admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-24T20:00:34.588212+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-05-24 20:00:37 +00:00
parent 2ee0d0adba
commit 976044adff
21 changed files with 782 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2022/CVE-2022-311xx/CVE-2022-31137.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-31137",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-07-08T20:15:07.980",
"lastModified": "2023-04-03T20:15:08.057",
"lastModified": "2023-05-24T18:15:09.563",
"vulnStatus": "Modified",
"descriptions": [
{
@ -141,6 +141,10 @@
"url": "http://packetstormsecurity.com/files/171652/Roxy-WI-6.1.1.0-Remote-Code-Execution.html",
"source": "security-advisories@github.com"
},
{
"url": "http://packetstormsecurity.com/files/172547/Roxy-WI-6.1.0.0-Remote-Command-Execution.html",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/hap-wi/roxy-wi/commit/82666df1e60c45dd6aa533b01a392f015d32f755",
"source": "security-advisories@github.com",

8
CVE-2022/CVE-2022-415xx/CVE-2022-41544.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-41544",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-10-18T15:15:10.293",
"lastModified": "2022-10-19T03:49:34.620",
"vulnStatus": "Analyzed",
"lastModified": "2023-05-24T18:15:09.777",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -68,6 +68,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/172553/GetSimple-CMS-3.3.16-Shell-Upload.html",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1352",
"source": "cve@mitre.org",

8
CVE-2023/CVE-2023-19xx/CVE-2023-1934.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1934",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-05-12T14:15:09.653",
"lastModified": "2023-05-24T01:24:00.233",
"vulnStatus": "Analyzed",
"lastModified": "2023-05-24T18:15:09.877",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -84,6 +84,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/172511/PnPSCADA-2.x-SQL-Injection.html",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-12",
"source": "ics-cert@hq.dhs.gov",

8
CVE-2023/CVE-2023-273xx/CVE-2023-27350.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27350",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2023-04-20T16:15:07.653",
"lastModified": "2023-05-02T16:06:04.117",
"vulnStatus": "Analyzed",
"lastModified": "2023-05-24T18:15:09.980",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-04-21",
"cisaActionDue": "2023-05-12",
"cisaRequiredAction": "Apply updates per vendor instructions.",
@ -154,6 +154,10 @@
"VDB Entry"
]
},
{
"url": "http://packetstormsecurity.com/files/172512/PaperCut-NG-MG-22.0.4-Remote-Code-Execution.html",
"source": "zdi-disclosures@trendmicro.com"
},
{
"url": "https://news.sophos.com/en-us/2023/04/27/increased-exploitation-of-papercut-drawing-blood-around-the-internet/",
"source": "zdi-disclosures@trendmicro.com",

8
CVE-2023/CVE-2023-275xx/CVE-2023-27524.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27524",
"sourceIdentifier": "security@apache.org",
"published": "2023-04-24T16:15:07.843",
"lastModified": "2023-05-02T20:43:06.460",
"vulnStatus": "Analyzed",
"lastModified": "2023-05-24T18:15:10.103",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -85,6 +85,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/172522/Apache-Superset-2.0.0-Authentication-Bypass.html",
"source": "security@apache.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/04/24/2",
"source": "security@apache.org",

14
CVE-2023/CVE-2023-279xx/CVE-2023-27979.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-27979",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2023-03-21T13:15:12.140",
"lastModified": "2023-03-28T14:58:23.433",
"lastModified": "2023-05-24T19:28:04.420",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -17,20 +17,20 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
"impactScore": 2.5
},
{
"source": "cybersecurity@se.com",

59
CVE-2023/CVE-2023-28xx/CVE-2023-2868.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-2868",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-05-24T19:15:09.363",
"lastModified": "2023-05-24T19:15:09.363",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives).\u00a0The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product.\u00a0This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://status.barracuda.com/incidents/34kx82j5n4q9",
"source": "cve-coordination@google.com"
},
{
"url": "https://www.barracuda.com/company/legal/esg-vulnerability",
"source": "cve-coordination@google.com"
}
]
}

