVE-2018-148xx/CVE-2018-14882.json) (`2023-08-16T14:17:11.363`)
* [CVE-2018-16229](CVE-2018/CVE-2018-162xx/CVE-2018-16229.json) (`2023-08-16T14:17:11.363`)
* [CVE-2019-9070](CVE-2019/CVE-2019-90xx/CVE-2019-9070.json) (`2023-08-16T14:17:11.363`)
* [CVE-2019-9077](CVE-2019/CVE-2019-90xx/CVE-2019-9077.json) (`2023-08-16T14:17:11.363`)
* [CVE-2019-11477](CVE-2019/CVE-2019-114xx/CVE-2019-11477.json) (`2023-08-16T14:17:11.363`)
* [CVE-2019-11478](CVE-2019/CVE-2019-114xx/CVE-2019-11478.json) (`2023-08-16T14:17:11.363`)
* [CVE-2019-11479](CVE-2019/CVE-2019-114xx/CVE-2019-11479.json) (`2023-08-16T14:17:11.363`)
* [CVE-2020-36082](CVE-2020/CVE-2020-360xx/CVE-2020-36082.json) (`2023-08-16T14:04:42.477`)
* [CVE-2020-5854](CVE-2020/CVE-2020-58xx/CVE-2020-5854.json) (`2023-08-16T14:17:11.363`)
* [CVE-2020-26037](CVE-2020/CVE-2020-260xx/CVE-2020-26037.json) (`2023-08-16T15:17:05.683`)
* [CVE-2020-36138](CVE-2020/CVE-2020-361xx/CVE-2020-36138.json) (`2023-08-16T15:20:17.433`)
* [CVE-2020-24872](CVE-2020/CVE-2020-248xx/CVE-2020-24872.json) (`2023-08-16T15:36:30.877`)
* [CVE-2020-20523](CVE-2020/CVE-2020-205xx/CVE-2020-20523.json) (`2023-08-16T15:37:11.977`)
* [CVE-2020-27449](CVE-2020/CVE-2020-274xx/CVE-2020-27449.json) (`2023-08-16T15:37:52.250`)
* [CVE-2020-25915](CVE-2020/CVE-2020-259xx/CVE-2020-25915.json) (`2023-08-16T15:38:13.947`)
* [CVE-2020-24075](CVE-2020/CVE-2020-240xx/CVE-2020-24075.json) (`2023-08-16T15:38:26.680`)
* [CVE-2021-25857](CVE-2021/CVE-2021-258xx/CVE-2021-25857.json) (`2023-08-16T15:01:25.317`)
* [CVE-2021-25856](CVE-2021/CVE-2021-258xx/CVE-2021-25856.json) (`2023-08-16T15:06:10.420`)
* [CVE-2021-25786](CVE-2021/CVE-2021-257xx/CVE-2021-25786.json) (`2023-08-16T15:21:03.207`)
* [CVE-2023-34374](CVE-2023/CVE-2023-343xx/CVE-2023-34374.json) (`2023-08-16T14:11:01.637`)
* [CVE-2023-32494](CVE-2023/CVE-2023-324xx/CVE-2023-32494.json) (`2023-08-16T15:17:05.683`)
* [CVE-2023-39342](CVE-2023/CVE-2023-393xx/CVE-2023-39342.json) (`2023-08-16T15:35:33.843`)
## Download and Usage