admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-06-16T02:00:29.672292+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-06-16 02:00:33 +00:00
parent 2922d3d29c
commit 9574bd87c4
15 changed files with 733 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
CVE-2023/CVE-2023-18xx/CVE-2023-1888.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1888",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-09T06:15:58.410",
"lastModified": "2023-06-09T13:03:33.953",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-16T00:49:44.493",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -36,7 +56,7 @@
},
"weaknesses": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,16 +64,50 @@
"value": "CWE-20"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpwax:directorist:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "7.5.4",
"matchCriteriaId": "7F7FD8F6-AC71-4EE5-A98B-CB6B61289E93"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/2920100/directorist",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01943559-e05b-4dca-b322-d880b2729ee7?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-18xx/CVE-2023-1889.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1889",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-09T06:15:58.690",
"lastModified": "2023-06-09T13:03:33.953",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-16T00:43:03.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,14 +66,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpwax:directorist:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "7.5.4",
"matchCriteriaId": "7F7FD8F6-AC71-4EE5-A98B-CB6B61289E93"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/2920100/directorist",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b47edd57-cac7-463f-88cc-8922f1b34612?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-18xx/CVE-2023-1895.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1895",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-09T06:15:58.997",
"lastModified": "2023-06-09T13:03:33.953",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-16T00:37:05.560",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 5.8
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,14 +66,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:motopress:getwid_-_gutenberg_blocks:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.8.3",
"matchCriteriaId": "9B36C972-5CBB-4405-B193-C592A3BDCDA1"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/getwid/tags/1.8.3/includes/rest-api.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e9c2a942-c14c-4b59-92a7-6946b2e4731b?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-19xx/CVE-2023-1910.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1910",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-06-09T06:15:59.433",
"lastModified": "2023-06-09T13:03:33.953",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-16T00:29:44.490",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -46,14 +66,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:motopress:getwid_-_gutenberg_blocks:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.8.3",
"matchCriteriaId": "9B36C972-5CBB-4405-B193-C592A3BDCDA1"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/getwid/tags/1.8.3/includes/rest-api.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6cd64ab0-007b-4778-9d92-06e530638fad?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

43
CVE-2023/CVE-2023-293xx/CVE-2023-29349.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-29349",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-06-16T01:15:27.847",
"lastModified": "2023-06-16T01:15:27.847",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-293xx/CVE-2023-29356.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-29356",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-06-16T01:15:27.910",
"lastModified": "2023-06-16T01:15:27.910",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29356",
"source": "secure@microsoft.com"
}
]
}

85
CVE-2023/CVE-2023-294xx/CVE-2023-29403.json
View File

@ -2,16 +2,49 @@
"id": "CVE-2023-29403",
"sourceIdentifier": "security@golang.org",
"published": "2023-06-08T21:15:16.927",
"lastModified": "2023-06-09T13:03:48.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-16T00:23:39.893",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
},
{
"source": "security@golang.org",
"type": "Secondary",
@ -23,22 +56,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.19.10",
"matchCriteriaId": "E17A25CE-A8C9-4F89-916A-BB0327A509C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.20.0",
"versionEndExcluding": "1.20.5",
"matchCriteriaId": "53EC811C-49DE-4470-908C-CDC9282EC7FA"
}
]
}
]
}
],
"references": [
{
"url": "https://go.dev/cl/501223",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Patch"
]
},
{
"url": "https://go.dev/issue/60272",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Mailing List",
"Release Notes"
]
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-1840",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Vendor Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-29xx/CVE-2023-2904.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2904",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-06-07T22:15:09.963",
"lastModified": "2023-06-08T02:44:28.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-16T00:13:57.597",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.2
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +76,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hidglobal:safe:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.8.0",
"versionEndIncluding": "5.11.3",
"matchCriteriaId": "5120A071-CC9A-4F1A-A032-8357557C3272"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-02",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://www.hidglobal.com/security-center",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
]
}
]
}