92
CVE-2023/CVE-2023-28xx/CVE-2023-2870.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2023-2870",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-24T18:15:10.217",
"lastModified": "2023-05-24T18:15:10.217",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in EnTech Monitor Asset Manager 2.9. It has been declared as problematic. Affected by this vulnerability is the function 0x80002014 of the component IoControlCode Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier VDB-229849 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 1.7
},
"baseSeverity": "LOW",
"exploitabilityScore": 3.1,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-404"
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1ehTYhcdeTiB4rQ38n5FqhQZgVqcvvPE_/view?usp=sharing",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned47",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.229849",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.229849",
"source": "cna@vuldb.com"
}
]
}

92
CVE-2023/CVE-2023-28xx/CVE-2023-2871.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2023-2871",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-24T18:15:10.337",
"lastModified": "2023-05-24T18:15:10.337",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in FabulaTech USB for Remote Desktop 6.1.0.0. It has been rated as problematic. Affected by this issue is the function 0x220448/0x220420/0x22040c/0x220408 of the component IoControlCode Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. VDB-229850 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 1.7
},
"baseSeverity": "LOW",
"exploitabilityScore": 3.1,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1Y8e5f0AjddrozLv155r9cNhkXwwwZbYE/view?usp=sharing",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned46",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.229850",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.229850",
"source": "cna@vuldb.com"
}
]
}

92
CVE-2023/CVE-2023-28xx/CVE-2023-2872.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2023-2872",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-24T18:15:10.413",
"lastModified": "2023-05-24T18:15:10.413",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in FlexiHub 5.5.14691.0. This affects the function 0x220088 in the library fusbhub.sys of the component IoControlCode Handler. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229851. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.6
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 3.1,
"impactScore": 6.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1h-7fnmb31bkEW4FoLNDlneftDqS4TQHT/view?usp=sharing",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned45",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.229851",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.229851",
"source": "cna@vuldb.com"
}
]
}

92
CVE-2023/CVE-2023-28xx/CVE-2023-2873.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2023-2873",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-24T18:15:10.493",
"lastModified": "2023-05-24T18:15:10.493",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Twister Antivirus 8. This vulnerability affects the function 0x804f2143/0x804f217f/0x804f214b/0x80800043 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229852. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 3.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1ABRMxr6Ek02P_WAXjyYLGQ4sHYMVQTka/view?usp=sharing",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned44",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.229852",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.229852",
"source": "cna@vuldb.com"
}
]
}

92
CVE-2023/CVE-2023-28xx/CVE-2023-2874.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2023-2874",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-24T19:15:09.443",
"lastModified": "2023-05-24T19:15:09.443",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in Twister Antivirus 8. This issue affects the function 0x804f2158/0x804f2154/0x804f2150/0x804f215c/0x804f2160/0x80800040/0x804f214c/0x804f2148/0x804f2144/0x801120e4/0x804f213c/0x804f2140 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-229853 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.6
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 3.1,
"impactScore": 6.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-404"
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1hcj4tdRveydUv84J5IEQFmjF1XxUvxGy/view?usp=sharing",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned43",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.229853",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.229853",
"source": "cna@vuldb.com"
}
]
}

92
CVE-2023/CVE-2023-28xx/CVE-2023-2875.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2023-2875",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-24T19:15:09.517",
"lastModified": "2023-05-24T19:15:09.517",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in eScan Antivirus 22.0.1400.2443. Affected is the function 0x22E008u in the library PROCOBSRVESX.SYS of the component IoControlCode Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-229854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.6
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 3.1,
"impactScore": 6.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1fvlP0d9HmApjWhYDjgsdco7g7FPsbn0V/view?usp=sharing",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned48",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.229854",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.229854",
"source": "cna@vuldb.com"
}
]
}

8
CVE-2023/CVE-2023-302xx/CVE-2023-30256.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30256",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-11T11:15:09.047",
"lastModified": "2023-05-18T18:16:55.270",
"vulnStatus": "Analyzed",
"lastModified": "2023-05-24T18:15:10.593",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -64,6 +64,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/172542/Webkul-Qloapps-1.5.2-Cross-Site-Scripting.html",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ahrixia/CVE-2023-30256",
"source": "cve@mitre.org",

