admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-08T23:55:25.499786+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-08 23:55:28 +00:00
parent 07067856fe
commit 95c772d941
8 changed files with 405 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2023/CVE-2023-392xx/CVE-2023-39209.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-39209",
"sourceIdentifier": "security@zoom.us",
"published": "2023-08-08T22:15:09.517",
"lastModified": "2023-08-08T22:15:09.517",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nImproper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zoom.us",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security@zoom.us",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
}
]
}

55
CVE-2023/CVE-2023-392xx/CVE-2023-39210.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-39210",
"sourceIdentifier": "security@zoom.us",
"published": "2023-08-08T22:15:10.380",
"lastModified": "2023-08-08T22:15:10.380",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zoom.us",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@zoom.us",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
}
]
}

55
CVE-2023/CVE-2023-392xx/CVE-2023-39211.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-39211",
"sourceIdentifier": "security@zoom.us",
"published": "2023-08-08T22:15:10.473",
"lastModified": "2023-08-08T22:15:10.473",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zoom.us",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@zoom.us",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
}
]
}

55
CVE-2023/CVE-2023-392xx/CVE-2023-39212.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-39212",
"sourceIdentifier": "security@zoom.us",
"published": "2023-08-08T22:15:10.567",
"lastModified": "2023-08-08T22:15:10.567",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nUntrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zoom.us",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "security@zoom.us",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-144"
}
]
}
],
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
}
]
}

55
CVE-2023/CVE-2023-392xx/CVE-2023-39213.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-39213",
"sourceIdentifier": "security@zoom.us",
"published": "2023-08-08T22:15:10.657",
"lastModified": "2023-08-08T22:15:10.657",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nImproper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zoom.us",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@zoom.us",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
}
]
}

55
CVE-2023/CVE-2023-392xx/CVE-2023-39214.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-39214",
"sourceIdentifier": "security@zoom.us",
"published": "2023-08-08T22:15:10.737",
"lastModified": "2023-08-08T22:15:10.737",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nExposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zoom.us",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security@zoom.us",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"source": "security@zoom.us"
}
]
}

63
CVE-2023/CVE-2023-399xx/CVE-2023-39951.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-39951",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-08T22:15:10.827",
"lastModified": "2023-08-08T22:15:10.827",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. OpenTelemetry Java Instrumentation prior to version 1.28.0 contains an issue related to the instrumentation of Java applications using the AWS SDK v2 with Amazon Simple Email Service (SES) v1 API. When SES POST requests are instrumented, the query parameters of the request are inserted into the trace `url.path` field. This behavior leads to the http body, containing the email subject and message, to be present in the trace request url metadata. Any user using a version before 1.28.0 of OpenTelemetry Java Instrumentation to instrument AWS SDK v2 call to SES\u2019s v1 SendEmail API is affected. The e-mail content sent to SES may end up in telemetry backend. This exposes the e-mail content to unintended audiences. The issue can be mitigated by updating OpenTelemetry Java Instrumentation to version 1.28.0 or later."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/open-telemetry/opentelemetry-java-instrumentation/issues/8956",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/open-telemetry/opentelemetry-java-instrumentation/pull/8931",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/open-telemetry/opentelemetry-java-instrumentation/security/advisories/GHSA-hghr-r469-gfq6",
"source": "security-advisories@github.com"
}
]
}