43
CVE-2023/CVE-2023-320xx/CVE-2023-32025.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-32025",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-06-16T01:15:27.967",
"lastModified": "2023-06-16T01:15:27.967",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32025",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-320xx/CVE-2023-32026.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-32026",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-06-16T01:15:28.017",
"lastModified": "2023-06-16T01:15:28.017",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32026",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-320xx/CVE-2023-32027.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-32027",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-06-16T01:15:28.067",
"lastModified": "2023-06-16T01:15:28.067",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32027",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-320xx/CVE-2023-32028.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-32028",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-06-16T01:15:28.120",
"lastModified": "2023-06-16T01:15:28.120",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Microsoft OLE DB Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32028",
"source": "secure@microsoft.com"
}
]
}

64
CVE-2023/CVE-2023-335xx/CVE-2023-33510.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-33510",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-07T20:15:09.877",
"lastModified": "2023-06-07T20:24:12.193",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-16T00:16:17.040",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jeecg_p3_biz_chat_project:jeecg_p3_biz_chat:1.0.5:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "9D207CB3-857D-47D3-A982-98135331F657"
}
]
}
]
}
],
"references": [
{
"url": "https://carl1l.github.io/2023/05/08/jeecg-p3-biz-chat-1-0-5-jar-has-arbitrary-file-read-vulnerability/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-341xx/CVE-2023-34112.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-34112",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-09T00:15:10.447",
"lastModified": "2023-06-09T13:03:48.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-16T01:02:38.677",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "JavaCPP Presets is a project providing Java distributions of native C++ libraries. All the actions in the `bytedeco/javacpp-presets` use the `github.event.head_commit.message?` parameter in an insecure way. For example, the commit message is used in a run statement - resulting in a command injection vulnerability due to string interpolation. No exploitation has been reported. This issue has been addressed in version 1.5.9. Users of JavaCPP Presets are advised to upgrade as a precaution."
},
{
"lang": "es",
"value": "JavaCPP Presets es un proyecto que proporciona distribuciones Java de librer\u00edas C++ nativas. Todas las acciones en el \"bytedeco/javacpp-presets\" utilizan el par\u00e1metro \"github.event.head_commit.message?\" de forma insegura. Por ejemplo, el mensaje de confirmaci\u00f3n se utiliza en una sentencia de ejecuci\u00f3n, lo que resulta en una vulnerabilidad de inyecci\u00f3n de comandos debido a la interpolaci\u00f3n de cadenas. No se ha informado de ninguna explotaci\u00f3n. Este problema se ha solucionado en la versi\u00f3n 1.5.9. Se recomienda a los usuarios de JavaCPP Presets que actualicen como medida de precauci\u00f3n. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bytedeco:javacpp_presets:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.5.9",
"matchCriteriaId": "4B96479B-4F8E-4DE4-A178-377F9D303318"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/bytedeco/javacpp-presets/security/advisories/GHSA-36rx-hq22-jm5x",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://securitylab.github.com/research/github-actions-untrusted-input/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