8
CVE-2023/CVE-2023-317xx/CVE-2023-31702.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31702",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-17T13:15:09.567",
"lastModified": "2023-05-17T17:00:54.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-24T18:15:10.673",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,10 @@
],
"metrics": {},
"references": [
{
"url": "http://packetstormsecurity.com/files/172545/eScan-Management-Console-14.0.1400.2281-SQL-Injection.html",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/sahiloj/CVE-2023-31702/blob/main/README.md",
"source": "cve@mitre.org"

8
CVE-2023/CVE-2023-317xx/CVE-2023-31703.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31703",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-17T13:15:09.617",
"lastModified": "2023-05-17T17:00:54.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-24T18:15:10.753",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,10 @@
],
"metrics": {},
"references": [
{
"url": "http://packetstormsecurity.com/files/172540/eScan-Management-Console-14.0.1400.2281-Cross-Site-Scripting.html",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/sahiloj/CVE-2023-31703/blob/main/README.md",
"source": "cve@mitre.org"

24
CVE-2023/CVE-2023-339xx/CVE-2023-33980.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-33980",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-24T18:15:10.827",
"lastModified": "2023-05-24T18:15:10.827",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Bramble Synchronisation Protocol (BSP) in Briar before 1.4.22 allows attackers to cause a denial of service (repeated application crashes) via a series of long messages to a contact."
}
],
"metrics": {},
"references": [
{
"url": "https://briarproject.org/news/2023-three-security-issues-found-and-fixed/",
"source": "cve@mitre.org"
},
{
"url": "https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_YuanmingSong.pdf",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-339xx/CVE-2023-33981.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-33981",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-24T18:15:10.877",
"lastModified": "2023-05-24T18:15:10.877",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Briar before 1.4.22 allows attackers to spoof other users' messages in a blog, forum, or private group, but each spoofed message would need to be an exact duplicate of a legitimate message displayed alongside the spoofed one."
}
],
"metrics": {},
"references": [
{
"url": "https://briarproject.org/news/2023-three-security-issues-found-and-fixed/",
"source": "cve@mitre.org"
},
{
"url": "https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_YuanmingSong.pdf",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-339xx/CVE-2023-33982.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-33982",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-24T18:15:10.927",
"lastModified": "2023-05-24T18:15:10.927",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward secure: eavesdroppers can decrypt network traffic between two accounts if they later compromise both accounts. NOTE: the eavesdropping is typically impractical because BHP runs over an encrypted session that uses the Tor hidden service protocol."
}
],
"metrics": {},
"references": [
{
"url": "https://briarproject.org/news/2023-three-security-issues-found-and-fixed/",
"source": "cve@mitre.org"
},
{
"url": "https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_YuanmingSong.pdf",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-339xx/CVE-2023-33983.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-33983",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-24T18:15:10.983",
"lastModified": "2023-05-24T18:15:10.983",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the public keys of introducees. An introducer can launch man-in-the-middle attacks against later private communication between two introduced parties."
}
],
"metrics": {},
"references": [
{
"url": "https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_YuanmingSong.pdf",
"source": "cve@mitre.org"
}
]
}

