admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-12-17 21:15:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-11T08:00:26.208607+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-11 08:00:29 +00:00
parent 570f1a0333
commit 96bf6e1205
15 changed files with 409 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
CVE-2022/CVE-2022-424xx/CVE-2022-42451.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-42451",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-10-11T06:15:09.387",
"lastModified": "2023-10-11T06:15:09.387",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Certain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely and could be exposed to a local privileged user.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@hcl.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.5,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108007",
"source": "psirt@hcl.com"
}
]
}

43
CVE-2022/CVE-2022-447xx/CVE-2022-44757.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-44757",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-10-11T07:15:09.237",
"lastModified": "2023-10-11T07:15:09.237",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways, etc.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@hcl.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108005",
"source": "psirt@hcl.com"
}
]
}

43
CVE-2022/CVE-2022-447xx/CVE-2022-44758.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-44758",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-10-11T07:15:09.477",
"lastModified": "2023-10-11T07:15:09.477",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An attacker can gain access to information that is not explicitly authorized.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@hcl.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108005",
"source": "psirt@hcl.com"
}
]
}

6
CVE-2023/CVE-2023-249xx/CVE-2023-24998.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-24998",
"sourceIdentifier": "security@apache.org",
"published": "2023-02-20T16:15:10.423",
"lastModified": "2023-05-30T06:16:19.283",
"lastModified": "2023-10-11T07:15:09.583",
"vulnStatus": "Modified",
"descriptions": [
{
@ -86,6 +86,10 @@
{
"url": "https://security.gentoo.org/glsa/202305-37",
"source": "security@apache.org"
},
{
"url": "https://www.debian.org/security/2023/dsa-5522",
"source": "security@apache.org"
}
]
}

55
CVE-2023/CVE-2023-263xx/CVE-2023-26318.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-26318",
"sourceIdentifier": "security@xiaomi.com",
"published": "2023-10-11T07:15:09.890",
"lastModified": "2023-10-11T07:15:09.890",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Xiaomi Xiaomi Router allows Overflow Buffers."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@xiaomi.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@xiaomi.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=539",
"source": "security@xiaomi.com"
}
]
}

55
CVE-2023/CVE-2023-263xx/CVE-2023-26319.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-26319",
"sourceIdentifier": "security@xiaomi.com",
"published": "2023-10-11T07:15:10.103",
"lastModified": "2023-10-11T07:15:10.103",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@xiaomi.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@xiaomi.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=536",
"source": "security@xiaomi.com"
}
]
}

55
CVE-2023/CVE-2023-263xx/CVE-2023-26320.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-26320",
"sourceIdentifier": "security@xiaomi.com",
"published": "2023-10-11T07:15:10.257",
"lastModified": "2023-10-11T07:15:10.257",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@xiaomi.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@xiaomi.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=540",
"source": "security@xiaomi.com"
}
]
}

6
CVE-2023/CVE-2023-287xx/CVE-2023-28709.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-28709",
"sourceIdentifier": "security@apache.org",
"published": "2023-05-22T11:15:09.423",
"lastModified": "2023-06-16T15:15:09.217",
"lastModified": "2023-10-11T07:15:10.407",
"vulnStatus": "Modified",
"descriptions": [
{
@ -118,6 +118,10 @@
{
"url": "https://security.netapp.com/advisory/ntap-20230616-0004/",
"source": "security@apache.org"
},
{
"url": "https://www.debian.org/security/2023/dsa-5521",
"source": "security@apache.org"
}
]
}

43
CVE-2023/CVE-2023-375xx/CVE-2023-37536.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-37536",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-10-11T07:15:10.580",
"lastModified": "2023-10-11T07:15:10.580",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@hcl.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 5.3
}
]
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791",
"source": "psirt@hcl.com"
}
]
}

14
CVE-2023/CVE-2023-392xx/CVE-2023-39250.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-39250",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-08-16T16:15:11.217",
"lastModified": "2023-08-24T16:17:22.983",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-11T06:15:09.597",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "\nDell Storage Integration Tools for VMware (DSITV) 06.01.00.016 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.\n\n"
"value": "\n\n\nDell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks. \n\n\n\n"
}
],
"metrics": {
@ -56,22 +56,22 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
"value": "CWE-540"
}
]
},
{
"source": "security_alert@emc.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-540"
"value": "CWE-668"
}
]
}

10
CVE-2023/CVE-2023-410xx/CVE-2023-41080.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-41080",
"sourceIdentifier": "security@apache.org",
"published": "2023-08-25T21:15:09.397",
"lastModified": "2023-09-21T17:15:21.673",
"lastModified": "2023-10-11T07:15:10.703",
"vulnStatus": "Modified",
"descriptions": [
{
@ -142,6 +142,14 @@
{
"url": "https://security.netapp.com/advisory/ntap-20230921-0006/",
"source": "security@apache.org"
},
{
"url": "https://www.debian.org/security/2023/dsa-5521",
"source": "security@apache.org"
},
{
"url": "https://www.debian.org/security/2023/dsa-5522",
"source": "security@apache.org"
}
]
}