44
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-08T22:00:34.933677+00:00
2023-08-08T23:55:25.499786+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-08T21:15:10.807000+00:00
2023-08-08T22:15:10.827000+00:00
```
### Last Data Feed Release
@ -29,46 +29,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
222107
222114
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `7`
* [CVE-2023-26961](CVE-2023/CVE-2023-269xx/CVE-2023-26961.json) (`2023-08-08T20:15:10.080`)
* [CVE-2023-36344](CVE-2023/CVE-2023-363xx/CVE-2023-36344.json) (`2023-08-08T20:15:10.170`)
* [CVE-2023-36482](CVE-2023/CVE-2023-364xx/CVE-2023-36482.json) (`2023-08-08T20:15:10.230`)
* [CVE-2023-39086](CVE-2023/CVE-2023-390xx/CVE-2023-39086.json) (`2023-08-08T20:15:10.303`)
* [CVE-2023-39209](CVE-2023/CVE-2023-392xx/CVE-2023-39209.json) (`2023-08-08T22:15:09.517`)
* [CVE-2023-39210](CVE-2023/CVE-2023-392xx/CVE-2023-39210.json) (`2023-08-08T22:15:10.380`)
* [CVE-2023-39211](CVE-2023/CVE-2023-392xx/CVE-2023-39211.json) (`2023-08-08T22:15:10.473`)
* [CVE-2023-39212](CVE-2023/CVE-2023-392xx/CVE-2023-39212.json) (`2023-08-08T22:15:10.567`)
* [CVE-2023-39213](CVE-2023/CVE-2023-392xx/CVE-2023-39213.json) (`2023-08-08T22:15:10.657`)
* [CVE-2023-39214](CVE-2023/CVE-2023-392xx/CVE-2023-39214.json) (`2023-08-08T22:15:10.737`)
* [CVE-2023-39951](CVE-2023/CVE-2023-399xx/CVE-2023-39951.json) (`2023-08-08T22:15:10.827`)
### CVEs modified in the last Commit
Recently modified CVEs: `23`
Recently modified CVEs: `0`
* [CVE-2010-1685](CVE-2010/CVE-2010-16xx/CVE-2010-1685.json) (`2023-08-08T20:15:09.693`)
* [CVE-2022-41401](CVE-2022/CVE-2022-414xx/CVE-2022-41401.json) (`2023-08-08T20:32:08.363`)
* [CVE-2023-39143](CVE-2023/CVE-2023-391xx/CVE-2023-39143.json) (`2023-08-08T20:07:16.543`)
* [CVE-2023-39112](CVE-2023/CVE-2023-391xx/CVE-2023-39112.json) (`2023-08-08T20:09:47.073`)
* [CVE-2023-0956](CVE-2023/CVE-2023-09xx/CVE-2023-0956.json) (`2023-08-08T20:10:03.717`)
* [CVE-2023-33666](CVE-2023/CVE-2023-336xx/CVE-2023-33666.json) (`2023-08-08T20:13:33.970`)
* [CVE-2023-38964](CVE-2023/CVE-2023-389xx/CVE-2023-38964.json) (`2023-08-08T20:22:36.270`)
* [CVE-2023-38494](CVE-2023/CVE-2023-384xx/CVE-2023-38494.json) (`2023-08-08T20:24:08.943`)
* [CVE-2023-35081](CVE-2023/CVE-2023-350xx/CVE-2023-35081.json) (`2023-08-08T20:25:09.337`)
* [CVE-2023-4158](CVE-2023/CVE-2023-41xx/CVE-2023-4158.json) (`2023-08-08T20:36:47.257`)
* [CVE-2023-35391](CVE-2023/CVE-2023-353xx/CVE-2023-35391.json) (`2023-08-08T20:39:01.517`)
* [CVE-2023-36873](CVE-2023/CVE-2023-368xx/CVE-2023-36873.json) (`2023-08-08T20:39:01.517`)
* [CVE-2023-36899](CVE-2023/CVE-2023-368xx/CVE-2023-36899.json) (`2023-08-08T20:39:01.517`)
* [CVE-2023-38180](CVE-2023/CVE-2023-381xx/CVE-2023-38180.json) (`2023-08-08T20:39:01.517`)
* [CVE-2023-39518](CVE-2023/CVE-2023-395xx/CVE-2023-39518.json) (`2023-08-08T20:39:01.517`)
* [CVE-2023-39533](CVE-2023/CVE-2023-395xx/CVE-2023-39533.json) (`2023-08-08T20:39:01.517`)
* [CVE-2023-40041](CVE-2023/CVE-2023-400xx/CVE-2023-40041.json) (`2023-08-08T20:39:01.517`)
* [CVE-2023-40042](CVE-2023/CVE-2023-400xx/CVE-2023-40042.json) (`2023-08-08T20:39:01.517`)
* [CVE-2023-36213](CVE-2023/CVE-2023-362xx/CVE-2023-36213.json) (`2023-08-08T20:39:53.627`)
* [CVE-2023-38948](CVE-2023/CVE-2023-389xx/CVE-2023-38948.json) (`2023-08-08T20:53:51.983`)
* [CVE-2023-20569](CVE-2023/CVE-2023-205xx/CVE-2023-20569.json) (`2023-08-08T21:15:09.367`)
* [CVE-2023-20593](CVE-2023/CVE-2023-205xx/CVE-2023-20593.json) (`2023-08-08T21:15:10.133`)
* [CVE-2023-22403](CVE-2023/CVE-2023-224xx/CVE-2023-22403.json) (`2023-08-08T21:15:10.807`)
## Download and Usage