64
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-05-24T18:00:50.307933+00:00
2023-05-24T20:00:34.588212+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-05-24T17:50:05.210000+00:00
2023-05-24T19:28:04.420000+00:00
```
### Last Data Feed Release
@ -29,53 +29,39 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
215930
215941
```
### CVEs added in the last Commit
Recently added CVEs: `20`
Recently added CVEs: `11`
* [CVE-2021-25748](CVE-2021/CVE-2021-257xx/CVE-2021-25748.json) (`2023-05-24T17:15:09.253`)
* [CVE-2021-25749](CVE-2021/CVE-2021-257xx/CVE-2021-25749.json) (`2023-05-24T17:15:09.413`)
* [CVE-2022-45364](CVE-2022/CVE-2022-453xx/CVE-2022-45364.json) (`2023-05-24T16:15:09.307`)
* [CVE-2022-46794](CVE-2022/CVE-2022-467xx/CVE-2022-46794.json) (`2023-05-24T16:15:09.380`)
* [CVE-2022-46816](CVE-2022/CVE-2022-468xx/CVE-2022-46816.json) (`2023-05-24T16:15:09.457`)
* [CVE-2022-47152](CVE-2022/CVE-2022-471xx/CVE-2022-47152.json) (`2023-05-24T16:15:09.530`)
* [CVE-2022-47180](CVE-2022/CVE-2022-471xx/CVE-2022-47180.json) (`2023-05-24T16:15:09.607`)
* [CVE-2022-47446](CVE-2022/CVE-2022-474xx/CVE-2022-47446.json) (`2023-05-24T17:15:09.507`)
* [CVE-2022-47447](CVE-2022/CVE-2022-474xx/CVE-2022-47447.json) (`2023-05-24T17:15:09.580`)
* [CVE-2022-47448](CVE-2022/CVE-2022-474xx/CVE-2022-47448.json) (`2023-05-24T17:15:09.657`)
* [CVE-2023-33944](CVE-2023/CVE-2023-339xx/CVE-2023-33944.json) (`2023-05-24T16:15:09.693`)
* [CVE-2023-33945](CVE-2023/CVE-2023-339xx/CVE-2023-33945.json) (`2023-05-24T16:15:09.760`)
* [CVE-2023-33946](CVE-2023/CVE-2023-339xx/CVE-2023-33946.json) (`2023-05-24T16:15:09.837`)
* [CVE-2023-33947](CVE-2023/CVE-2023-339xx/CVE-2023-33947.json) (`2023-05-24T16:15:09.927`)
* [CVE-2023-33948](CVE-2023/CVE-2023-339xx/CVE-2023-33948.json) (`2023-05-24T16:15:10.007`)
* [CVE-2023-1174](CVE-2023/CVE-2023-11xx/CVE-2023-1174.json) (`2023-05-24T17:15:09.733`)
* [CVE-2023-1944](CVE-2023/CVE-2023-19xx/CVE-2023-1944.json) (`2023-05-24T17:15:09.797`)
* [CVE-2023-25028](CVE-2023/CVE-2023-250xx/CVE-2023-25028.json) (`2023-05-24T17:15:09.857`)
* [CVE-2023-33949](CVE-2023/CVE-2023-339xx/CVE-2023-33949.json) (`2023-05-24T17:15:09.933`)
* [CVE-2023-33950](CVE-2023/CVE-2023-339xx/CVE-2023-33950.json) (`2023-05-24T17:15:10.007`)
* [CVE-2023-2870](CVE-2023/CVE-2023-28xx/CVE-2023-2870.json) (`2023-05-24T18:15:10.217`)
* [CVE-2023-2871](CVE-2023/CVE-2023-28xx/CVE-2023-2871.json) (`2023-05-24T18:15:10.337`)
* [CVE-2023-2872](CVE-2023/CVE-2023-28xx/CVE-2023-2872.json) (`2023-05-24T18:15:10.413`)
* [CVE-2023-2873](CVE-2023/CVE-2023-28xx/CVE-2023-2873.json) (`2023-05-24T18:15:10.493`)
* [CVE-2023-33980](CVE-2023/CVE-2023-339xx/CVE-2023-33980.json) (`2023-05-24T18:15:10.827`)