47
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-06-15T23:55:34.375547+00:00
2023-06-16T02:00:29.672292+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-06-15T23:15:09.020000+00:00
2023-06-16T01:15:28.120000+00:00
```
### Last Data Feed Release
@ -23,46 +23,39 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2023-06-15T00:00:13.541780+00:00
2023-06-16T00:00:13.573516+00:00
```
### Total Number of included CVEs
```plain
217889
217895
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `6`
* [CVE-2023-23841](CVE-2023/CVE-2023-238xx/CVE-2023-23841.json) (`2023-06-15T22:15:09.227`)
* [CVE-2023-28810](CVE-2023/CVE-2023-288xx/CVE-2023-28810.json) (`2023-06-15T22:15:09.307`)
* [CVE-2023-2080](CVE-2023/CVE-2023-20xx/CVE-2023-2080.json) (`2023-06-15T23:15:09.020`)
* [CVE-2023-29349](CVE-2023/CVE-2023-293xx/CVE-2023-29349.json) (`2023-06-16T01:15:27.847`)
* [CVE-2023-29356](CVE-2023/CVE-2023-293xx/CVE-2023-29356.json) (`2023-06-16T01:15:27.910`)
* [CVE-2023-32025](CVE-2023/CVE-2023-320xx/CVE-2023-32025.json) (`2023-06-16T01:15:27.967`)
* [CVE-2023-32026](CVE-2023/CVE-2023-320xx/CVE-2023-32026.json) (`2023-06-16T01:15:28.017`)
* [CVE-2023-32027](CVE-2023/CVE-2023-320xx/CVE-2023-32027.json) (`2023-06-16T01:15:28.067`)
* [CVE-2023-32028](CVE-2023/CVE-2023-320xx/CVE-2023-32028.json) (`2023-06-16T01:15:28.120`)
### CVEs modified in the last Commit
Recently modified CVEs: `18`
Recently modified CVEs: `8`
* [CVE-2023-1917](CVE-2023/CVE-2023-19xx/CVE-2023-1917.json) (`2023-06-15T22:11:37.083`)
* [CVE-2023-2159](CVE-2023/CVE-2023-21xx/CVE-2023-2159.json) (`2023-06-15T22:12:20.457`)
* [CVE-2023-2184](CVE-2023/CVE-2023-21xx/CVE-2023-2184.json) (`2023-06-15T22:12:32.913`)
* [CVE-2023-2189](CVE-2023/CVE-2023-21xx/CVE-2023-2189.json) (`2023-06-15T22:12:53.960`)
* [CVE-2023-2556](CVE-2023/CVE-2023-25xx/CVE-2023-2556.json) (`2023-06-15T22:13:12.523`)
* [CVE-2023-32732](CVE-2023/CVE-2023-327xx/CVE-2023-32732.json) (`2023-06-15T22:14:04.903`)
* [CVE-2023-2584](CVE-2023/CVE-2023-25xx/CVE-2023-2584.json) (`2023-06-15T22:14:29.190`)
* [CVE-2023-2599](CVE-2023/CVE-2023-25xx/CVE-2023-2599.json) (`2023-06-15T22:15:07.667`)
* [CVE-2023-2604](CVE-2023/CVE-2023-26xx/CVE-2023-2604.json) (`2023-06-15T22:15:19.723`)
* [CVE-2023-2607](CVE-2023/CVE-2023-26xx/CVE-2023-2607.json) (`2023-06-15T22:15:33.480`)
* [CVE-2023-2688](CVE-2023/CVE-2023-26xx/CVE-2023-2688.json) (`2023-06-15T22:15:47.297`)
* [CVE-2023-2764](CVE-2023/CVE-2023-27xx/CVE-2023-2764.json) (`2023-06-15T22:16:07.900`)
* [CVE-2023-2767](CVE-2023/CVE-2023-27xx/CVE-2023-2767.json) (`2023-06-15T22:16:25.907`)
* [CVE-2023-3176](CVE-2023/CVE-2023-31xx/CVE-2023-3176.json) (`2023-06-15T22:16:40.580`)
* [CVE-2023-2897](CVE-2023/CVE-2023-28xx/CVE-2023-2897.json) (`2023-06-15T22:17:19.443`)
* [CVE-2023-3177](CVE-2023/CVE-2023-31xx/CVE-2023-3177.json) (`2023-06-15T22:17:35.467`)
* [CVE-2023-1428](CVE-2023/CVE-2023-14xx/CVE-2023-1428.json) (`2023-06-15T22:17:53.033`)
* [CVE-2023-32731](CVE-2023/CVE-2023-327xx/CVE-2023-32731.json) (`2023-06-15T22:18:49.193`)
* [CVE-2023-2904](CVE-2023/CVE-2023-29xx/CVE-2023-2904.json) (`2023-06-16T00:13:57.597`)
* [CVE-2023-33510](CVE-2023/CVE-2023-335xx/CVE-2023-33510.json) (`2023-06-16T00:16:17.040`)
* [CVE-2023-29403](CVE-2023/CVE-2023-294xx/CVE-2023-29403.json) (`2023-06-16T00:23:39.893`)
* [CVE-2023-1910](CVE-2023/CVE-2023-19xx/CVE-2023-1910.json) (`2023-06-16T00:29:44.490`)
* [CVE-2023-1895](CVE-2023/CVE-2023-18xx/CVE-2023-1895.json) (`2023-06-16T00:37:05.560`)
* [CVE-2023-1889](CVE-2023/CVE-2023-18xx/CVE-2023-1889.json) (`2023-06-16T00:43:03.977`)
* [CVE-2023-1888](CVE-2023/CVE-2023-18xx/CVE-2023-1888.json) (`2023-06-16T00:49:44.493`)
* [CVE-2023-34112](CVE-2023/CVE-2023-341xx/CVE-2023-34112.json) (`2023-06-16T01:02:38.677`)
## Download and Usage