10
CVE-2023/CVE-2023-427xx/CVE-2023-42795.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42795",
"sourceIdentifier": "security@apache.org",
"published": "2023-10-10T18:15:18.933",
"lastModified": "2023-10-10T21:15:09.517",
"lastModified": "2023-10-11T07:15:10.877",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -31,6 +31,14 @@
{
"url": "https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw",
"source": "security@apache.org"
},
{
"url": "https://www.debian.org/security/2023/dsa-5521",
"source": "security@apache.org"
},
{
"url": "https://www.debian.org/security/2023/dsa-5522",
"source": "security@apache.org"
}
]
}

10
CVE-2023/CVE-2023-444xx/CVE-2023-44487.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-44487",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-10T14:15:10.883",
"lastModified": "2023-10-11T05:15:45.500",
"lastModified": "2023-10-11T07:15:11.030",
"vulnStatus": "Awaiting Analysis",
"cisaExploitAdd": "2023-10-10",
"cisaActionDue": "2023-10-31",
@ -248,6 +248,14 @@
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"source": "cve@mitre.org"
},
{
"url": "https://www.debian.org/security/2023/dsa-5521",
"source": "cve@mitre.org"
},
{
"url": "https://www.debian.org/security/2023/dsa-5522",
"source": "cve@mitre.org"
},
{
"url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487",
"source": "cve@mitre.org"

10
CVE-2023/CVE-2023-456xx/CVE-2023-45648.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-45648",
"sourceIdentifier": "security@apache.org",
"published": "2023-10-10T19:15:09.690",
"lastModified": "2023-10-10T21:15:09.733",
"lastModified": "2023-10-11T07:15:11.173",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -31,6 +31,14 @@
{
"url": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp",
"source": "security@apache.org"
},
{
"url": "https://www.debian.org/security/2023/dsa-5521",
"source": "security@apache.org"
},
{
"url": "https://www.debian.org/security/2023/dsa-5522",
"source": "security@apache.org"
}
]
}

28
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-10-11T06:00:24.850971+00:00
2023-10-11T08:00:26.208607+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-10-11T05:15:45.500000+00:00
2023-10-11T07:15:11.173000+00:00
```
### Last Data Feed Release
@ -29,23 +29,33 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
227523
227530
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `7`
* [CVE-2022-42451](CVE-2022/CVE-2022-424xx/CVE-2022-42451.json) (`2023-10-11T06:15:09.387`)
* [CVE-2022-44757](CVE-2022/CVE-2022-447xx/CVE-2022-44757.json) (`2023-10-11T07:15:09.237`)
* [CVE-2022-44758](CVE-2022/CVE-2022-447xx/CVE-2022-44758.json) (`2023-10-11T07:15:09.477`)
* [CVE-2023-26318](CVE-2023/CVE-2023-263xx/CVE-2023-26318.json) (`2023-10-11T07:15:09.890`)
* [CVE-2023-26319](CVE-2023/CVE-2023-263xx/CVE-2023-26319.json) (`2023-10-11T07:15:10.103`)
* [CVE-2023-26320](CVE-2023/CVE-2023-263xx/CVE-2023-26320.json) (`2023-10-11T07:15:10.257`)
* [CVE-2023-37536](CVE-2023/CVE-2023-375xx/CVE-2023-37536.json) (`2023-10-11T07:15:10.580`)
### CVEs modified in the last Commit
Recently modified CVEs: `4`
Recently modified CVEs: `7`
* [CVE-2023-22338](CVE-2023/CVE-2023-223xx/CVE-2023-22338.json) (`2023-10-11T04:15:10.913`)
* [CVE-2023-22840](CVE-2023/CVE-2023-228xx/CVE-2023-22840.json) (`2023-10-11T04:15:11.043`)
* [CVE-2023-43641](CVE-2023/CVE-2023-436xx/CVE-2023-43641.json) (`2023-10-11T04:15:11.163`)
* [CVE-2023-44487](CVE-2023/CVE-2023-444xx/CVE-2023-44487.json) (`2023-10-11T05:15:45.500`)
* [CVE-2023-39250](CVE-2023/CVE-2023-392xx/CVE-2023-39250.json) (`2023-10-11T06:15:09.597`)
* [CVE-2023-24998](CVE-2023/CVE-2023-249xx/CVE-2023-24998.json) (`2023-10-11T07:15:09.583`)
* [CVE-2023-28709](CVE-2023/CVE-2023-287xx/CVE-2023-28709.json) (`2023-10-11T07:15:10.407`)
* [CVE-2023-41080](CVE-2023/CVE-2023-410xx/CVE-2023-41080.json) (`2023-10-11T07:15:10.703`)
* [CVE-2023-42795](CVE-2023/CVE-2023-427xx/CVE-2023-42795.json) (`2023-10-11T07:15:10.877`)
* [CVE-2023-44487](CVE-2023/CVE-2023-444xx/CVE-2023-44487.json) (`2023-10-11T07:15:11.030`)
* [CVE-2023-45648](CVE-2023/CVE-2023-456xx/CVE-2023-45648.json) (`2023-10-11T07:15:11.173`)
## Download and Usage