* [CVE-2023-33981](CVE-2023/CVE-2023-339xx/CVE-2023-33981.json) (`2023-05-24T18:15:10.877`)
* [CVE-2023-33982](CVE-2023/CVE-2023-339xx/CVE-2023-33982.json) (`2023-05-24T18:15:10.927`)
* [CVE-2023-33983](CVE-2023/CVE-2023-339xx/CVE-2023-33983.json) (`2023-05-24T18:15:10.983`)
* [CVE-2023-2868](CVE-2023/CVE-2023-28xx/CVE-2023-2868.json) (`2023-05-24T19:15:09.363`)
* [CVE-2023-2874](CVE-2023/CVE-2023-28xx/CVE-2023-2874.json) (`2023-05-24T19:15:09.443`)
* [CVE-2023-2875](CVE-2023/CVE-2023-28xx/CVE-2023-2875.json) (`2023-05-24T19:15:09.517`)
### CVEs modified in the last Commit
Recently modified CVEs: `14`
Recently modified CVEs: `9`
* [CVE-2021-0877](CVE-2021/CVE-2021-08xx/CVE-2021-0877.json) (`2023-05-24T17:09:58.747`)
* [CVE-2022-36357](CVE-2022/CVE-2022-363xx/CVE-2022-36357.json) (`2023-05-24T16:15:09.193`)
* [CVE-2022-47392](CVE-2022/CVE-2022-473xx/CVE-2022-47392.json) (`2023-05-24T17:07:35.733`)
* [CVE-2022-4048](CVE-2022/CVE-2022-40xx/CVE-2022-4048.json) (`2023-05-24T17:50:05.210`)
* [CVE-2023-25428](CVE-2023/CVE-2023-254xx/CVE-2023-25428.json) (`2023-05-24T16:27:49.700`)
* [CVE-2023-31983](CVE-2023/CVE-2023-319xx/CVE-2023-31983.json) (`2023-05-24T16:29:22.113`)
* [CVE-2023-25927](CVE-2023/CVE-2023-259xx/CVE-2023-25927.json) (`2023-05-24T16:35:46.443`)
* [CVE-2023-32305](CVE-2023/CVE-2023-323xx/CVE-2023-32305.json) (`2023-05-24T16:45:51.600`)
* [CVE-2023-32306](CVE-2023/CVE-2023-323xx/CVE-2023-32306.json) (`2023-05-24T16:48:49.693`)
* [CVE-2023-1096](CVE-2023/CVE-2023-10xx/CVE-2023-1096.json) (`2023-05-24T16:53:38.400`)
* [CVE-2023-20673](CVE-2023/CVE-2023-206xx/CVE-2023-20673.json) (`2023-05-24T17:07:09.800`)
* [CVE-2023-30245](CVE-2023/CVE-2023-302xx/CVE-2023-30245.json) (`2023-05-24T17:09:02.543`)
* [CVE-2023-27905](CVE-2023/CVE-2023-279xx/CVE-2023-27905.json) (`2023-05-24T17:43:49.830`)
* [CVE-2023-27898](CVE-2023/CVE-2023-278xx/CVE-2023-27898.json) (`2023-05-24T17:43:59.883`)
* [CVE-2022-31137](CVE-2022/CVE-2022-311xx/CVE-2022-31137.json) (`2023-05-24T18:15:09.563`)
* [CVE-2022-41544](CVE-2022/CVE-2022-415xx/CVE-2022-41544.json) (`2023-05-24T18:15:09.777`)
* [CVE-2023-1934](CVE-2023/CVE-2023-19xx/CVE-2023-1934.json) (`2023-05-24T18:15:09.877`)
* [CVE-2023-27350](CVE-2023/CVE-2023-273xx/CVE-2023-27350.json) (`2023-05-24T18:15:09.980`)
* [CVE-2023-27524](CVE-2023/CVE-2023-275xx/CVE-2023-27524.json) (`2023-05-24T18:15:10.103`)
* [CVE-2023-30256](CVE-2023/CVE-2023-302xx/CVE-2023-30256.json) (`2023-05-24T18:15:10.593`)
* [CVE-2023-31702](CVE-2023/CVE-2023-317xx/CVE-2023-31702.json) (`2023-05-24T18:15:10.673`)
* [CVE-2023-31703](CVE-2023/CVE-2023-317xx/CVE-2023-31703.json) (`2023-05-24T18:15:10.753`)
* [CVE-2023-27979](CVE-2023/CVE-2023-279xx/CVE-2023-27979.json) (`2023-05-24T19:28:04.420`)
## Download and Usage